docs(community): add Primitive Grouping Interest Group charter#2942
Merged
olaservo merged 3 commits intoJun 24, 2026
Conversation
Port the charter for the Primitive Grouping Interest Group from the experimental-ext-grouping incubation repo into the canonical Interest Group Charters section, and register it in docs.json navigation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Port the updated charter from modelcontextprotocol/experimental-ext-grouping#6: add the #primitive-grouping-ig Discord channel, the within/beyond-scope problem statement, and the Goals, Organization Strategies, and IG Principles sections. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
olaservo
approved these changes
Jun 23, 2026
localden
approved these changes
Jun 24, 2026
localden
added a commit
that referenced
this pull request
Jul 10, 2026
* Update Kotlin SDK tier to Tier 3 in SDK documentation * docs: fix broken links to client/sampling and spec landing The "Sampling" link in each architecture overview pointed at /specification/<version>/client, which has no index page and is not a route (only /client/sampling, /client/roots, /client/elicitation exist). Point it at /specification/<version>/client/sampling, matching the link text. Applied across all five spec versions (2024-11-05, 2025-03-26, 2025-06-18, 2025-11-25, draft). Also fix two extension overviews (apps, tasks) that linked the "core MCP specification" to /specification, which has no index/redirect. Point them at /specification/latest, the version-agnostic spec landing redirect. * Add Authorization Interest Group charter Codifies the existing #auth-ig as a chartered Interest Group following the community charter template. Documents scope, facilitators, biweekly cadence, the WG-incubation process, and the six Working Groups proposed to date. * Re-organize message patterns pages * Update links to message patterns pages after move from utilities/ * Fix typos in changelog * make server/discover support caching * fix formatting * update caching intro * removing caching specific fields from server discovery data fields * clarify that ttlMs is an integer value in milliseconds in the docs * fix formatting * Mark SEPs as final * Split auth spec * Update metadata * Update ASM discovery into its own doc * Update docs * Update docs split * Structure updates * Structure updates * Structure updates * Update docs/specification/draft/server/utilities/caching.mdx * Restore Transports group to draft spec navigation The message patterns reorg (ea7c32a) accidentally dropped the Transports group from the draft Base Protocol navigation, orphaning the stdio and Streamable HTTP transport pages. * Split auth spec * Update metadata * Update ASM discovery into its own doc * Update docs * Update docs split * Structure updates * Structure updates * Structure updates * Bundle client registration into one page, split out AS discovery - Merge Client ID Metadata Documents and Dynamic Client Registration pages (plus preregistration and authorization server binding) into a single Client Registration page - Move Authorization Server Discovery into its own page with a short pointer from the authorization overview - Update navigation and cross-references accordingly * Update page split * Fix markdown format in server/prompts doc * Update for consistency * Pulling things out of the table as normative verbiage * Need to go through PR not direct to main for this change * Add Rust MCP client tutorial * Make Messages Pattern a sub-heading under Messages * fix(docs): replace dead Python auth sample link in authorization tutorial Signed-off-by: Hugues Clouâtre <hugues@linux.com> * (chore): sep-to-spec consistency pass (#2863) * Pulling things out of the table as normative verbiage * JSON schema security considerations from SEP * Update tiering per missing SEP callout * Update SEP guidelines with extension track * Extension naming, per SEP-2133 * SEP-2164 consistency - MUST for errors * SEP-2243 consistency, and resolves self-contradiction * Update changelog.mdx * Update sdk-tiers.mdx * Consistency with 2549 * 2575 consistency * 2575 verbiage * I don't think this is used anywhere * Update feature-lifecycle.mdx * Update feature-lifecycle.mdx * Update feature-lifecycle.mdx * Update changelog.mdx * Update docs/community/feature-lifecycle.mdx Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * Update docs/community/feature-lifecycle.mdx Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * Update docs/extensions/overview.mdx Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * Use dsp's suggestion consistently --------- Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * fix(schema): extract ElicitationCompleteNotificationParams to extend NotificationParams (#2866) Signed-off-by: Hugues Clouâtre <hugues@linux.com> * Align client feature pages with MRTR and per-request capabilities - Show client capability declarations in their real shape: the value of _meta["io.modelcontextprotocol/clientCapabilities"] is the ClientCapabilities object, not a top-level "capabilities" wrapper (which belonged to the removed initialize request). - Relabel embedded Request/Response example pairs on elicitation, sampling, and roots pages to make the MRTR envelope clear: input requests are delivered inside InputRequiredResult.inputRequests, and client results are returned inside inputResponses on the retried request. Strip the leftover JSON-RPC result wrappers from those examples. - Replace the dangling URLElicitationRequiredError reference (the error no longer exists) with the InputRequiredResult/requestState retry flow. - Remove the unsupported pattern property from the StringSchema example in the restricted elicitation schema subset. * Fix server page examples for required _meta, resultType, and caching fields - Add a note to tools, resources, prompts, completion, and pagination pages stating that request examples omit the required _meta request metadata for brevity, with a link to the _meta documentation. - Add the missing resultType: "complete" field to result examples on the tools, completion, and pagination pages. - Remove a stray top-level resultType field from a completion/complete request example (the field belongs on results, not requests). - Add ttlMs and cacheScope to the pagination resources/list response example, matching the caching requirements for list results. - Add resultType, ttlMs, and cacheScope rows to the server/discover Response Fields table. * Restore request timeout guidance, updated for transport-specific cancellation The Timeouts section from the 2025-11-25 lifecycle page was dropped in the draft restructure. Re-add it to the cancellation page: senders SHOULD establish per-request timeouts, cancel on expiry (closing the response stream on Streamable HTTP, sending notifications/cancelled on stdio), MAY reset the clock on progress notifications, and SHOULD enforce a maximum timeout regardless. * Scope caching requirements to complete results and define the cache key - Scope the caching-hints MUST to results with resultType "complete": interim input_required results from multi round-trip requests are not CacheableResults and carry no caching hints. - Define what identifies a cached response (method plus the request parameters that affect the result) and forbid caching results produced via MRTR retries carrying inputResponses or requestState. * Add changelog entries for required resultType and SSE resumability removal - New major-changes entry: all results carry a required resultType field ("complete" or "input_required"); clients treat an absent field from earlier-protocol servers as "complete". - Reword the MRTR entry so resultType is not described as something only InputRequiredResult carries. - New major-changes entry: SSE stream resumability and redelivery (Last-Event-ID) are removed; a broken response stream loses the request and clients re-issue it as a new request. * Align draft schema with spec docs - Declare the reserved io.modelcontextprotocol/subscriptionId _meta key via a new NotificationMetaObject type, including the rule for deriving the value from the subscriptions/listen request's JSON-RPC ID - Rewrite the three list_changed notification doc comments to reflect the opt-in subscriptions model instead of unsolicited delivery - Add the HEADER_MISMATCH (-32001) error code and HeaderMismatchError type required by the Streamable HTTP transport's header validation - Update cacheScope JSDoc to the authorization-context caching model used by the caching utility doc - Make CancelledNotificationParams.requestId required - Describe cancellation as client-initiated, with one server-side use: on stdio a server sends notifications/cancelled solely to terminate a subscriptions/listen stream - Give ListRootsRequest a minimal params shape instead of RequestParams, matching other server-initiated input requests - Remove ProgressNotification from ClientNotification: only clients issue requests, so only servers report progress Regenerated schema.json and schema.mdx. * Fix direction language and subscription ID rule in pattern docs - Cancellation: describe cancellation as client-to-server, with the server-side exception for subscriptions/listen stream teardown on stdio - Progress: describe progress notifications as server-to-client only, and use Client/Server in the sequence diagram - Subscriptions: state how io.modelcontextprotocol/subscriptionId is derived from the subscriptions/listen request's JSON-RPC ID (decimal string for numeric IDs, verbatim for string IDs) * Add repository links to Registry, Server Card, and Triggers & Events charters (#2887) Add a `## Resources` section linking each group to its modelcontextprotocol org repository, matching the convention already used by the Interceptors, Tool Annotations, and Skills Over MCP charters. - registry -> modelcontextprotocol/registry - server-card -> modelcontextprotocol/experimental-ext-server-card - triggers-events -> modelcontextprotocol/experimental-ext-triggers-events Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Move Rust client tab after Ruby * Address review feedback on cancellation wording, subscriptionId docs, and error example - Make the server-to-client direction of the stdio cancellation exception explicit in cancellation.mdx - Document why io.modelcontextprotocol/subscriptionId is optional on NotificationMetaObject (the type covers all notifications, not just subscription-stream deliveries) - Add a HeaderMismatchError example so -32001 renders in the schema Error section * Apply suggestions from code review Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * Make subscriptionId carry the JSON-RPC ID verbatim as string or number The _meta value is now typed as RequestId (string | number) instead of string, so no numeric-to-string conversion rule is needed. Update the subscriptions and resources doc examples to show a numeric ID passed through unchanged, and fix a verb agreement typo in cancellation.mdx. * Simplify subscriptionId description to just the request ID * fix extensions page nesting header names (#2895) The Extension Page Tab layout does not match the rest of the site. Currently it's Extension Name -> Extension Name. This PR switches it to be Extension Name -> Overview Also rename MCP Tasks to just Tasks, no need to have the MCP prefix. This was discussed as a docs issue in Core Maintainers meeting on 6/3 * Replace discover.mdx Response Fields table with a Data Types section Match the pattern used by the Tools, Prompts, and Resources pages: describe only the concept-specific DiscoverResult fields, leaving envelope fields (resultType, ttlMs, cacheScope) to the JSON example and the caching page. This keeps the page from needing updates whenever the message envelope changes. * Retrigger CI * Define error code allocation policy and renumber draft error codes JSON-RPC 2.0 reserves -32000..-32099 for implementation-defined server errors, and existing SDKs already use the low end of that range (request timeouts, connection closed, session not found). The error codes introduced in this draft collided with that usage: -32001 (HeaderMismatch) is also used by SDKs for request timeouts and session-not-found responses. Partition the range instead: -32000..-32009 stays implementation-defined (existing usage grandfathered, no new codes), -32010..-32099 is reserved for the MCP specification, with allocations recorded in schema.ts and starting at -32020. Renumber the draft-introduced codes accordingly: - HeaderMismatch: -32001 -> -32020 - MissingRequiredClientCapability: -32003 -> -32021 - UnsupportedProtocolVersion: -32004 -> -32022 Also add HeaderMismatchError to the schema (it previously existed only in transport prose) with an example, and document the policy in the Error Codes section of the base protocol overview. * Extend implementation-defined sub-range to -32019 Simpler boundary: implementation-defined space is -32000..-32019, the MCP specification reserves -32020..-32099. Drops the reserved-but-unallocated buffer concept in favor of a single clean split. * Update docs/specification/draft/basic/index.mdx Co-authored-by: Peter Alexander <pja@anthropic.com> * Update docs/specification/draft/basic/index.mdx Co-authored-by: Peter Alexander <pja@anthropic.com> * Update docs/specification/draft/basic/index.mdx Co-authored-by: Peter Alexander <pja@anthropic.com> * Leave room for future spec-defined local error codes Per review feedback: the spec may want to standardize what clients receive for common local conditions (e.g. request timeouts) in the future, so the note no longer steers implementations away from numeric codes entirely. * build(deps-dev): bump esbuild (#2910) Bumps the npm_and_yarn group with 1 update in the / directory: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.28.0 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.28.0...v0.28.1) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump esbuild (#2911) Bumps the npm_and_yarn group with 1 update in the /tools/sep-automation directory: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.1) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove obsolete docs/community/seps/2243-http-standardization.mdx * build(deps-dev): bump eslint from 10.4.1 to 10.5.0 Bumps [eslint](https://github.com/eslint/eslint) from 10.4.1 to 10.5.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.4.1...v10.5.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump typescript-eslint from 8.60.1 to 8.61.0 Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.60.1 to 8.61.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.0/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.61.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump prettier from 3.8.3 to 3.8.4 Bumps [prettier](https://github.com/prettier/prettier) from 3.8.3 to 3.8.4. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.3...3.8.4) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Tighten error code policy wording per review Reframe -32000..-32019 as legacy allocations, state the emit/meaning rules for the spec-reserved sub-range explicitly, and list the historical codes as a bulleted MUST NOT emit list. * Add Security IG charter; move all charters under working-groups/ and interest-groups/ :house: Remote-Dev: homespace * build(deps-dev): bump markdown-it Bumps the npm_and_yarn group with 1 update in the / directory: [markdown-it](https://github.com/markdown-it/markdown-it). Updates `markdown-it` from 14.1.1 to 14.2.0 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.1...14.2.0) --- updated-dependencies: - dependency-name: markdown-it dependency-version: 14.2.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Apply review feedback on range guidance Advise new implementations against using the legacy sub-range, and replace the applications clause with a uniform statement that does not depend on distinguishing applications from implementations. * charter * Format EMA interest group charter with prettier * Add Lead Maintainer sponsor and fix facilitator name in EMA IG charter * Add Discord channel link to EMA IG charter * Add Discord invite link alongside channel link in EMA IG charter * Add Ola Hungerford as Lead for Interceptors * docs: fix SEP-2243 base64 sentinel case-sensitivity contradiction * Extend Base64 sentinel encoding to the Mcp-Name header Tool and prompt names are only SHOULD-constrained to header-safe characters, so a name outside the safe set previously made the tool uncallable over Streamable HTTP: Mcp-Name is required, but no encoding was defined for it. - Allow the =?base64?...?= sentinel encoding (already defined for Mcp-Param-{Name} headers) for the Mcp-Name header value. - Require servers to decode encoded Mcp-Name and Mcp-Param-{Name} values before comparing them to the request body during server validation. * Restrict x-mcp-header to statically reachable properties The x-mcp-header extraction rule was undefined for properties nested under array 'items', inside composition or conditional keywords (oneOf/anyOf/allOf/not, if/then/else), or behind $ref: such properties have no single static location in the call arguments. - x-mcp-header annotations are now only valid on properties reachable from the schema root via a chain consisting solely of 'properties' keys. Annotations anywhere else make the tool definition invalid, triggering the existing client rejection rules. - Define extraction as reading the instance value at the annotated property's exact path; if the value is absent, the header is omitted. - Mirror the rule in the Tool.inputSchema schema documentation. * Add elicitationComplete to the subscriptions/listen filter notifications/elicitation/complete had no legal delivery channel: the HTTP GET stream is gone, response-stream notifications must relate to the in-flight request, and the subscriptions/listen filter had no field covering elicitation completion — while servers must not send notification types the client has not requested. - Add an opt-in elicitationComplete boolean to SubscriptionFilter; when true, the server may deliver notifications/elicitation/complete on that subscription's stream. - Document on ElicitationCompleteNotification that it is only sent to clients that opted in via elicitationComplete and is delivered on that subscription's stream (with the subscription ID in _meta). - Document the URL-mode elicitation flow: the client subscribes via subscriptions/listen with elicitationComplete: true, waits for the completion notification, then retries the original request. - Regenerate schema.json and the schema reference. * Clarify that core client notifications do not occur over Streamable HTTP In this revision, the only client-sent notification in the core protocol is notifications/cancelled, and it is used only on the stdio transport: on Streamable HTTP, closing the SSE response stream is itself the cancellation signal and no notifications/cancelled message is expected. - Note this in the Sending Messages section, cross-linking the cancellation pattern; the notification POST rules remain as transport mechanics, with header requirements for notification POSTs left undefined by this revision. - Scope the protocol-version header-body match requirement and the Mcp-Method header requirement to requests. Request-side rules are unchanged. * Remove notifications/elicitation/complete from draft spec With the multi round-trip request pattern, clients learn the outcome of an out-of-band URL mode elicitation by retrying the original request, so a server-initiated completion signal no longer has a place in the flow. - Drop ElicitationCompleteNotification and its params from the draft schema - Drop the elicitationComplete subscription filter field - Remove the completion notifications section from the elicitation page and update the URL mode flow diagram - Note the removal in the draft changelog * Remove elicitationId from URL mode elicitation requests The completion notification was the only consumer of this identifier. With notifications/elicitation/complete gone, servers correlate an elicitation across retries via requestState instead, so the field has no remaining protocol-level purpose. * Deduplicate x-mcp-header rules and drop redundant notification note The full reachability and extraction rules live in the Streamable HTTP transport spec; tools.mdx and the Tool schema comment now reference them instead of restating them. Also remove the protocol-version section's note about notification POSTs: the core protocol defines no client-to-server notifications over Streamable HTTP, so nobody will look for that answer there, and the Sending Messages note already covers it. * Only carve out -32002 in the legacy sub-range receiver rule -32042 falls in the spec-reserved sub-range, not the legacy one, so it does not belong in that bullet's exception; it stays listed with the codes from earlier protocol versions below. * Add Enterprise-Managed Authorization blog post :house: Remote-Dev: homespace * docs: mark Archestra.AI as supporting OAuth Client Credentials (#2950) * Update link to stable enterprise-managed authorization spec (#2949) Spec was updated to stable, so the link was broken. Fixed the link and pointed it to the new stable url. * Add PostHog Code to client-matrix documentation (#2946) Co-authored-by: Ola Hungerford <olahungerford@gmail.com> * docs: add Microsoft 365 Copilot to extension support matrix and MCP Apps client list (#2637) * docs: add Microsoft 365 Copilot to extension support matrix and MCP Apps client list * docs: apply Prettier formatting to client-matrix.mdx * fix: resolve prettier formatting issues in client-matrix.mdx * fix: restore Archestra.AI and PostHog Code rows dropped during merge The previous merge of main inadvertently removed the Archestra.AI (including its Enterprise Auth support) and PostHog Code entries from the client matrix, and dropped Archestra.AI from the MCP Apps overview client list. Restore them so this PR only adds Microsoft 365 Copilot. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Ola Hungerford <olahungerford@gmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * build(deps-dev): bump undici Bumps the npm_and_yarn group with 1 update in the / directory: [undici](https://github.com/nodejs/undici). Updates `undici` from 7.24.1 to 7.28.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.24.1...v7.28.0) --- updated-dependencies: - dependency-name: undici dependency-version: 7.28.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * docs: complete account linking guidance in enterprise-managed authorization docs * build(deps): bump actions/checkout from 6 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump typescript-eslint from 8.61.0 to 8.61.1 Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.61.0 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * docs: recommend SSE comment-line keep-alive for listen streams (#2954) Add a non-normative note to the Streamable HTTP transport recommending servers periodically emit an SSE comment line (:\r\n) as a keep-alive on long-lived subscriptions/listen response streams, and stating that clients must ignore SSE comment lines rather than treat them as malformed input. * Move AI contribution policy to AI_POLICY.md :house: Remote-Dev: homespace * feat(schema): add subscriptions/listen response (#2953) * feat(schema): add subscriptions/listen response subscriptions/listen was the only request without a response object. Add an empty SubscriptionsListenResult, sent by the server to signal a graceful end of the subscription (e.g. during shutdown), distinct from an abrupt transport drop which carries no response. Like other stream messages it carries the subscriptionId in _meta. Also add the subscriptionId to the stream notification examples that were missing it, matching the spec requirement that all stream messages carry it. * Update schema/draft/schema.ts Co-authored-by: Peter Alexander <pja@anthropic.com> * Update schema/draft/schema.ts Co-authored-by: Peter Alexander <pja@anthropic.com> * chore(schema): regenerate draft schema after listen result _meta change --------- Co-authored-by: Peter Alexander <pja@anthropic.com> * docs(community): add Primitive Grouping Interest Group charter (#2942) * docs(community): add Primitive Grouping Interest Group charter Port the charter for the Primitive Grouping Interest Group from the experimental-ext-grouping incubation repo into the canonical Interest Group Charters section, and register it in docs.json navigation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(community): sync Primitive Grouping charter with group repo PR #6 Port the updated charter from modelcontextprotocol/experimental-ext-grouping#6: add the #primitive-grouping-ig Discord channel, the within/beyond-scope problem statement, and the Goals, Organization Strategies, and IG Principles sections. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Ola Hungerford <olahungerford@gmail.com> * spec: decouple Mcp-Param-* header emission from schema TTL The Client Behavior note for custom Mcp-Param-* headers previously said clients SHOULD omit headers when the cached inputSchema is stale. With ttlMs: 0 this creates a loop: the schema is always stale, so the client always omits the header, the server rejects (header missing but value in body), the client refreshes tools/list, and the refreshed schema is still stale. Reframe the rule: clients use the most recently obtained inputSchema to construct headers, omit only when no schema has ever been obtained, and refresh-and-retry on reject (now covering both missing and mismatched headers). TTL governs re-fetch cadence for tools/list; it is not a gate on emitting routing headers. Server-side header/body validation is the freshness check. * fix links from docs to Enterprise Managed Auth spec (#2945) * fix link to Enterprise Managed Auth spec * Update link text to reflect EMA spec is now stable --------- Co-authored-by: Ola Hungerford <olahungerford@gmail.com> * docs: reframe server/discover version-selection bullet (#2955) * Apply suggestions from code review Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com> * Update seps/2243-http-standardization.md * Update docs/seps/2243-http-standardization.mdx * (docs): Update documentation for MCP security best practices (#1554) * Update security_best_practices.mdx * Update security_best_practices.mdx * Update security_best_practices.mdx * Update security_best_practices.mdx * Move OAuth URL validation content to relocated SBP doc The Security Best Practices document was moved out of the spec (specification/draft/basic/ -> docs/tutorials/security/) in 3a147cb. During merge, git's rename detection applied this PR's additions to the 2025-11-25 versioned spec instead of the new tutorials location. This moves the OAuth Authorization URL Validation and stdio Transport Security in Proxy Scenarios sections to their intended home in docs/docs/tutorials/security/security_best_practices.mdx and restores the 2025-11-25 spec to its released state. :house: Remote-Dev: homespace * Update docs/docs/tutorials/security/security_best_practices.mdx Co-authored-by: Sam Morrow <sammorrowdrums@github.com> * Clarify http:// scope and fix stdio section anchor - Restrict http:// to loopback addresses during local development, addressing review feedback that production authorization servers must use https:// - Fix broken anchor link to the stdio Transport Security in Proxy Scenarios section :house: Remote-Dev: homespace * Wrap stdio escalation paragraph at 100 chars :house: Remote-Dev: homespace --------- Co-authored-by: Sam Morrow <sammorrowdrums@github.com> * docs: fix elicitation example to use requestedSchema The learn/client-concepts elicitation/create example used 'schema', but the specification and JSON schema define the field as 'requestedSchema'. Signed-off-by: FenjuFu <fufenjupku@gmail.com> * Add SDK vulnerability disclosure process and stdio trust boundary to SECURITY.md (#2973) * Add SDK vulnerability disclosure process and security policy docs :house: Remote-Dev: homespace * Update docs/community/security.mdx Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> --------- Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> * Add Financial Services Interest Group charter Adds docs/community/interest-groups/financial-services.mdx in the current charter template format and registers it under Interest Group Charters in docs.json. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix the ordering of the dprecated features table The dperecated features table was not ordered. We are now ordereding it by the spec versions it was first deprecated in, in descending order. * build(deps-dev): bump typescript-eslint from 8.61.1 to 8.62.0 (#2985) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.61.1 to 8.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump eslint from 10.5.0 to 10.6.0 (#2986) Bumps [eslint](https://github.com/eslint/eslint) from 10.5.0 to 10.6.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.5.0...v10.6.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump prettier from 3.8.4 to 3.9.3 (#2987) * build(deps-dev): bump prettier from 3.8.4 to 3.9.3 Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.3. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.4...3.9.3) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.9.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Reformat schema and SEP files for prettier 3.9 :house: Remote-Dev: homespace --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Den Delimarsky <den@anthropic.com> * docs: add Code of Conduct appeals channel Add an Appeals section to CODE_OF_CONDUCT.md pointing to the new appeals@modelcontextprotocol.io Google Group, an out-of-band email channel for appealing enforcement actions (including org-level GitHub bans). The group was stood up in modelcontextprotocol/access#123. * Update CODE_OF_CONDUCT.md * docs: fix typo (contraints -> constraints) in appeals section * Add blog post announcing SDK betas for 2026-07-28 (#2988) * Add blog post announcing Python and TypeScript SDK betas for 2026-07-28 :house: Remote-Dev: homespace * Tighten blog post wording :house: Remote-Dev: homespace * Correct validation window and mention upcoming Go and C# SDK betas :house: Remote-Dev: homespace * Make SDK betas post developer-focused Rework the announcement around what server implementers need: a compatibility section up front, runnable install and migration steps for both SDKs, links to the RC and transports posts for context, and pointers to the SDK documentation sites and migration guides. Correct the SEP-2577 deprecation scope and clarify the TypeScript wire opt-in. :house: Remote-Dev: homespace * Cover Go and C# betas alongside Python and TypeScript All four Tier 1 SDKs now have pre-releases implementing 2026-07-28: Go v1.7.0-pre.1 and C# 2.0.0-preview.1 join the Python and TypeScript betas. Add a section with install commands, the Go stateless HTTP opt-in, and links to release notes and docs sites; update the title, intro, issue trackers, and pinning advice accordingly. :house: Remote-Dev: homespace * Add Felix Weinberger and Max Isbey to byline :house: Remote-Dev: homespace * Update blog/content/posts/2026-06-29-sdk-betas-for-2026-07-28.md Co-authored-by: kfang-ant <kfang@anthropic.com> * Update blog/content/posts/2026-06-29-sdk-betas-for-2026-07-28.md Co-authored-by: kfang-ant <kfang@anthropic.com> * Update blog/content/posts/2026-06-29-sdk-betas-for-2026-07-28.md Co-authored-by: kfang-ant <kfang@anthropic.com> * Restructure compatibility section and move protocol summary before SDK details Address review feedback: frame the betas as test-and-feedback releases with stable versions recommended for production, spell out why trying a beta is safe (opt-in at install and on the wire), and end with concrete steps for library authors. Move the SEP summary ahead of the per-SDK sections so readers see what changed before the language-specific install instructions. :house: Remote-Dev: homespace * Add stack diagram and align SDK betas post with amplification messaging - Add stack.svg showing spec -> SDKs -> clients/servers layering - Lead intro with 'stateless' and Python/TypeScript v2 - Standardize on 'v2' (drop mixed '2.0' in prose) - Rename feedback section to 'Tell us what breaks' - Reflow prose to ~100 chars and fix typos * Refine SDK betas post title and feedback section - Retitle to 'Beta SDKs for the 2026-07-28 MCP Spec Release Candidate Are Here' - Restore 'Give us your feedback' section heading - Separate spec-repo pointer from the C# issue-tracker bullet * Style "+ more" SDK tile as full-size hatched block * Update author bylines to per-SDK lead titles --------- Co-authored-by: kfang-ant <kfang@anthropic.com> * Correct several claims in the SDK betas blog post (#2997) * Correct several claims in the SDK betas post - Scope the "resolves to a stable version" install claim to Python, Go, and C#: the TypeScript v2 packages are new package names with no stable release, so installing them is itself the beta opt-in. - State that Python and C# servers pick up the new revision on upgrade, in contrast to the TypeScript/Go transport-level opt-in. - Note that the v2 SDK lines are new major versions with breaking changes, separate from anything that happens on July 28. - Python: the decorator API carries over from v1's FastMCP; drop the "API got smaller" and "can now be implemented" framing. - Mcp-Name rides only on requests that name a tool, resource, or prompt, not on every request. - Soften the claim that every release's notes list exactly which SEPs are covered. - Use https for the MRTR link. - Move the post date to the actual publish date. * Keep the original post date * workflows: enable Dependabot auto-approve in slash-commands (#3018) Wire up the slash-commands action's new dependabot-auto-approve mode: - Add pull_request_target types opened/reopened and a check_suite completed trigger (gated to dependabot/ branches at the job level so suites on other branches don't start a run) - Pass dependabot-auto-approve: dev-patch-minor and the explicit file allow-list (package.json, package-lock.json) Dependabot PRs that update direct dev dependencies by patch/minor versions, touch only the lockfile pair, carry verified dependabot-authored commits, and have green CI get approved and auto-merged by mcp-commander. Everything else still requires /lgtm. Claude-Session: https://claude.ai/code/session_019ygNtiNcAaqTRnQjHCDkVS Co-authored-by: Claude <noreply@anthropic.com> * build(deps-dev): bump tsx from 4.22.4 to 4.23.0 (#3015) Bumps [tsx](https://github.com/privatenumber/tsx) from 4.22.4 to 4.23.0. - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.22.4...v4.23.0) --- updated-dependencies: - dependency-name: tsx dependency-version: 4.23.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump prettier from 3.9.3 to 3.9.4 (#3012) Bumps [prettier](https://github.com/prettier/prettier) from 3.9.3 to 3.9.4. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.9.3...3.9.4) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.9.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump typescript-eslint from 8.62.0 to 8.62.1 (#3013) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.62.0 to 8.62.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.62.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump typedoc from 0.28.19 to 0.28.20 (#3014) * build(deps-dev): bump typedoc from 0.28.19 to 0.28.20 Bumps [typedoc](https://github.com/TypeStrong/TypeDoc) from 0.28.19 to 0.28.20. - [Release notes](https://github.com/TypeStrong/TypeDoc/releases) - [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md) - [Commits](TypeStrong/typedoc@v0.28.19...v0.28.20) --- updated-dependencies: - dependency-name: typedoc dependency-version: 0.28.20 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Regenerate schema docs for typedoc 0.28.20 typedoc 0.28.20's updated JSX renderer emits whitespace between adjacent block-level HTML tags, changing the generated schema.mdx output. Regenerated via npm run generate:schema:md so check:schema:md passes. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> * docs: update Goose documentation links (#3019) * docs: update Goose documentation links * docs: format Goose links table * Add AI agent contribution policy to AGENTS.md (#3009) :house: Remote-Dev: homespace --------- Signed-off-by: Hugues Clouâtre <hugues@linux.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: FenjuFu <fufenjupku@gmail.com> Co-authored-by: devcrocod <devcrocod@gmail.com> Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com> Co-authored-by: Sri Ujwal <sbeeredd04@users.noreply.github.com> Co-authored-by: Paul Carleton <paulc@anthropic.com> Co-authored-by: Clare Liguori <liguori@amazon.com> Co-authored-by: David Soria Parra <davidsp@anthropic.com> Co-authored-by: John Warwick <john_warwick@rapid7.com> Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com> Co-authored-by: Caitie McCaffrey <caitiem20@github.com> Co-authored-by: Den Delimarsky <53200638+localden@users.noreply.github.com> Co-authored-by: amikai <amikai.chuang@gmail.com> Co-authored-by: Hugues Clouâtre <hugues@linux.com> Co-authored-by: Hugues Clouâtre <15008125+clouatre@users.noreply.github.com> Co-authored-by: Peter Alexander <pja@anthropic.com> Co-authored-by: Ola Hungerford <olahungerford@gmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Felix Weinberger <fweinberger@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mike Kistler <mikekistler@microsoft.com> Co-authored-by: Den Delimarsky <den@anthropic.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com> Co-authored-by: Dale Seo <5466341+DaleSeo@users.noreply.github.com> Co-authored-by: Alex Akimov <alexeyakimov@gmail.com> Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com> Co-authored-by: garciasces <garciasces@madrid.es> Co-authored-by: Rafael Audibert <32079912+rafaeelaudibert@users.noreply.github.com> Co-authored-by: SuryaMSFT <116728747+SuryaMSFT@users.noreply.github.com> Co-authored-by: Karan Raina <karanraina1996@gmail.com> Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com> Co-authored-by: Sam Morrow <info@sam-morrow.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Chris Concannon <chris@concannon.tech> Co-authored-by: Sam Morrow <sammorrowdrums@github.com> Co-authored-by: FenjuFu <fufenjupku@gmail.com> Co-authored-by: Peder <pederhp@hotmail.com> Co-authored-by: Agent Orchestrator <sam@tadasant.com> Co-authored-by: Tadas Antanavicius <tadas@tadasant.com> Co-authored-by: kfang-ant <kfang@anthropic.com> Co-authored-by: Max <224885523+maxisbey@users.noreply.github.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: LiuHanZhi <liuhanzhi514@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Publishes the charter for the Primitive Grouping Interest Group in the Interest Group Charters section, so the group is discoverable from the MCP docs.
The charter is ported from the group's incubation repo — specifically the long-open experimental-ext-grouping#6 ("Update IG charter, approaches, and grouping spec") — into the canonical format used by the other IG charters (e.g. Tool Annotations, Security).
Changes
docs/community/interest-groups/primitive-grouping.mdxdocs/docs.jsonThe charter carries the source content — mission, scoped problem statement (within/beyond scope), goals, organization strategies, IG principles, facilitators/leadership, lifecycle, work tracking, and success criteria — restructured to match the canonical IG charter layout. Group-wide governance rules are intentionally not repeated, per the charter template.
Checks
npm run check:docspasses (formatting, MDX comments, and no broken links).