Merge pull request #236 from damassi/pass-session-id

feat: Pass `remote-mcp` mcp-session-id header along to GraphQL request

Author: DaleSeo

.changesets/feat_pass_session_id.md

@@ -0,0 +1,5 @@
+### feat: Pass `remote-mcp` mcp-session-id header along to GraphQL request - @damassi PR #236
+
+This adds support for passing the `mcp-session-id` header through from `remote-mcp` via the MCP client config. This header [originates from the underlying `@modelcontextprotocol/sdk` library](https://github.com/modelcontextprotocol/typescript-sdk/blob/a1608a6513d18eb965266286904760f830de96fe/src/client/streamableHttp.ts#L182), invoked from `remote-mcp`.
+
+With this change it is possible to correlate requests from MCP clients through to the final GraphQL server destination.

crates/apollo-mcp-server/src/server/states/running.rs

@@ -208,13 +208,21 @@ impl ServerHandler for Running {
                     .await
             }
             EXECUTE_TOOL_NAME => {
+                let mut headers = self.headers.clone();
+                if let Some(axum_parts) = context.extensions.get::<axum::http::request::Parts>() {
+                    // Forward the mcp-session-id header if present
+                    if let Some(session_id) = axum_parts.headers.get("mcp-session-id") {
+                        headers.insert("mcp-session-id", session_id.clone());
+                    }
+                }
+
                 self.execute_tool
                     .as_ref()
                     .ok_or(tool_not_found(&request.name))?
                     .execute(graphql::Request {
                         input: Value::from(request.arguments.clone()),
                         endpoint: &self.endpoint,
-                        headers: self.headers.clone(),
+                        headers,
                     })
                     .await
             }
@@ -226,13 +234,17 @@ impl ServerHandler for Running {
                     .await
             }
             _ => {
-                // Optionally extract the validated token and propagate it to upstream servers
-                // if found
                 let mut headers = self.headers.clone();
-                if let Some(axum_parts) = context.extensions.get::<axum::http::request::Parts>()
-                    && let Some(token) = axum_parts.extensions.get::<ValidToken>()
-                {
-                    headers.typed_insert(token.deref().clone());
+                if let Some(axum_parts) = context.extensions.get::<axum::http::request::Parts>() {
+                    // Optionally extract the validated token and propagate it to upstream servers if present
+                    if let Some(token) = axum_parts.extensions.get::<ValidToken>() {
+                        headers.typed_insert(token.deref().clone());
+                    }
+
+                    // Also forward the mcp-session-id header if present
+                    if let Some(session_id) = axum_parts.headers.get("mcp-session-id") {
+                        headers.insert("mcp-session-id", session_id.clone());
+                    }
                 }
 
                 let graphql_request = graphql::Request {