modelcontextprotocol/go-sdk v1.2.0

on GitHub

This release is equivalent to v1.2.0-pre.2. Thank you to those who tested the prerelease.

This release adds partial support for the 2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.

Contributing changes

• CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#651), and add a dependency update policy (#635).
• An example server (examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run with scripts/conformance.sh (#650).

Partial support for the 2025-11-25 spec

The following SEPs from the 2025-11-25 spec are now supported. Please see #725 for the proposed API additions included to support these SEPs.

• SEP-973: icons and metadata (#570)
• SEP-986: tool name validation (#640)
• SEP-1024: elicitation defaults (#644)
• SEP-1036: URL mode elicitation (#646)
• SEP-1699: SSE polling (#663)
• SEP-1330: elicitation enum improvements (#676)

Other API additions

• Common error codes are now available through the sentinel jsonrpc.Error (#452)
• OAuth 2.0 Protected Resource Metadata support (#643)
• ClientCapabilities.RootsV2 and RootCapabilities are added to work around an API bug (#607)
• Capabilities fields are added to ServerOptions and ClientOptions, to simplify capability configuration (#706)

Streamable fixes

Several bug fixes are included for the streamable transports:

• mcp: relax SSE connection response handling in non-strict mode by @zhxie in #611
• Fix: Skip non-message SSE events in processStream by @raphaelmansuy in #637
• mcp: better handling for streamable context cancellation by @findleyr in #677
• mcp: don't break the streamable client connection for transient errors by @findleyr in #723

Other notable bugfixes

• fix: handle Windows CRLF in MCP client by @isfzhang in #665
• auth, mcp: add UserID to TokenInfo for session hijacking prevention by @findleyr in #695
• internal/docs: document UserID for session hijacking prevention by @findleyr in #697
• mcp: allow re-using connections in more cases by @howardjohn in #709
• oauthex: validate URL schemes in auth server metadata and DCR by @findleyr in #712
• mcp: debounce server change notifications by @findleyr in #717
• oauthex: fix content type check in getJSON by @nikolavp in #721

New Contributors

• @zhxie made their first contribution in #611
• @SpringMT made their first contribution in #614
• @raphaelmansuy made their first contribution in #637
• @markus-kusano made their first contribution in #644
• @isfzhang made their first contribution in #665
• @orius123 made their first contribution in #643
• @howardjohn made their first contribution in #709
• @nikolavp made their first contribution in #721

Full Changelog: v1.1.0...v1.2.0