feat: MCP 2025-11-25 spec compliance (HTTP + SSE transports)#5
Merged
Conversation
Brings mcpx into full compliance with the MCP 2025-11-25 specification. Transports: - Streamable HTTP transport (transport: http) — POST-based JSON-RPC with dual content-type handling (application/json + text/event-stream), session management via Mcp-Session-Id, and DELETE on close - Legacy SSE transport (transport: sse) — persistent GET stream for responses with POST for requests, endpoint discovery via SSE events Protocol fixes: - Protocol version updated from 2024-11-05 to 2025-11-25 - Server capabilities and info parsed from Initialize response - Paginated tools/list with cursor support - Proper ping method on Client - Expanded content types: image, audio, resource (with base64 display) - Server notification handling via NotificationHandler callback Config & wiring: - transport: "http" with url validation - Headers and bearer auth support (auth.type: bearer, auth.token) - init command maps "streamable-http" → "http" transport - Variable resolution for URL and headers via existing resolver Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes GO-2026-4601 (net/url IPv6 parsing), GO-2026-4600 and GO-2026-4599 (crypto/x509 certificate validation) flagged by govulncheck. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
transport: http) — the MCP spec's primary remote transport, with JSON and SSE response handling, session management, and 404 re-inittransport: sse) — persistent GET stream + POST requests for older MCP serverstransport: "http"validation,headersmap, bearer token auth (auth.type: bearer),initmapsstreamable-httptypeTest plan
go test -race ./...— 146 tests pass, 0 racesgo vet ./...— clean@modelcontextprotocol/server-everything(Streamable HTTP on port 3100, SSE on port 3200)ping— both transports respond with 13 tools--help— tool discovery works on bothecho --message— tool calls work on bothget-sum --a --b— numeric args work on bothget-tiny-image— image content type renders correctly--jsonoutput mode — correct JSON on both<tool> --help— flag discovery on both🤖 Generated with Claude Code