feat: enhance MCP client persistence and redacted field handling

[Pratham-Mishra04]

Summary

Improves MCP client management with better error handling, logging, and configuration persistence. This PR enhances the reliability of MCP client connections and provides a more robust user experience when managing MCP clients through the UI.

Changes

• Fixed MCP client health monitoring to use client names in logs instead of IDs for better readability
• Improved error handling in health monitor start/stop operations
• Enhanced MCP client configuration management to properly handle redacted sensitive fields
• Fixed UI state management for MCP clients with proper refetching after operations
• Reorganized code to separate core MCP client management from configuration persistence
• Added UUID generation for MCP clients when ID is not provided
• Improved code formatting and whitespace consistency

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

How to test

1. Create a new MCP client through the UI
2. Edit the client, changing only non-sensitive fields
3. Verify that redacted fields (like headers) are preserved correctly
4. Reconnect the client and verify it connects successfully
5. Delete the client and verify it's removed from both UI and backend

# Core/Transports
go version
go test ./...

# UI
cd ui
pnpm i
pnpm build

Breaking changes

• Yes
• No

Related issues

Improves MCP client management reliability and user experience

Security considerations

Ensures sensitive fields in MCP client configurations are properly handled during updates to prevent accidental data loss or exposure.

Checklist

• I added/updated tests where appropriate
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[github-actions]

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #1460

[Pratham-Mishra04]

• feat: enhance MCP client persistence and redacted field handling #1460 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • MCP client reconnection endpoint and server-side reconnect flow
  • UI: table now supports a refetch callback to refresh client lists

• Improvements

  • Config merging preserves sensitive fields when editing clients
  • Server triggers synchronization after client add/remove with clearer store sync handling
  • Improved monitoring logs that use client display names

• Bug Fixes

  • Minor formatting and whitespace cleanups (no behavior changes)

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Centralizes MCP reconnect via a new ReconnectMCPClient flow across handlers, server, and manager; moves some MCP config persistence responsibilities into HTTP handlers/config store sync; UI wiring adds an optional refetch prop; health monitor logging and precondition checks added; minor whitespace/typing tweaks elsewhere.

Changes

Cohort / File(s)	Summary
Reconnect control flow & server callbacks transports/bifrost-http/server/server.go	Added ReconnectMCPClient to ServerCallbacks and BifrostHTTPServer; in-memory reconnect attempted first, else load config from store, add client, and trigger full MCP synchronization.
HTTP handlers & manager usage transports/bifrost-http/handlers/mcp.go	Added ReconnectMCPClient use on manager; auto-generate UUID when missing; persist new/merged MCP configs to ConfigStore; introduced mergeMCPClientConfig; removed in-handler reconnect reconciliation.
Config library changes transports/bifrost-http/lib/config.go	Adjusted Add/Edit MCP client flows (removed internal UUID gen/persistence); relocated/exposed RemoveMCPClient(ctx,id) implementation; shifted persistence responsibilities.
Manager interface transports/bifrost-http/...mcp.go	Public interface change: ReconnectMCPClient(ctx context.Context, id string) error added to MCPManager (wired across manager implementation and handlers).
UI: page wiring ui/app/workspace/mcp-gateway/page.tsx	Destructured refetch from useGetMCPClientsQuery and passed refetch to MCPClientsTable.
UI: clients table ui/app/workspace/mcp-gateway/views/mcpClientsTable.tsx	Removed internal RTK Query fetch; component now accepts optional refetch?: () => void and calls it after mutations; rendering relies on mcpClients prop.
RTK Query API types ui/lib/store/apis/mcpApi.ts	Mutation return generics changed from null to any for create/update/delete/reconnect; create/update endpoints now send data in request body.
Health monitor logging/validation core/mcp/health_monitor.go	Added pre-checks for client existence in Start/Stop, read-locked display-name retrieval, and logging using ExecutionConfig.Name when available.
Whitespace / small formatting core/bifrost.go, core/providers/mistral/mistral.go, core/schemas/mcp.go	Minor reflows and blank-line adjustments; no behavioral changes.

Sequence Diagram

sequenceDiagram
    participant UI as UI: MCPClientsTable
    participant Handler as HTTP Handler
    participant Manager as MCPManager
    participant Server as BifrostHTTPServer
    participant Store as ConfigStore
    participant Sync as MCP Synchronizer

    UI->>Handler: POST /clients (create) or POST /reconnect/{id}
    alt Create client (no ID)
        Handler->>Handler: Generate UUID
        Handler->>Manager: AddMCPClient(config)
        Manager->>Manager: Register in-memory client
        Handler->>Store: Persist new client config
        Handler-->>UI: Return created client
    else Reconnect requested
        Handler->>Manager: ReconnectMCPClient(id)
        Manager->>Manager: Attempt in-memory reconnect
        alt Not present in-memory
            Manager->>Server: Request ReconnectMCPClient(id)
            Server->>Store: Fetch client config
            Store-->>Server: Return config
            Server->>Manager: AddMCPClient(config)
            Server->>Sync: Trigger MCP synchronization
            Sync->>Sync: Synchronize servers
        end
        Manager-->>Handler: Reconnect result
        Handler-->>UI: Return status
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

A rabbit hops where MCP threads wind,
Reconnect paths stitched for peace of mind,
Configs stored safe, UI asks again,
Health logs whisper names, not plain,
Small hops, steady beats — systems aligned. 🐇✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main feature: enhancing MCP client persistence and handling of redacted fields. It is concise, specific, and directly relates to the primary objectives of the PR.
Description check	✅ Passed	The PR description includes all required sections from the template: Summary, Changes, Type of change, Affected areas, How to test, Breaking changes, Related issues, Security considerations, and Checklist. All sections are completed with relevant details.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 01-27-fix_mcp_gossip_fixes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In `@core/mcp/health_monitor.go`:
- Around line 68-77: The Start() and Stop() methods access manager.clientMap
without holding manager.mu and allocate resources (chm.ticker,
chm.ctx/chm.cancel, chm.isMonitoring) before validating the client exists,
leaving the monitor in an inconsistent state on early return; fix by moving the
clientMap lookup (using chm.clientID) inside a manager.mu.Lock/Unlock critical
section in both Start() and Stop() and return early if the client is missing
before creating chm.ticker, calling context.WithCancel, or setting
chm.isMonitoring; ensure Stop() similarly checks and validates the client under
manager.mu before modifying chm.ticker, chm.cancel or calling chm.cancel(), and
keep monitorLoop() launch and logger.Debug() after successful validation and
resource allocation.
- Around line 89-103: In Stop(), acquire chm.manager.mu.RLock() before reading
chm.manager.clientMap[chm.clientID] (and RUnlock after) to avoid the race seen
in performHealthCheck(); retrieve clientState if present and use
clientState.ExecutionConfig.Name for logging but fall back to chm.clientID when
absent; always perform cleanup by setting chm.isMonitoring = false and releasing
resources (stop chm.ticker if non-nil and call chm.cancel() if non-nil) even
when the client is missing, and log the missing-client error with the chosen
display name using MCPLogPrefix; apply the same read-lock and fallback-logging
fix to Start() where it reads clientMap.
- Around line 187-189: In updateClientState(), avoid reading
clientState.ExecutionConfig.Name after releasing the manager lock; capture the
client name while holding the lock (e.g., assign to a local variable like
clientName inside the locked section), then release the lock and use that
captured clientName in the logger.Info call that currently reads
clientState.ExecutionConfig.Name; this prevents a race with concurrent
EditClient() updates.

In `@transports/bifrost-http/handlers/mcp.go`:
- Around line 307-317: Before calling h.mcpManager.EditMCPClient, fetch and save
the current MCP config (e.g., via h.store.ConfigStore.GetMCPClientConfig or the
mcpManager equivalent) so you can revert if needed; then call EditMCPClient with
mergedConfig, and if UpdateMCPClientConfig(ctx, id, mergedConfig) fails, call
h.mcpManager.EditMCPClient(ctx, id, previousConfig) to rollback the running core
to the prior state, log both the update error and any rollback error, and return
a SendError explaining the partial failure and rollback result.
- Around line 242-252: If CreateMCPClientConfig fails after
h.mcpManager.AddMCPClient succeeded, roll back the in-memory registration to
keep core and DB consistent by calling the corresponding removal on the manager
(e.g., h.mcpManager.RemoveMCPClient or equivalent) and surface a combined error;
update the block around h.mcpManager.AddMCPClient and
h.store.ConfigStore.CreateMCPClientConfig to attempt removal on DB error,
check/remove errors from the rollback call and include both the DB error and any
rollback error in the SendError message so operators know both failures.

🧹 Nitpick comments (2)

ui/lib/store/apis/mcpApi.ts (1)

13-13: Consider defining proper response types instead of any.

The return types for these mutations have been changed from null to any, which reduces type safety. Based on the backend handlers in transports/bifrost-http/handlers/mcp.go, these endpoints return { status: string, message: string }. Consider defining a shared response type:

💡 Suggested improvement

interface MCPMutationResponse {
  status: string;
  message: string;
}

// Then use it:
createMCPClient: builder.mutation<MCPMutationResponse, CreateMCPClientRequest>({...})
updateMCPClient: builder.mutation<MCPMutationResponse, { id: string; data: UpdateMCPClientRequest }>({...})
deleteMCPClient: builder.mutation<MCPMutationResponse, string>({...})
reconnectMCPClient: builder.mutation<MCPMutationResponse, string>({...})

Also applies to: 23-23, 33-33, 42-42

ui/app/workspace/mcp-gateway/views/mcpClientsTable.tsx (1)

30-30: Type mismatch: refetch returns a Promise but typed as () => void.

The refetch function from RTK Query returns a Promise, and the handlers await it. The current type () => void doesn't reflect this. Consider updating the type for accuracy:

💡 Suggested fix

 interface MCPClientsTableProps {
 	mcpClients: MCPClient[];
-	refetch?: () => void;
+	refetch?: () => Promise<unknown> | void;
 }

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@core/mcp/health_monitor.go`:
- Around line 68-78: The Start and Stop methods read manager.clientMap without
locking and Start sets chm.isMonitoring, chm.ctx/chm.cancel and chm.ticker
before verifying the client exists, which can leave a live ticker/flag when
client is missing; fix by acquiring manager.mu around accesses to
manager.clientMap in both Start and Stop (use the same lock semantics the
manager expects), check existence while holding the lock, and if the client is
missing perform full cleanup before returning (stop and nil the ticker, call
cancel if set, and reset isMonitoring) so no goroutine or ticker is leaked;
ensure monitorLoop is only launched after the locked verification and that Stop
always performs cleanup even when the client entry is absent.

🧹 Nitpick comments (1)

transports/bifrost-http/handlers/mcp.go (1)

269-300: Consider returning an error when old config lookup fails.

If GetMCPClient fails (lines 271-275), the code continues with oldConfig = nil, which causes mergeMCPClientConfig to return updatedConfig as-is. If the update request contains redacted header values, these would be persisted to the store, potentially corrupting sensitive data.

While the comment acknowledges this is "less likely to happen on edit since client exists," consider returning an error instead of continuing, to prevent accidental data loss.

♻️ Optional: Return error on config lookup failure

 	// Get old config to de-redact sensitive fields (before updating)
 	oldConfig, err := h.store.GetMCPClient(id)
 	if err != nil {
-		logger.Warn("Failed to get old MCP client config for de-redaction: %v", err)
-		// Continue anyway, will use req as-is (less likely to happen on edit since client exists)
-		oldConfig = nil
+		SendError(ctx, fasthttp.StatusInternalServerError, fmt.Sprintf("Failed to get existing MCP client config: %v", err))
+		return
 	}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@transports/bifrost-http/handlers/mcp.go`:
- Around line 405-467: mergeMCPClientConfig currently only merges Headers and
will overwrite connection_type, connection_string, and stdio_config when the UI
update payload omits them; update mergeMCPClientConfig to copy those fields from
oldConfig into merged when they are zero-valued/missing in updatedConfig, and
treat connection_string like headers by restoring the original raw value if the
updated connection_string is redacted and equals the oldRedactedConfig value
(use oldConfig.connection_string for the real value); ensure stdio_config and
connection_type are preserved from oldConfig when absent in updatedConfig so
UpdateMCPClientConfig doesn't wipe persisted connection info.
- Around line 313-319: Before deleting the MCP client config from the DB
(h.store.ConfigStore.DeleteMCPClientConfig), first fetch and save the existing
config (e.g. via h.store.ConfigStore.GetMCPClientConfig or similar) into a local
variable; after the core removal succeeds, attempt DeleteMCPClientConfig, and if
it fails call the store's create/restore method (e.g. CreateMCPClientConfig or
PutMCPClientConfig) with the saved config to roll back, then surface the
rollback result in the response/log (use SendError to include both the original
delete error and whether the restore succeeded or failed) so callers know if the
DB was restored or needs manual intervention.

In `@transports/bifrost-http/lib/config.go`:
- Around line 2496-2521: The RemoveMCPClient function currently returns nil even
when the supplied id isn't present in c.MCPConfig.ClientConfigs; change it to
return a not-found error when the client ID doesn't exist. After iterating
c.MCPConfig.ClientConfigs in RemoveMCPClient, detect whether any entry was
removed (e.g., track a found flag while looping over c.MCPConfig.ClientConfigs),
and if not found return a clear error such as fmt.Errorf("MCP client not found:
%s", id). Keep the existing checks for c.client.GetMCPClients and
c.client.RemoveMCPClient (so you still attempt to deregister from Bifrost when
present) but ensure the final outcome reflects whether the config entry was
actually removed by referencing RemoveMCPClient, c.MCPConfig.ClientConfigs,
c.client.GetMCPClients and c.client.RemoveMCPClient.

🧹 Nitpick comments (1)

core/mcp/health_monitor.go (1)

68-85: Capture client name while holding the lock to avoid potential race.

clientState.ExecutionConfig.Name is accessed at line 85 after the lock is released at line 71. If EditClient() concurrently modifies ExecutionConfig, this could read stale or torn data. Since this only affects debug logging, the impact is low, but capturing the name under the lock would be consistent with the pattern needed in updateClientState().

♻️ Suggested fix

 	// Check client exists FIRST before allocating resources
 	chm.manager.mu.RLock()
 	clientState, exists := chm.manager.clientMap[chm.clientID]
+	var clientName string
+	if exists {
+		clientName = clientState.ExecutionConfig.Name
+	}
 	chm.manager.mu.RUnlock()

 	if !exists {
 		// Use clientID for logging when client is missing
 		logger.Error("%s Health monitor failed to start for client %s, client not found in manager", MCPLogPrefix, chm.clientID)
 		return
 	}

 	// Now allocate resources (after validation)
 	chm.isMonitoring = true
 	chm.ctx, chm.cancel = context.WithCancel(context.Background())
 	chm.ticker = time.NewTicker(chm.interval)

 	go chm.monitorLoop()
-	logger.Debug("%s Health monitor started for client %s", MCPLogPrefix, clientState.ExecutionConfig.Name)
+	logger.Debug("%s Health monitor started for client %s", MCPLogPrefix, clientName)
 }

[akshaydeo]

Merge activity

• Jan 27, 4:24 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Jan 27, 4:25 PM UTC: @akshaydeo merged this pull request with Graphite.