add stateful sessions in http

Signed-off-by: Madhav Kandukuri <[email protected]>

Author: madhav165

.env.example

@@ -1770,13 +1770,23 @@ PLUGINS_CLI_MARKUP_MODE=rich
 # Enable stateful sessions (stores session state server-side)
 # Options: true, false (default)
 # false: Stateless mode (better for scaling)
+# true: Stateful mode (requires CACHE_TYPE=redis for multi-worker deployments)
 # USE_STATEFUL_SESSIONS=false
 
 # Enable JSON response format for streaming HTTP
 # Options: true (default), false
 # true: Return JSON responses, false: Return SSE stream
 # JSON_RESPONSE_ENABLED=true
 
+# Event store configuration for stateful sessions
+# Ring buffer size per stream (default: 100)
+# Controls how many events are kept in memory before oldest are evicted
+# STREAMABLE_HTTP_MAX_EVENTS_PER_STREAM=100
+
+# Stream TTL in seconds (default: 3600 = 1 hour)
+# How long event streams are kept in Redis before automatic cleanup
+# STREAMABLE_HTTP_EVENT_TTL=3600
+
 # Federation Configuration
 
 # Timeout for federation requests in seconds

docker-compose.yml

@@ -236,6 +236,7 @@ services:
       - SECURITY_HEADERS_ENABLED=true
       - CORS_ALLOW_CREDENTIALS=true
       - SECURE_COOKIES=false
+      - USE_STATEFUL_SESSIONS=true
       ## Uncomment to enable HTTPS (run `make certs` first)
       # - SSL=true
       # - CERT_FILE=/app/certs/cert.pem

infra/nginx/nginx.conf

@@ -492,6 +492,42 @@ http {
             proxy_read_timeout 1h;
         }
 
+        # General SSE endpoint (without server prefix)
+        location = /sse {
+            proxy_pass http://gateway_backend;
+
+            # SSE-specific headers
+            proxy_set_header Connection '';
+            proxy_http_version 1.1;
+            chunked_transfer_encoding off;
+            proxy_buffering off;
+            proxy_cache off;
+
+            # Proxy headers
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Extended timeouts for SSE
+            proxy_connect_timeout 1h;
+            proxy_send_timeout 1h;
+            proxy_read_timeout 1h;
+        }
+
+        # Message endpoint for SSE clients
+        location = /message {
+            proxy_pass http://gateway_backend;
+
+            proxy_buffering off;
+            proxy_cache off;
+
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
         location ~ ^/servers/.*/ws$ {
             proxy_pass http://gateway_backend;
 

mcpgateway/config.py

@@ -1501,6 +1501,8 @@ def parse_issuers(cls, v: Any) -> list[str]:
     # streamable http transport
     use_stateful_sessions: bool = False  # Set to False to use stateless sessions without event store
     json_response_enabled: bool = True  # Enable JSON responses instead of SSE streams
+    streamable_http_max_events_per_stream: int = 100  # Ring buffer capacity per stream
+    streamable_http_event_ttl: int = 3600  # Event stream TTL in seconds (1 hour)
 
     # Core plugin settings
     plugins_enabled: bool = Field(default=False, description="Enable the plugin framework")

mcpgateway/main.py

@@ -5321,7 +5321,7 @@ async def handle_rpc(request: Request, db: Session = Depends(get_db), user=Depen
             from mcpgateway.services.mcp_session_pool import WORKER_ID  # pylint: disable=import-outside-toplevel
 
             session_short = mcp_session_id[:8] if len(mcp_session_id) >= 8 else mcp_session_id
-            logger.info(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | RPC request received, checking affinity")
+            print(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | RPC request received, checking affinity")
             try:
                 # First-Party
                 from mcpgateway.services.mcp_session_pool import get_mcp_session_pool  # pylint: disable=import-outside-toplevel
@@ -5333,7 +5333,7 @@ async def handle_rpc(request: Request, db: Session = Depends(get_db), user=Depen
                 )
                 if forwarded_response is not None:
                     # Request was handled by another worker
-                    logger.info(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | Forwarded response received")
+                    print(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | Forwarded response received")
                     if "error" in forwarded_response:
                         raise JSONRPCError(
                             forwarded_response["error"].get("code", -32603),
@@ -5349,7 +5349,7 @@ async def handle_rpc(request: Request, db: Session = Depends(get_db), user=Depen
             from mcpgateway.services.mcp_session_pool import WORKER_ID  # pylint: disable=import-outside-toplevel
 
             session_short = mcp_session_id[:8] if len(mcp_session_id) >= 8 else mcp_session_id
-            logger.info(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | Internally forwarded request, executing locally")
+            print(f"[AFFINITY] Worker {WORKER_ID} | Session {session_short}... | Method: {method} | Internally forwarded request, executing locally")
 
         if method == "initialize":
             # Extract session_id from params or query string (for capability tracking)

mcpgateway/services/tool_service.py

@@ -2626,6 +2626,7 @@ async def invoke_tool(
         gateway_ca_cert_sig = gateway_payload.get("ca_certificate_sig") if has_gateway else None
         gateway_passthrough = gateway_payload.get("passthrough_headers") if has_gateway else None
         gateway_id_str = gateway_payload.get("id") if has_gateway else None
+        gateway_transport = gateway_payload.get("transport") if has_gateway else None
 
         # Decrypt and apply query param auth to URL if applicable
         gateway_auth_query_params_decrypted: Optional[Dict[str, str]] = None
@@ -2811,7 +2812,9 @@ async def invoke_tool(
                         mcp_session_id = request_headers_lower.get("mcp-session-id")
                         if mcp_session_id:
                             headers["x-mcp-session-id"] = mcp_session_id
+                            # Standard
                             import os  # pylint: disable=import-outside-toplevel
+
                             worker_id = str(os.getpid())
                             session_short = mcp_session_id[:8] if len(mcp_session_id) >= 8 else mcp_session_id
                             logger.info(f"[AFFINITY] Worker {worker_id} | Session {session_short}... | Tool: {tool_name} | Normalized MCP-Session-Id → x-mcp-session-id for pool affinity")
@@ -2950,7 +2953,9 @@ async def invoke_tool(
                         mcp_session_id = request_headers_lower.get("mcp-session-id")
                         if mcp_session_id:
                             headers["x-mcp-session-id"] = mcp_session_id
+                            # Standard
                             import os  # pylint: disable=import-outside-toplevel
+
                             worker_id = str(os.getpid())
                             session_short = mcp_session_id[:8] if len(mcp_session_id) >= 8 else mcp_session_id
                             logger.info(f"[AFFINITY] Worker {worker_id} | Session {session_short}... | Tool: {tool_name} | Normalized MCP-Session-Id → x-mcp-session-id for pool affinity (MCP transport)")
@@ -3163,10 +3168,12 @@ async def connect_to_streamablehttp_server(server_url: str, headers: dict = head
 
                             if use_pool and pool is not None:
                                 # Pooled path: do NOT add per-request headers (they would be pinned)
+                                # Determine transport type based on current transport setting
+                                pool_transport_type = TransportType.SSE if transport == "sse" else TransportType.STREAMABLE_HTTP
                                 async with pool.session(
                                     url=server_url,
                                     headers=headers,
-                                    transport_type=TransportType.STREAMABLE_HTTP,
+                                    transport_type=pool_transport_type,
                                     httpx_client_factory=get_httpx_client_factory,
                                     user_identity=app_user_email,
                                     gateway_id=gateway_id_str,

mcpgateway/transports/redis_event_store.py

@@ -0,0 +1,221 @@
+"""
+Redis-backed event store for Streamable HTTP stateful sessions.
+
+Provides distributed event storage across multiple gateway workers using Redis,
+enabling stateful MCP sessions to work correctly behind load balancers.
+
+Architecture:
+- Uses Redis Sorted Sets for ordered event storage with ring buffer semantics
+- Events indexed by event_id for O(1) lookup during replay
+- Automatic eviction when exceeding max_events_per_stream
+- TTL-based cleanup for expired streams
+"""
+
+# Standard
+import logging
+from typing import TYPE_CHECKING
+import uuid
+
+# Third-Party
+from mcp.server.streamable_http import EventCallback, EventStore
+from mcp.types import JSONRPCMessage
+import orjson
+
+# First-Party
+from mcpgateway.utils.redis_client import get_redis_client
+
+if TYPE_CHECKING:
+    # Third-Party
+    from redis.asyncio import Redis
+
+logger = logging.getLogger(__name__)
+
+
+class RedisEventStore(EventStore):
+    """
+    Redis-backed event store for multi-worker deployments.
+
+    Data Model:
+        Per Stream:
+        - Hash: mcpgw:eventstore:{stream_id}:meta
+          - start_seq: Oldest sequence number (for eviction detection)
+          - next_seq: Next sequence number to assign
+          - count: Current event count
+
+        - Sorted Set: mcpgw:eventstore:{stream_id}:events
+          - Score: sequence number
+          - Value: JSON {event_id, message, seq_num}
+
+        Global:
+        - Hash: mcpgw:eventstore:event_index
+          - Key: event_id -> Value: JSON {stream_id, seq_num}
+
+    Examples:
+        >>> # Create event store with custom settings
+        >>> store = RedisEventStore(max_events_per_stream=200, ttl=7200)
+
+        >>> # Store an event
+        >>> event_id = await store.store_event("stream-123", message)
+
+        >>> # Replay events after a specific event_id
+        >>> async def callback(msg):
+        ...     print(f"Replayed: {msg}")
+        >>> stream_id = await store.replay_events_after(event_id, callback)
+    """
+
+    def __init__(self, max_events_per_stream: int = 100, ttl: int = 3600):
+        """
+        Initialize Redis event store.
+
+        Args:
+            max_events_per_stream: Maximum events per stream (ring buffer size)
+            ttl: Stream TTL in seconds (default 1 hour)
+        """
+        self.max_events = max_events_per_stream
+        self.ttl = ttl
+        logger.info(f"RedisEventStore initialized: max_events={max_events_per_stream}, ttl={ttl}s")
+
+    def _get_stream_meta_key(self, stream_id: str) -> str:
+        """Get Redis key for stream metadata."""
+        return f"mcpgw:eventstore:{stream_id}:meta"
+
+    def _get_stream_events_key(self, stream_id: str) -> str:
+        """Get Redis key for stream events sorted set."""
+        return f"mcpgw:eventstore:{stream_id}:events"
+
+    def _get_event_index_key(self) -> str:
+        """Get Redis key for global event index."""
+        return "mcpgw:eventstore:event_index"
+
+    async def store_event(self, stream_id: str, message: JSONRPCMessage | None) -> str:
+        """
+        Store an event in Redis.
+
+        Args:
+            stream_id: Unique stream identifier
+            message: JSON-RPC message to store (None for priming events)
+
+        Returns:
+            Unique event_id for this event
+
+        Examples:
+            >>> event_id = await store.store_event("stream-123", {"jsonrpc": "2.0", "method": "test"})
+            >>> isinstance(event_id, str)
+            True
+        """
+        redis: Redis = await get_redis_client()
+        event_id = str(uuid.uuid4())
+
+        logger.info(f"[REDIS_EVENTSTORE] Storing event | stream_id={stream_id} | event_id={event_id} | message_type={type(message).__name__ if message else 'None'}")
+
+        meta_key = self._get_stream_meta_key(stream_id)
+        events_key = self._get_stream_events_key(stream_id)
+        index_key = self._get_event_index_key()
+
+        # Atomically increment sequence number
+        seq_num = await redis.hincrby(meta_key, "next_seq", 1)
+
+        # Convert message to dict for serialization (Pydantic model -> dict)
+        message_dict = None if message is None else (message.model_dump() if hasattr(message, "model_dump") else dict(message))
+
+        # Serialize event data
+        event_data = orjson.dumps({"event_id": event_id, "message": message_dict, "seq_num": seq_num})
+
+        # Store event in sorted set (score = seq_num)
+        await redis.zadd(events_key, {event_data: seq_num})
+
+        # Index event_id for lookup
+        index_data = orjson.dumps({"stream_id": stream_id, "seq_num": seq_num})
+        await redis.hset(index_key, event_id, index_data)
+
+        # Increment count
+        count = await redis.hincrby(meta_key, "count", 1)
+
+        # Handle eviction if exceeding max_events
+        if count > self.max_events:
+            # Calculate how many to evict
+            to_evict = count - self.max_events
+
+            # Get events to evict (oldest by rank)
+            evicted = await redis.zrange(events_key, 0, to_evict - 1)
+
+            # Remove from sorted set
+            await redis.zremrangebyrank(events_key, 0, to_evict - 1)
+
+            # Remove from event index and update start_seq
+            for event_bytes in evicted:
+                evicted_event = orjson.loads(event_bytes)
+                await redis.hdel(index_key, evicted_event["event_id"])
+
+            # Update start_seq to first remaining event
+            remaining = await redis.zrange(events_key, 0, 0, withscores=True)
+            if remaining:
+                _, start_seq = remaining[0]
+                await redis.hset(meta_key, "start_seq", int(start_seq))
+
+            # Update count
+            await redis.hset(meta_key, "count", self.max_events)
+
+        # Set TTL on stream keys
+        await redis.expire(meta_key, self.ttl)
+        await redis.expire(events_key, self.ttl)
+
+        logger.debug(f"Stored event {event_id} in stream {stream_id} (seq={seq_num})")
+        return event_id
+
+    async def replay_events_after(self, last_event_id: str, send_callback: EventCallback) -> str | None:
+        """
+        Replay events after a specific event_id.
+
+        Args:
+            last_event_id: Event ID to replay from
+            send_callback: Async callback to receive replayed messages
+
+        Returns:
+            stream_id if found, None if event not found or evicted
+
+        Examples:
+            >>> messages = []
+            >>> async def callback(msg):
+            ...     messages.append(msg)
+            >>> stream_id = await store.replay_events_after(event_id, callback)
+            >>> len(messages) > 0
+            True
+        """
+        redis: Redis = await get_redis_client()
+        index_key = self._get_event_index_key()
+
+        logger.info(f"[REDIS_EVENTSTORE] Replaying events | last_event_id={last_event_id}")
+
+        # Lookup event in index
+        index_data = await redis.hget(index_key, last_event_id)
+        if not index_data:
+            logger.warning(f"[REDIS_EVENTSTORE] Event not found in index | last_event_id={last_event_id}")
+            return None
+
+        event_info = orjson.loads(index_data)
+        stream_id = event_info["stream_id"]
+        last_seq = event_info["seq_num"]
+
+        meta_key = self._get_stream_meta_key(stream_id)
+        events_key = self._get_stream_events_key(stream_id)
+
+        # Check if event still in buffer (not evicted)
+        start_seq_bytes = await redis.hget(meta_key, "start_seq")
+        if start_seq_bytes:
+            start_seq = int(start_seq_bytes)
+            if last_seq < start_seq:
+                logger.warning(f"Event {last_event_id} evicted from stream {stream_id} (seq {last_seq} < start {start_seq})")
+                return None
+
+        # Get all events after last_seq
+        events = await redis.zrangebyscore(events_key, last_seq + 1, "+inf")
+
+        # Replay events
+        for event_bytes in events:
+            event_data = orjson.loads(event_bytes)
+            message = event_data["message"]
+            await send_callback(message)
+
+        logger.info(f"[REDIS_EVENTSTORE] Replayed events | stream_id={stream_id} | last_event_id={last_event_id} | count={len(events)}")
+        return stream_id