FastMCP 3 Beta 2 reflects the huge number of people that have kicked the tires on Beta 1. Seven new contributors landed changes in this release, and early migration reports have gone even smoother than expected, including teams on Prefect Horizon upgrading from v2. All of which makes a strong case for moving toward a stable release. As such, most of Beta 2 is refinement: fixing what people found, filling gaps from real usage, hardening edges. But a few new features did land along the way.
π₯οΈ Client CLI β fastmcp list, fastmcp call, fastmcp discover, and fastmcp generate-cli turn any MCP server into something you can poke at from a terminal. Discover servers configured in Claude Desktop, Cursor, Goose, or project-level mcp.json files and reference them by name. generate-cli reads a server's schemas and writes a standalone typed CLI script where every tool is a proper subcommand with flags and help text.
π CIMD (Client ID Metadata Documents) adds an alternative to Dynamic Client Registration for OAuth. Clients host a static JSON document at an HTTPS URL; that URL becomes the client_id. Server-side support includes SSRF-hardened fetching, cache-aware revalidation, and private_key_jwt validation. Enabled by default on OAuthProxy.
π± MCP Apps β Spec-level compliance for the MCP Apps extension: ui:// resource scheme, typed UI metadata on tools and resources, extension negotiation, and ctx.client_supports_extension() for runtime detection. This is the foundation layer; FastMCP's full Apps experience is coming soon...
β³ Background Task Context β Context now works transparently in Docket workers. ctx.elicit() routes through Redis-based coordination so background tasks can pause for user input without any code changes.
π‘οΈ ResponseLimitingMiddleware caps tool response sizes with UTF-8-safe truncation for text and schema-aware error handling for structured outputs.
πͺΏ Goose Integration β fastmcp install goose generates deeplink URLs for one-command server installation into Goose.
What's Changed
New Features π
- Add MCP Apps Phase 1 β SDK compatibility (SEP-1865) by @jlowin in #3009
- Add
fastmcp listandfastmcp callCLI commands by @jlowin in #3054 - Add
fastmcp generate-clicommand by @jlowin in #3065 - Add CIMD (Client ID Metadata Document) support for OAuth by @jlowin in #2871
Enhancements π§
- Make duplicate bot less aggressive by @jlowin in #2981
- Remove uv lockfile monitoring from Dependabot by @jlowin in #2986
- Run static checks with --upgrade, remove lockfile check by @jlowin in #2988
- Adjust workflow triggers for Marvin by @strawgate in #3010
- Move tests to a reusable action and enable nightly checks by @strawgate in #3017
- feat: option to add upstream claims to the FastMCP proxy JWT by @JonasKs in #2997
- Fix ty 0.0.14 compatibility and upgrade dependencies by @jlowin in #3027
- fix: automatically include offline_access as a scope in the Azure provider to enable automatic token refreshing by @JonasKs in #3001
- feat: expand --reload to watch frontend file types by @jlowin in #3028
- Add
fastmcp install stdiocommand by @jlowin in #3032 - Update martian-issue-triage.yml for Workflow editing guidance by @strawgate in #3033
- feat: Goose integration + dedicated install command by @jlowin in #3040
- [Doc]: fixing spelling issues in multiple files by @didier-durand in #2996
- Add
fastmcp discoverand name-based server resolution by @jlowin in #3055 - feat(context): Add background task support for Context (SEP-1686) by @gfortaine in #2905
- Add server version to banner by @richardkmichael in #3076
- Add @handle_tool_errors decorator for standardized error handling by @dgenio in #2885
- Update Anthropic and OpenAI clients to use Omit instead of NotGiven by @jlowin in #3088
- Add ResponseLimitingMiddleware for tool response size control by @dgenio in #3072
- Infer MIME types from OpenAPI response definitions by @jlowin in #3101
- Remove require_auth in favor of scope-based authorization by @jlowin in #3103
Fixes π
- Fix FastAPI mounting examples in docs by @jlowin in #2962
- Remove outdated 'FastMCP 3.0 is coming!' CLI banner by @jlowin in #2974
- Pin httpx < 1.0 and simplify beta install docs by @jlowin in #2975
- Add enabled field to ToolTransformConfig by @jlowin in #2991
- fix phue2 import in smart_home example by @zzstoatzz in #2999
- fix: broaden combine_lifespans type to accept Mapping return types by @aminsamir45 in #3005
- fix: type narrowing for skills resource contents by @strawgate in #3023
- fix: correctly send resource when exchanging code for the upstream to⦠by @JonasKs in #3013
- MCP Apps: structured CSP/permissions types, resource meta propagation fix, QR example by @jlowin in #3031
- chore: upgrade python-multipart to 0.0.22 (CVE-2026-24486) by @jlowin in #3042
- chore: upgrade protobuf to 6.33.5 (CVE-2026-0994) by @jlowin in #3043
- fix: use MCP spec error code -32002 for resource not found by @jlowin in #3041
- Fix tool_choice reset for structured output sampling by @strawgate in #3014
- Fix workflow notification URL formatting in upgrade checks by @strawgate in #3047
- Fix Field() handling in prompts by @strawgate in #3050
- fix: use SkipJsonSchema to exclude callable fields from JSON schema generation by @strawgate in #3048
- fix: Preserve metadata in FastMCPProvider component wrappers by @NeelayS in #3057
- Mock network calls in CLI tests and use MemoryStore for OAuth tests by @strawgate in #3051
- Remove OpenAPI timeout parameter, make client optional, surface timeout errors by @jlowin in #3067
- fix: enforce redirect URI validation when allowed_client_redirect_uris is supplied by @nathanwelsh8 in #3066
- Fix --reload port conflict when using explicit port by @jlowin in #3070
- Fix compress_schema to preserve additionalProperties: false for MCP compatibility by @jlowin in #3102
- Fix CIMD redirect allowlist bypass and cache revalidation by @jlowin in #3098
- Exclude content-type from get_http_headers() to prevent HTTP 415 errors by @jlowin in #3104
Docs π
- Prepare docs for v3.0 beta release by @jlowin in #2954
- Restructure docs: move transforms to dedicated section by @jlowin in #2956
- Remove unecessary pip warning by @jlowin in #2958
- Update example MCP version in installation docs by @jlowin in #2959
- Update brand images by @jlowin in #2960
- Restructure README and welcome page with motivated narrative by @jlowin in #2963
- Restructure README and docs with motivated narrative by @jlowin in #2964
- Favicon update and Prefect Horizon docs by @jlowin in #2978
- Add dependency injection documentation and DI-style dependencies by @jlowin in #2980
- docs: document expanded reload behavior and restructure beta sections by @jlowin in #3039
- Add output_schema caveat to response limiting docs by @jlowin in #3099
- Document token passthrough security in OAuth Proxy docs by @jlowin in #3100
Dependencies π¦
- Bump ty from 0.0.12 to 0.0.13 by @dependabot[bot] in #2984
- Bump prek from 0.2.30 to 0.3.0 by @dependabot[bot] in #2982
Other Changes π¦Ύ
- Normalize resource URLs before comparison to support RFC 8707 query parameters by @abhijeethp in #2967
- Bump pydocket to 0.17.2 (memory leak fix) by @chrisguidry in #2998
- Add AzureJWTVerifier for Managed Identity token verification by @jlowin in #3058
- Add release notes for v2.14.4 and v2.14.5 by @jlowin in #3064
- Add missing beta2 features to v3 release tracking by @jlowin in #3105
New Contributors
- @abhijeethp made their first contribution in #2967
- @aminsamir45 made their first contribution in #3005
- @JonasKs made their first contribution in #2997
- @NeelayS made their first contribution in #3057
- @gfortaine made their first contribution in #2905
- @nathanwelsh8 made their first contribution in #3066
- @dgenio made their first contribution in #2885
Full Changelog: v3.0.0b1...v3.0.0b2