Skip to content

Commit 93ea09a

Browse files
authored
docs: retarget roadmap to 2026-07-28 spec (#986)
1 parent 3662d20 commit 93ea09a

1 file changed

Lines changed: 48 additions & 15 deletions

File tree

ROADMAP.md

Lines changed: 48 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,31 +2,52 @@
22

33
This roadmap tracks the path to SEP-1730 Tier 1 for the Rust MCP SDK.
44

5-
Server conformance: 87.5% (28/32) · Client conformance: 80.0% (16/20)
5+
Spec 2025-11-25 (suite 0.1.16): Server 100% (30/30) · Client 100% (18/18)
6+
Spec 2026-07-28 (suite 0.2.0-alpha.9): Server 92.5% (37/40) · Client 75.0% (24/32)
67

78
---
89

9-
## Tier 2 → Tier 1
10+
## Target spec: 2026-07-28 (release 2026-07-28)
1011

11-
### Conformance
12+
All 2026-07-28 work carries the `2026-07-28` label and the
13+
[`2026-07-28 spec` milestone](https://github.com/modelcontextprotocol/rust-sdk/milestone/3).
14+
Per-scenario conformance status is tracked in the epic issue:
15+
[#977 — Tracking: 2026-07-28 spec conformance](https://github.com/modelcontextprotocol/rust-sdk/issues/977).
1216

13-
#### Server (87.5% → 100%)
17+
### Conformance (baseline 2026-07-13, suite `0.2.0-alpha.9`)
1418

15-
- [ ] Fix `prompts-get-with-args` — prompt argument handling returns incorrect result (arg1/arg2 not substituted)
16-
- [ ] Fix `prompts-get-embedded-resource` — embedded resource content in prompt responses (invalid content union)
17-
- [ ] Fix `elicitation-sep1330-enums` — enum inference handling per SEP-1330 (missing enumNames for legacy titled enum)
18-
- [ ] Fix `dns-rebinding-protection` — validate `Host` / `Origin` headers on Streamable HTTP transport (accepts invalid headers with 200)
19+
- Server: 3 scenarios (`tools-call-with-progress` stateless behavior, SEP-2243 server-side custom headers, and `server-stateless` — the SEP-2575 discovery/negotiation suite at 2/28 checks)
20+
- Client: 8 scenarios (SEP-2243 headers ×3, `request-metadata`, and 4 single-check auth failures: SEP-2350 step-up, pre-registration, SEP-2352 AS migration, SEP-2468 issuer validation); fixes for SEP-2350 (#888) and SEP-2352 (#965) are already in review
21+
- CI: run the full `--spec-version 2026-07-28` suites (stateless server) instead of hand-picked scenario lists; re-baseline on each draft-suite bump
1922

20-
#### Client (80.0% → 100%)
23+
### Spec features without conformance scenarios
2124

22-
- [ ] Fix `auth/metadata-var3` — AS metadata discovery variant 3 (no authorization support detected)
23-
- [ ] Fix `auth/scope-from-www-authenticate` — use scope parameter from WWW-Authenticate header on 403 insufficient_scope
24-
- [ ] Fix `auth/scope-step-up` — handle 403 `insufficient_scope` and re-authorize with upgraded scopes
25-
- [ ] Fix `auth/2025-03-26-oauth-endpoint-fallback` — legacy OAuth endpoint fallback for pre-2025-06-18 servers (no authorization support detected)
25+
Conformance alone does not cover the full spec surface. Feature work tracked via the milestone:
26+
27+
- SEP-2567 sessionless MCP via explicit state handles (#870)
28+
- SEP-2260 server requests must associate with a client request (#873)
29+
- SEP-2549 follow-up: client-side TTL-honoring cache (#974)
30+
31+
(SEP-2575 discovery & negotiation is covered by the `server-stateless` conformance scenario;
32+
implementation is in review — #869, PRs #973, #943.)
33+
34+
### Release
35+
36+
The 2026-07-28 implementation ships as **v3.0.0** (release PR #964): MRTR, SEP-2549 cache hints,
37+
SEP-2243 standard headers, and the SEP-2106 relaxations are merged but unreleased — tiering and
38+
relegation are evaluated against the latest stable release, so cutting v3.0.0 with the remaining
39+
conformance fixes is on the critical path. Migration guide (draft, kept current until release):
40+
[discussion #969](https://github.com/modelcontextprotocol/rust-sdk/discussions/969).
41+
42+
---
43+
44+
## Tier 1 (non-conformance requirements)
2645

2746
### Governance & Policy
2847

2948
- [ ] Create `VERSIONING.md` — document semver scheme, what constitutes a breaking change, and how breaking changes are communicated
49+
- [ ] Publish a dependency update policy (Tier 1 requires a published policy)
50+
- [ ] Cut v3.0.0 (#964) including all conformance fixes (tier relegation is evaluated against the latest stable release)
3051

3152
### Documentation (26/48 → 48/48 features with prose + examples)
3253

@@ -59,13 +80,25 @@ Server conformance: 87.5% (28/32) · Client conformance: 80.0% (16/20)
5980

6081
---
6182

83+
## Completed
84+
85+
- [x] 2025-11-25 server conformance 100% (30 scenarios + pending `json-schema-2020-12`, `server-sse-polling`)
86+
- [x] 2025-11-25 client conformance 100% (18 scenarios + legacy `auth/2025-03-26-*`)
87+
- [x] SEP-2322 MRTR (14 server scenarios + `sep-2322-client-request-state`)
88+
- [x] SEP-2164 resource not found
89+
- [x] Cache hints (`caching`)
90+
- [x] `http-header-validation`
91+
- [x] Issue triage labels (bug, enhancement, needs confirmation, needs repro, ready for work, P0–P3)
92+
93+
---
94+
6295
## Informational (not scored for tiering)
6396

64-
These draft/extension scenarios are tracked but do not count toward tier advancement:
97+
These extension scenarios are tracked but do not count toward tier advancement:
6598

6699
| Scenario | Tag | Status |
67100
|---|---|---|
68-
| `auth/resource-mismatch` | draft | ❌ Failed |
69101
| `auth/client-credentials-jwt` | extension | ❌ Failed — JWT `aud` claim verification error |
70102
| `auth/client-credentials-basic` | extension | ✅ Passed |
71103
| `auth/cross-app-access-complete-flow` | extension | ❌ Failed — sends `authorization_code` grant instead of `jwt-bearer` |
104+
| `tasks-*` | extension | Not yet attempted |

0 commit comments

Comments
 (0)