fix: cache TokenEncryption, clear stale router caches on re-init

2026-04-25 00:36:31 +02:00 · 2026-04-22 20:24:45 +02:00 · 2026-04-22 20:24:45 +02:00 · 01153b0d7e
commit 01153b0d7e
parent a1d03da896
2 changed files with 26 additions and 9 deletions
--- a/surfsense_backend/app/agents/new_chat/tools/mcp_tool.py
+++ b/surfsense_backend/app/agents/new_chat/tools/mcp_tool.py
@ -14,10 +14,15 @@ clicking "Always Allow", which adds the tool name to the connector's
 ``config.trusted_tools`` allow-list.
 """

+from __future__ import annotations
+
 import logging
 import time
 from collections import defaultdict
-from typing import Any
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from app.utils.oauth_security import TokenEncryption

 from langchain_core.tools import StructuredTool
 from mcp import ClientSession
@ -426,6 +431,18 @@ async def _load_http_mcp_tools(

 _TOKEN_REFRESH_BUFFER_SECONDS = 300  # refresh 5 min before expiry

+_token_enc: TokenEncryption | None = None
+
+
+def _get_token_enc() -> TokenEncryption:
+    global _token_enc
+    if _token_enc is None:
+        from app.config import config as app_config
+        from app.utils.oauth_security import TokenEncryption
+
+        _token_enc = TokenEncryption(app_config.SECRET_KEY)
+    return _token_enc
+

 def _inject_oauth_headers(
    cfg: dict[str, Any],
@ -443,11 +460,7 @@ def _inject_oauth_headers(
        return server_config

    try:
-        from app.config import config as app_config
-        from app.utils.oauth_security import TokenEncryption
-
-        enc = TokenEncryption(app_config.SECRET_KEY)
-        access_token = enc.decrypt_token(encrypted_token)
+        access_token = _get_token_enc().decrypt_token(encrypted_token)

        result = dict(server_config)
        result["headers"] = {
@ -500,11 +513,9 @@ async def _maybe_refresh_mcp_oauth_token(
        return server_config

    try:
-        from app.config import config as app_config
        from app.services.mcp_oauth.discovery import refresh_access_token
-        from app.utils.oauth_security import TokenEncryption

-        enc = TokenEncryption(app_config.SECRET_KEY)
+        enc = _get_token_enc()
        decrypted_refresh = enc.decrypt_token(refresh_token)
        decrypted_secret = (
            enc.decrypt_token(mcp_oauth["client_secret"])
--- a/surfsense_backend/app/services/llm_router_service.py
+++ b/surfsense_backend/app/services/llm_router_service.py
@ -290,6 +290,12 @@ class LLMRouterService:

            instance._router = Router(**router_kwargs)
            instance._initialized = True
+
+            global _cached_context_profile, _cached_context_profile_computed
+            _cached_context_profile = None
+            _cached_context_profile_computed = False
+            _router_instance_cache.clear()
+
            logger.info(
                "LLM Router initialized with %d deployments, "
                "strategy: %s, context_window_fallbacks: %s, fallbacks: %s",