Skip to content

v1.7.0-pre.3

Pre-release
Pre-release

Choose a tag to compare

@guglielmo-san guglielmo-san released this 17 Jul 12:04
v1.7.0-pre.3
827f90b

This is a follow-up pre-release on top of v1.7.0-pre.2, still targeting protocol version 2026-07-28. It rounds out the previous pre-release with additional spec-compliance fixes, small ergonomic improvements to the streamable HTTP transport, and OAuth session persistence support.

Streamable HTTP request cancellation

The streamable HTTP transport now exposes an opt-in StreamableHTTPOptions.PropagateRequestCancellation flag. When enabled, aborting an in-flight POST cancels the handler context on stateless servers using the 2026-07-28 protocol, so long-running tool handlers can stop paying for orphaned work when the client goes away. Existing behavior is unchanged by default.

OAuth session persistence

Adds NewTokenSource and InitialTokenSource fields to AuthorizationCodeHandlerConfig. Together they let applications persist OAuth2 sessions across restarts by intercepting token refreshes and seeding the handler with a previously saved token source. A package example demonstrates the persistence pattern.

  • auth: support OAuth2 session persistence by @smlx (#1058)

Spec compliance fixes

Continued alignment with the spec adjustments for the 2026-07-28 protocol.

Behavior changes guarded by MCPGODEBUG

Two new escape-hatch flags are added in this pre-release to restore the previous behavior of two spec-compliance fixes above.

  • nowrapinvalidparams=1 — restore the previous behavior of returning raw unmarshalParams errors from receiving handlers instead of wrapping them as a JSON-RPC -32602 Invalid params error. Introduced by #1087.
  • disablecompleteparamsvalidation=1 — restore the previous behavior of accepting completion/complete responses without validating the presence of the completion params object. Introduced by #1080.

Other Changes to the SDK

New Contributors

Full Changelog: v1.7.0-pre.2...v1.7.0-pre.3