Prefix Redis keys with docket name for ACL isolation

[chrisguidry]

The Redis keys fastmcp uses directly (not via docket) weren't prefixed with the docket name, making ACL-based isolation impossible. Now uses docket.key() to prefix all task metadata keys consistently.

Keys now look like {docket_name}:fastmcp:task:{session_id}:{task_id} instead of fastmcp:task:{session_id}:{task_id}.

Bumps pydocket requirement to >=0.16.4 for the new key() method.

See also: #2812 (2.x backport)

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ccae21ab5f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve access to pre-upgrade task metadata keys

Because _lookup_task_execution now builds task_meta_key via docket.key(...), lookups only hit the new {docket_name}:fastmcp:task:... namespace. Tasks submitted before this change stored metadata under the old fastmcp:task:... keys; after a rolling upgrade, tasks/get, tasks/result, and tasks/cancel will return “not found” until those tasks expire. Consider checking the legacy key as a fallback or migrating existing keys on startup to avoid breaking in-flight tasks.

Useful? React with 👍 / 👎.

[chrisguidry]

Yep that's accurate, but I think this is an acceptable risk because most folks would be using the memory:// broker, and also these are fairly transient keys.

[coderabbitai]

Walkthrough

The changes replace direct Redis key string construction with docket.key-wrapped keys across three files in the tasks module. In handlers.py, task metadata keys for created_at and poll_interval are updated to use docket.key generation. In requests.py, Redis key construction is reworked for task metadata lookups and MGET calls. In subscriptions.py, created_at timestamp retrieval uses docket.key-wrapped keys. The control flow and logic remain unchanged; only the key construction mechanism is updated.

Possibly related PRs

• Refactor task module: rename protocol.py to requests.py and reduce redundancy #2667: Modifies task request handler code and changes how task metadata is looked up in Redis by refactoring and centralizing Redis lookups alongside this PR's key wrapping changes.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is missing required contributors checklist items and review checklist items specified in the template.	Complete the checklist by checking the boxes: confirm issue closure, development workflow adherence, testing completion, documentation updates, self-review, and readiness for review.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately captures the main change: prefixing Redis keys with docket names for ACL isolation, which aligns with all file modifications.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}