Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix!: require negotiated version when using HTTP #548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bhosmer-ant merged 5 commits into from
Jun 5, 2025
Merged

fix!: require negotiated version when using HTTP #548

bhosmer-ant merged 5 commits into from
Jun 5, 2025

Conversation

@kurtisvg
Copy link
Contributor

@kurtisvg kurtisvg commented May 19, 2025

Motivation and Context

This PR requires clients/server to specify previously negotiated versions, fixing the issue described in #478.

Breaking Changes

This change is a breaking change and is not backwards compatible with the previous version. It requires both server and clients to enforce new behaviors.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@bhosmer-ant bhosmer-ant mentioned this pull request Jun 4, 2025
Closed
bhosmer-ant
bhosmer-ant reviewed Jun 5, 2025
View reviewed changes
Copy link
Contributor

@bhosmer-ant bhosmer-ant left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of suggestions, but otherwise I think the change is solid.

@kurtisvg kurtisvg force-pushed the kvg-fix-version-negotiation branch from 3bbb810 to 6abaa05 Compare June 5, 2025 17:48
@kurtisvg
Copy link
Contributor Author

kurtisvg commented Jun 5, 2025

@bhosmer-ant Updated to address feedback, PTAL

bhosmer-ant
bhosmer-ant approved these changes Jun 5, 2025
View reviewed changes
Copy link
Contributor

@bhosmer-ant bhosmer-ant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bhosmer-ant bhosmer-ant merged commit ede1960 into modelcontextprotocol:main Jun 5, 2025
0 of 2 checks passed
@halter73
Copy link
Contributor

halter73 commented Jun 5, 2025

Would this be better placed in https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/draft/basic/transports.mdx#streamable-http? I think it fits better alongside the requirements for the Mcp-Session-Id header, and it would be less likely to get missed by transport authors.

@halter73 halter73 mentioned this pull request Jun 5, 2025
Open
Copilot AI mentioned this pull request Jun 5, 2025
Closed
@bhosmer-ant bhosmer-ant mentioned this pull request Jun 6, 2025
Merged
@bhosmer-ant
Copy link
Contributor

bhosmer-ant commented Jun 6, 2025

Would this be better placed in https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/draft/basic/transports.mdx#streamable-http? I think it fits better alongside the requirements for the Mcp-Session-Id header, and it would be less likely to get missed by transport authors.

@halter73 agree that it's uncomfortably far from the transport spec here. Ideally you'd find some evidence of it in both places - #658 moves it per your suggestion and added a note/link in the original spot, lmk what you think.

@dsp-ant dsp-ant moved this to Approved in Standards Track Jun 6, 2025
stephentoub
stephentoub reviewed Jun 6, 2025
View reviewed changes
docs/specification/draft/basic/lifecycle.mdx
The protocol version sent by the client **SHOULD** be the one negotiated during [initialization](https://modelcontextprotocol.io/specification/draft/basic/lifecycle#initialization).

If the server receives a request with a missing, invalid, or unsupported
MCP-Protocol-VERSION, it **MUST** respond with `400 Bad Request`.
Copy link
Contributor

@stephentoub stephentoub Jun 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this going to mean that existing clients will no longer be able to communicate with any compliant server? (Previously this header wasn't required, and now it is.)

Copy link
Member

@dsp-ant dsp-ant Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stephentoub good point. I think one option here is to say: IF there is no MCP-Protocol-Version the version is assumed to be 2025-03-26. What do you think? Does that work or is there a better appraoch?

Copy link
Member

@dsp-ant dsp-ant Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sidenote: There is a type in the line, should be

Suggested change
MCP-Protocol-VERSION, it **MUST** respond with `400 Bad Request`.
MCP-Protocol-Version, it **MUST** respond with `400 Bad Request`.

Copy link
Contributor

@bhosmer-ant bhosmer-ant Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#668 adds this language, cc @dsp-ant @stephentoub if that seems like the right approach

Copy link
Contributor

@stephentoub stephentoub Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's better, thank you.

@stephentoub stephentoub mentioned this pull request Jun 6, 2025
Closed
@dsp-ant dsp-ant added this to the DRAFT 2025-06-XX milestone Jun 6, 2025
@bhosmer-ant bhosmer-ant mentioned this pull request Jun 6, 2025
Merged
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 7, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
2b5adfe 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
@felixweinberger felixweinberger mentioned this pull request Jun 7, 2025
Merged
9 tasks
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 7, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
2363398 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 9, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
1cf45b8 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 9, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
3948d9b 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
@ihrpr ihrpr mentioned this pull request Jun 9, 2025
Open
@halter73 halter73 mentioned this pull request Jun 10, 2025
Merged
@ochafik ochafik mentioned this pull request Jun 11, 2025
Merged
9 tasks
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 11, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
89455a4 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
felixweinberger added a commit to modelcontextprotocol/python-sdk that referenced this pull request Jun 12, 2025
@felixweinberger
test: add failing tests for MCP-Protocol-Version header requirement
2314b5a 
Add integration tests to verify the new spec requirement that HTTP
clients must include the negotiated MCP-Protocol-Version header in
all requests after initialization.

Tests verify:
1. Client includes MCP-Protocol-Version header after initialization
2. Server validates header presence and returns 400 for missing/invalid
3. Server accepts requests with valid negotiated version

These tests currently fail as the feature is not yet implemented.

Related to spec change: modelcontextprotocol/modelcontextprotocol#548
@primeinc primeinc mentioned this pull request Jun 18, 2025
Draft
@wommel0 wommel0 mentioned this pull request Jun 19, 2025
Closed
@Mookse Mookse mentioned this pull request Jun 25, 2025
Closed
6 tasks
This was referenced Jun 27, 2025
Closed
Closed
@Mookse Mookse mentioned this pull request Jul 2, 2025
Open
4 tasks
@ajevans99 ajevans99 mentioned this pull request Oct 28, 2025
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dsp-ant dsp-ant dsp-ant left review comments

@bhosmer-ant bhosmer-ant bhosmer-ant approved these changes

+1 more reviewer

@stephentoub stephentoub stephentoub left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

awaiting-sdk-change

Projects

No open projects
Standards Track
Status: Approved

Milestone

DRAFT 2025-06-XX

Development

Successfully merging this pull request may close these issues.

5 participants

@kurtisvg @halter73 @bhosmer-ant @stephentoub @dsp-ant