fix(mcp): persist MCP sessions across tool calls for stateful servers (#3089)

mirror of https://github.com/bytedance/deer-flow.git synced 2026-05-24 17:06:00 +00:00

* fix(mcp): persist MCP sessions across tool calls for stateful servers

  MCP tools loaded via langchain-mcp-adapters created a new session on
  every call, causing stateful servers like Playwright to lose browser
  state (pages, forms) between consecutive tool invocations within the
  same thread.

  Add MCPSessionPool that maintains persistent sessions scoped by
  (server_name, thread_id). Tool calls within the same thread now reuse
  the same MCP session, preserving server-side state. Sessions are evicted
  in LRU order (max 256) and cleaned up on cache invalidation.

  Fixes #3054

* fix(sandbox): add group/other read permissions to uploaded files for Docker sandbox (#3127)

  When using AIO sandbox with LocalContainerBackend, uploaded files are
  created with 0o600 (owner-only) permissions by the gateway process
  running as root. The sandbox process inside the Docker container runs
  as a non-root user and cannot read these bind-mounted files, causing
  a "Permission denied" error on read_file.

  Add `needs_upload_permission_adjustment` attribute to SandboxProvider
  (default True) to indicate that uploaded files need chmod adjustment.
  LocalSandboxProvider opts out (same user). A new `_make_file_sandbox_readable`
  function adds S_IRGRP | S_IROTH bits after files are written, changing
  permissions from 0o600 to 0o644 so the sandbox can read the uploads.

* fix(mcp): address review comments on session pool and tools

- _extract_thread_id: return "default" instead of stringifying None
  when get_config() returns no thread_id
- call_with_persistent_session: fix **arguments annotation from
  dict[str,Any] to Any
- Replace private _convert_call_tool_result import with a local
  implementation that handles all MCP content block types
- _make_session_pool_tool: accept tool_interceptors and apply the
  configured interceptor chain on every call (preserving OAuth and
  custom interceptors)
- MCPSessionPool: replace asyncio.Lock with threading.Lock; restructure
  get/close methods to never await while holding the lock; add
  close_all_sync() that closes sessions on their owning event loops
- reset_mcp_tools_cache: use pool.close_all_sync() instead of
  asyncio.run-in-thread to close sessions deterministically
- test: add test_session_pool_tool_sync_wrapper_path_is_safe covering
  tool invocation via the sync wrapper (tool.func) path

Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/9e7f9e7f-1d2b-464a-b3b7-7f1649b74122

Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>

* fix(mcp): extract SESSION_CLOSE_TIMEOUT to class constant

Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/9e7f9e7f-1d2b-464a-b3b7-7f1649b74122

Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>

* Potential fix for pull request finding 'Empty except'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>

This commit is contained in:

Willem Jiang

2026-05-21 23:22:20 +08:00

committed by

GitHub

parent e93f658472

commit c881d95898

4 changed files with 813 additions and 8 deletions

									
										backend/packages/harness/deerflow/mcp/cache.py
									
		+16
		
												View File
												
				@@ -134,9 +134,25 @@ def reset_mcp_tools_cache() -> None:

				    """Reset the MCP tools cache.

				    This is useful for testing or when you want to reload MCP tools.

				    Also closes all persistent MCP sessions so they are recreated on

				    the next tool load.

				    """

				    global _mcp_tools_cache, _cache_initialized, _config_mtime

				    _mcp_tools_cache = None

				    _cache_initialized = False

				    _config_mtime = None

				    # Close persistent sessions – they will be recreated by the next

				    # get_mcp_tools() call with the (possibly updated) connection config.

				    try:

				        from deerflow.mcp.session_pool import get_session_pool

				        pool = get_session_pool()

				        pool.close_all_sync()

				    except Exception:

				        logger.debug("Could not close MCP session pool on cache reset", exc_info=True)

				    from deerflow.mcp.session_pool import reset_session_pool

				    reset_session_pool()

				    logger.info("MCP tools cache reset")