Skip to content

feature: add global and branch session and lock management MCP tools #7893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Xb2555 wants to merge 56 commits into
base: 2.x
Choose a base branch
from
Open

feature: add global and branch session and lock management MCP tools #7893

Xb2555 wants to merge 56 commits into from

Conversation

@Xb2555
Copy link
Contributor

@Xb2555 Xb2555 commented Dec 23, 2025

Ⅰ. Describe what this PR did

  1. tool for obtaining namespace information of registered TC nodes has been implemented

  2. Management tools for global and branch session have been implemented

  3. The function of remotely invoking the TC interface has been realized

  4. A global lock management tool has been implemented

Ⅱ. Does this pull request fix one issue?

Ⅲ. Why don't you add test cases (unit test/integration test)?

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

@codecov
Copy link

codecov bot commented Dec 23, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.85%. Comparing base (340aa3c) to head (bbee2f9).

Additional details and impacted files 
@@             Coverage Diff              @@
##                2.x    #7893      +/-   ##
============================================
- Coverage     71.20%   70.85%   -0.35%     
  Complexity      797      797              
============================================
  Files          1300     1300              
  Lines         49620    49620              
  Branches       5874     5874              
============================================
- Hits          35331    35158     -173     
- Misses        11371    11548     +177     
+ Partials       2918     2914       -4
Files with missing lines Coverage Δ
...java/org/apache/seata/core/model/GlobalStatus.java 97.67% <ø> (ø)
...a/server/console/entity/param/GlobalLockParam.java 0.00% <ø> (ø)
...erver/console/entity/param/GlobalSessionParam.java 0.00% <ø> (ø)
...eata/server/console/entity/vo/BranchSessionVO.java 0.00% <ø> (ø)
...eata/server/console/entity/vo/GlobalSessionVO.java 0.00% <ø> (ø)

... and 12 files with indirect coverage changes

Impacted file tree graph

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@funky-eyes funky-eyes requested a review from Copilot December 24, 2025 01:20
@funky-eyes funky-eyes added this to the 2.6.0 milestone Dec 24, 2025
@funky-eyes funky-eyes added type: feature Category issues or prs related to feature request. module/server server module labels Dec 24, 2025
@funky-eyes funky-eyes added module/console and removed module/server server module labels Dec 24, 2025
Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds MCP (Model Context Protocol) tools to enable LLM-based management of Seata's global transactions, branch sessions, and distributed locks. It implements namespace discovery, session management operations, lock management, and a user confirmation mechanism for destructive operations.

Key Changes:

  • Introduced MCP tool classes for querying and managing global/branch sessions and locks with user confirmation workflow
  • Added RPC service layer for communicating with TC nodes via REST APIs with JWT authentication
  • Enhanced JWT token handling to support async dispatches and preserve credentials for MCP operations

Reviewed changes

Copilot reviewed 27 out of 27 changed files in this pull request and generated 21 comments.

Show a summary per file
File Description
NameSpaceTools.java Provides tool to discover registered TC node namespaces and clusters
ModifyConfirmTools.java Implements user confirmation mechanism before destructive operations
GlobalSessionTools.java MCP tools for querying, deleting, and managing global transaction sessions
BranchSessionTools.java MCP tools for managing branch transaction lifecycle operations
GlobalLockTools.java MCP tools for querying, checking, and deleting distributed locks
ModifyConfirmServiceImpl.java Service implementation for generating and validating time-limited modification keys
MCPRPCServiceImpl.java RPC service for making authenticated HTTP calls to TC nodes
GlobalSessionVO.java Value object for global session data serialization
GlobalLockVO.java Value object for global lock data serialization
BranchSessionVO.java Value object for branch session data serialization
GlobalSessionParamDto.java DTO for global session query parameters with time range support
GlobalLockParamDto.java DTO for global lock query parameters
GlobalSessionParam.java Internal parameter object for global session queries
GlobalLockParam.java Internal parameter object for global lock queries
GlobalLockDeleteParam.java Parameter object for lock deletion operations
GlobalAbnormalSessionParam.java Parameter object for querying abnormal transaction sessions
DateUtils.java Utility class for date/time conversions and validations
TimestampToStringDeserializer.java Jackson deserializer for converting timestamps to formatted strings
NameSpaceDetail.java Configuration object for specifying TC node namespace details
RPCConstant.java Constants for REST API endpoint paths
JwtTokenUtils.java Updated to preserve JWT token in authentication credentials
JwtAuthenticationTokenFilter.java Enhanced to support async request dispatching
pom.xml Added seata-core dependency for MCP tools
changes/zh-cn/2.x.md Chinese changelog entry
changes/en-us/2.x.md English changelog entry

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

funky-eyes
funky-eyes reviewed Dec 24, 2025
View reviewed changes
@funky-eyes funky-eyes requested a review from Copilot December 25, 2025 07:41
Copilot AI reviewed Dec 25, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 30 out of 36 changed files in this pull request and generated 17 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

console/src/main/java/org/apache/seata/mcp/tools/ModifyConfirmTools.java
Comment on lines +51 to +54
if (!userInputStr.contains("确认") && !userInputStr.contains("confirm")) {
throw new IllegalArgumentException(
"Confirmation string must explicitly contain '确认' or 'confirm' and repeat the modification content. This must come from the user.");
}
Copy link

Copilot AI Dec 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The validation logic for user confirmation is weak and could be bypassed with minimal effort. The check only verifies that the input contains "确认" or "confirm" but doesn't validate that the user actually understood what they're confirming. A malicious actor or automated tool could easily provide a string that contains these words. Consider implementing a more robust confirmation mechanism, such as requiring the user to type the specific XID or operation details they're confirming.

Copilot uses AI. Check for mistakes.
@funky-eyes funky-eyes requested a review from Copilot December 25, 2025 09:30
Copilot AI reviewed Dec 25, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 30 out of 36 changed files in this pull request and generated 13 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@funky-eyes funky-eyes requested a review from Copilot December 26, 2025 01:33
Copilot AI reviewed Dec 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 34 out of 40 changed files in this pull request and generated 13 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@funky-eyes funky-eyes funky-eyes left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

module/console type: feature Category issues or prs related to feature request.

Projects

None yet

Milestone

2.6.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Xb2555 @funky-eyes