Skip to content

v0.7.39: mcp oauth hardening, chat perf improvements#5752

Merged
waleedlatif1 merged 4 commits into
mainfrom
staging
Jul 18, 2026
Merged

v0.7.39: mcp oauth hardening, chat perf improvements#5752
waleedlatif1 merged 4 commits into
mainfrom
staging

Conversation

@waleedlatif1

@waleedlatif1 waleedlatif1 commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

j15z and others added 3 commits July 17, 2026 16:38
* fix(mcp): improve OAuth failure recovery

* fix(mcp): address OAuth recovery review findings

* fix(mcp): prefer static bearer auth in connection tests

* fix(mcp): preserve discovery failure state

Treat static-header 401s as credential failures, keep OAuth failures pending, and prevent failed refreshes or reflected upstream errors from masquerading as connected state.
* feat(admin): show recently impersonated users in admin panel

* improvement(admin): align user table with settings list idiom

* fix(admin): address review findings on recent impersonations

* fix(admin): exact server-side email filter for recent impersonation lookup
…ages (#5751)

* perf(mothership): restore static markdown parse for settled chat messages

Settled/reloaded chat messages rendered through Streamdown's streaming
parser (remend + incomplete-markdown repair + per-block re-parse, running
the rehype raw/sanitize/harden chain once per block). Because rows are
virtualized, every up/down scroll remounted the messages crossing the
overscan boundary and re-paid that N-block cost — the scroll lag.

- Render never-streamed mounts (reloaded history, or an in-session message
  scrolled out of the virtualized window and back) with mode='static': one
  whole-document parse instead of streaming's per-block re-parse. In-session
  streaming keeps the streaming parser for its mount life (no drain flash).
- Cache Prism highlight output in a module-level bounded LRU so a code block
  re-highlights at most once across the unmount/remount virtualization does
  on scroll (a component useMemo would not survive the unmount).

* fix(mothership): don't cache fallback-highlighted code blocks

An unregistered language highlighted via the JavaScript fallback was cached
under its own name, so if that Prism grammar registered later in the session
a remount would keep serving the stale fallback render. Resolve the grammar
inside the highlight helper and skip the cache entirely on the fallback path.
@vercel

vercel Bot commented Jul 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 18, 2026 12:50am

Request Review

@cursor

cursor Bot commented Jul 17, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Touches MCP auth, SSRF checks, credential redaction, and server status persistence across API routes and the discovery service; admin impersonation is local-only UX with existing admin APIs.

Overview
MCP discovery, refresh, and test-connection flows are reworked so connection state is owned by the service layer, with safer error handling and clearer UI.

The refresh API no longer overwrites connectionStatus on the route; it reads persisted status after discovery, handles OAuth-pending and race conditions, isolates workflow sync failures from 500s, and avoids leaking upstream secrets in responses. Test-connection tries static Bearer auth before OAuth discovery, sanitizes allowlisted error messages, and blocks SSRF before sending credentials. Service/client add discovery retries with backoff, longer tools/list timeouts, OAuth vs header-auth failure paths, conditional negative caching, and redacted connection logging.

Settings MCP screens get shared refresh-button and connection-label helpers, error toasts, and disconnected-state handling. React Query skips auto-discovery for disconnected OAuth servers and refreshes server lists after failed discovery.

Admin shows up to five recently impersonated users (localStorage) when search is empty, with a shared user row renderer.

Chat adds a module-scope Prism highlight LRU cache for virtualized rows, and keeps Streamdown on the streaming parser after animation drain (only history uses static mode) to prevent markdown flash on settled messages.

Reviewed by Cursor Bugbot for commit c739dd6. Configure here.

@greptile-apps

greptile-apps Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR hardens MCP connections and improves several admin and chat flows. The main changes are:

  • Handles OAuth and static-header authentication failures separately.
  • Adds bounded MCP discovery timeouts, retries, and safer status updates.
  • Prevents workflow sync errors from failing an otherwise successful refresh.
  • Adds recent impersonation history to the admin panel.
  • Reduces repeated Markdown parsing and syntax highlighting work.

Confidence Score: 5/5

This looks safe to merge.

  • The workflow sync error is contained and returns a successful refresh with zero workflow updates.
  • OAuth authorization failures remain separate from static credential failures.
  • Tests cover the updated refresh, retry, status, and cache behavior.

Important Files Changed

Filename Overview
apps/sim/app/api/mcp/servers/[id]/refresh/route.ts Contains workflow sync failures and preserves the service-managed discovery status.
apps/sim/app/api/mcp/servers/[id]/refresh/route.test.ts Tests sync failure handling, OAuth pending status, and concurrent discovery results.
apps/sim/lib/mcp/service.ts Adds OAuth-aware error handling, bounded retries, status persistence, and stale-failure protection.
apps/sim/lib/mcp/service.test.ts Tests authentication failure handling, retries, cache behavior, and status transitions.

Reviews (2): Last reviewed commit: "improvement(mcp): align tool discovery t..." | Re-trigger Greptile

Comment thread apps/sim/lib/mcp/service.ts
Comment thread apps/sim/app/api/mcp/servers/[id]/refresh/route.ts Outdated
…protocol standard (#5753)

* improvement(mcp): align tool discovery timeouts and retries with MCP protocol standard

- Raise tools/list idle timeout 10s -> 30s (derived from per-server config,
  clamped to max execution timeout) with a 60s hard cap via maxTotalTimeout,
  matching the SDK's DEFAULT_REQUEST_TIMEOUT_MSEC. Enable resetTimeoutOnProgress
  with an onprogress handler so slow-but-alive servers are not spuriously failed.
- Retry read-only tools/list on transient transport errors (timeout,
  connection-closed, 429/5xx, session 404/400, network) with jittered backoff.
  tools/call stays conservative (session-error retry only) since it is not
  idempotent. The MCP SDK does not retry POST requests, so the app owns this.
- Wire client.onerror so out-of-band transport failures are observed, not
  silently dropped.
- Map timeouts to a user-facing message and surface refresh/remove failures via
  the standard emcn toast instead of swallowing them.

* chore(mcp): trim comments to match codebase density

* fix(mcp): don't fail refresh with 500 when post-discovery workflow sync throws

Discovery already persists status and caches tools; a syncToolSchemasToWorkflows
failure was escaping the refactored try/catch and returning 500 despite the
refresh having succeeded. Guard the secondary sync so it degrades to zero
workflows updated instead.

* fix(mcp): keep tools/list absolute timeout ceiling hard

A configured per-server timeout above 60s was expanding maxTotalTimeout past
the intended absolute discovery ceiling. Clamp the idle timeout to the ceiling
too so tools/list can never hang the UI beyond it; connect() and callTool()
still honor the full configured/execution timeout.
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit c739dd6. Configure here.

@waleedlatif1
waleedlatif1 merged commit 4ddad74 into main Jul 18, 2026
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants