Skip to content

fix(sdk): deterministic session IDs across server instances#8

Merged
johannmachemer merged 2 commits intomainfrom
fix/deterministic-session-ids
Feb 27, 2026
Merged

fix(sdk): deterministic session IDs across server instances#8
johannmachemer merged 2 commits intomainfrom
fix/deterministic-session-ids

Conversation

@johannmachemer
Copy link
Contributor

@johannmachemer johannmachemer commented Feb 27, 2026

Summary

  • Replace in-memory globalSessionMap with deterministic session ID derivation using SHA-256 hashing of the MCP session key — any server instance processing the same MCP session now produces the same Yavio session ID without shared state
  • Add deriveSessionId() to ids.ts (SHA-256 → base64url, truncated to 21 chars, matching ses_ prefix format)
  • Remove globalSessionMap, MAX_SESSION_MAP_SIZE, and LRU eviction logic that only worked within a single process
  • Simplify getSession()resolveSession() — direct derivation instead of map lookup

Test plan

  • All 213 SDK tests pass (19 test files)
  • 5 new deriveSessionId unit tests (prefix, length, determinism, uniqueness, URL-safe chars)
  • New cross-instance stability test verifying two independent proxies with same MCP session key produce the same Yavio session ID
  • Existing session reuse tests pass unchanged (deterministic derivation is transparent)
  • Biome lint clean

@johannmachemer
fix(sdk): make session IDs deterministic across server instances
6597b59 
Replace the in-memory globalSessionMap with deterministic session ID
derivation using SHA-256 hashing of the MCP session key. This ensures
that different server instances processing the same MCP session produce
the same Yavio session ID without requiring shared state.

- Add deriveSessionId() to ids.ts (SHA-256 → base64url, truncated to 21 chars)
- Remove globalSessionMap, MAX_SESSION_MAP_SIZE, and LRU eviction logic
- Simplify getSession() → resolveSession() (direct derivation, no map lookup)
- Rename _resetSessionMap → _resetGlobalState (only clears dedup sets)
- Replace eviction test with cross-instance stability test
@github-actions
Copy link

github-actions bot commented Feb 27, 2026
edited
Loading

Coverage Report for sdk

Status Category Percentage Covered / Total
🔵 Lines 92.66% 1515 / 1635
🔵 Statements 92.66% 1515 / 1635
🔵 Functions 94.59% 105 / 111
🔵 Branches 80.62% 412 / 511
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
packages/sdk/src/core/ids.ts 100% 100% 100% 100%
packages/sdk/src/server/proxy.ts 90.71% 70.24% 100% 90.71% 45-46, 116-117, 120, 297-298, 332-333, 393, 398, 456-457, 468-469, 491-492, 502-506, 508-518, 537-538, 541-542, 553-554
Generated in workflow #40 for commit 816df5e by the Vitest Coverage Report Action

@johannmachemer johannmachemer merged commit a08c15b into main Feb 27, 2026
12 checks passed
@johannmachemer johannmachemer deleted the fix/deterministic-session-ids branch February 27, 2026 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johannmachemer