GitShow/modelcontextprotocol/rust-sdk
modelcontextprotocol

rust-sdk

The official Rust SDK for the Model Context Protocol

by modelcontextprotocol
Star on GitHubFork

Rust

3.6k stars549 forks172 contributorsActive · 6h agoSince 2025rmcp-v2.0.0

Meet the team

See all 172 on GitHub →
DaleSeo
DaleSeo80 contributions
4t145
4t14542 contributions
jokemanfire
jokemanfire42 contributions
github-actions[bot]Bot
github-actions[bot]40 contributions
dependabot[bot]Bot
dependabot[bot]35 contributions
alexhancock
alexhancock31 contributions
jamadeo
jamadeo8 contributions
glicht
glicht7 contributions

Languages

View on GitHub →
Rust98.8%
Shell0.8%
JavaScript0.3%
Python0.1%
Just0%
RenderScript0%

Commit activity

Last 12 weeks · 78 commits

Full graph →

Community health

5 of 6 standards met

Community profile →
87
✓README✓License✓Contributing✓Code of Conduct○Issue Template✓PR Template

Recent PRs & issues

Active · Last activity 6h ago
See all on GitHub →
DaleSeo
feat!: add MRTR behavior support (SEP-2322)OpenPR

Motivation and Context On top of PR #915 that adds model types for SEP-2322, this PR wires up the behavior so servers can request input and clients can satisfy it without changing their call sites. Server tool/prompt/resource handlers can now return an , and the high-level client automatically fulfills the rounds through the already-registered sampling, elicitation, and roots handlers before retrying the original call. The methods remain as a manual escape hatch for callers that want to drive the rounds themselves. Native emission is gated on a negotiated protocol version of or newer so older peers never receive a result shape they cannot understand. It also adds an opt-in feature (, HMAC-SHA256) to safely round-trip the untrusted , plus a example and MRTR usage docs. How Has This Been Tested? Add tests Breaking Changes Server handler return types for , , and are widened to MRTR-aware response enums ( / / ) so a handler can return either a final result or an . The / proc macros, routers, conformance server, and existing tests are updated accordingly. Types of changes [ ] Bug fix (non-breaking change which fixes an issue) [x] New feature (non-breaking change which adds functionality) [x] Breaking change (fix or feature that would cause existing functionality to change) [ ] Documentation update Checklist [x] I have read the MCP Documentation [x] My code follows the repository's style guidelines [x] New and existing tests pass locally [x] I have added appropriate error handling [x] I have added or updated documentation as needed Additional context

DaleSeo · 6h ago
SarthakB11
fix(auth): preserve refresh_token when refresh response omits itOpenPR

Title: fix(auth): keep existing refresh token when refresh response omits it Motivation and Context This fixes token loss on refresh responses that omit . RFC 6749 §6 and the OAuth 2.1 draft make rotation optional, so when the server omits the field the client should keep the token it already holds; was persisting the response verbatim, wiping the stored refresh token and forcing full re-authorization on the next call. The same bug was fixed in the Python SDK (modelcontextprotocol/python-sdk#2270). Fixes #921. How Has This Been Tested? Added regression tests in covering both the omit case (server drops , client keeps the existing one) and the rotate case (server issues a new , client replaces). passes. Breaking Changes None. Public API is unchanged. The only behavior change is that a refresh response without a no longer wipes the stored refresh token. Types of changes [x] Bug fix (non-breaking change which fixes an issue) [ ] New feature (non-breaking change which adds functionality) [ ] Breaking change (fix or feature that would cause existing functionality to change) [ ] Documentation update Checklist [x] I have read the MCP Documentation [x] My code follows the repository's style guidelines [x] New and existing tests pass locally [x] I have added appropriate error handling [ ] I have added or updated documentation as needed

SarthakB11 · 9h ago
branben
feat: relax outputSchema to accept non-object JSON Schema types (SEP-2106)OpenPR

Summary Relax to accept any JSON Schema 2020-12 root type (arrays, primitives, compositions) for , while keeping enforcing . This implements SEP-2106, which was accepted May 18 2026. PR #860 (merged Jun 2 2026) added title/desc stripping and input validation. This PR covers the remaining work: decoupling the type gate so output schemas are no longer rejected for non-object types. Changes : Split into: — keeps check for inputSchema — strips title/desc, no type check (accepts any JSON Schema root type) : Updated doc comment to remove incorrect "root type object" panic reference Tests**: 17 new tests across 4 test files covering primitives, arrays, compositions (), unit type, macro path, trait path, cache correctness, and negative tests for input rejection Backward Compatibility return type unchanged () All existing tests for object output types still pass Change is strictly relaxing: types that were previously rejected are now accepted Verification : 424 passed, 0 failed : No issues found

branben · 10h ago

Recent fixes

View closed PRs →
DaleSeo
feat: add SEP-414 trace context meta accessorsMergedPR

Closes #886 Motivation and Context SEP-414 reserves the keys , , and for W3C trace context propagation. While the values could already be stored in , the SDK didn't provide typed support, which meant callers had to hardcode the key strings. This update adds and accessors on and includes matching helpers on and public key constants. How Has This Been Tested? Added integration tests Breaking Changes None. Types of changes [ ] Bug fix (non-breaking change which fixes an issue) [x] New feature (non-breaking change which adds functionality) [ ] Breaking change (fix or feature that would cause existing functionality to change) [x] Documentation update Checklist [x] I have read the MCP Documentation [x] My code follows the repository's style guidelines [x] New and existing tests pass locally [ ] I have added appropriate error handling [x] I have added or updated documentation as needed Additional context

DaleSeo · 12h ago
DaleSeo
Implement SEP-414: W3C Trace Context propagation in _metaClosedIssue

SEP-414: W3C Trace Context propagation in — rust-sdk implementation Spec PR: https://github.com/modelcontextprotocol/modelcontextprotocol/pull/414 Track: Specification · Stage: final · Priority: P2 · Theme: Transport Evolution and Scalability Needs code changes:* Yes (Small) — additive (typed accessors + constants) Summary Formalizes three W3C Trace Context fields as standardized keys, enabling distributed tracing across MCP hops without inventing a parallel mechanism: — W3C Trace Context v1 trace parent header value — W3C Trace Context v1 trace state header value — W3C Baggage header value Servers and clients that emit or consume OpenTelemetry spans use these keys to propagate span context through the field of any MCP request. Why this needs code changes in rust-sdk in is a transparent (line 199), so the values can be stored today via raw map operations. But the SDK currently provides no typed support: No key-name constants analogous to No typed accessors (, , etc.) analogous to / No extractor/injector helpers for integration with the or ecosystems Without these, every caller must hardcode string literals, making the feature invisible to SDK users and impossible to test in isolation. Proposed work [ ] Add string constants in : [ ] Add typed read/write accessors on following the pattern: / / [ ] Add a feature-gated (e.g. ) helper module that implements the OpenTelemetry interface using these three fields, enabling: Injection: write span context from an active into Extraction: restore a from a received on an incoming request [ ] Add unit tests for round-trip set/get on all three fields, and for inject/extract when the feature flag is enabled. Affected areas (constants + typed accessors); optional new or for the propagator impl. for the optional dependency. Notes / risks The typed accessors are purely additive and carry no risk. The feature gate keeps the dependency optional so users who don't need distributed tracing don't pay the compile cost. Coordinate with SEP-2243 (#872) — the HTTP transport headers ( etc.) and the fields carry the same logical data; the propagator helper bridges both. Related existing issues #872 — Implement SEP-2243: HTTP Standardization — / headers; trace context flows through both HTTP headers and in the same request path

DaleSeo · 12h ago
DaleSeo
fix: block redirect header leaksMergedPR

Motivation and Context This fixes a security issue where the default reqwest-backed streamable HTTP transport could follow redirects while preserving caller-provided custom headers. Disabling automatic redirects keeps secrets such as custom API key headers scoped to the intended MCP server instead of replaying them to an attacker-controlled redirect target. How Has This Been Tested? Added a regression test Breaking Changes No Types of changes [x] Bug fix (non-breaking change which fixes an issue) [ ] New feature (non-breaking change which adds functionality) [ ] Breaking change (fix or feature that would cause existing functionality to change) [ ] Documentation update Checklist [x] I have read the MCP Documentation [x] My code follows the repository's style guidelines [x] New and existing tests pass locally [x] I have added appropriate error handling [x] I have added or updated documentation as needed

DaleSeo · 13h ago
Structured data for AI agents

Repository: modelcontextprotocol/rust-sdk. Description: The official Rust SDK for the Model Context Protocol Stars: 3586, Forks: 549. Primary language: Rust. Languages: Rust (98.8%), Shell (0.8%), JavaScript (0.3%), Python (0.1%), Just (0%). Latest release: rmcp-v2.0.0 (2d ago). Open PRs: 15, open issues: 32. Last activity: 6h ago. Community health: 87%. Top contributors: DaleSeo, 4t145, jokemanfire, github-actions[bot], dependabot[bot], alexhancock, jamadeo, glicht, tanish111, Z9RTM and others.

·@ofershap

Replace github.com with gitshow.dev