|
2 | 2 |
|
3 | 3 | This roadmap tracks the path to SEP-1730 Tier 1 for the Rust MCP SDK. |
4 | 4 |
|
5 | | -Server conformance: 86.7% (26/30) · Client conformance: 85.0% (18/24) · Spec tracking gap: 6 days |
| 5 | +Server conformance: 87.5% (28/32) · Client conformance: 80.0% (16/20) |
6 | 6 |
|
7 | 7 | --- |
8 | 8 |
|
9 | 9 | ## Tier 2 → Tier 1 |
10 | 10 |
|
11 | 11 | ### Conformance |
12 | 12 |
|
13 | | -#### Server (86.7% → 100%) |
| 13 | +#### Server (87.5% → 100%) |
14 | 14 |
|
15 | | -- [ ] Fix `server-prompts-get-with-args` — prompt argument handling returns incorrect result |
16 | | -- [ ] Fix `server-prompts-get-embedded-resource` — embedded resource content in prompt responses |
17 | | -- [ ] Fix `server-elicitation-sep1330-enums` — enum inference handling per SEP-1330 |
18 | | -- [ ] Fix `server-dns-rebinding-protection` — validate `Host` / `Origin` headers on Streamable HTTP transport |
| 15 | +- [ ] Fix `prompts-get-with-args` — prompt argument handling returns incorrect result (arg1/arg2 not substituted) |
| 16 | +- [ ] Fix `prompts-get-embedded-resource` — embedded resource content in prompt responses (invalid content union) |
| 17 | +- [ ] Fix `elicitation-sep1330-enums` — enum inference handling per SEP-1330 (missing enumNames for legacy titled enum) |
| 18 | +- [ ] Fix `dns-rebinding-protection` — validate `Host` / `Origin` headers on Streamable HTTP transport (accepts invalid headers with 200) |
19 | 19 |
|
20 | | -#### Client (85.0% → 100%) |
| 20 | +#### Client (80.0% → 100%) |
21 | 21 |
|
22 | | -- [ ] Fix `auth/scope-step-up` (2025-11-25) — handle 403 `insufficient_scope` and re-authorize with upgraded scopes |
23 | | -- [ ] Fix `auth/metadata-var3` (2025-11-25) — AS metadata discovery variant 3 |
24 | | -- [ ] Fix `auth/2025-03-26-oauth-endpoint-fallback` (2025-03-26) — legacy OAuth endpoint fallback for pre-2025-06-18 servers |
| 22 | +- [ ] Fix `auth/metadata-var3` — AS metadata discovery variant 3 (no authorization support detected) |
| 23 | +- [ ] Fix `auth/scope-from-www-authenticate` — use scope parameter from WWW-Authenticate header on 403 insufficient_scope |
| 24 | +- [ ] Fix `auth/scope-step-up` — handle 403 `insufficient_scope` and re-authorize with upgraded scopes |
| 25 | +- [ ] Fix `auth/2025-03-26-oauth-endpoint-fallback` — legacy OAuth endpoint fallback for pre-2025-06-18 servers (no authorization support detected) |
25 | 26 |
|
26 | 27 | ### Governance & Policy |
27 | 28 |
|
@@ -58,10 +59,13 @@ Server conformance: 86.7% (26/30) · Client conformance: 85.0% (18/24) · Spec t |
58 | 59 |
|
59 | 60 | --- |
60 | 61 |
|
61 | | -## Informational (not scored) |
| 62 | +## Informational (not scored for tiering) |
62 | 63 |
|
63 | | -These draft/extension scenarios are tracked but do not block tier advancement: |
| 64 | +These draft/extension scenarios are tracked but do not count toward tier advancement: |
64 | 65 |
|
65 | | -- [ ] `auth/resource-mismatch` (draft) |
66 | | -- [ ] `auth/cross-app-access-complete-flow` (extension) |
67 | | -- [ ] `auth/client-credentials-jwt` (extension) |
| 66 | +| Scenario | Tag | Status | |
| 67 | +|---|---|---| |
| 68 | +| `auth/resource-mismatch` | draft | ❌ Failed | |
| 69 | +| `auth/client-credentials-jwt` | extension | ❌ Failed — JWT `aud` claim verification error | |
| 70 | +| `auth/client-credentials-basic` | extension | ✅ Passed | |
| 71 | +| `auth/cross-app-access-complete-flow` | extension | ❌ Failed — sends `authorization_code` grant instead of `jwt-bearer` | |
0 commit comments