Detect Pong from MCP Client and skip Session ID validation

[struckoff]

Description

Fixes #<issue_number> (if applicable)

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• MCP spec compatibility implementation
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code refactoring (no functional changes)
• Performance improvement
• Tests only (no functional changes)
• Other (please describe):

Checklist

• My code follows the code style of this project
• I have performed a self-review of my own code
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly

MCP Spec Compliance

• This PR implements a feature defined in the MCP specification
• Link to relevant spec section: Link text
• Implementation follows the specification exactly

Additional Information

This fix ensures compliance with the MCP ping/pong specification:

• Ping request: {"jsonrpc": "2.0", "id": "123", "method": "ping"}
• Pong response: {"jsonrpc": "2.0", "id": "123", "result": {}}

Previously, when WithHeartbeatInterval was enabled in the HTTP Streamable MCP server, Cursor AI and Claude Desktop got a 400 error - "Missing session ID for sampling response" - because the Pong response was incorrectly interpreted as a SamplingResponse.

Without heartbeat support, Cursor disconnects from MCP after a 5-minute timeout.

Summary by CodeRabbit

• Bug Fixes

  • Ignore empty ping/pong JSON-RPC responses in the streaming HTTP endpoint so they are not misclassified as sampling responses, reducing spurious errors and improving stability when clients send empty result or error payloads.

• Tests

  • Added tests verifying pong responses (empty result, omitted result, or empty error) return HTTP 200 and do not trigger sampling-related logic.

[coderabbitai]

Walkthrough

Detects and skip empty ping/pong JSON-RPC responses in StreamableHTTPServer.handlePost by adding isPingResponse and isJSONEmpty helpers; refines isSamplingResponse logic; adds tests ensuring empty or omitted result/error pong responses are not treated as sampling responses.

Changes

Cohort / File(s)	Summary
Server: Ping/Pong handling logic server/streamable_http.go	Add isJSONEmpty(json.RawMessage) bool helper and isPingResponse detection (Method empty, ID present, Result/Error empty). Early-return on ping responses in POST path; minor formatting/refactor of isSamplingResponse. No exported API changes.
Server tests: Pong handling server/streamable_http_test.go	Add TestStreamableHTTP_PongResponseHandling with subtests verifying that empty-result, omitted-result, and empty-error responses are not treated as sampling responses; uses JSON POST helper.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(Srv/stream): add ID field to PingRequest #353 — Modifies server/streamable_http.go to add per-session ping IDs/tracking; directly related to ping/pong handling and ID-based behavior.
• feat(server): convert ping messages to be spec compliant #169 — Added logic to ignore ping/pong response messages elsewhere (request_handler.go); overlaps conceptually with this PR’s ping/pong detection changes.

Suggested reviewers

• pottekkat
• robert-jackson-glean

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 247a550 and 2d6f1a2.

📒 Files selected for processing (1)

• server/streamable_http.go (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• server/streamable_http.go

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

server/streamable_http.go (1)

249-251: LGTM with minor edge case consideration.

The updated sampling response detection logic correctly differentiates from ping responses. However, consider handling the edge case where both Result and Error are nil - such messages would bypass both ping and sampling detection.

Consider adding explicit validation:

 isSamplingResponse := jsonMessage.Method == "" && jsonMessage.ID != nil &&
-	(jsonMessage.Result != nil || jsonMessage.Error != nil)
+	(jsonMessage.Result != nil || jsonMessage.Error != nil) &&
+	!isPingResponse

server/streamable_http_test.go (1)

897-990: Improve test coverage and assertions.

The test structure is good and covers the main scenarios, but could be enhanced:

1. Missing positive assertions: Tests only verify that sampling errors don't occur, but don't confirm that ping responses are actually handled correctly.

2. Unrealistic scenario: The third test case with empty error may not represent a realistic ping/pong scenario according to the MCP spec.

Consider these improvements:

+	// First verify a real sampling response still triggers the error
+	t.Run("Real sampling response should still require session ID", func(t *testing.T) {
+		samplingResponse := map[string]any{
+			"jsonrpc": "2.0",
+			"id":      126,
+			"result":  map[string]any{"content": "test"},
+		}
+		
+		resp, err := postJSON(server.URL, samplingResponse)
+		if err != nil {
+			t.Fatalf("Failed to send sampling response: %v", err)
+		}
+		defer resp.Body.Close()
+		
+		if resp.StatusCode == http.StatusOK {
+			t.Error("Expected sampling response to fail without session ID")
+		}
+	})

Also consider verifying response content more thoroughly:

 		if resp.StatusCode != http.StatusOK {
 			t.Errorf("Expected status 200 for pong response, got %d. Body: %s", resp.StatusCode, bodyStr)
 		}
+		
+		// Verify response body is empty (as expected for ping responses)
+		if len(bodyBytes) > 0 {
+			t.Errorf("Expected empty response body for ping, got: %s", bodyStr)
+		}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a88d01 and 247a550.

📒 Files selected for processing (2)

• server/streamable_http.go (1 hunks)
• server/streamable_http_test.go (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

server/streamable_http.go (1)

mcp/types.go (1)

• Result (245-249)