Added getStreamIdForEventId to EventStore and updated StreamableHttpServerTransport for stream ID validation during event replay.

devcrocod · devcrocod · commit 3e62bf5a3734 · 2025-12-01T18:40:43.000+01:00
diff --git a/kotlin-sdk-server/api/kotlin-sdk-server.api b/kotlin-sdk-server/api/kotlin-sdk-server.api
@@ -1,4 +1,5 @@
 public abstract interface class io/modelcontextprotocol/kotlin/sdk/server/EventStore {
+	public abstract fun getStreamIdForEventId (Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 	public abstract fun replayEventsAfter (Ljava/lang/String;Lkotlin/jvm/functions/Function3;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 	public abstract fun storeEvent (Ljava/lang/String;Lio/modelcontextprotocol/kotlin/sdk/types/JSONRPCMessage;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 }
diff --git a/kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/StreamableHttpServerTransport.kt b/kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/StreamableHttpServerTransport.kt
@@ -64,6 +64,12 @@ public interface EventStore {
         lastEventId: String,
         sender: suspend (eventId: String, message: JSONRPCMessage) -> Unit,
     ): String
+
+    /**
+     * Returns the stream ID associated with [eventId], or null if the event is unknown.
+     * Default implementation is a no-op which disables extra validation during replay.
+     */
+    public suspend fun getStreamIdForEventId(eventId: String): String?
 }
 
 /**
@@ -416,6 +422,38 @@ public class StreamableHttpServerTransport(
         val call: ApplicationCall = session.call
 
         try {
+            var lookupSupported = true
+            val lookupStreamId = try {
+                store.getStreamIdForEventId(lastEventId)
+            } catch (_: NotImplementedError) {
+                lookupSupported = false
+                null
+            } catch (_: UnsupportedOperationException) {
+                lookupSupported = false
+                null
+            }
+
+            if (lookupSupported) {
+                val streamId = lookupStreamId
+                    ?: run {
+                        call.reject(
+                            HttpStatusCode.BadRequest,
+                            RPCError.ErrorCode.CONNECTION_CLOSED,
+                            "Invalid event ID format",
+                        )
+                        return
+                    }
+
+                if (streamId in streamsMapping) {
+                    call.reject(
+                        HttpStatusCode.Conflict,
+                        RPCError.ErrorCode.CONNECTION_CLOSED,
+                        "Conflict: Stream already has an active connection",
+                    )
+                    return
+                }
+            }
+
             call.appendSseHeaders()
             session.send(data = "") // flush headers immediately
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`public abstract interface class io/modelcontextprotocol/kotlin/sdk/server/EventStore {`
	`2`	`+ public abstract fun getStreamIdForEventId (Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;`
`2`	`3`	`public abstract fun replayEventsAfter (Ljava/lang/String;Lkotlin/jvm/functions/Function3;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;`
`3`	`4`	`public abstract fun storeEvent (Ljava/lang/String;Lio/modelcontextprotocol/kotlin/sdk/types/JSONRPCMessage;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;`
`4`	`5`	`}`