dosubot[bot] commented on issue #40423: URL: https://github.com/apache/superset/issues/40423#issuecomment-4537065361
<!-- Answer --> Thanks for clarifying — this is a more specific issue then. Even with `MCP_DEV_USERNAME` properly set, users on 6.1.0 have reported that the user resolution still fails due to the **Flask app context not being properly maintained during MCP request handling** [[1]](https://github.com/apache/superset/issues/40225). The issue is that in 6.1.0, the MCP routes run through a FastMCP/ASGI sub-app that bypasses Flask's request lifecycle. Even though `MCP_DEV_USERNAME` is configured, the code that resolves it to an actual user object (via `SecurityManager.get_user_by_username()`) may fail because there's no active Flask app context or SQLAlchemy session available at the time of the lookup [[2]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py#L2457-L2467). Other users in [#40225](https://github.com/apache/superset/issues/40225) solved this by **patching their Docker image with `auth.py` and `mcp_config.py` from the `master` branch** [[1]](https://github.com/apache/superset/issues/40225). The `master` branch includes several critical fixes that landed after 6.1.0: - **PR #36013**: Introduced `_setup_user_context()` with eagerly loaded relationships (roles/groups), which prevents the `DetachedInstanceError` on `PermissionView` - **PR #38747**: Fixed user resolution priority to properly read `MCP_DEV_USERNAME` - **PR #39798**: Added `db.session.remove()` at the start of tool execution to clear stale thread-local sessions - **PR #39015**: Added retry logic when `_setup_user_context()` encounters stale database connections Your `DetachedInstanceError` specifically suggests the user *is* being found, but when RBAC permission checking accesses `PermissionView.permission` (a lazy-loaded relationship), the session is already gone. This matches the pattern fixed by eager-loading relationships in PR #36013. **Recommended fix**: Replace `superset/mcp_service/auth.py` and `superset/mcp_service/mcp_config.py` in your Docker image with the versions from the current `master` branch, as other users have done successfully. You can add this to your Dockerfile: ```dockerfile # After your existing RUN commands COPY --from=master-source /path/to/auth.py /usr/local/lib/python3.9/site-packages/superset/mcp_service/auth.py COPY --from=master-source /path/to/mcp_config.py /usr/local/lib/python3.9/site-packages/superset/mcp_service/mcp_config.py ``` Or download them directly from the repository's `master` branch and COPY them in. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fsuperset). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fsuperset&message_id=048563d3-de9c-41d1-b13a-ed418880c10a) [](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fsuperset) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fsuperset) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
