Skip to content

Python lint: Ruff rules for pylint and code complexity #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
felixweinberger merged 1 commit into from
Sep 5, 2025
Merged

Python lint: Ruff rules for pylint and code complexity #525

felixweinberger merged 1 commit into from
Sep 5, 2025

Conversation

@cclauss
Copy link
Contributor

@cclauss cclauss commented Apr 15, 2025
edited
Loading

Add ruff rules for Pylint and McCabe cyclomatic code complexity.

% ruff check --select=C90,PL --statistics | sort -k2

 5	C901   	[ ] complex-structure
 1	PLC0414	[ ] useless-import-alias
19	PLR0402	[*] manual-from-import
 1	PLR0911	[ ] too-many-return-statements
 1	PLR0912	[ ] too-many-branches
 5	PLR0913	[ ] too-many-arguments
 1	PLR0915	[ ] too-many-statements
26	PLR2004	[ ] magic-value-comparison
 1	PLW1510	[*] subprocess-run-without-check
[*] 20 fixable with the `--fix` option (1 hidden fix can be enabled with the `--unsafe-fixes` option).
Found 60 errors.

Motivation and Context

Pylint checks for errors, enforces a coding standard, looks for code smells, and can suggest how code could be refactored.
McCabe detects functions with high complexity that are hard to understand and maintain.

The C90 and PLR091 rules enable the setting of upper limits on code complexity. If a contributor wants to raise these limits, that can lead to useful discussion in code reviews about why complexity needs to rise and maintainability needs to go down.

How Has This Been Tested?

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@cclauss cclauss force-pushed the ruff-rules-for-pylint branch from 8690e74 to 1d06973 Compare April 15, 2025 20:50
@ihrpr ihrpr added this to the r-05-25 milestone Apr 29, 2025
ihrpr
ihrpr reviewed May 23, 2025
View reviewed changes
ihrpr
ihrpr previously requested changes May 23, 2025
View reviewed changes
Copy link
Contributor

@ihrpr ihrpr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for contributing to Python SDK!

  1. Please can you provide rationale for the specific numerical thresholds chosen
  2. Is implementing both C90 and PL linting rules simultaneously necessary?
  3. Please remove the widespread import style changes which aren't central to the linting goals

The subprocess check=False change is great, but should be submitted as a separate PR focused on that specific fix.

cclauss added a commit to cclauss/python-sdk that referenced this pull request May 23, 2025
@cclauss
Python lint: Ruff rule PLW1510 -- subprocess-run-without-check
b4758a8 
A subset of:
*  modelcontextprotocol#525

% `ruff check --select=PLW1510`
```
 1	PLW1510	[*] subprocess-run-without-check
```
https://docs.astral.sh/ruff/rules/subprocess-run-without-check
@cclauss cclauss mentioned this pull request May 23, 2025
Merged
9 tasks
@cclauss cclauss force-pushed the ruff-rules-for-pylint branch from 1d06973 to 7628dcb Compare May 23, 2025 17:38
@cclauss
Copy link
Contributor Author

cclauss commented May 23, 2025
edited
Loading

Please read the git commit when reviewing pull requests.

Please can you provide rationale for the specific numerical thresholds chosen

The C90 and PLR091 rules enable the setting of upper limits on code complexity. If a contributor wants to raise these limits, that can lead to useful discussion in code reviews about why complexity needs to rise and maintainability needs to go down.

The current code complexity determines the values set in this PR, with comments showing the recommended values. To find complexity in the codebase, just lower any of these values by one and run ruff check. Failure to review and merge this pr has forced an increase in max-complexity, max-branches, max-returns, and max-statements. Putting C90 and PLR091 in the same PR makes sense because they both set upper limits on code complexity and maintainability.

- mccabe.max-complexity = 13  # Default is 10
- max-branches = 14    # Default is 12
- max-returns = 7      # Default is 6
- max-statements = 69  # Default is 50
+ mccabe.max-complexity = 24  # Default is 10
+ max-branches = 23    # Default is 12
+ max-returns = 13      # Default is 6
- max-statements = 99  # Default is 50
+ max-statements = 102  # Default is 50

I have the RUFF settings to ignore the pylint import rules PLC0414 and PLR0402.

@cclauss cclauss requested a review from ihrpr May 24, 2025 06:54
Kludex
Kludex reviewed May 26, 2025
View reviewed changes
@cclauss cclauss force-pushed the ruff-rules-for-pylint branch from 191f41b to 1596aca Compare June 3, 2025 12:41
@cclauss cclauss requested a review from Kludex June 3, 2025 12:43
gspencergoog pushed a commit to gspencergoog/mcp-python-sdk that referenced this pull request Jul 29, 2025
@jonathanhefner @quuu
Update clients.mdx table header links
8e37784 
This replaces absolute URLs with paths, links the "Roots" column header,
and moves anchor definitions for the table header links to the top for
organizational purposes.

Closes modelcontextprotocol#525

Co-authored-by: Andrew Qu <qual1337@gmail.com>
felixweinberger
felixweinberger requested changes Sep 5, 2025
View reviewed changes
Copy link
Contributor

@felixweinberger felixweinberger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delay in coming back to this.

It would be great if we could address the issues introduced by the new lint rules instead of adding linter overrides.

Happy to come back to this quickly if you have the capacity to take a stab at this?

@felixweinberger felixweinberger added the needs more work Not ready to be merged yet, needs additional follow-up from the author(s). label Sep 5, 2025
@cclauss cclauss requested a review from a team September 5, 2025 13:37
@cclauss cclauss force-pushed the ruff-rules-for-pylint branch from 2d617e2 to f3540b7 Compare September 5, 2025 14:00
@felixweinberger felixweinberger mentioned this pull request Sep 5, 2025
Open
2 tasks
felixweinberger
felixweinberger approved these changes Sep 5, 2025
View reviewed changes
Copy link
Contributor

@felixweinberger felixweinberger left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I'm not a fan of ignoring ruff rules, in this case I believe it is justified given we're actually sharpening our lint rules overall and simply making explicit what we were previously implicitly ignoring.

Therefore I think we should land this in the interest of managing growing complexity on the Python SDK.

I've also created an issue for our v2 release where ideally we'd get rid of all ignores here.

pyproject.toml
"PL", # Pylint
"UP", # pyupgrade
]
ignore = ["PERF203", "PLC0415", "PLR0402"]
Copy link
Contributor

@felixweinberger felixweinberger Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"PLC0415" and "PLR0402" are newly added.

I'm assuming that's because we've added to the selection of tools above causing new lint errors to appear that we previously were ignoring by omission?

If so I'm OK with this trade-off in the short term to have a bit more manageable complexity.

pyproject.toml
[tool.ruff.lint.per-file-ignores]
"__init__.py" = ["F401"]
"tests/server/fastmcp/test_func_metadata.py" = ["E501"]
"tests/shared/test_progress_notifications.py" = ["PLW0603"]
Copy link
Contributor

@felixweinberger felixweinberger Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not my favorite solution, but assuming the same thing applies as above - we have this code already, we were just ignoring it by omission.

PLW0603

@felixweinberger felixweinberger dismissed ihrpr’s stale review September 5, 2025 14:19

Requested changes have been addressed

@felixweinberger
Copy link
Contributor

felixweinberger commented Sep 5, 2025

@cclauss thank you for the contribution and apologies again for the delay!

@felixweinberger felixweinberger merged commit c47c767 into modelcontextprotocol:main Sep 5, 2025
35 of 36 checks passed
@cclauss cclauss deleted the ruff-rules-for-pylint branch September 5, 2025 14:50
rbehal pushed a commit to gumloop/gumloop-mcp that referenced this pull request Sep 25, 2025
@dvlpjrs @felixweinberger
@yurikunash @pamelafox @ihrpr @Kludex @davenpi @functicons @dingo4dev @LucaButBoring @only-weng @clareliguori @lukacf @chughtapan @yannj-fr @pcarleton @sreenaths @jbkkd @joesavage-silabs @glinf @dsp-ant @mous222 @maxisbey @claude @jerome3o-anthropic @dragonier23 @keurcien @timesler @sandangel @justin-yi-wang @monkeywithacupcake @pja-ant @reidg44 @eleftherias @cclauss @pchoudhury22 @owengo @olivierhub @stevebillings @mssalvatore
[GMLP-5458] Sync upstream (#5)
0206b4d 
* Add regression test for stateless request memory cleanup (modelcontextprotocol#1140)

* Implement RFC9728 - Support WWW-Authenticate header by MCP client (modelcontextprotocol#1071)

* Add streamable HTTP starlette example to Python SDK docs (modelcontextprotocol#1111)

* fix markdown error in README in main (modelcontextprotocol#1147)

* README - replace code snippets with examples - add lowlevel to snippets (modelcontextprotocol#1150)

* README - replace code snippets with examples - streamable http (modelcontextprotocol#1155)

* chore: don't allow users to create issues outside the templates (modelcontextprotocol#1163)

* Tests(cli): Add coverage for helper functions (modelcontextprotocol#635)

* Docs: Update CallToolResult parsing in README (modelcontextprotocol#812)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* docs: add pre-commit install guide on CONTRIBUTING.md (modelcontextprotocol#995)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* fix flaky fix-test_streamablehttp_client_resumption test (modelcontextprotocol#1166)

* README - replace code snippets with examples -- auth examples (modelcontextprotocol#1164)

* Support falling back to OIDC metadata for auth (modelcontextprotocol#1061)

* Add CODEOWNERS file for sdk (modelcontextprotocol#1169)

* fix flaky test test_88_random_error (modelcontextprotocol#1171)

* Make sure `RequestId` is not coerced as `int` (modelcontextprotocol#1178)

* Fix: Replace threading.Lock with anyio.Lock for Ray deployment compatibility (modelcontextprotocol#1151)

* fix: fix OAuth flow request object handling (modelcontextprotocol#1174)

* update codeowners group (modelcontextprotocol#1191)

* fix: perform auth server metadata discovery fallbacks on any 4xx (modelcontextprotocol#1193)

* server: skip duplicate response on CancelledError (modelcontextprotocol#1153)

Co-authored-by: ihrpr <inna@anthropic.com>

* Unpack settings in FastMCP (modelcontextprotocol#1198)

* chore: Remove unused prompt_manager.py file (modelcontextprotocol#1229)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>

* Improved supported for ProtectedResourceMetadata (modelcontextprotocol#1235)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>

* chore: Remove unused variable notification_options (modelcontextprotocol#1238)

* Improve README around the Context object (modelcontextprotocol#1203)

* fix: allow to pass `list[str]` to `token_endpoint_auth_signing_alg_values_supported` (modelcontextprotocol#1226)

* Remove strict validation on `response_modes_supported` member of `OAuthMetadata` (modelcontextprotocol#1243)

* Add pyright strict mode on the whole project (modelcontextprotocol#1254)

* Consistent casing for default headers Accept and Content-Type (modelcontextprotocol#1263)

* Update dependencies and fix type issues (modelcontextprotocol#1268)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: prevent async generator cleanup errors in StreamableHTTP transport (modelcontextprotocol#1271)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>

* chore: uncomment .idea/ in .gitignore (modelcontextprotocol#1287)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: clarify streamable_http_path configuration when mounting servers (modelcontextprotocol#1172)

* feat: Add CORS configuration for browser-based MCP clients (modelcontextprotocol#1059)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Added Audio to FastMCP (modelcontextprotocol#1130)

* fix: avoid uncessary retries in OAuth authenticated requests (modelcontextprotocol#1206)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add PATHEXT to default STDIO env vars in windows (modelcontextprotocol#1256)

* fix: error too many values to unpack (expected 2) (modelcontextprotocol#1279)

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* SDK Parity: Avoid Parsing Server Response for non-JsonRPCMessage Requests (modelcontextprotocol#1290)

* types: Setting default value for method: Literal (modelcontextprotocol#1292)

* changes structured temperature to not deadly (modelcontextprotocol#1328)

* Update simple-resource example to use non-deprecated read_resource return type (modelcontextprotocol#1331)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: Update README to include link to API docs for modelcontextprotocol#1329 (modelcontextprotocol#1330)

* Allow ping requests before initialization (modelcontextprotocol#1312)

* Python lint: Ruff rules for pylint and code complexity (modelcontextprotocol#525)

* Fix context injection for resources and prompts (modelcontextprotocol#1336)

* fix(fastmcp): propagate mimeType in resource template list (modelcontextprotocol#1186)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* fix: allow elicitations accepted without content (modelcontextprotocol#1285)

Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>

* Use --frozen in pre-commit config (modelcontextprotocol#1375)

* Return HTTP 403 for invalid Origin headers (modelcontextprotocol#1353)

* Add test for ProtectedResourceMetadataParsing (modelcontextprotocol#1236)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fastmcp logging progress example (modelcontextprotocol#1270)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add paginated list decorators for prompts, resources, and tools (modelcontextprotocol#1286)

Co-authored-by: Claude <noreply@anthropic.com>

* Remove "unconditionally" from conditional description (modelcontextprotocol#1289)

* Use streamable-http consistently in examples (modelcontextprotocol#1389)

* feat: Add SDK support for SEP-1034 default values in elicitation schemas (modelcontextprotocol#1337)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implementation of SEP 973 - Additional metadata + icons support (modelcontextprotocol#1357)

* Merge upstream/main with custom filtering

---------

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: yurikunash <143175350+yurikunash@users.noreply.github.com>
Co-authored-by: Pamela Fox <pamela.fox@gmail.com>
Co-authored-by: Inna Harper <inna.hrpr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Ian Davenport <49379192+davenpi@users.noreply.github.com>
Co-authored-by: Dagang Wei <functicons@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Stanley Law <stanleylkal@gmail.com>
Co-authored-by: Luca Chang <131398524+LucaButBoring@users.noreply.github.com>
Co-authored-by: leweng <leweng@nvidia.com>
Co-authored-by: Clare Liguori <liguori@amazon.com>
Co-authored-by: lukacf <luka@peltarion.com>
Co-authored-by: ihrpr <inna@anthropic.com>
Co-authored-by: Tapan Chugh <chugh.tapan@gmail.com>
Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Yann Jouanin <4557670+yannj-fr@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Sreenath Somarajapuram <somarajapuram@gmail.com>
Co-authored-by: Omer Korner <omerkorner@gmail.com>
Co-authored-by: joesavage-silabs <159480754+joesavage-silabs@users.noreply.github.com>
Co-authored-by: Gregory L <gregory.linford@mistral.ai>
Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Moustapha Ebnou <155577789+mous222@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jerome <jerome@anthropic.com>
Co-authored-by: xavier <84836280+dragonier23@users.noreply.github.com>
Co-authored-by: keurcien <keurcien.luu@gmail.com>
Co-authored-by: Tim Esler <tim.esler@gmail.com>
Co-authored-by: San Nguyen <22189661+sandangel@users.noreply.github.com>
Co-authored-by: Justin Wang <89049861+justin-yi-wang@users.noreply.github.com>
Co-authored-by: jess <jessachandler@gmail.com>
Co-authored-by: Peter Alexander <pja@anthropic.com>
Co-authored-by: Reid Geyer <12072650+reidg44@users.noreply.github.com>
Co-authored-by: Eleftheria Stein-Kousathana <eleftheria.kousathana@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: pchoudhury22 <pchoudhury22@apple.com>
Co-authored-by: owengo <owengo@users.noreply.github.com>
Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>
Co-authored-by: Steve Billings <billings.steve@gmail.com>
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
rbehal pushed a commit to gumloop/gumloop-mcp that referenced this pull request Dec 9, 2025
@dvlpjrs @felixweinberger
@yurikunash @pamelafox @ihrpr @Kludex @davenpi @functicons @dingo4dev @LucaButBoring @only-weng @clareliguori @lukacf @chughtapan @yannj-fr @pcarleton @sreenaths @jbkkd @joesavage-silabs @glinf @dsp-ant @mous222 @maxisbey @claude @jerome3o-anthropic @dragonier23 @keurcien @timesler @sandangel @justin-yi-wang @monkeywithacupcake @pja-ant @reidg44 @eleftherias @cclauss @pchoudhury22 @owengo @olivierhub @stevebillings @mssalvatore @pengwa @github-user-name @jonshea @automaton82 @yukuanj @lorenzocesconetto @zhangch-ss @shulkx @brandonspark @dogacancolak @AishwaryaKalloli @lorenss-m @rocky-d @fennb @daamitt @mat-octave @samchenatti @BrandonShar @mingo1996 @domdomegg @koic @ColeMurray @inaku-Gyan @cbcoutinho @crondinini-ant @Viicos @abliznyuk @wuliang229 @ochafik @TheMailmans @Edison-A-N
[MCP-266] Sync gumloop-mcp with upstream and add/fix tests (#13)
715857d 
* Add regression test for stateless request memory cleanup (modelcontextprotocol#1140)

* Implement RFC9728 - Support WWW-Authenticate header by MCP client (modelcontextprotocol#1071)

* Add streamable HTTP starlette example to Python SDK docs (modelcontextprotocol#1111)

* fix markdown error in README in main (modelcontextprotocol#1147)

* README - replace code snippets with examples - add lowlevel to snippets (modelcontextprotocol#1150)

* README - replace code snippets with examples - streamable http (modelcontextprotocol#1155)

* chore: don't allow users to create issues outside the templates (modelcontextprotocol#1163)

* Tests(cli): Add coverage for helper functions (modelcontextprotocol#635)

* Docs: Update CallToolResult parsing in README (modelcontextprotocol#812)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* docs: add pre-commit install guide on CONTRIBUTING.md (modelcontextprotocol#995)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* fix flaky fix-test_streamablehttp_client_resumption test (modelcontextprotocol#1166)

* README - replace code snippets with examples -- auth examples (modelcontextprotocol#1164)

* Support falling back to OIDC metadata for auth (modelcontextprotocol#1061)

* Add CODEOWNERS file for sdk (modelcontextprotocol#1169)

* fix flaky test test_88_random_error (modelcontextprotocol#1171)

* Make sure `RequestId` is not coerced as `int` (modelcontextprotocol#1178)

* Fix: Replace threading.Lock with anyio.Lock for Ray deployment compatibility (modelcontextprotocol#1151)

* fix: fix OAuth flow request object handling (modelcontextprotocol#1174)

* update codeowners group (modelcontextprotocol#1191)

* fix: perform auth server metadata discovery fallbacks on any 4xx (modelcontextprotocol#1193)

* server: skip duplicate response on CancelledError (modelcontextprotocol#1153)

Co-authored-by: ihrpr <inna@anthropic.com>

* Unpack settings in FastMCP (modelcontextprotocol#1198)

* chore: Remove unused prompt_manager.py file (modelcontextprotocol#1229)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>

* Improved supported for ProtectedResourceMetadata (modelcontextprotocol#1235)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>

* chore: Remove unused variable notification_options (modelcontextprotocol#1238)

* Improve README around the Context object (modelcontextprotocol#1203)

* fix: allow to pass `list[str]` to `token_endpoint_auth_signing_alg_values_supported` (modelcontextprotocol#1226)

* Remove strict validation on `response_modes_supported` member of `OAuthMetadata` (modelcontextprotocol#1243)

* Add pyright strict mode on the whole project (modelcontextprotocol#1254)

* Consistent casing for default headers Accept and Content-Type (modelcontextprotocol#1263)

* Update dependencies and fix type issues (modelcontextprotocol#1268)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: prevent async generator cleanup errors in StreamableHTTP transport (modelcontextprotocol#1271)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>

* chore: uncomment .idea/ in .gitignore (modelcontextprotocol#1287)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: clarify streamable_http_path configuration when mounting servers (modelcontextprotocol#1172)

* feat: Add CORS configuration for browser-based MCP clients (modelcontextprotocol#1059)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Added Audio to FastMCP (modelcontextprotocol#1130)

* fix: avoid uncessary retries in OAuth authenticated requests (modelcontextprotocol#1206)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add PATHEXT to default STDIO env vars in windows (modelcontextprotocol#1256)

* fix: error too many values to unpack (expected 2) (modelcontextprotocol#1279)

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* SDK Parity: Avoid Parsing Server Response for non-JsonRPCMessage Requests (modelcontextprotocol#1290)

* types: Setting default value for method: Literal (modelcontextprotocol#1292)

* changes structured temperature to not deadly (modelcontextprotocol#1328)

* Update simple-resource example to use non-deprecated read_resource return type (modelcontextprotocol#1331)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: Update README to include link to API docs for modelcontextprotocol#1329 (modelcontextprotocol#1330)

* Allow ping requests before initialization (modelcontextprotocol#1312)

* Python lint: Ruff rules for pylint and code complexity (modelcontextprotocol#525)

* Fix context injection for resources and prompts (modelcontextprotocol#1336)

* fix(fastmcp): propagate mimeType in resource template list (modelcontextprotocol#1186)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* fix: allow elicitations accepted without content (modelcontextprotocol#1285)

Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>

* Use --frozen in pre-commit config (modelcontextprotocol#1375)

* Return HTTP 403 for invalid Origin headers (modelcontextprotocol#1353)

* Add test for ProtectedResourceMetadataParsing (modelcontextprotocol#1236)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fastmcp logging progress example (modelcontextprotocol#1270)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add paginated list decorators for prompts, resources, and tools (modelcontextprotocol#1286)

Co-authored-by: Claude <noreply@anthropic.com>

* Remove "unconditionally" from conditional description (modelcontextprotocol#1289)

* Use streamable-http consistently in examples (modelcontextprotocol#1389)

* feat: Add SDK support for SEP-1034 default values in elicitation schemas (modelcontextprotocol#1337)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implementation of SEP 973 - Additional metadata + icons support (modelcontextprotocol#1357)

* Add error log for client stdio (modelcontextprotocol#924)

Co-authored-by: Your Name <youremail@yourdomain.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Accept additional response_types values from OAuth servers (modelcontextprotocol#1323)

* Issue 1379 patch - Fix MCP server OAuth not working with Visual Studio Code and others with extra grant_types (modelcontextprotocol#1380)

* Add comprehensive Unicode tests for streamable HTTP transport (modelcontextprotocol#1381)

* Update Icon.sizes to use string array format (modelcontextprotocol#1411)

* Delete CODEOWNERS to eliminate notification overload (modelcontextprotocol#1413)

* fix: fix the system message in simple-chatbot example (modelcontextprotocol#1394)

* fix: improve misleading warning for progress callback exceptions (modelcontextprotocol#775)

* fix: catch and rethrow SSEError during SSE connection establishment (modelcontextprotocol#975)

Co-authored-by: zhangchuanhui <zhangchal@digitalchina.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add icons support for ResourceTemplate (modelcontextprotocol#1412)

* Add documentation structure (modelcontextprotocol#1425)

* Add documentation about testing (modelcontextprotocol#1426)

* Improve OAuth protected resource metadata URL construction per RFC 9728 (modelcontextprotocol#1407)

* feat: add ability to remove tools (modelcontextprotocol#1322)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Update README to link to Python SDK documentation (modelcontextprotocol#1430)

* fix: update CLAUDE.md to remove auto-addition of reviewers. (modelcontextprotocol#1431)

* [client] Implement MCP OAuth scope selection and step-up authorization (modelcontextprotocol#1324)

* Handles message type Exception in lowlevel/server.py _handle_message function. Mentioned as TODO on line 528. (modelcontextprotocol#786)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fix workspace configuration error with structured_output_lowlevel.py  (modelcontextprotocol#1471)

Co-authored-by: lorenss-m <saeclmusic@gmail.com>

* fix: Remove unnecessary constructor from ResourceServerSettings (modelcontextprotocol#1424)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add resource annotations support to FastMCP (modelcontextprotocol#1468)

* fix: send params as empty object for list methods without cursor (modelcontextprotocol#1453)

* fix: Set the Server session initialization state immediately after respond… (modelcontextprotocol#1478)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* feat: add tool metadata in FastMCP.tool decorator (modelcontextprotocol#1463)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* Make client examples workspaces to reflect package code (modelcontextprotocol#1466)

* Expose RequestParams._meta in ClientSession.call_tool (modelcontextprotocol#1231)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Allow CallToolResult to be returned directly to support _meta field for OpenAI Apps (modelcontextprotocol#1459)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* fix: uv CVE-2025-62518 astral-tokio-tar issue GHSA-j5gw-2vrg-8fgx (modelcontextprotocol#1505)

* fix: use proper dependency resolution in CI (modelcontextprotocol#1507)

* Upgrade GitHub Actions (modelcontextprotocol#1473)

* test: use errno.ENOENT for command not found assertion (modelcontextprotocol#1498)

* Replace deprecated dev-dependencies with dependency-groups (modelcontextprotocol#1488)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* update uv to 0.9.5 (modelcontextprotocol#1510)

* Relax Accept header requirement for JSON-only responses (modelcontextprotocol#1500)

* fix: replace deprecated dev-dependencies in examples/clients (modelcontextprotocol#1518)

* fix: Update spec links to new modelcontextprotocol.io location (modelcontextprotocol#1491)

* fix: Replace fixed sleep with active server readiness check in SSE tests (modelcontextprotocol#1526)

* fix: Replace arbitrary sleeps with active server readiness checks in tests (modelcontextprotocol#1527)

Co-authored-by: Claude <noreply@anthropic.com>

* Fix flaky timeout test in test_88_random_error (modelcontextprotocol#1525)

* fix: Replace remaining manual server polling with wait_for_server helper (modelcontextprotocol#1529)

* Implement RFC 7523 JWT flows (modelcontextprotocol#1247)

Co-authored-by: Yann Jouanin <yann.jouanin@valueandco.com>

* Fix pyright error and replace wildcard import with explicit imports (modelcontextprotocol#1532)

* Fix auth client example URL handling for oauth provider (modelcontextprotocol#1549)

* docs: use article "an" before "MCP" instead of "a" (modelcontextprotocol#1558)

* Update Starlette to 0.49.1 in uv.lock (modelcontextprotocol#1559)

* Fix typo in `ClientSessionGroup` doc string (modelcontextprotocol#1572)

* Implement SEP-985: OAuth Protected Resource Metadata discovery fallback (modelcontextprotocol#1548)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>

* Add --frozen flag to uv run commands in Claude config (modelcontextprotocol#1583)

* Add get_server_capabilities() to ClientSession (modelcontextprotocol#1588)

* Add everything-server for comprehensive MCP conformance testing (modelcontextprotocol#1587)

* Get baseline 100% clean coverage (modelcontextprotocol#1553)

* Add end-of-file-fixer pre-commit hook (modelcontextprotocol#1610)

* Add coverage baseline commit to git-blame-ignore (modelcontextprotocol#1613)

* Add SEP-1034 conformance test support to everything-server (modelcontextprotocol#1604)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* refactor: extract OAuth helper functions and simplify provider state (modelcontextprotocol#1586)

* Add client_id_metadata_document_supported to OAuthMetadata (modelcontextprotocol#1603)

* Fix OAuth discovery fallback and URL ordering (modelcontextprotocol#1624)

* Refactor `func_metadata()` implementation (modelcontextprotocol#1496)

* Fix CI highest resolution test to actually test highest versions (modelcontextprotocol#1609)

* feat: Pass through and expose additional parameters in `ClientSessionGroup.call_tool` and `.connect_to_server` (modelcontextprotocol#1576)

* fix get_client_metadata_scopes on 401 (modelcontextprotocol#1631)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* chore: Lazy import `jsonschema` library (modelcontextprotocol#1596)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* docs: Update examples to use stateless HTTP with JSON responses (modelcontextprotocol#1499)

* Add tests for JSON Schema 2020-12 field preservation (SEP-1613) (modelcontextprotocol#1649)

* Add client_secret_basic authentication support (modelcontextprotocol#1334)

Co-authored-by: Paul Carleton <paulc@anthropic.com>

* Implement SEP-1577 - Sampling With Tools (modelcontextprotocol#1594)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Claude <noreply@anthropic.com>

* SEP-1330: Elicitation Enum Schema Improvements and Standards Compliance (modelcontextprotocol#1246)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* [auth][conformance] add conformance auth client (modelcontextprotocol#1640)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implement SEP-986: Tool name validation (modelcontextprotocol#1655)

* fix: url for spec (modelcontextprotocol#1659)

* feat: implement SEP-991 URL-based client ID (CIMD) support (modelcontextprotocol#1652)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Update doc string on custom_route (modelcontextprotocol#1660)

* Implement SEP-1036: URL mode elicitation for secure out-of-band interactions (modelcontextprotocol#1580)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Skip empty SSE data to avoid parsing errors (modelcontextprotocol#1670)

* SEP-1686: Tasks (modelcontextprotocol#1645)

* Add on_session_created callback option (modelcontextprotocol#1710)

* Add SSE polling support (SEP-1699) (modelcontextprotocol#1654)

* Support client_credentials flow with JWT and Basic auth (modelcontextprotocol#1663)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: backwards-compatible create_message overloads for SEP-1577 (modelcontextprotocol#1713)

* Merge commit from fork

* Auto-enable DNS rebinding protection for localhost servers

When a FastMCP server is created with host="127.0.0.1" or "localhost"
and no explicit transport_security is provided, automatically enable
DNS rebinding protection. Both 127.0.0.1 and localhost are allowed
as valid hosts/origins since clients may use either to connect.

* Add tests for auto DNS rebinding protection on localhost

Tests verify that:
- Protection auto-enables for host=127.0.0.1
- Protection auto-enables for host=localhost
- Both 127.0.0.1 and localhost are in allowed hosts/origins
- Protection does NOT auto-enable for other hosts (e.g., 0.0.0.0)
- Explicit transport_security settings are not overridden

* Add IPv6 localhost (::1) support for DNS rebinding protection

Extend auto-enable DNS rebinding protection to also cover IPv6
localhost. When host="::1", protection is now auto-enabled with
appropriate allowed hosts ([::1]:*) and origins (http://[::1]:*).

* Fix import ordering in test file

* chore: update LATEST_PROTOCOL_VERSION to 2025-11-25 (modelcontextprotocol#1715)

* fix: add lifespan context manager to StreamableHTTP mounting examples (modelcontextprotocol#1669)

Co-authored-by: TheMailmans <tyler@example.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: handle ClosedResourceError in StreamableHTTP message router (modelcontextprotocol#1384)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: skip priming events and close_sse_stream for old protocol versions (modelcontextprotocol#1719)

* refactor(auth): remove unused _register_client method (modelcontextprotocol#1748)

* [MCP-266] Add tests for Gumloop server extensions

* Fix uv workspace config for gumloop-mcp package name

* Sync with upstream MCP SDK and fix merge conflicts

* Fix tool cache timing and missing properties check in server.py

* Fix coverage and add proper type annotations for Gumloop extensions

* Version up

* Skip README code example tests (Gumloop README has no code snippets)

---------

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: yurikunash <143175350+yurikunash@users.noreply.github.com>
Co-authored-by: Pamela Fox <pamela.fox@gmail.com>
Co-authored-by: Inna Harper <inna.hrpr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Ian Davenport <49379192+davenpi@users.noreply.github.com>
Co-authored-by: Dagang Wei <functicons@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Stanley Law <stanleylkal@gmail.com>
Co-authored-by: Luca Chang <131398524+LucaButBoring@users.noreply.github.com>
Co-authored-by: leweng <leweng@nvidia.com>
Co-authored-by: Clare Liguori <liguori@amazon.com>
Co-authored-by: lukacf <luka@peltarion.com>
Co-authored-by: ihrpr <inna@anthropic.com>
Co-authored-by: Tapan Chugh <chugh.tapan@gmail.com>
Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Yann Jouanin <4557670+yannj-fr@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Sreenath Somarajapuram <somarajapuram@gmail.com>
Co-authored-by: Omer Korner <omerkorner@gmail.com>
Co-authored-by: joesavage-silabs <159480754+joesavage-silabs@users.noreply.github.com>
Co-authored-by: Gregory L <gregory.linford@mistral.ai>
Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Moustapha Ebnou <155577789+mous222@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jerome <jerome@anthropic.com>
Co-authored-by: xavier <84836280+dragonier23@users.noreply.github.com>
Co-authored-by: keurcien <keurcien.luu@gmail.com>
Co-authored-by: Tim Esler <tim.esler@gmail.com>
Co-authored-by: San Nguyen <22189661+sandangel@users.noreply.github.com>
Co-authored-by: Justin Wang <89049861+justin-yi-wang@users.noreply.github.com>
Co-authored-by: jess <jessachandler@gmail.com>
Co-authored-by: Peter Alexander <pja@anthropic.com>
Co-authored-by: Reid Geyer <12072650+reidg44@users.noreply.github.com>
Co-authored-by: Eleftheria Stein-Kousathana <eleftheria.kousathana@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: pchoudhury22 <pchoudhury22@apple.com>
Co-authored-by: owengo <owengo@users.noreply.github.com>
Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>
Co-authored-by: Steve Billings <billings.steve@gmail.com>
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
Co-authored-by: pengwa <pengwa@microsoft.com>
Co-authored-by: Your Name <youremail@yourdomain.com>
Co-authored-by: Jon Shea <jonshea@jonshea.com>
Co-authored-by: automaton82 <terrence.sheflin@gmail.com>
Co-authored-by: Yukuan Jia <jiayukuan@huawei.com>
Co-authored-by: Lorenzo <lorenzo_cesconeto@hotmail.com>
Co-authored-by: ZhangChuanhui <57099533+zhangch-ss@users.noreply.github.com>
Co-authored-by: zhangchuanhui <zhangchal@digitalchina.com>
Co-authored-by: Marcus Shu <46469249+shulkx@users.noreply.github.com>
Co-authored-by: Brandon Wu <49291449+brandonspark@users.noreply.github.com>
Co-authored-by: Dogacan Colak <dogacancolak@gmail.com>
Co-authored-by: AishwaryaKalloli <30429206+AishwaryaKalloli@users.noreply.github.com>
Co-authored-by: lorenss-m <saeclmusic@gmail.com>
Co-authored-by: Rocky Haotian Du <2712479005@qq.com>
Co-authored-by: Fenn Bailey <fennb@users.noreply.github.com>
Co-authored-by: daamitt <147169947+daamitt@users.noreply.github.com>
Co-authored-by: Mat Leonard <137834585+mat-octave@users.noreply.github.com>
Co-authored-by: Samuel Felipe Chenatti <samuel.chenatti@gmail.com>
Co-authored-by: Brandon Shar <6599653+BrandonShar@users.noreply.github.com>
Co-authored-by: mingo007 <maoqiming1@huawei.com>
Co-authored-by: adam jones <domdomegg+git@gmail.com>
Co-authored-by: Yann Jouanin <yann.jouanin@valueandco.com>
Co-authored-by: Koichi ITO <koic.ito@gmail.com>
Co-authored-by: Cole Murray <colemurray.cs@gmail.com>
Co-authored-by: inaku <63503085+inaku-Gyan@users.noreply.github.com>
Co-authored-by: Chris Coutinho <12901868+cbcoutinho@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>
Co-authored-by: Camila Rondinini <camila@anthropic.com>
Co-authored-by: Victorien <65306057+Viicos@users.noreply.github.com>
Co-authored-by: Andrii Blyzniuk <bliznyuk.andrey@gmail.com>
Co-authored-by: Liang Wu <18244712+wuliang229@users.noreply.github.com>
Co-authored-by: adam jones <adamj+git@anthropic.com>
Co-authored-by: Olivier Chafik <ochafik@anthropic.com>
Co-authored-by: Tyler Mailman <themailmaninbox@gmail.com>
Co-authored-by: TheMailmans <tyler@example.com>
Co-authored-by: Edison <Edison.A.N@hotmail.com>
rbehal added a commit to gumloop/gumloop-mcp that referenced this pull request Dec 10, 2025
@rbehal @felixweinberger
@yurikunash @pamelafox @ihrpr @Kludex @davenpi @functicons @dingo4dev @LucaButBoring @only-weng @clareliguori @lukacf @chughtapan @yannj-fr @pcarleton @sreenaths @jbkkd @joesavage-silabs @glinf @dsp-ant @mous222 @maxisbey @claude @jerome3o-anthropic @dragonier23 @keurcien @timesler @sandangel @justin-yi-wang @monkeywithacupcake @pja-ant @reidg44 @eleftherias @cclauss @pchoudhury22 @owengo @olivierhub @stevebillings @mssalvatore @pengwa @github-user-name @jonshea @automaton82 @yukuanj @lorenzocesconetto @zhangch-ss @shulkx @brandonspark @dogacancolak @AishwaryaKalloli @lorenss-m @rocky-d @fennb @daamitt @mat-octave @samchenatti @BrandonShar @mingo1996 @domdomegg @koic @ColeMurray @inaku-Gyan @cbcoutinho @crondinini-ant @Viicos @abliznyuk @wuliang229 @ochafik @TheMailmans @Edison-A-N @dvlpjrs
[MCP-266] Sync gumloop-mcp with upstream and add/fix tests (#14)
677a559 
* Add regression test for stateless request memory cleanup (modelcontextprotocol#1140)

* Implement RFC9728 - Support WWW-Authenticate header by MCP client (modelcontextprotocol#1071)

* Add streamable HTTP starlette example to Python SDK docs (modelcontextprotocol#1111)

* fix markdown error in README in main (modelcontextprotocol#1147)

* README - replace code snippets with examples - add lowlevel to snippets (modelcontextprotocol#1150)

* README - replace code snippets with examples - streamable http (modelcontextprotocol#1155)

* chore: don't allow users to create issues outside the templates (modelcontextprotocol#1163)

* Tests(cli): Add coverage for helper functions (modelcontextprotocol#635)

* Docs: Update CallToolResult parsing in README (modelcontextprotocol#812)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* docs: add pre-commit install guide on CONTRIBUTING.md (modelcontextprotocol#995)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* fix flaky fix-test_streamablehttp_client_resumption test (modelcontextprotocol#1166)

* README - replace code snippets with examples -- auth examples (modelcontextprotocol#1164)

* Support falling back to OIDC metadata for auth (modelcontextprotocol#1061)

* Add CODEOWNERS file for sdk (modelcontextprotocol#1169)

* fix flaky test test_88_random_error (modelcontextprotocol#1171)

* Make sure `RequestId` is not coerced as `int` (modelcontextprotocol#1178)

* Fix: Replace threading.Lock with anyio.Lock for Ray deployment compatibility (modelcontextprotocol#1151)

* fix: fix OAuth flow request object handling (modelcontextprotocol#1174)

* update codeowners group (modelcontextprotocol#1191)

* fix: perform auth server metadata discovery fallbacks on any 4xx (modelcontextprotocol#1193)

* server: skip duplicate response on CancelledError (modelcontextprotocol#1153)

Co-authored-by: ihrpr <inna@anthropic.com>

* Unpack settings in FastMCP (modelcontextprotocol#1198)

* chore: Remove unused prompt_manager.py file (modelcontextprotocol#1229)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>

* Improved supported for ProtectedResourceMetadata (modelcontextprotocol#1235)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>

* chore: Remove unused variable notification_options (modelcontextprotocol#1238)

* Improve README around the Context object (modelcontextprotocol#1203)

* fix: allow to pass `list[str]` to `token_endpoint_auth_signing_alg_values_supported` (modelcontextprotocol#1226)

* Remove strict validation on `response_modes_supported` member of `OAuthMetadata` (modelcontextprotocol#1243)

* Add pyright strict mode on the whole project (modelcontextprotocol#1254)

* Consistent casing for default headers Accept and Content-Type (modelcontextprotocol#1263)

* Update dependencies and fix type issues (modelcontextprotocol#1268)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: prevent async generator cleanup errors in StreamableHTTP transport (modelcontextprotocol#1271)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>

* chore: uncomment .idea/ in .gitignore (modelcontextprotocol#1287)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: clarify streamable_http_path configuration when mounting servers (modelcontextprotocol#1172)

* feat: Add CORS configuration for browser-based MCP clients (modelcontextprotocol#1059)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Added Audio to FastMCP (modelcontextprotocol#1130)

* fix: avoid uncessary retries in OAuth authenticated requests (modelcontextprotocol#1206)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add PATHEXT to default STDIO env vars in windows (modelcontextprotocol#1256)

* fix: error too many values to unpack (expected 2) (modelcontextprotocol#1279)

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* SDK Parity: Avoid Parsing Server Response for non-JsonRPCMessage Requests (modelcontextprotocol#1290)

* types: Setting default value for method: Literal (modelcontextprotocol#1292)

* changes structured temperature to not deadly (modelcontextprotocol#1328)

* Update simple-resource example to use non-deprecated read_resource return type (modelcontextprotocol#1331)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: Update README to include link to API docs for modelcontextprotocol#1329 (modelcontextprotocol#1330)

* Allow ping requests before initialization (modelcontextprotocol#1312)

* Python lint: Ruff rules for pylint and code complexity (modelcontextprotocol#525)

* Fix context injection for resources and prompts (modelcontextprotocol#1336)

* fix(fastmcp): propagate mimeType in resource template list (modelcontextprotocol#1186)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* fix: allow elicitations accepted without content (modelcontextprotocol#1285)

Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>

* Use --frozen in pre-commit config (modelcontextprotocol#1375)

* Return HTTP 403 for invalid Origin headers (modelcontextprotocol#1353)

* Add test for ProtectedResourceMetadataParsing (modelcontextprotocol#1236)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fastmcp logging progress example (modelcontextprotocol#1270)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add paginated list decorators for prompts, resources, and tools (modelcontextprotocol#1286)

Co-authored-by: Claude <noreply@anthropic.com>

* Remove "unconditionally" from conditional description (modelcontextprotocol#1289)

* Use streamable-http consistently in examples (modelcontextprotocol#1389)

* feat: Add SDK support for SEP-1034 default values in elicitation schemas (modelcontextprotocol#1337)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implementation of SEP 973 - Additional metadata + icons support (modelcontextprotocol#1357)

* Add error log for client stdio (modelcontextprotocol#924)

Co-authored-by: Your Name <youremail@yourdomain.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Accept additional response_types values from OAuth servers (modelcontextprotocol#1323)

* Issue 1379 patch - Fix MCP server OAuth not working with Visual Studio Code and others with extra grant_types (modelcontextprotocol#1380)

* Add comprehensive Unicode tests for streamable HTTP transport (modelcontextprotocol#1381)

* Update Icon.sizes to use string array format (modelcontextprotocol#1411)

* Delete CODEOWNERS to eliminate notification overload (modelcontextprotocol#1413)

* fix: fix the system message in simple-chatbot example (modelcontextprotocol#1394)

* fix: improve misleading warning for progress callback exceptions (modelcontextprotocol#775)

* fix: catch and rethrow SSEError during SSE connection establishment (modelcontextprotocol#975)

Co-authored-by: zhangchuanhui <zhangchal@digitalchina.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add icons support for ResourceTemplate (modelcontextprotocol#1412)

* Add documentation structure (modelcontextprotocol#1425)

* Add documentation about testing (modelcontextprotocol#1426)

* Improve OAuth protected resource metadata URL construction per RFC 9728 (modelcontextprotocol#1407)

* feat: add ability to remove tools (modelcontextprotocol#1322)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Update README to link to Python SDK documentation (modelcontextprotocol#1430)

* fix: update CLAUDE.md to remove auto-addition of reviewers. (modelcontextprotocol#1431)

* [client] Implement MCP OAuth scope selection and step-up authorization (modelcontextprotocol#1324)

* Handles message type Exception in lowlevel/server.py _handle_message function. Mentioned as TODO on line 528. (modelcontextprotocol#786)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fix workspace configuration error with structured_output_lowlevel.py  (modelcontextprotocol#1471)

Co-authored-by: lorenss-m <saeclmusic@gmail.com>

* fix: Remove unnecessary constructor from ResourceServerSettings (modelcontextprotocol#1424)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add resource annotations support to FastMCP (modelcontextprotocol#1468)

* fix: send params as empty object for list methods without cursor (modelcontextprotocol#1453)

* fix: Set the Server session initialization state immediately after respond… (modelcontextprotocol#1478)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* feat: add tool metadata in FastMCP.tool decorator (modelcontextprotocol#1463)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* Make client examples workspaces to reflect package code (modelcontextprotocol#1466)

* Expose RequestParams._meta in ClientSession.call_tool (modelcontextprotocol#1231)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Allow CallToolResult to be returned directly to support _meta field for OpenAI Apps (modelcontextprotocol#1459)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* fix: uv CVE-2025-62518 astral-tokio-tar issue GHSA-j5gw-2vrg-8fgx (modelcontextprotocol#1505)

* fix: use proper dependency resolution in CI (modelcontextprotocol#1507)

* Upgrade GitHub Actions (modelcontextprotocol#1473)

* test: use errno.ENOENT for command not found assertion (modelcontextprotocol#1498)

* Replace deprecated dev-dependencies with dependency-groups (modelcontextprotocol#1488)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* update uv to 0.9.5 (modelcontextprotocol#1510)

* Relax Accept header requirement for JSON-only responses (modelcontextprotocol#1500)

* fix: replace deprecated dev-dependencies in examples/clients (modelcontextprotocol#1518)

* fix: Update spec links to new modelcontextprotocol.io location (modelcontextprotocol#1491)

* fix: Replace fixed sleep with active server readiness check in SSE tests (modelcontextprotocol#1526)

* fix: Replace arbitrary sleeps with active server readiness checks in tests (modelcontextprotocol#1527)

Co-authored-by: Claude <noreply@anthropic.com>

* Fix flaky timeout test in test_88_random_error (modelcontextprotocol#1525)

* fix: Replace remaining manual server polling with wait_for_server helper (modelcontextprotocol#1529)

* Implement RFC 7523 JWT flows (modelcontextprotocol#1247)

Co-authored-by: Yann Jouanin <yann.jouanin@valueandco.com>

* Fix pyright error and replace wildcard import with explicit imports (modelcontextprotocol#1532)

* Fix auth client example URL handling for oauth provider (modelcontextprotocol#1549)

* docs: use article "an" before "MCP" instead of "a" (modelcontextprotocol#1558)

* Update Starlette to 0.49.1 in uv.lock (modelcontextprotocol#1559)

* Fix typo in `ClientSessionGroup` doc string (modelcontextprotocol#1572)

* Implement SEP-985: OAuth Protected Resource Metadata discovery fallback (modelcontextprotocol#1548)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>

* Add --frozen flag to uv run commands in Claude config (modelcontextprotocol#1583)

* Add get_server_capabilities() to ClientSession (modelcontextprotocol#1588)

* Add everything-server for comprehensive MCP conformance testing (modelcontextprotocol#1587)

* Get baseline 100% clean coverage (modelcontextprotocol#1553)

* Add end-of-file-fixer pre-commit hook (modelcontextprotocol#1610)

* Add coverage baseline commit to git-blame-ignore (modelcontextprotocol#1613)

* Add SEP-1034 conformance test support to everything-server (modelcontextprotocol#1604)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* refactor: extract OAuth helper functions and simplify provider state (modelcontextprotocol#1586)

* Add client_id_metadata_document_supported to OAuthMetadata (modelcontextprotocol#1603)

* Fix OAuth discovery fallback and URL ordering (modelcontextprotocol#1624)

* Refactor `func_metadata()` implementation (modelcontextprotocol#1496)

* Fix CI highest resolution test to actually test highest versions (modelcontextprotocol#1609)

* feat: Pass through and expose additional parameters in `ClientSessionGroup.call_tool` and `.connect_to_server` (modelcontextprotocol#1576)

* fix get_client_metadata_scopes on 401 (modelcontextprotocol#1631)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* chore: Lazy import `jsonschema` library (modelcontextprotocol#1596)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

* docs: Update examples to use stateless HTTP with JSON responses (modelcontextprotocol#1499)

* Add tests for JSON Schema 2020-12 field preservation (SEP-1613) (modelcontextprotocol#1649)

* Add client_secret_basic authentication support (modelcontextprotocol#1334)

Co-authored-by: Paul Carleton <paulc@anthropic.com>

* Implement SEP-1577 - Sampling With Tools (modelcontextprotocol#1594)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Claude <noreply@anthropic.com>

* SEP-1330: Elicitation Enum Schema Improvements and Standards Compliance (modelcontextprotocol#1246)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* [auth][conformance] add conformance auth client (modelcontextprotocol#1640)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implement SEP-986: Tool name validation (modelcontextprotocol#1655)

* fix: url for spec (modelcontextprotocol#1659)

* feat: implement SEP-991 URL-based client ID (CIMD) support (modelcontextprotocol#1652)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Update doc string on custom_route (modelcontextprotocol#1660)

* Implement SEP-1036: URL mode elicitation for secure out-of-band interactions (modelcontextprotocol#1580)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Skip empty SSE data to avoid parsing errors (modelcontextprotocol#1670)

* SEP-1686: Tasks (modelcontextprotocol#1645)

* Add on_session_created callback option (modelcontextprotocol#1710)

* Add SSE polling support (SEP-1699) (modelcontextprotocol#1654)

* Support client_credentials flow with JWT and Basic auth (modelcontextprotocol#1663)

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: backwards-compatible create_message overloads for SEP-1577 (modelcontextprotocol#1713)

* Merge commit from fork

* Auto-enable DNS rebinding protection for localhost servers

When a FastMCP server is created with host="127.0.0.1" or "localhost"
and no explicit transport_security is provided, automatically enable
DNS rebinding protection. Both 127.0.0.1 and localhost are allowed
as valid hosts/origins since clients may use either to connect.

* Add tests for auto DNS rebinding protection on localhost

Tests verify that:
- Protection auto-enables for host=127.0.0.1
- Protection auto-enables for host=localhost
- Both 127.0.0.1 and localhost are in allowed hosts/origins
- Protection does NOT auto-enable for other hosts (e.g., 0.0.0.0)
- Explicit transport_security settings are not overridden

* Add IPv6 localhost (::1) support for DNS rebinding protection

Extend auto-enable DNS rebinding protection to also cover IPv6
localhost. When host="::1", protection is now auto-enabled with
appropriate allowed hosts ([::1]:*) and origins (http://[::1]:*).

* Fix import ordering in test file

* chore: update LATEST_PROTOCOL_VERSION to 2025-11-25 (modelcontextprotocol#1715)

* fix: add lifespan context manager to StreamableHTTP mounting examples (modelcontextprotocol#1669)

Co-authored-by: TheMailmans <tyler@example.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: handle ClosedResourceError in StreamableHTTP message router (modelcontextprotocol#1384)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: skip priming events and close_sse_stream for old protocol versions (modelcontextprotocol#1719)

* refactor(auth): remove unused _register_client method (modelcontextprotocol#1748)

* [MCP-266] Add tests for Gumloop server extensions

* Fix uv workspace config for gumloop-mcp package name

* Sync with upstream MCP SDK and fix merge conflicts

* Fix tool cache timing and missing properties check in server.py

* Fix coverage and add proper type annotations for Gumloop extensions

* Version up

* Skip README code example tests (Gumloop README has no code snippets)

* Support gumloop and mcp outptuschema

* Add publish tools to dev dependencies and update README for uv

---------

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: yurikunash <143175350+yurikunash@users.noreply.github.com>
Co-authored-by: Pamela Fox <pamela.fox@gmail.com>
Co-authored-by: Inna Harper <inna.hrpr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Ian Davenport <49379192+davenpi@users.noreply.github.com>
Co-authored-by: Dagang Wei <functicons@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Stanley Law <stanleylkal@gmail.com>
Co-authored-by: Luca Chang <131398524+LucaButBoring@users.noreply.github.com>
Co-authored-by: leweng <leweng@nvidia.com>
Co-authored-by: Clare Liguori <liguori@amazon.com>
Co-authored-by: lukacf <luka@peltarion.com>
Co-authored-by: ihrpr <inna@anthropic.com>
Co-authored-by: Tapan Chugh <chugh.tapan@gmail.com>
Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Yann Jouanin <4557670+yannj-fr@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Sreenath Somarajapuram <somarajapuram@gmail.com>
Co-authored-by: Omer Korner <omerkorner@gmail.com>
Co-authored-by: joesavage-silabs <159480754+joesavage-silabs@users.noreply.github.com>
Co-authored-by: Gregory L <gregory.linford@mistral.ai>
Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Moustapha Ebnou <155577789+mous222@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jerome <jerome@anthropic.com>
Co-authored-by: xavier <84836280+dragonier23@users.noreply.github.com>
Co-authored-by: keurcien <keurcien.luu@gmail.com>
Co-authored-by: Tim Esler <tim.esler@gmail.com>
Co-authored-by: San Nguyen <22189661+sandangel@users.noreply.github.com>
Co-authored-by: Justin Wang <89049861+justin-yi-wang@users.noreply.github.com>
Co-authored-by: jess <jessachandler@gmail.com>
Co-authored-by: Peter Alexander <pja@anthropic.com>
Co-authored-by: Reid Geyer <12072650+reidg44@users.noreply.github.com>
Co-authored-by: Eleftheria Stein-Kousathana <eleftheria.kousathana@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: pchoudhury22 <pchoudhury22@apple.com>
Co-authored-by: owengo <owengo@users.noreply.github.com>
Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>
Co-authored-by: Steve Billings <billings.steve@gmail.com>
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
Co-authored-by: pengwa <pengwa@microsoft.com>
Co-authored-by: Your Name <youremail@yourdomain.com>
Co-authored-by: Jon Shea <jonshea@jonshea.com>
Co-authored-by: automaton82 <terrence.sheflin@gmail.com>
Co-authored-by: Yukuan Jia <jiayukuan@huawei.com>
Co-authored-by: Lorenzo <lorenzo_cesconeto@hotmail.com>
Co-authored-by: ZhangChuanhui <57099533+zhangch-ss@users.noreply.github.com>
Co-authored-by: zhangchuanhui <zhangchal@digitalchina.com>
Co-authored-by: Marcus Shu <46469249+shulkx@users.noreply.github.com>
Co-authored-by: Brandon Wu <49291449+brandonspark@users.noreply.github.com>
Co-authored-by: Dogacan Colak <dogacancolak@gmail.com>
Co-authored-by: AishwaryaKalloli <30429206+AishwaryaKalloli@users.noreply.github.com>
Co-authored-by: lorenss-m <saeclmusic@gmail.com>
Co-authored-by: Rocky Haotian Du <2712479005@qq.com>
Co-authored-by: Fenn Bailey <fennb@users.noreply.github.com>
Co-authored-by: daamitt <147169947+daamitt@users.noreply.github.com>
Co-authored-by: Mat Leonard <137834585+mat-octave@users.noreply.github.com>
Co-authored-by: Samuel Felipe Chenatti <samuel.chenatti@gmail.com>
Co-authored-by: Brandon Shar <6599653+BrandonShar@users.noreply.github.com>
Co-authored-by: mingo007 <maoqiming1@huawei.com>
Co-authored-by: adam jones <domdomegg+git@gmail.com>
Co-authored-by: Yann Jouanin <yann.jouanin@valueandco.com>
Co-authored-by: Koichi ITO <koic.ito@gmail.com>
Co-authored-by: Cole Murray <colemurray.cs@gmail.com>
Co-authored-by: inaku <63503085+inaku-Gyan@users.noreply.github.com>
Co-authored-by: Chris Coutinho <12901868+cbcoutinho@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>
Co-authored-by: Camila Rondinini <camila@anthropic.com>
Co-authored-by: Victorien <65306057+Viicos@users.noreply.github.com>
Co-authored-by: Andrii Blyzniuk <bliznyuk.andrey@gmail.com>
Co-authored-by: Liang Wu <18244712+wuliang229@users.noreply.github.com>
Co-authored-by: adam jones <adamj+git@anthropic.com>
Co-authored-by: Olivier Chafik <ochafik@anthropic.com>
Co-authored-by: Tyler Mailman <themailmaninbox@gmail.com>
Co-authored-by: TheMailmans <tyler@example.com>
Co-authored-by: Edison <Edison.A.N@hotmail.com>
Co-authored-by: dvlpjrs <dvlp.jrs@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felixweinberger felixweinberger felixweinberger approved these changes

@ihrpr ihrpr Awaiting requested review from ihrpr

@Kludex Kludex Awaiting requested review from Kludex

Assignees

No one assigned

Labels

needs more work Not ready to be merged yet, needs additional follow-up from the author(s).

Projects

None yet

Milestone

r-05-25

Development

Successfully merging this pull request may close these issues.

4 participants

@cclauss @felixweinberger @Kludex @ihrpr