Merge branch 'main' into copilot/normalize-calltoolresult-content

Author: stephentoub

Directory.Packages.props

@@ -62,7 +62,7 @@
 
   <!-- Testing dependencies -->
   <ItemGroup>
-    <PackageVersion Include="Anthropic" Version="12.5.0" />
+    <PackageVersion Include="Anthropic" Version="12.8.0" />
     <PackageVersion Include="coverlet.collector" Version="8.0.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>

src/ModelContextProtocol.AspNetCore/AuthorizationFilterSetup.cs

@@ -43,31 +43,39 @@ public void PostConfigure(string? name, McpServerOptions options)
 
     private void ConfigureListToolsFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListToolsFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListToolsFilters.Add(next =>
         {
-            context.Items[AuthorizationFilterInvokedKey] = true;
-
-            var result = await next(context, cancellationToken);
-            await FilterAuthorizedItemsAsync(
-                result.Tools, static tool => tool.McpServerTool,
-                context.User, context.Services, context);
-            return result;
+            var toolCollection = options.ToolCollection;
+            return async (context, cancellationToken) =>
+            {
+                context.Items[AuthorizationFilterInvokedKey] = true;
+
+                var result = await next(context, cancellationToken);
+                await FilterAuthorizedItemsAsync(
+                    result.Tools, tool => toolCollection is not null && toolCollection.TryGetPrimitive(tool.Name, out var serverTool) ? serverTool : null,
+                    context.User, context.Services, context);
+                return result;
+            };
         });
     }
 
     private static void CheckListToolsFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListToolsFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListToolsFilters.Add(next =>
         {
-            var result = await next(context, cancellationToken);
-
-            if (HasAuthorizationMetadata(result.Tools.Select(static tool => tool.McpServerTool))
-                && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+            var toolCollection = options.ToolCollection;
+            return async (context, cancellationToken) =>
             {
-                throw new InvalidOperationException("Authorization filter was not invoked for tools/list operation, but authorization metadata was found on the tools. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
-            }
+                var result = await next(context, cancellationToken);
+
+                if (HasAuthorizationMetadata(result.Tools.Select(tool => toolCollection is not null && toolCollection.TryGetPrimitive(tool.Name, out var serverTool) ? serverTool : null))
+                    && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+                {
+                    throw new InvalidOperationException("Authorization filter was not invoked for tools/list operation, but authorization metadata was found on the tools. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
+                }
 
-            return result;
+                return result;
+            };
         });
     }
 
@@ -103,61 +111,77 @@ private static void CheckCallToolFilter(McpServerOptions options)
 
     private void ConfigureListResourcesFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListResourcesFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListResourcesFilters.Add(next =>
         {
-            context.Items[AuthorizationFilterInvokedKey] = true;
-
-            var result = await next(context, cancellationToken);
-            await FilterAuthorizedItemsAsync(
-                result.Resources, static resource => resource.McpServerResource,
-                context.User, context.Services, context);
-            return result;
+            var resourceCollection = options.ResourceCollection;
+            return async (context, cancellationToken) =>
+            {
+                context.Items[AuthorizationFilterInvokedKey] = true;
+
+                var result = await next(context, cancellationToken);
+                await FilterAuthorizedItemsAsync(
+                    result.Resources, resource => resourceCollection is not null && resourceCollection.TryGetPrimitive(resource.Uri, out var serverResource) ? serverResource : null,
+                    context.User, context.Services, context);
+                return result;
+            };
         });
     }
 
     private static void CheckListResourcesFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListResourcesFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListResourcesFilters.Add(next =>
         {
-            var result = await next(context, cancellationToken);
-
-            if (HasAuthorizationMetadata(result.Resources.Select(static resource => resource.McpServerResource))
-                && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+            var resourceCollection = options.ResourceCollection;
+            return async (context, cancellationToken) =>
             {
-                throw new InvalidOperationException("Authorization filter was not invoked for resources/list operation, but authorization metadata was found on the resources. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
-            }
+                var result = await next(context, cancellationToken);
+
+                if (HasAuthorizationMetadata(result.Resources.Select(resource => resourceCollection is not null && resourceCollection.TryGetPrimitive(resource.Uri, out var serverResource) ? serverResource : null))
+                    && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+                {
+                    throw new InvalidOperationException("Authorization filter was not invoked for resources/list operation, but authorization metadata was found on the resources. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
+                }
 
-            return result;
+                return result;
+            };
         });
     }
 
     private void ConfigureListResourceTemplatesFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListResourceTemplatesFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListResourceTemplatesFilters.Add(next =>
         {
-            context.Items[AuthorizationFilterInvokedKey] = true;
-
-            var result = await next(context, cancellationToken);
-            await FilterAuthorizedItemsAsync(
-                result.ResourceTemplates, static resourceTemplate => resourceTemplate.McpServerResource,
-                context.User, context.Services, context);
-            return result;
+            var resourceCollection = options.ResourceCollection;
+            return async (context, cancellationToken) =>
+            {
+                context.Items[AuthorizationFilterInvokedKey] = true;
+
+                var result = await next(context, cancellationToken);
+                await FilterAuthorizedItemsAsync(
+                    result.ResourceTemplates, resourceTemplate => resourceCollection is not null && resourceCollection.TryGetPrimitive(resourceTemplate.UriTemplate, out var serverResource) ? serverResource : null,
+                    context.User, context.Services, context);
+                return result;
+            };
         });
     }
 
     private static void CheckListResourceTemplatesFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListResourceTemplatesFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListResourceTemplatesFilters.Add(next =>
         {
-            var result = await next(context, cancellationToken);
-
-            if (HasAuthorizationMetadata(result.ResourceTemplates.Select(static resourceTemplate => resourceTemplate.McpServerResource))
-                && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+            var resourceCollection = options.ResourceCollection;
+            return async (context, cancellationToken) =>
             {
-                throw new InvalidOperationException("Authorization filter was not invoked for resources/templates/list operation, but authorization metadata was found on the resource templates. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
-            }
+                var result = await next(context, cancellationToken);
+
+                if (HasAuthorizationMetadata(result.ResourceTemplates.Select(resourceTemplate => resourceCollection is not null && resourceCollection.TryGetPrimitive(resourceTemplate.UriTemplate, out var serverResource) ? serverResource : null))
+                    && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+                {
+                    throw new InvalidOperationException("Authorization filter was not invoked for resources/templates/list operation, but authorization metadata was found on the resource templates. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
+                }
 
-            return result;
+                return result;
+            };
         });
     }
 
@@ -193,31 +217,39 @@ private static void CheckReadResourceFilter(McpServerOptions options)
 
     private void ConfigureListPromptsFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListPromptsFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListPromptsFilters.Add(next =>
         {
-            context.Items[AuthorizationFilterInvokedKey] = true;
-
-            var result = await next(context, cancellationToken);
-            await FilterAuthorizedItemsAsync(
-                result.Prompts, static prompt => prompt.McpServerPrompt,
-                context.User, context.Services, context);
-            return result;
+            var promptCollection = options.PromptCollection;
+            return async (context, cancellationToken) =>
+            {
+                context.Items[AuthorizationFilterInvokedKey] = true;
+
+                var result = await next(context, cancellationToken);
+                await FilterAuthorizedItemsAsync(
+                    result.Prompts, prompt => promptCollection is not null && promptCollection.TryGetPrimitive(prompt.Name, out var serverPrompt) ? serverPrompt : null,
+                    context.User, context.Services, context);
+                return result;
+            };
         });
     }
 
     private static void CheckListPromptsFilter(McpServerOptions options)
     {
-        options.Filters.Request.ListPromptsFilters.Add(next => async (context, cancellationToken) =>
+        options.Filters.Request.ListPromptsFilters.Add(next =>
         {
-            var result = await next(context, cancellationToken);
-
-            if (HasAuthorizationMetadata(result.Prompts.Select(static prompt => prompt.McpServerPrompt))
-                && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+            var promptCollection = options.PromptCollection;
+            return async (context, cancellationToken) =>
             {
-                throw new InvalidOperationException("Authorization filter was not invoked for prompts/list operation, but authorization metadata was found on the prompts. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
-            }
+                var result = await next(context, cancellationToken);
+
+                if (HasAuthorizationMetadata(result.Prompts.Select(prompt => promptCollection is not null && promptCollection.TryGetPrimitive(prompt.Name, out var serverPrompt) ? serverPrompt : null))
+                    && !context.Items.ContainsKey(AuthorizationFilterInvokedKey))
+                {
+                    throw new InvalidOperationException("Authorization filter was not invoked for prompts/list operation, but authorization metadata was found on the prompts. Ensure that AddAuthorizationFilters() is called on the IMcpServerBuilder to configure authorization filters.");
+                }
 
-            return result;
+                return result;
+            };
         });
     }
 

src/ModelContextProtocol.Core/Client/StreamableHttpClientSessionTransport.cs

@@ -228,7 +228,10 @@ await SendGetSseRequestWithRetriesAsync(
         SseStreamState state,
         CancellationToken cancellationToken)
     {
-        int attempt = 0;
+        // When LastEventId is null, the first attempt is the initial GET SSE connection (not a reconnection),
+        // so we start at -1 to avoid counting it against MaxReconnectionAttempts.
+        // When LastEventId is already set, all attempts are true reconnections, so we start at 0.
+        int attempt = state.LastEventId is null ? -1 : 0;
 
         // Delay before first attempt if we're reconnecting (have a Last-Event-ID)
         bool shouldDelay = state.LastEventId is not null;

src/ModelContextProtocol.Core/Protocol/BlobResourceContents.cs

@@ -1,6 +1,7 @@
 using System.Buffers;
 using System.Buffers.Text;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.InteropServices;
 using System.Text.Json.Serialization;
 
@@ -28,7 +29,7 @@ namespace ModelContextProtocol.Protocol;
 public sealed class BlobResourceContents : ResourceContents
 {
     private ReadOnlyMemory<byte>? _decodedData;
-    private ReadOnlyMemory<byte> _blob;
+    private ReadOnlyMemory<byte>? _blob;
 
     /// <summary>
     /// Creates an <see cref="BlobResourceContents"/> from raw data.
@@ -40,15 +41,20 @@ public sealed class BlobResourceContents : ResourceContents
     /// <exception cref="InvalidOperationException"></exception>
     public static BlobResourceContents FromBytes(ReadOnlyMemory<byte> bytes, string uri, string? mimeType = null)
     {
-        ReadOnlyMemory<byte> blob = EncodingUtilities.EncodeToBase64Utf8(bytes);
-        
-        return new()
-        {
-            _decodedData = bytes,
-            Blob = blob,
-            MimeType = mimeType,
-            Uri = uri
-        };
+        return new(bytes, uri, mimeType);
+    }
+
+    /// <summary>Initializes a new instance of the <see cref="BlobResourceContents"/> class.</summary>
+    public BlobResourceContents()
+    {
+    }
+
+    [SetsRequiredMembers]
+    private BlobResourceContents(ReadOnlyMemory<byte> decodedData, string uri, string? mimeType)
+    {
+        _decodedData = decodedData;
+        Uri = uri;
+        MimeType = mimeType;
     }
 
     /// <summary>
@@ -60,7 +66,16 @@ public static BlobResourceContents FromBytes(ReadOnlyMemory<byte> bytes, string
     [JsonPropertyName("blob")]
     public required ReadOnlyMemory<byte> Blob
     {
-        get => _blob;
+        get
+        {
+            if (_blob is null)
+            {
+                Debug.Assert(_decodedData is not null);
+                _blob = EncodingUtilities.EncodeToBase64Utf8(_decodedData!.Value);
+            }
+
+            return _blob.Value;
+        }
         set
         {
             _blob = value;