Skip to content

fix: reject duplicate initialize requests in ServerSession#624

Merged
kpavlov merged 1 commit intomainfrom
devcrocod/reject-duplicate-initialize
Mar 27, 2026
Merged

fix: reject duplicate initialize requests in ServerSession#624
kpavlov merged 1 commit intomainfrom
devcrocod/reject-duplicate-initialize

Conversation

@devcrocod
Copy link
Copy Markdown
Contributor

@devcrocod devcrocod commented Mar 26, 2026

ServerSession.handleInitialize() now rejects duplicate initialize requests with INVALID_REQUEST (-32600) error. clientCapabilities and clientVersion changed from var to AtomicRef-backed val, with atomic compareAndSet(null, ...) serving as both the guard and the write

How Has This Been Tested?

second initialize returns error, original capabilities preserved

Breaking Changes

none

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

Copilot AI review requested due to automatic review settings March 26, 2026 19:24
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the Kotlin server session initialization handshake by rejecting duplicate initialize requests and adds integration tests to validate the behavior (including concurrent initialization attempts).

Changes:

  • Reject duplicate initialize requests in ServerSession.handleInitialize() with JSON-RPC INVALID_REQUEST (-32600).
  • Make clientCapabilities and clientVersion read-only public properties backed by AtomicRef, using compareAndSet(null, ...) to atomically guard initialization.
  • Add JVM integration tests for first/duplicate/concurrent initialize behavior; adjust an existing client integration test to use a separate transport pair.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/ServerSession.kt Adds atomic initialization guard and returns INVALID_REQUEST on duplicate initialize.
integration-test/src/jvmTest/kotlin/io/modelcontextprotocol/kotlin/sdk/server/ServerSessionInitializeTest.kt New tests covering first initialize success and duplicate/concurrent initialize rejection.
integration-test/src/commonTest/kotlin/io/modelcontextprotocol/kotlin/sdk/client/ClientTest.kt Fixes test setup by using a new transport pair for a second client/server connection.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 26, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@devcrocod devcrocod force-pushed the devcrocod/reject-duplicate-initialize branch from 185bc6a to 39a0212 Compare March 27, 2026 13:37
@devcrocod devcrocod marked this pull request as ready for review March 27, 2026 13:45
@devcrocod devcrocod requested review from Copilot and kpavlov March 27, 2026 13:45
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

kpavlov
kpavlov approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kpavlov kpavlov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kpavlov kpavlov merged commit 9c0aa45 into main Mar 27, 2026
25 checks passed
@kpavlov kpavlov deleted the devcrocod/reject-duplicate-initialize branch March 27, 2026 15:16
@kpavlov kpavlov added this to the 0.11 milestone Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kpavlov kpavlov kpavlov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.11

Development

Successfully merging this pull request may close these issues.

4 participants

@devcrocod @codecov-commenter @kpavlov