Support aggregate event IDs for multi-toolkit MCP proxy (#1791)

* feat(binding-mcp): aggregate event ids across routes in mcp.proxy lifecycle

In multi-route mode each upstream MCP server mints SSE event ids in its
own namespace, so forwarding them verbatim collides on the agent's
merged stream and breaks Last-Event-ID recovery on reconnect.

The proxy now derives a unique short prefix per route from CRC32C of
its `when[].toolkit` (URL-safe base64, shortest unique length), then on
each outbound FlushEx that carries an id (resumable, listChanged,
progress, elicitComplete) rewrites the id to a canonical sorted
`<prefix>=<id>;<prefix>=<id>` aggregate of the latest known per-route
ids. On inbound McpResumeChallengeEx the aggregate is decoded back to
per-route ids and dispatched to each route's lifecycle client, opening
clients lazily when needed; unknown prefixes are skipped without
rejecting the resume.

Single-route configs and the hydrater self-loop bypass aggregation
entirely. McpBindingConfig validates that every route declares a
toolkit when more than one route is configured.

* test(binding-mcp): k3po IT coverage for aggregate-id resume demux

Adds engine-driven McpProxyIT scenarios that exercise the demux path on
McpLifecycleServer.onServerChallenge end-to-end:

- lifecycle.events.resume.aggregate.event.id — client injects a resume
  challenge with the aggregate id "2=200;S=100"; the proxy decodes it,
  opens both upstream lifecycle clients lazily, and the upstreams each
  receive a resume challenge carrying their per-route id. When
  bluesky subsequently emits toolsListChanged id=101, the agent reads
  "2=200;S=101", proving the aggregate snapshot retained the inbound
  per-route ids.

- lifecycle.events.resume.missing.prefix — client injects an aggregate
  containing an unknown prefix X plus a known prefix S; the proxy
  skips X (no route bound to that prefix) and only dispatches the
  bluesky route. When bluesky emits id=101 the agent reads "S=101".

The challenge is injected via `read advise zilla:challenge` on the
script's connect side — the same active-emit primitive the elicit
scripts use on the accept side. This is the script analogue of
mcp.server translating an HTTP Last-Event-ID header into a
ChallengeFW on the lifecycle stream.

Also fixes McpLifecycleServer.dispatchAggregateResume to seed
lastEventIdsByPrefix with the per-route ids decoded from the inbound
aggregate, so the first post-resume FlushEx from any one route still
emits a complete aggregate covering every route present in the
original Last-Event-ID rather than just the route that just emitted.

* feat(binding-mcp): scope toolkit and cache to kind: proxy in schema

Tightens the mcp binding schema so `toolkit` is required on every
`when` item — and only permitted on `kind: proxy`. The `cache` option
is likewise restricted to `kind: proxy`. Adds invalid configs and
SchemaTest cases asserting that misconfigured server-kind bindings
(cache option, toolkit-bearing when) and proxy-kind routes missing
toolkit are rejected at config-parse time.

Drops the runtime IllegalArgumentException in McpBindingConfig that
checked multi-route toolkit presence; the schema now enforces this
earlier (config-parse, not engine startup), making the runtime check
dead code.

Splits the multi-route resume scenarios into prefixed and non-prefixed
variants per repo convention so both forms have peer-to-peer
ApplicationIT coverage and engine-driven McpProxyIT coverage:

- lifecycle.events.resume.aggregate.event.id{.prefixed}/
- lifecycle.events.resume.missing.prefix{.prefixed}/

The prefixed/client.rpt connects to the proxy's app surface and
injects the aggregate id; the non-prefixed/client.rpt simulates what
the proxy would do upstream — two direct connects, one per route,
each carrying the per-route id. The shared server.rpt observes the
per-route challenges via `write advised zilla:challenge`.

* perf(binding-mcp): zero-allocation aggregate event id encode

Replaces the StringBuilder-backed encode that allocated a StringBuilder
plus a String per outbound FlushEx with a buffer-based encode that
writes UTF-8 bytes directly into a factory-level MutableDirectBuffer
and returns the byte count.

McpLifecycleServer.mintAggregateEventId now wraps the encoded slice in
a reusable OctetsFW (null if no route has emitted yet); the
rewriteFlushExWithAggregateId helper passes
buffer/offset/length to the generated id(DirectBuffer, int, int)
builder overload on every applicable FlushEx variant
(resumable, toolsListChanged, promptsListChanged, resourcesListChanged,
progress, elicitComplete).

McpAggregateEventIdTest exercises the new buffer API (including encode
at a non-zero offset) and reads the encoded bytes back via
getStringWithoutLengthUtf8 for assertion.

* refactor(binding-mcp): trim verbose names in aggregate event id paths

Tightens names that encoded preconditions or context that is already
clear from scope:

- McpBindingConfig.sortedPrefixes -> prefixes
- McpBindingConfig.sortedRoutedIdsByPrefix -> routedIds
- McpBindingConfig.prefixByRoutedId dropped (was never read)
- McpAggregateEventId.encode parameters
    prefixesSortedAscending / idsAlignedWithPrefixes -> prefixes / ids
- McpProxyLifecycleFactory:
    flushCodecBuffer -> flushExBuffer
    aggregateIdBuffer -> aggregateBuffer
    aggregateIdRO -> aggregateRO
    lastEventIdsByPrefix -> eventIds
    pendingResumeId -> resumeId
    recordRouteEventId(sourceRoutedId, perRouteId) -> recordEventId(routedId, id)
    mintAggregateEventId() -> mintAggregate()
    dispatchAggregateResume(...) -> dispatchResume(...)
    extractEventId(...) -> eventIdOf(...) (matches the existing
    capabilityOf / identifierOf getter convention)
    rewriteFlushExWithAggregateId(...) -> rewriteFlushEx(...)

Pure rename — no behavioural change. All 188 tests + checkstyle + license
remain green.

* refactor(binding-mcp): rename aggregate-resume scenario dirs

Resolves the "prefix"-overloading in the previous scenario names:
- "prefix" in `missing.prefix` referred to the *toolkit* routing prefix
- ".prefixed" suffix is the convention marker for the engine-driven
  variant (per tools.list.toolkit.multi.prefixed)

The two collided, so `resume.missing.prefix.prefixed` read as nonsense.

Renames:
- lifecycle.events.resume.aggregate.event.id          -> lifecycle.events.resume.aggregate
- lifecycle.events.resume.aggregate.event.id.prefixed -> lifecycle.events.resume.aggregate.prefixed
- lifecycle.events.resume.missing.prefix              -> lifecycle.events.resume.partial
- lifecycle.events.resume.missing.prefix.prefixed     -> lifecycle.events.resume.partial.prefixed

`event.id` is redundant once `resume` is in the name; `partial`
describes the outcome (only the resolvable prefixes are dispatched)
without re-using the "prefix" word.

Test methods follow:
- shouldResumeLifecycleEventsWithAggregateEventId -> shouldResumeLifecycleEventsAggregate
- shouldResumeLifecycleEventsWithMissingPrefix   -> shouldResumeLifecycleEventsPartial

* refactor(binding-mcp): apply PR #1791 review feedback

Naming and structure tweaks from the review:

- McpBindingConfig: replace parallel arrays (prefixes[], routedIds[])
  with a single McpAggregateRoute[] (new record (prefix, routedId)).
- McpAggregateEventId.computePrefixes: drop the redundant single-toolkit
  special case (the general loop produces the same 1-char prefix);
  replace explicit Map builders with stream + toMap collectors.
- McpAggregateEventId.encode: signature now takes McpAggregateRoute[]
  directly instead of a parallel String[] prefixes argument.
- McpLifecycleServer.recordEventId -> onDecodeEventId (event-handler
  naming consistent with on*/do* convention).
- McpLifecycleServer.mintAggregate -> nextEventId.
- McpProxyLifecycleFactory.eventIdOf -> extractEventId.
- onClientFlush now just forwards to doServerFlush(... routedId); the
  aggregation transform lives on doServerFlush where it can read its
  own server state directly. Inside, drop the extension.sizeof() > 0
  guard and use wrap (not tryWrap) — the FlushEx is non-null on this
  path.
- McpLifecycleClient.doClientResume: drop the resumeId parameter; the
  client's own resumeId field is read via a `this::injectResumeId`
  method reference on the builder.
- McpLifecycleClient.sessionId: now private with a sessionId() accessor;
  external callers in McpProxyItemFactory / McpProxyListFactory updated
  (the McpLifecycleServer.sessionId field — a different class — stays
  package-private).
- rewriteFlushEx locals renamed to (buffer, offset, length) to avoid
  shadowing the factory-level aggregateBuffer field.
- forwardExtension -> newExtension.

SchemaTest: positive cases for each kind with all supported options
populated (server.options.yaml, proxy.options.yaml, client.options.yaml).

Pure refactor — all 18 unit + 171 IT tests still green.

* refactor(binding-mcp): apply second round PR #1791 feedback

- Long2ObjectHashMap<String> replaces String[] eventIds for cleaner
  lookup and storage keyed by routedId
- aggregateBuffer sized to fixed 1024 bytes instead of writeBuffer
  capacity
- doClientResume guards on replyOpened and clears resumeId on send
- doClientBegin pre-sets lifecycle sessionId from server, allowing
  list factory to drop fallback to server.lifecycle.sessionId
- McpItem.doClientBegin accepts sessionId as parameter from server
  call site instead of computing locally
- resumeClient extracted from dispatchResume lambda; onServerChallenge
  inlines aggregate decode under nested KIND_RESUME guard
- onClientFlush records per-route event id; doServerFlush now only
  rewrites the aggregate
- SchemaTest keeps a single positive options test per kind with all
  supported properties, drops the redundant toolkit-multi test

* refactor(binding-mcp): apply third round PR #1791 feedback

- Pass identifier as a parameter to McpItem.doClientBegin from the
  server call site instead of pulling from server.identifier inside
- Rename resumeClient to onDecodeAggregateEventId for symmetry with
  onDecodeEventId
- Replace rewriteFlushEx with kind-specific inject methods dispatched
  from a generic injectFlushEx; inline the builder chain at the call
  site in doServerFlush
- Drop redundant shouldValidateServer; the with-options positive tests
  cover the supported properties for each kind

* refactor(binding-mcp): drop WithOptions suffix from schema test names

* refactor(binding-mcp): drop dead prefix field and sessionId accessors

- Remove unused McpProxyItemFactory.McpServer.prefix field, its
  constructor parameter, the call-site argument, and the local
  variable from the resolve block
- Inline McpProxyItemFactory.McpServer.sessionId() to direct
  lifecycle.sessionId field access at the two call sites
- Promote McpProxyLifecycleFactory.McpLifecycleClient.sessionId to
  package-private and drop the sessionId() accessor; the sole
  external caller now reads the field directly

* refactor(binding-mcp): store originId and routedId on proxy clients

McpLifecycleClient, McpProxyItemFactory.McpClient, and
McpProxyListFactory.McpListClient now hold originId and routedId as
final fields set once in the constructor, instead of recomputing
server.lifecycle.originId / server.routedId at every do* call site.
The resolvedId field is renamed to routedId for consistency with the
existing initialId/replyId/originId/routedId naming convention.

* fix(binding-mcp): restore proxy.toolkit.multi.yaml for IT tests

McpProxyIT references @configuration("proxy.toolkit.multi.yaml") for
six multi-toolkit and aggregate-resume tests. The yaml was removed
along with the redundant SchemaTest case, but the IT still depends on
it for the multi-route proxy configuration. Local tests masked the
gap because target/classes retained a stale copy; clean CI builds
hit NullPointerException loading the missing config.

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: jfallows

runtime/binding-mcp/src/main/java/io/aklivity/zilla/runtime/binding/mcp/internal/config/McpAggregateEventId.java

@@ -0,0 +1,153 @@
+/*
+ * Copyright 2021-2024 Aklivity Inc
+ *
+ * Licensed under the Aklivity Community License (the "License"); you may not use
+ * this file except in compliance with the License.  You may obtain a copy of the
+ * License at
+ *
+ *   https://www.aklivity.io/aklivity-community-license/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OF ANY KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package io.aklivity.zilla.runtime.binding.mcp.internal.config;
+
+import static java.util.function.Function.identity;
+import static java.util.stream.Collectors.toMap;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.BiConsumer;
+import java.util.zip.CRC32C;
+
+import org.agrona.MutableDirectBuffer;
+import org.agrona.collections.Long2ObjectHashMap;
+
+public final class McpAggregateEventId
+{
+    static final byte PAIR_DELIMITER = (byte) ';';
+    static final byte KEY_VALUE_DELIMITER = (byte) '=';
+    static final int MAX_PREFIX_LENGTH = 6;
+
+    private McpAggregateEventId()
+    {
+    }
+
+    public static Map<String, String> computePrefixes(
+        Collection<String> toolkits)
+    {
+        if (toolkits == null || toolkits.isEmpty())
+        {
+            return Map.of();
+        }
+
+        final Set<String> distinct = new HashSet<>(toolkits);
+        final Map<String, String> encoded = distinct.stream()
+            .collect(toMap(identity(), McpAggregateEventId::encodeCrc32c));
+
+        int length = 1;
+        while (length <= MAX_PREFIX_LENGTH)
+        {
+            final Set<String> seen = new HashSet<>();
+            boolean unique = true;
+            for (String code : encoded.values())
+            {
+                if (!seen.add(code.substring(0, length)))
+                {
+                    unique = false;
+                    break;
+                }
+            }
+            if (unique)
+            {
+                break;
+            }
+            length++;
+        }
+
+        if (length > MAX_PREFIX_LENGTH)
+        {
+            throw new IllegalStateException("unable to derive unique prefixes for toolkits: " + distinct);
+        }
+
+        final int prefixLength = length;
+        return encoded.entrySet().stream()
+            .collect(toMap(Map.Entry::getKey, e -> e.getValue().substring(0, prefixLength)));
+    }
+
+    public static int encode(
+        McpAggregateRoute[] routes,
+        Long2ObjectHashMap<String> ids,
+        MutableDirectBuffer buffer,
+        int offset)
+    {
+        int progress = offset;
+        for (McpAggregateRoute route : routes)
+        {
+            final String id = ids.get(route.routedId());
+            if (id == null)
+            {
+                continue;
+            }
+            if (progress > offset)
+            {
+                buffer.putByte(progress++, PAIR_DELIMITER);
+            }
+            progress += buffer.putStringWithoutLengthUtf8(progress, route.prefix());
+            buffer.putByte(progress++, KEY_VALUE_DELIMITER);
+            progress += buffer.putStringWithoutLengthUtf8(progress, id);
+        }
+        return progress == offset ? -1 : progress - offset;
+    }
+
+    public static void decode(
+        String aggregate,
+        BiConsumer<String, String> visitor)
+    {
+        if (aggregate == null || aggregate.isEmpty())
+        {
+            return;
+        }
+
+        int start = 0;
+        final int length = aggregate.length();
+        while (start < length)
+        {
+            int end = aggregate.indexOf((char) PAIR_DELIMITER, start);
+            if (end < 0)
+            {
+                end = length;
+            }
+            final int sep = aggregate.indexOf((char) KEY_VALUE_DELIMITER, start);
+            if (sep > start && sep < end)
+            {
+                final String prefix = aggregate.substring(start, sep);
+                final String value = aggregate.substring(sep + 1, end);
+                visitor.accept(prefix, value);
+            }
+            start = end + 1;
+        }
+    }
+
+    private static String encodeCrc32c(
+        String toolkit)
+    {
+        final CRC32C crc = new CRC32C();
+        crc.update(toolkit.getBytes(StandardCharsets.UTF_8));
+        final long value = crc.getValue();
+        final byte[] bytes = new byte[]
+        {
+            (byte) (value >>> 24),
+            (byte) (value >>> 16),
+            (byte) (value >>> 8),
+            (byte) value
+        };
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
+    }
+}

runtime/binding-mcp/src/main/java/io/aklivity/zilla/runtime/binding/mcp/internal/config/McpAggregateRoute.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2021-2024 Aklivity Inc
+ *
+ * Licensed under the Aklivity Community License (the "License"); you may not use
+ * this file except in compliance with the License.  You may obtain a copy of the
+ * License at
+ *
+ *   https://www.aklivity.io/aklivity-community-license/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OF ANY KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package io.aklivity.zilla.runtime.binding.mcp.internal.config;
+
+public record McpAggregateRoute(
+    String prefix,
+    long routedId)
+{
+}

runtime/binding-mcp/src/main/java/io/aklivity/zilla/runtime/binding/mcp/internal/config/McpBindingConfig.java

@@ -17,6 +17,7 @@
 import static io.aklivity.zilla.runtime.binding.mcp.config.McpElicitationConfig.DEFAULT_CALLBACK_PATH;
 
 import java.util.ArrayList;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -43,6 +44,8 @@ public final class McpBindingConfig
     public final GuardHandler guard;
     public final McpProxyCache cache;
     public final Map<String, McpProxySession> sessions;
+    public final Map<String, McpRouteConfig> routeByPrefix;
+    public final McpAggregateRoute[] aggregateRoutes;
 
     private final List<McpRouteConfig> routes;
 
@@ -57,6 +60,26 @@ public McpBindingConfig(
             .map(McpRouteConfig::new)
             .collect(Collectors.toList());
 
+        final Map<String, McpRouteConfig> routeByPrefix = new LinkedHashMap<>();
+        if (routes.size() > 1)
+        {
+            final List<String> toolkits = routes.stream()
+                .map(McpRouteConfig::toolkit)
+                .collect(Collectors.toList());
+            final Map<String, String> prefixesByToolkit = McpAggregateEventId.computePrefixes(toolkits);
+            for (McpRouteConfig route : routes)
+            {
+                final String prefix = prefixesByToolkit.get(route.toolkit());
+                routeByPrefix.put(prefix, route);
+            }
+        }
+        this.routeByPrefix = routeByPrefix;
+
+        this.aggregateRoutes = routeByPrefix.entrySet().stream()
+            .sorted(Map.Entry.comparingByKey())
+            .map(e -> new McpAggregateRoute(e.getKey(), e.getValue().id))
+            .toArray(McpAggregateRoute[]::new);
+
         this.guard = Optional.ofNullable(options)
             .map(o -> o.authorization)
             .map(a -> a.name)

runtime/binding-mcp/src/main/java/io/aklivity/zilla/runtime/binding/mcp/internal/config/McpRouteConfig.java

@@ -49,6 +49,7 @@ public final class McpRouteConfig
 
     private final List<ConditionMatcher> matchers;
     private final LongObjectPredicate<UnaryOperator<String>> authorized;
+    private final String toolkit;
 
     public McpRouteConfig(
         RouteConfig route)
@@ -60,6 +61,16 @@ public McpRouteConfig(
             .map(ConditionMatcher::new)
             .collect(toList());
         this.authorized = route.authorized;
+        this.toolkit = matchers.stream()
+            .map(m -> m.toolkit)
+            .filter(t -> t != null)
+            .findFirst()
+            .orElse(null);
+    }
+
+    public String toolkit()
+    {
+        return toolkit;
     }
 
     public boolean authorized(
@@ -216,6 +227,7 @@ static String identifierOf(
 
     private static final class ConditionMatcher
     {
+        private final String toolkit;
         private final String toolsPrefix;
         private final String promptsPrefix;
         private final String resourcesPrefix;
@@ -225,6 +237,7 @@ private ConditionMatcher(
         {
             final List<String> capabilities = condition.capability;
             final String toolkit = condition.toolkit;
+            this.toolkit = toolkit;
 
             final boolean anyCapability = capabilities == null;
             final boolean tools = anyCapability || capabilities.contains(CAPABILITY_TOOLS);