fix(mcp): Address auth issues with Firebase Studio environment #8871
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @mbleigh, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request primarily focuses on enhancing the stability and debuggability of the Firebase MCP (Model Context Protocol) server, especially within the Firebase Studio environment. It addresses authentication challenges by conditionally skipping auto-auth, improves system resilience by implementing timeouts for critical operations, centralizes environment detection logic, and introduces a powerful new debug logging mechanism for MCP communication.
Highlights
- Authentication Handling for Firebase Studio: The pull request introduces changes to skip the automatic authentication check (
requireAuth) for themcpListToolscall when the environment is detected as Firebase Studio. This aims to resolve authentication issues specific to the Firebase Studio environment. - Robustness with Timeouts: Timeouts have been added to several asynchronous operations to prevent indefinite hanging. This includes
getCredentialsduring auto-authentication (shorter timeout for MCP),detectProjectRoot's readiness check, andcheckFeatureActiveAPI checks, improving the overall stability and responsiveness of the system. - Centralized Environment Detection: A new module (
src/env.ts) has been created to centralize environment checks, providingisFirebaseStudio()andisFirebaseMcp()helper functions. This replaces directprocess.env.MONOSPACE_ENVchecks, making environment detection more consistent and maintainable. - MCP Debug Logging: A new
FIREBASE_MCP_DEBUG_LOGenvironment variable is introduced. When set, it enables a specialLoggingStdioServerTransportthat logs the entire Model Context Protocol (MCP) communication transcript (both incoming and outgoing messages) to a specified file, greatly aiding in debugging MCP interactions.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces several fixes and improvements for authentication and environment handling, particularly for the Firebase Studio environment. It centralizes environment checks, adds timeouts to network-dependent operations to improve resilience, and introduces a new debug logging mechanism for MCP.
The review identified a few issues, including a critical operator precedence bug that could lead to incorrect client name resolution, and a high-severity issue where a new tool filtering mechanism was not being used. Other medium-severity issues include inefficient caching, another operator precedence bug in a log message, use of synchronous I/O in an async function, and a bug in timeout handling logic. Code suggestions have been provided for all identified issues.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…tools into mb/mcp/studio-startup
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #8871 +/- ##
=======================================
Coverage 52.04% 52.05%
=======================================
Files 413 416 +3
Lines 30609 30641 +32
Branches 6333 6340 +7
=======================================
+ Hits 15931 15949 +18
- Misses 13247 13261 +14
Partials 1431 1431 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| @@ -104,6 +116,8 @@ export async function requireAuth(options: any): Promise<string | null> { | |||
| ); | |||
| } else if (user && (!isExpired(tokens) || tokens?.refresh_token)) { | |||
| logger.debug(`> authorizing via signed-in user (${user.email})`); | |||
| } else if (skipAutoAuth) { | |||
There was a problem hiding this comment.
We have monospace specific logic in autoAuth that sets the user from the returned access token as the active user (so that it appears like the user is logged in). I'm concerned about the case where these tokens are present but expired - MCP server will tell them to login, but I think firebase login might not work as expected.
I think we probably need to clean up the auth strategy overall ASAP - what you have here is probably still an improvement over the current state tho
github-project-automation
bot
moved this to Approved [PR]
in [Cloud] Extensions + Functions
github-project-automation
bot
moved this from Approved [PR]
to Done
in [Cloud] Extensions + Functions
FIREBASE_MCP_DEBUG_LOGvariable that when used will log the entire MCP transcript to the specified file.