Skip to content

MCP 2025-03-26 Specification Compliance Report #136

New issue
New issue
Open
Open
MCP 2025-03-26 Specification Compliance Report#136
@atesgoral

Description

@atesgoral
atesgoral
opened on Sep 14, 2025

✅ Compliant Features

  1. Protocol Version Support: The SDK correctly supports the 2025-03-26 protocol version (lib/mcp/configuration.rb:6)
  2. Base Protocol: JSON-RPC 2.0 messaging fully implemented
  3. Server Features:
    • ✅ Resources (list, read, templates)
    • ✅ Prompts (list, get)
    • ✅ Tools (list, call)
    • ✅ Tool annotations (destructive_hint, idempotent_hint, open_world_hint, read_only_hint)
    • ✅ Instructions support (for 2025-03-26+)
  4. Lifecycle Management: Initialize, initialized notification, ping
  5. Capabilities Negotiation: Server capabilities properly implemented

⚠️ Gaps Identified

1. Client Features Missing

  • Sampling support not implemented: No server-side handling for sampling/createMessage requests
  • Client lacks prompts/resources methods: The MCP::Client class only has tools and call_tool methods, missing prompts and resources support

2. Utilities Partially Missing

  • Progress tracking: Methods defined but no handlers implemented
  • Cancellation: Methods defined but no handlers implemented
  • ✅ Error reporting: Implemented via exception handling
  • ✅ Logging: Basic support present

3. Security & Safety Documentation

  • No security guidelines in README: The specification emphasizes user consent, data privacy, tool safety, and LLM sampling controls, but the README lacks any security documentation
  • No implementation guidance for consent flows
  • No documentation about trust & safety considerations

4. Documentation Gaps

  • ❌ Missing details about security best practices
  • ❌ No guidance on implementing user consent mechanisms
  • ❌ No documentation about sampling feature (when implemented)

Recommendations

High Priority

  1. Add prompts and resources methods to MCP::Client
  2. Implement sampling support for server-initiated LLM interactions
  3. Add security & safety section to README

Medium Priority

  1. Implement progress tracking handlers
  2. Implement cancellation handlers
  3. Document consent and authorization best practices

Low Priority

  1. Add examples for all missing features
  2. Enhance test coverage for new capabilities

Summary

The Ruby SDK has good coverage of the core MCP 2025-03-26 specification but lacks client-side feature parity and security documentation that the specification emphasizes as critical.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions