Issues

Volume

Open Issues

↑ 6.30%

135

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

107

last 90 days

Response Time

Time to first maintainer response

Average

—

63d

Median

↑ 1.24%

P90

—

269d

P95

—

331d

Stale Issues

Issues with no activity

Stale

↑ 6.19%

103

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

96%

Issues by Label

Label	Count
enhancement	54
bug	28
SEP	18
documentation	18
auth	10
proposal	10
security	9
draft	8
sdk	3
SEP-requested	2
governance	2
in-review	2
question	2
transport	2
schema	1
spec	1

Issues Awaiting Maintainer Response

Sorted by longest wait time first

Issue	Title	Labels	Comments	Waiting
#569	Unspecified error handling for tool calls with output schema	enhancement	2	367d
#637	Proposal: Add RootsTemplate to the schema	enhancement	0	356d
#705	[SPEC] Clarification on Notification Identification and Naming Convention	(unlabeled)	6	348d
#910	Specification should be more prescriptive about client/host/LLM behavior	enhancement	0	325d
#956	Enable structured inputs/outputs for Resources	enhancement	0	317d
#1281	Versioning challenges with spec negotiation – client/server compatibility & rollout concerns	enhancement	5	297d
#1286	SEP-1286: Improve SEP Workflow for Early Feedback	enhancementproposal	2	296d
#1308	Listing tools filling up context window	enhancement	4	292d
#1341	Obligatory MCP state transitions	(unlabeled)	2	284d
#1400	SEP-1400: Semantic Versioning for MCP Specification	enhancementSEP+1	10	269d
#1416	Bug(Schema): Linting issues found using the @sourcemeta/jsonschema cli	bug	0	265d
#1610	SEP-1610: Declarative Multi‑Step Tool Chaining for MCP	proposalSEP	4	231d
#1642	MCP specification inconsistent naming format of methods	enhancementquestion	2	223d
#1667	Unclear if `ping` MUST be supported before `initialize` request	bug	1	220d
#1841	Clarify and potentially rename “stdio” transport to reflect generic byte-stream support	enhancement	1	187d
#1917	Add `pending` or `submitted` status to TaskStatus	bug	5	177d
#1939	Define behavior when Last-Event-ID is unresumable (unknown / expired / wrong session)	enhancement	0	169d
#1955	Tasks SEP-1686 missing important operation "wait"/"await" to prevent excessive polling	(unlabeled)	12	166d
#1956	Tasks SEP-1686：Define result when there are pending `tasks/result` and `tasks/cancel` is called	bug	1	165d
#2006	Elicitation client side timeout coodination	bug	0	153d
#2326	Tier 1 assessment for Swift MCP	sdk	1	84d
#2452	Tasks SEP-1686: In-progress results	bug	1	62d
#2451	Tasks SEP-1686: Missing discussion of task notifications	bug	0	62d
#2470	Proposal: Capability-Aware Tool Presentation for Heterogeneous Model Sizes	(unlabeled)	4	60d
#2475	What HTTP stream is supposed to receive logs	bug	1	60d
#2600	Schema generation pipeline may produce overly permissive schemas without safeguards	bug	0	37d
#2622	Clarify how to specify mapped root URIs for OCI containers	bug	0	33d
#2651	`ElicitationCompleteNotification`: intentional omission of `NotificationParams`?	(unlabeled)	0	28d
#2698	NumberSchema shows "minimum", "maximum" as integer rather than number	bug	0	17d
#2721	Clarify behavior when `initialize.params.protocolVersion` conflicts with `MCP-Protocol-Version`	bug	0	12d
#2734	No visibility of errors from tool call responses	bug	2	8d
#2745	SEP: optional advisory policy hints for MCP tools (effect, idempotency, sensitivity)	(unlabeled)	0	6d
#2744	Discussion: stable tool schema fingerprints for drift detection	(unlabeled)	0	6d
#2743	Discussion: stable tool schema fingerprints for drift detection	(unlabeled)	0	6d
#2753	Revive: Cryptographic proof-of-possession for MCP clients (re: closed SEP-1415)	(unlabeled)	1	5d
#2755	Discussion: HTTP redirect method preservation in stateful MCP server deployments	(unlabeled)	1	4d
#2779	SEP: Configuration-Level Credential References for MCP Clients	(unlabeled)	0	2d

Bugs ready

—

11 P0/P1 · 55 fix proposed

Decisions pending

—

3 at P1

Questions > 2d

—

Close candidates

—

median 291d old

P0 open

—

3 past 7d SLA

P1 > 90d

—

Repro expired

—

Bot pending

—

Stats — volume, response time, staleness, labels

Volume

Open Issues

↑ 3.74%

222

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

last 90 days

Response Time

Time to first maintainer response

Average

—

79d

Median

↓ 10.97%

39d

P90

—

189d

P95

—

250d

Stale Issues

Issues with no activity

Stale

↑ 101.20%

167

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
bug	106
enhancement	91
ready for work	90
P2	75
P3	75
needs decision	62
fix proposed	55
v2	37
auth	33
potentially close	32
needs confirmation	13
P1	12
documentation	10
question	10
help wanted	7
breaking change	6
pending SEP approval	5
needs repro	4
P0	3
good first issue	3
improves spec compliance	3
needs design	2
needs maintainer	2

Untriaged (31)

No type label — bot pending or needs manual triage.

untriaged (31) — Bot has not labeled yet, or needs manual type assignment.

#	Author	Title	💬	🤖	Age
#1459	pcarleton	_onclose() incomplete cleanup: _timeoutInfo not cleared and stale .finally() can delete new connection's abort controller	1	1	111d
#1565	joy7758	RC1 Review Request: AAR-MCP-2.0 Verifiable Interaction Layer (Conformance Gate included)	1	—	93d
#1859	loaditoutadmin	Your MCP server earned an A security grade on Loaditout	—	—	48d
#1956	sejano77	SEP-1303: Input validation errors should return Tool Execution Errors, not Protocol Errors	2	—	31d
#1959	apicurius	Bug: `_handleSseStream` retains reader lock on stream close, leaking ~50MB per reconnection	—	—	30d
#1960	andypalmi	RegisteredTool.update() crashes with ZodObject inputSchema (passthrough schemas)	—	—	30d
#1994	Phil-Browne	Stateless StreamableHTTPServerTransport: non-initialize requests return 500 with empty body when transport is reused (regression vs 1.24.3)	—	—	25d
#2002	ElliotDrel	Bug: StdioServerTransport doesn't handle stdin close/end — causes zombie process accumulation	2	—	25d
#2012	blackwell-systems	tools/call with null arguments returns -32603 (InternalError) instead of being accepted	—	—	23d
#2018	blackwell-systems	handleAutomaticTaskPolling ignores AbortSignal; cancelled requests poll indefinitely	—	—	20d
#2023	JoannaaKL	StdioClientTransport.close() does not kill the process tree, leaving orphan processes	—	—	19d
#2025	edge-ignacio-rojas	Proposal: Move examples to a separate repository to avoid dependency-related vulnerabilities	—	—	19d
#2031	waddah12alhajar	Client should silently refresh access tokens on 401 when a refresh token is available	2	—	17d
#2036	irparent	Bump hono and fast-uri to versions covering published GHSA advisories	1	—	16d
#2037	pkailas	DEFAULT_INHERITED_ENV_VARS	—	—	16d
#2042	morozow	Security: Transitive dependencies with known vulnerabilities in @modelcontextprotocol/sdk@1.29.0	—	—	15d
#2054	khill1269	`registerPrompt()` silently drops `icons` from PromptDefinition config	—	—	13d
#2076	ContextVM-org	`resetTimeoutOnProgress` on low-level `request()` only works when `onprogress` is explicitly provided	1	—	13d
#2078	mcpsafe-gh	Security scan results for typescript-sdk — MCPSafe AIVSS 53/100 (Grade F)	1	—	13d
#2083	swadel	Type inconsistency: StreamableHTTPServerTransport.onclose widens Transport interface contract under exactOptionalPropertyTypes	1	—	12d
#2084	rsalus	[SEP-1613 regression] tools/list still emits draft-07 in 1.29.0 — `target` option missing from mcp.js `toJsonSchemaCompat` calls	1	—	12d
#2090	RomKadria	Stateless mode: per-request McpServer+Protocol allocation causes memory leak at scale	1	—	11d
#2093	thkim-us	v2 alpha: @modelcontextprotocol/server has @cfworker/json-schema as optional peer but imports it unconditionally	1	—	10d
#2098	cloudingenium-automation	StreamableHTTPClientTransport: 2-retry SSE reconnect ceiling + silent-success after exhaustion	1	—	10d
#2100	daveCode-dot	Tool inputSchema generation emits $ref for reused Zod instances · breaks strict MCP clients (kimi)	3	—	10d
#2101	joaquinmagneres-asana	Is there a way to pass request-scoped context to tool handlers via HTTP headers without modifying the tool schema?	—	—	10d
#2112	sceran	docs(README): `@modelcontextprotocol/fastify` missing from middleware listing	—	—	9d
#2115	feldmannn	requestId 0 is silently dropped by _oncancel, making the first request from every Protocol uncancellable	1	—	9d
#2117	tylerklose	relatedRequestId 0 is treated as absent by notification debounce guard	—	—	8d
#2145	produtoramaxvision	tools/list returns empty inputSchema for ZodEffects-wrapped schemas (Zod .superRefine / .refine / .transform / .pipe)	2	—	3d
#2151	fallintoplace	closeSSEStream() breaks request-scoped SSE resumability for terminal responses	—	—	1d

Bugs (106)

Queue — pick the top fix-ready and work it. Priority then age.

in-progress (7) — Assigned — someone is on it.

#	Author	Title	Labels	💬	🤖	Age
#1380	kirill578	Bug: `new McpServer()` throws "Schema method literal must be a string" during initialization (method literal stored under `_def.values[0]`)	bug P1	4	1	132d
#754	boogie-amplitude	ProxyOAuthServerProvider fails with Zod validation error when using Ory Hydra as OAuth provider	bug P2	4	1	320d
#1149	spacewander	output schema has unnecessary restriction type=object	bug P2	5	1	186d
#1186	Miaoxingren	Zombie Task Collision in StreamableHTTPServerTransport	bug P2	3	1	178d
#1429	aldipower	Do not return and expose internal errors to the client as this is a security risk	bug P2	2	1	117d
#1658	arthurchan35	StreamableHTTPServerTransport has no public API to reconstruct a session-aware transport from persisted session data	bug P2	2	—	75d
#911	dsp-ant	Implement consistent structuredContent handling per specification clarification	bug P3	—	—	266d

fix-proposed (51) — Bot posted a suggested fix — review the diff. P0/P1 first.

#	Author	Title	Labels	💬	🤖	Age
#209	praboud-ant	/token endpoint should validate redirect_uri matches	bug P0	2	1	432d
#235	jspahrsummers	Revoke tokens if authorization code presented a second time	bug P0	2	1	423d
#1562	gogakoreli	schemaToJson() produces $ref in tool inputSchema, causing LLM failures	bug P0	3	1	94d
#971	NorthIsUp	CommonJS export paths broken - missing index.js file in dist/cjs	bug P1	8	1	242d
#147	au-re	Additional parameters are not passed through to tools	bug P2	3	1	469d
#149	disintegrator	Unordered and partial query parameter matching	bug P2	4	1	467d
#321	nichtsam	SSEServerTransport doesn't seem to close properly	bug P2	9	1	408d
#392	mhart	Promise/async handling causes unhandled rejections	bug P2	4	1	396d
#470	tobegit3hub	MCP SDK Path Handling Bug for Subpath Servers	bug P2	5	1	381d
#471	tobegit3hub	MCP SDK Can not handle the MCP Servers with subpath	bug P2	6	1	381d
#563	joshcanhelp	Invalid JSON RPC requests do not respond with an error	bug P2	2	1	361d
#581	ZachGerman	Enforcing Content-Type header on client requests	bug P2	1	1	357d
#650	zackify	Dynamic Resources 404 when using nested paths	bug P2	2	1	342d
#677	dudo	ResourceTemplate fails when user selects <Empty> for optional parameter	bug P2	4	1	338d
#759	johnfriz	OAuth token exchange fails with URL-encoded responses - assumes JSON format only	bug P2	3	1	318d
#771	alexhermida	Memory leak in StreamableHTTP and SSE	bug P2	2	1	313d
#776	elvisjhonataoliveira	[BUG] Multi-Node Deployment with Persistent Storage Mode not working	bug P2	4	1	313d
#780	shellRaining	onerror and other listener not remove after client close (stdio)	bug P2	4	1	311d
#811	mahmoudmoravej	Cannot destructure property 'requestInfo' of 'undefined' as it is undefined.	bug P2	3	1	305d
#817	nikhilmat	Package attaches process signal handlers	bug P2	1	1	301d
#842	cameroncooke	Bulk tool registration causes EventEmitter memory leak warnings	bug P2	4	1	293d
#868	shellRaining	When executing client.close(), onerror will be executed twice (Streamable HTTP)	bug P2	7	1	286d
#876	Kelier	sse timeout set dont work & always close after 5mins	bug P2	5	1	284d
#893	inverted-capital	McpServer re-registers capabilities after connect, blocking dynamic registration even when capabilities were supplied at construction	bug P2	3	1	278d
#941	jeremyshi-ant	OAuth: scope parameter missing from token exchange requests	bug P2	1	1	254d
#943	y0geshdev	The bug in InMemoryEventStore break SSE stream resumability	bug P2	4	1	252d
#998	younaman	Bug Report: Initialize Request Cancellation Violation	bug P2	2	1	235d
#1001	younaman	Bug Report-3: Missing Progress Monotonicity Validation Leading to Resource Exhaustion	bug P2	2	1	235d
#1004	CahidArda	storeEvent in EventStore Receives Hardcoded `streamId`	bug P2	2	1	234d
#1079	4bd4ll4h	# MCP SDK ResourceTemplate URI Validation Issue: RFC 6570 Template Matching Behavior	bug P2	5	1	202d
#1167	bmingles	Support `roots/list` request from server to client	bug P2	6	1	181d
#1234	pcarleton	OAuth: Resource metadata URL lost after redirect, causing token exchange to fail	bug P2	2	1	172d
#1308	joshjg	Tool output validation fails when outputSchema is a Zod schema other than ZodObject	bug P2	6	1	160d
#1385	punkpeye	Task-augmented tool call errors are wrapped incorrectly, masking actual error messages	bug P2	4	1	131d
#1417	severi	MCP servers deployed on AWS Lambda Function URLs stopped working after upgrading from v1.24.2 to v1.25.0+	bug P2	5	1	124d
#1471	mattzcarey	registerToolTask handlers receive wrong arguments when inputSchema is omitted	bug P2	1	1	111d
#1476	Bacra	Client received "no session ID or not initialization request" when server restart	bug P2	2	1	110d
#1582	asoorm	Scope overwrite in 403 upscoping prevents progressive authorization for servers with per-operation scopes	bug P2	1	1	90d
#1635	ac-aashugupta	StreamableHTTPClientTransport should handle 404 and 406 gracefully for GET SSE stream	bug P2	3	1	81d
#1641	semistrict	StreamableHTTPClientTransport cannot be restarted after close() — breaks OAuth re-authentication	bug P2	2	1	79d
#1708	mbochneak	StreamableHTTPClientTransport doesn't handle 404 per spec (no session clear + re-init)	bug P2	7	1	67d
#1760	DhyeyaDesai	Race condition in auth() causes refresh token invalidation when rotating tokens are used	bug P2	3	1	61d
#1819	yu1uuu	Resources: Disable listChanged capability in V1x	bug P2	3	1	56d
#1844	felixweinberger	Elicit primitive schemas reject extra JSON Schema keys (pattern, format, etc.)	bug P2	2	1	53d
#1864	sainathreddyb	McpServer.registerTool() does not support icons field from ToolScheme	bug P2	4	1	47d
#1869	dgon-jd	prompts/get rejects omitted `arguments` when all argsSchema fields are optional; tools fix (#1404) not in 1.x	bug P2	2	1	46d
#1872	carrotRakko	SSE client: duplicate Authorization header when using eventSourceInit.fetch + requestInit.headers	bug P2	2	1	46d
#1944	bokelley	StreamableHTTPServerTransport rejects JSON-only Accept with 406 even when enableJsonResponse: true	bug P2	3	1	34d
#929	LandonSchropp	Client#listPrompts results in MCP error -32601: Method not found	bug P3	5	1	258d
#949	Lutz2015	Client error for command SSE stream disconnected: TypeError: terminated	bug P3	4	1	249d
#1914	shaun0927	authExtensions docs say custom claims override reserved JWT claims, but implementation keeps reserved claims authoritative	bug P3	4	1	39d

ready-for-work (22) — Triaged and reproducible — pick one up. P0/P1 first.

#	Author	Title	Labels	💬	🤖	Age
#174	punkpeye	stderr is not available until after start is called	bug P1	3	1	444d
#251	gmaison	Bug: npm spawn processes incorrectly use root directory instead of project directory	bug P1	1	1	419d
#553	sram1337	tool/call results in 'Method not found' with StreamableHTTPServerTransport in stateful session after successful initialize (SDK v1.12.0)	bug P1	4	1	364d
#778	junjiexv	invoke asyn method in mcp tool through StreamableHttpTransport cause early return from tool call	bug P1	5	1	312d
#852	christopherorea	Missing session reuse in browser: client.connect ignores mcp-session-id	bug P1	9	1	291d
#1028	juanlluva	ListTools request handler fails to generate inputSchema (jsonSchema)	bug P1	7	1	222d
#436	jigarchhadwa	SSE client is not adding headers from requestInit? in _commonHeaders method	bug P2	9	2	390d
#484	ajgray-stripe	SDK makes HTTPS fetches through an HTTP proxy	bug P2	3	1	378d
#509	rickchow88	Bug Report: Tool Handlers Not Invoked with StdioServerTransport on macOS	bug P2	3	1	373d
#573	carlpeaslee	Dynamically listed Resources created by ResourceTemplates display the ResourceTemplates rather than their own	bug P2	2	1	360d
#579	pavelfeldman	StdioClientTransport does not follow the spec on close	bug P2	—	—	359d
#951	thomasst	Prefer token endpoint auth method obtained during OAuth client registration	bug P2	3	1	249d
#999	younaman	Bug Report-1: Missing Cancellation Logging Implementation	bug P2	2	—	235d
#1049	masx200	[MCP-SDK] stdio client crashes with "MCP error -32000: Connection closed" when spawned server exits unexpectedly	bug P2	2	1	209d
#1112	YashwantRamAB	Can not create proxy OAuth flow with google OAuth	bug P2	5	1	192d
#1211	whynixx	SSE stream disconnected: TypeError: terminated	bug P2	5	1	174d
#1415	mozmo15	getParseErrorMessage prioritizes error.message which bypasses custom Zod errors	bug P2	4	1	124d
#1858	maximemoreillon	ERR_PACKAGE_PATH_NOT_EXPORTED with @modelcontextprotocol/express	bug P2	4	2	48d
#1954	daksh-goyal	adaptOAuthProvider returns expired tokens without checking expiry, breaking long-running StreamableHTTP connections	bug P2	2	1	32d
#42	jspahrsummers	Typechecking should fail on returning {} for all requests	bug P3	2	1	563d
#584	localden	SDK assumes one authorization server to be used from PRM	bug P3	—	—	357d
#1400	AI-Hub-Admin	MCP 1.25 Cursor Second Connection to StreamableHTTPServerTransport Initialization Request Failed	bug P3	3	1	128d

needs-maintainer (8) — Reporter replied, or bot/triage flagged for maintainer judgment.

#	Author	Title	Labels	💬	🤖	Age
#539	ghalibansari	Raw bytes support sending to mcp server in callTool method	bug P3	5	—	368d
#861	utkarshpandey6	StreamableHTTPClientTransport is not implementing Transport properly	bug P3	2	1	288d
#181	theodormarcu	MCP should return empty instead of error if tools / prompts / resources are not defined	bug	9	1	440d
#342	cj2a7t	SSEClientTransport	bug	6	1	405d
#419	bbracha-evinced	Cannot load a basic STDIO MCP server (JS) in claude desktop	bug	3	1	392d
#545	pavinduLakshan	Resolving Authorization server metadata URL omits the base path of the Authorization server URL	bug	13	1	365d
#737	Mohhit1230	Request time out issue repeatedly	bug	7	1	325d
#912	zhuyuanmin	【BUG】Use Koa server create StreamableHTTPServerTransport, when call tool， server crash!	bug	5	1	265d

close-candidates (8) — Bot says already-fixed/not-a-bug, or repro request expired (>14d).

#	Author	Title	Labels	💬	🤖	Age
#320	ynaoto	The MCP client using a tool launched with uvx does not terminate.	bug	2	1	408d
#451	pete-grunge-ai	Subclassing McpServer causes tool invocation issues	bug	4	1	385d
#1317	lokendra-ss	Auth Failure Retry Handler `_hasCompletedAuthFlow`	bug P3	1	—	158d
#1450	waltmayf	OAuth Token Exchange Fails with Separate Authorization Servers	bug	2	1	112d
#1585	jonnycoder1	server.tool() silently drops inputSchema when passed plain JSON Schema objects instead of Zod schemas	bug	5	1	89d
#1639	vz443	Hono Package is not under @modelcontextprotocol	bug	4	1	80d
#1852	cdunda-perchwell	StreamableHTTPServerTransport destroys sessions on TCP keepalive timeout (regression in 1.25+)	bug	2	1	51d
#1946	caravin	OAuth discovery does not fall back to well-known URI when 401 carries a non-Bearer WWW-Authenticate (e.g. Negotiate)	bug	2	1	33d

backlog (10) — Triaged bug, no status — plan into a sprint or label.

#	Author	Title	Labels	💬	🤖	Age
#1968	huven	OAuth resource indicator from protected resource metadata is normalized with a trailing slash	bug	—	—	28d
#2011	Euaell	zod listed in both dependencies and peerDependencies causes duplicate installs and TS type-incompatibility	bug	—	—	23d
#2034	jbsky	auth() silently swallows non-OAuthError exceptions from refreshAuthorization / saveTokens, preventing token persistence	bug	—	—	17d
#2048	morozow	High-severity CVEs via pnpm audit	bug	—	—	14d
#2077	scastria	client code can't execute inside browser due to import spawn	bug	2	—	13d
#2108	cclabadmin	Streamable HTTP server accepts mismatched `MCP-Protocol-Version` header and body `protocolVersion` on `initialize`	bug	3	—	9d
#2126	DmitroKihtenko	OAuth AS metadata discovery crashes on 200 OK + non-JSON response instead of falling back to OIDC	bug	—	—	5d
#2143	slowtick	@modelcontextprotocol/client 2.0.0-alpha.2 is missing peer dependency declaration for @cfworker/json-schema	bug	2	—	4d
#2146	One-Up-Dev	A se	bug	—	—	3d
#2155	randyramig	Claude.AI hangs with 408 timeout when MCP tool response JSON contains U+2028 (LINE SEPARATOR) or U+2029 (PARAGRAPH SEPARATOR)	bug	—	—	1d

Enhancements (82)

Decisions — say yes/no, then design or implement.

in-progress (14) — Assigned — someone is on it.

#	Author	Title	Labels	💬	🤖	Age
#1294	domdomegg	Server SDK support for signaling token expiry (401) from tool handlers	enhancement P1	2	—	164d
#558	kentcdodds	Support the resources/subscribe method	enhancement P2	6	—	363d
#662	kentcdodds	Support Zod schema with Elicitation?	enhancement P2	—	—	340d
#74	lino-levan	Publish on the JSR	enhancement P3	1	—	544d
#963	ochafik	Simplify attribution of elicitation to a tool call	enhancement P3	2	—	244d
#1058	felixweinberger	Implement SEP-1442: Make MCP Stateless	enhancement P3	1	—	207d
#1090	felixweinberger	Implement SEP-990: Enterprise Managed Authorization (Extension)	enhancement P3	4	—	199d
#1264	felixweinberger	OpenTelemetry integration out of the box	enhancement P3	—	—	168d
#1255	felixweinberger	Fix packaging with tsdown, export from root, shims for different runtimes	enhancement P3	—	—	168d
#1260	felixweinberger	Refactor Protocol.ts to eliminate client/server conditionals	enhancement P3	—	—	168d
#1262	felixweinberger	Inject your own logger	enhancement P3	—	—	168d
#1271	felixweinberger	Better contribution guidelines for external contributors	enhancement P3	—	—	168d
#1430	NSeydoux	Support providing client scopes to StaticPrivateKeyJwtProvider (also applicable to PrivateKeyJwtProvider)	enhancement P3	1	—	116d
#1734	felixweinberger	Evaluate OIDC nonce support	enhancement P3	—	—	63d

decide (57) — needs decision — say yes (→ ready/design/backlog) or no (→ close). P1 first.

#	Author	Title	Labels	💬	🤖	Age
#283	psclkhoury	Support JSON schema in addition to zod	enhancement P1	11	—	413d
#1063	felixweinberger	Implement SEP-1724: Extensions	enhancement P1	1	—	207d
#1250	felixweinberger	Remove or clarify ProxyOAuthProvider	enhancement P1	—	—	168d
#143	jspahrsummers	Better CORS defaults for SSE transport	enhancement P2	6	—	476d
#34	jspahrsummers	Make it easy to send progress notifications from a request handler	enhancement P2	1	—	567d
#1000	younaman	Bug Report-2: Missing Periodic Ping Implementation	enhancement P2	1	—	235d
#1151	pcarleton	Server SDK support for scope challenges on tool calls	enhancement P2	1	—	185d
#1587	zero1zero	Published 2.0.0-rc/alpha version to npmjs.com?	enhancement P2	1	—	89d
#28	jspahrsummers	Automate sending pings from SSE servers	enhancement P2	1	—	574d
#6	jspahrsummers	`Host` abstraction for multiple client → server connections in one process	enhancement P2	1	—	599d
#892	katjes733	Issue: No Reliable Mapping Between sessionId and streamId for Stateless Resumability	enhancement P2	—	—	278d
#192	wskish	consider defaulting resetTimeoutOnProgress to True	enhancement P2	—	—	438d
#1238	ahammednibras8	Feature Request: Middleware support for McpServer	enhancement P3	12	—	171d
#836	danielsinai	Dynamic Tool Registration Based on Authentication Context	enhancement P3	6	—	295d
#153	mikesir87	Expected manner to capture error details during startup	enhancement P3	5	—	462d
#956	jordan-burnett	Ability to pass custom context to tool handlers	enhancement P3	4	—	247d
#1046	felixweinberger	Zod types via `infer` make TypeScript types a lot less readable	enhancement P3	4	—	210d
#1160	clemmy	Call schema on inputSchema validation failure	enhancement P3	3	—	182d
#688	dudo	Resource Templates: Support for display names vs values in completion and better handling of special characters in URI paths	enhancement P3	3	—	336d
#1928	mddaud	McpServer: add tool lifecycle hooks (beforeToolCall, afterToolCall)	enhancement P3	2	—	36d
#703	KKonstantinov	Prompts - Metadata attributes in prompt registration, similar to resource metadata or tool annotations	enhancement P3	2	—	332d
#1039	dmcwherter	Support upscoping on insufficient_scope 403 like in Python SDK	enhancement P3	2	1	214d
#1124	nazoking	Support Secure Hashed Client Secrets in OAuthRegisteredClientsStore	enhancement P3	2	—	189d
#1757	tizmagik	Add hook or middleware for transforming tools/list responses	enhancement P3	2	—	61d
#1882	technicallychudi	Public API for multi-node session rehydration (e.g. transport.adoptSession(id))	enhancement P3	1	—	44d
#1924	klodr	Optional install of HTTP/SSE transport deps (express, hono) for stdio-only servers	enhancement P3	1	—	38d
#88	jspahrsummers	Increase default child process `maxBuffer`, and make configurable	enhancement P3	1	—	532d
#208	jrieken	Add ways for server processes to self-terminate when host is gone	enhancement P3	1	—	432d
#577	Rajesh-Narayanappa87	Auth : Allow user provided routes to escape Auth middleware	enhancement P3	1	—	359d
#676	alonhar	OAuth Request Should Accept client_id and client_secret via Headers, Not Just in the Request Body	enhancement P3	1	—	339d
#830	jkorach	Need to handle GET and POST differently in OAuthServerProvider.authorize handler	enhancement P3	1	—	298d
#886	weihaoxia-01	Request guidance/feature to stream streaming tool responses back	enhancement P3	1	—	279d
#927	kentcdodds	Use types for tool annotations to reduce confusion	enhancement P3	1	—	259d
#932	yadav-prakhar	Elicitation with custom input [ SEP-1456 ]	enhancement P3	1	—	257d
#1036	localconst	Simplify public access to McpServer registered tools	enhancement P3	1	—	216d
#1253	felixweinberger	Type-first as opposed to Zod schema-first approach	enhancement P3	1	—	168d
#1268	felixweinberger	MSW (Mock Service Worker) integration	enhancement P3	1	—	168d
#1361	domdomegg	Consider type coercion for tool arguments	enhancement P3	1	—	139d
#1877	yokonao	`createMcpHonoApp` should support generics for Env (Bindings and Variables)	enhancement P3	1	—	44d
#1883	DrDexter6000	Feature: add idle timeout to SSE stream reader in StreamableHTTPClientTransport	enhancement P3	1	—	43d
#370	logan272	Allow Custom Client Features for MCP Tools	enhancement P3	1	—	400d
#1941	misterwigglesworth	deps: include hono@4.12.14 in the next dependabot bump (GHSA-458j-xx4x-4375)	enhancement P3	—	—	34d
#741	nataliapc	Feature: Retrieve info about registered Resources and execute them from a tool	enhancement P3	—	—	322d
#1059	felixweinberger	Implement SEP-1649: MCP Server Cards (.well-known Discovery)	enhancement P3	—	—	207d
#1259	felixweinberger	Class names - align with Python SDK (server, session, etc.)	enhancement P3	—	—	168d
#1263	felixweinberger	Add custom onError config points for McpError handling	enhancement P3	—	—	168d
#1265	felixweinberger	Clear abstracted way to define experimental features	enhancement P3	—	—	168d
#1316	BestOwl	Support RFC 8252 dynamic loopback port selection for native OAuth clients	enhancement P3	—	—	158d
#1474	mattzcarey	Completers as a first class option in Prompts	enhancement P3	—	—	111d
#1537	josefaidt	consider consolidation of tooling, revise ts setup	enhancement P3	—	—	100d
#1847	felixweinberger	Convert tool/prompt schemas eagerly at register time instead of on tools/list	enhancement P3	—	—	53d
#1860	earonesty	mcpAuthRouter construction-time env is incompatible with request-scoped runtimes (Cloudflare Workers, Supabase Edge, etc.)	enhancement P3	—	—	48d
#1863	haydenrear	Add MCP_TOOL_TIMEOUT_MSEC default value only for tool calls.	enhancement P3	—	—	47d
#1892	MMoMM-org	Client transport: HTTP 429 responses are not retried with Retry-After	enhancement P3	—	—	40d
#387	flippinjoe	Allow receiving messages per stream in client sdk	enhancement P3	—	—	397d
#674	fxBrBowman	Please add the ability to supply the the registerClient and defaultScopes to the ProxyOAuthServerProvider	enhancement P3	—	—	339d
#10	jspahrsummers	Add conveniences for MCP proxy pattern	enhancement P3	—	—	591d

close-candidates (5) — Bot flagged duplicate/out-of-scope, or confirmation expired.

#	Author	Title	Labels	💬	🤖	Age
#19	jspahrsummers	Automatically create a new server from a template	enhancement P3	—	—	586d
#682	ruturaj-browserstack	Dynamic MCP Tool Registration Not Available Mid-Chain or Same Cycle	enhancement P3	3	1	336d
#690	dudo	Resource completion performance: Consider client-side caching and fuzzy filtering	enhancement P3	2	—	336d
#794	ho3einmolavi	disconnect method for MCP client	enhancement P3	2	—	309d
#1642	jalpp	feat: Http based register tool adapters	enhancement P3	—	—	78d

backlog (6) — Acknowledged, not prioritized — explicit backlog label or no status yet.

#	Author	Title	Labels	💬	🤖	Age
#1231	bhaveshpatel640	Undici instrumentation marks successful MCP requests as aborted due to premature AbortController.abort() in SSE / StreamableHTTP transports	enhancement P2	5	1	172d
#740	username7171	Can we have a chatbot example that connected to multiple remote servers	enhancement P3	3	—	322d
#658	ochafik	update server examples to cover external authentication servers	enhancement P3	1	—	341d
#2032	jirispilka	Feature request: allow customizing `taskId` in `InMemoryTaskStore`	enhancement	1	—	17d
#2029	icopp	Completables should pass through authInfo and signal	enhancement	—	—	18d
#2020	icopp	TaskStore interface should pass through authInfo and signal	enhancement	—	—	20d

Questions (3)

Inbox — answer, then close or convert to bug/enhancement.

answer (3) — No maintainer response yet, or reporter followed up.

#	Author	Title	Labels	💬	🤖	Age
#1126	splincode	What is the recommended way of writing unit tests for MCP endpoints?	question P3	1	1	189d
#1132	enesgules	Question: Tool list changed notification	question P3	5	1	188d
#1512	mattzcarey	[TRACKING] non compliance with SEP-986 / tool name validation	question P2	5	1	104d

Bugs ready

—

19 P0/P1 · 9 fix proposed

Decisions pending

—

11 at P1

Questions > 2d

—

Close candidates

—

median 178d old

P0 open

—

0 past 7d SLA

P1 > 90d

—

Repro expired

—

Bot pending

—

Stats — volume, response time, staleness, labels

Volume

Open Issues

↓ 5.34%

248

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

103

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

100

last 90 days

Response Time

Time to first maintainer response

Average

—

72d

Median

↓ 40.68%

24d

P90

—

187d

P95

—

261d

Stale Issues

Issues with no activity

Stale

↑ 34.46%

199

>30 days

Stale

—

111

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
enhancement	102
ready for work	80
bug	76
P2	64
P1	55
v2	55
needs decision	47
P3	43
auth	33
documentation	15
needs confirmation	13
fix proposed	9
good first issue	9
improves spec compliance	9
question	9
breaking change	7
pending SEP approval	6
needs repro	5
improves sdk consistency	2
help wanted	1
needs maintainer	1

Untriaged (53)

No type label — bot pending or needs manual triage.

untriaged (53) — Bot has not labeled yet, or needs manual type assignment.

#	Author	Title	Labels	💬	🤖	Age
#1318	Norcim133	Critical Token Refresh Bugs - Prevents Proactive Refresh	P1	7	—	271d
#1450	certainly-param	Response leak in SSE handlers	P2	3	—	228d
#1555	felixweinberger	Implement SEP-1724: Extensions		—	—	207d
#1561	corv89	Invalid method names return error code -32602 instead of -32601	P3	1	—	206d
#1602	maxisbey	OAuth: 403 responses without insufficient_scope incorrectly retry with same token	P3	—	—	196d
#1764	Ctariy	Race condition in StreamableHTTP: zero-buffer memory streams cause deadlock with concurrent SSE responses		7	—	166d
#1785	sonmaximum	Discover OIDC-only authorization servers when PR metadata is absent	P2	8	—	162d
#1821	maxisbey	Clarify JSON-RPC error code for 'session not found' responses		—	—	145d
#1842	aiwebb	ClientAuthenticator ignores token_endpoint_auth_method="none" when client_secret is stored		—	—	137d
#2021	maxisbey	Refactor handler context to be transport- and handler-type-aware	P1	1	—	105d
#2100	maxisbey	Bind authenticated identity to sessions in StreamableHTTPSessionManager		—	—	95d
#2233	sergeykad	pywin32 installation fails on Windows — hard dep only needed for client stdio, but pulled in for all users via eager import in __init__.py		1	—	80d
#2270	oedokumaci	_handle_refresh_response discards existing refresh_token when server omits it		1	—	75d
#2278	maxisbey	Mark SSE transport as deprecated	P3	1	—	75d
#2307	tsingh2k15	[mcp/python-sdk] ClientSession has no way to specify protocolVersion		2	—	68d
#2317	artdent	Don't override client_metadata.scopes if they are already set		—	—	67d
#2329	kingpanther13	Improve log clarity for "Terminating session: None" in stateless mode		1	—	64d
#2331	rgoldstein1989	Add remove_prompt() and remove_resource() for parity with remove_tool()		4	—	64d
#2349	juliendoclot	Streamable HTTP transport rejects Accept: text/event-stream without application/json		1	—	61d
#2354	maxisbey	Design: future of `dependencies` parameter on MCPServer		2	—	60d
#2376	Kunyu-Chen	Image/ImageContent serialization fails in stateless HTTP mode		3	—	57d
#2379	dgenio	ClientSession: add public API for updating callbacks after initialization		3	—	56d
#2384	felixweinberger	Inline $ref in tool inputSchema for LLM consumption (parity with typescript-sdk)		2	—	53d
#2393	jeffplourde	StreamableHTTP client: _handle_reconnection resets attempt counter to 0, causing infinite retry loop		2	—	50d
#2474	itomise	Return 405 on GET when stateless_http=True		1	—	36d
#2473	0717376	MCPServer unconditionally declares `prompts`, `resources`, `tools` capabilities on `initialize`		—	—	36d
#2480	q-thomasdickson	RequestResponder.cancel sends JSON-RPC response, violating cancellation spec		1	—	35d
#2486	leiserfg	Split the core from the server and client implementations		2	—	34d
#2489	demoray	Concurrent server-side requests are serialized end-to-end by BaseSession		—	—	34d
#2507	sherman94062	`ClientSession` never sends `notifications/cancelled` when `call_tool` is cancelled — server-side coroutines leak		2	—	29d
#2535	blackwell-systems	InMemoryTaskStore.wait_for_update has lost-wakeup races (concurrent waiters, notify-before-wait)		—	—	23d
#2537	joshdavham	Python 3.14 not listed as a supported python version in README badge		—	—	22d
#2539	rynowak	Bug: task_result_handler.py serializes None optional fields as JSON null, breaking Node SDK Zod validation		1	—	21d
#2548	Botschagow	BaseSession.send_request fails when forwarding a request received via ServerSession (envelope-fields collision)		1	—	19d
#2564	blackwell-systems	raise without from discards exception chain in 12 remaining sites		—	—	17d
#2570	Kevin990001	feat: Add distributed EventStore implementations (Redis, PostgreSQL) for production deployments		—	—	14d
#2581	KoolADE85	Types-only install option		1	—	13d
#2582	leowonglaw	Expose `schema_generator` on `FastMCP` for tool params schema generation		—	—	12d
#2588	fuyu-quant	`ClientConfig` has inconsistent naming: `message_handler` should be `message_callback`		—	—	12d
#2591	Swcmb	FastMCP crashes when tool return type uses Python 3.10+ `A \| B \| C` union syntax		3	—	11d
#2604	Jarda8	streamable_http_client: one concurrent request HTTPStatusError tears down sibling requests		2	—	10d
#2605	cclabadmin	Duplicate `initialize` with changed parameters can overwrite `ServerSession.client_params`		1	—	10d
#2610	mlorentedev	RequestResponder.__exit__ leaks CancelledError on cancelled request, killing the stdio receive loop		3	—	10d
#2618	cclabadmin	Streamable HTTP server accepts mismatched `MCP-Protocol-Version` header and body `protocolVersion` on `initialize`		1	—	9d
#2617	eeee2345	docs/examples: add a tool-response detection middleware sample?		—	—	9d
#2626	germanbecker	Add option to skip output validation for mcp client		3	—	8d
#2629	CrypticCortex	DCR registration accepts redirect_uris with non-HTTPS / non-loopback / fragmented schemes		—	—	7d
#2641	stephaneberle9	Add `invalid_target` to `AuthorizationErrorCode` (RFC 8707)		1	—	7d
#2653	colinlabrooy	mcp.server.fastmcp.FastMCP HTTP transport deadlocks after ~5 sequential client sessions on Windows (companion to PrefectHQ/fastmcp#4192)		—	—	4d
#2655	dexteradeus	Streamable HTTP server silently drops in-flight request when client reuses a JSON-RPC id		1	—	4d
#2663	MikeNjoroge	FastMCP.run(transport="stdio") produces noisy traceback on KeyboardInterrupt instead of clean exit		—	—	3d
#2673	danielgshea	ClientSession receive loop swallows callback exceptions, replying "Invalid request parameters" to the server instead of propagating to the call_tool awaiter		—	—	2d
#2678	theone139344	FastMCP/stdio: in-flight tool responses dropped on stdin EOF when input is bash-redirected from a file		—	—	0d

Bugs (76)

Queue — pick the top fix-ready and work it. Priority then age.

in-progress (1) — Assigned — someone is on it.

#	Author	Title	Labels	💬	🤖	Age
#2009	felixweinberger	Re-enable conformance tests in CI	bug P1	1	—	107d

fix-proposed (9) — Bot posted a suggested fix — review the diff. P0/P1 first.

#	Author	Title	Labels	💬	🤖	Age
#1257	0x-Professor	Don’t use shell=True in mcp dev subprocess on Windows (command injection risk)	bug P1	3	1	288d
#2416	bbarwik	Bug: AssertionError: Request already responded to — cancellation race in v1.27.0	bug P2	2	1	46d
#2429	kimsehwan96	[v1.x] Server-side outputSchema validation blocks tool error reporting (isError: true)	bug P2	2	1	43d
#2431	rain87	McpError is not pickle-safe and fails to unpickle	bug P2	3	1	42d
#2432	HenriChabert	Initialize call hangs forever if MCP server does not return a `Content-Type: text/plain`	bug P2	3	1	42d
#2433	DonovanDeHart	Windows: TextIOWrapper in stdio_server() emits CRLF instead of LF, corrupting newline-delimited JSON messages	bug P2	4	1	42d
#2455	shaun0927	session_idle_timeout is not exposed via streamable_http_app() and can cancel active requests	bug P2	3	1	39d
#2454	shaun0927	stdio_client crashes on malformed UTF-8 from child stdout instead of surfacing parse error	bug P2	2	1	39d
#2578	ShaneFlag	OAuth token refresh sends RFC 8707 resource parameter that Entra ID v2.0 rejects (AADSTS9010010)	bug P2	2	1	14d

ready-for-work (49) — Triaged and reproducible — pick one up. P0/P1 first.

#	Author	Title	Labels	💬	🤖	Age
#262	herrrX	cannot get response from await session.call_tool()	bug P1	15	—	440d
#373	samirbajaj	How to set / get `client_id`?	bug P1	2	—	426d
#381	weester-yan	Fastmcp tool parameter parsing type error	bug P1	12	—	424d
#577	HMJiangGatech	`RuntimeError: Attempted to exit cancel scope in a different task` when cleaning up multiple MCPClient instances out-of-order	bug P1	10	—	397d
#698	bendavis78	Tool.run should not reveal exception value to the client	bug P1	1	—	378d
#737	jasny6969	Bug Report: FastMCP `RuntimeError: Received request before initialization was complete` Leading to Empty SSE Responses When Embedded in FastAPI	bug P1	5	—	374d
#795	lizzzcai	Support for API Gateway Path Prefixes in SSE Client URL Handling	bug P1	1	—	367d
#874	efcwetgw	Cannot break out of session.initialize() when using streamable-http	bug P1	5	—	356d
#883	toughnoah	AssertionError: Unexpected message while using middlewares	bug P1	14	—	356d
#915	hzeus	Exception in `ClientSessionGroup` if `streamable_http` MCP server is not available	bug P1	6	—	349d
#1065	nileshmalode11	MCP Completion Issue	bug P1	2	—	328d
#1250	pematth	Framework does not handle refreshed tokens correctly	bug P1	12	—	290d
#1265	FakeDocument	Trailing slash in `.well-known/oauth-protected-resource` response may violate “Canonical Server URI” requirement	bug P1	2	—	286d
#1272	lindycoder	Server hangs when shutting down if a connection is still open	bug P1	2	—	284d
#1401	Unshure	ClientSession Error Handling	bug P1	8	—	242d
#1675	AydarDD	Streamable HTTP transport drops requests immediately after `initialize`	bug P1	1	—	180d
#1811	ivanbelenky	client's `read_stream_writer` open after SSE disconnection hanging `.receive()`	bug P1	3	—	156d
#1919	joar	Trailing slash in OAuthMetadata's `issuer` causes issues with clients	bug P1	2	—	124d
#423	folkvir	MCP SSE Server: Received request before initialization was complete	bug P2	24	—	417d
#526	RodrigoPAml	MCP Server with Python on Claude Desktop Never Exits	bug P2	6	—	405d
#1060	paxan	PydanticSchemaGenerationError: Unable to generate pydantic-core schema for Image type	bug P2	3	—	329d
#1218	howardjohn	`simple-streamablehttp-stateless` example will not return data if `id=0`	bug P2	1	—	299d
#1264	carlosemart	Protected Resource Metadata resource erroneous when setting up authentication on server	bug P2	4	—	286d
#1269	chipkent	FastMCP server death on client HEAD calls	bug P2	6	—	285d
#1274	rcxwhiz	Streamable HTTP client performance regression starting with v1.12.0	bug P2	2	—	284d
#1295	somaraani	401 in Streamable HTTP should be handled gracefully	bug P2	—	—	276d
#1326	Norcim133	Clients Using Storage Face Deadlock on Token Refresh for SSE	bug P2	3	—	268d
#1333	peteski22	`stdio_server` uses unbuffered memory streams which can cause server to block and become unresponsive	bug P2	1	—	266d
#1405	0Delta	It is not possible to define a Resource that takes only the Context parameter as an argument.	bug P2	2	—	241d
#1452	Shashikant86	The `stdio_client` hangs indefinitely on session initialization	bug P2	5	—	228d
#1523	cfytrok	OAuthClientProvider._handle_token_response expect json	bug P2	—	—	209d
#1577	gyang-xai	Client tool call hangs forever if server crashes or connection dies when using streamable-http	bug P2	2	—	202d
#1648	FanisPapakonstantinou	ClientDisconnect returns HTTP 500	bug P2	2	—	186d
#1656	pfaion	FastMCP configures logging on init, which messes up application-level logging	bug P2	5	—	182d
#1664	LucaButBoring	User-Agent header in sHTTP transport is not forwarded to auth flow	bug P2	1	—	182d
#1676	david-nominal	MCP client doesn't not initialize new session when getting 404 session not found	bug P2	3	—	180d
#1873	TommyVee	Bug: String parameters starting with digits coerced to numbers, causing UUID data loss	bug P2	2	—	130d
#2001	hubbard-zlee	Progress notifications not delivered via SSE in stateless HTTP mode	bug P2	—	—	109d
#2150	emmahoggan	Active Streamable HTTP sessions are not terminated during shutdown	bug P2	1	—	88d
#2216	nik1097	Bug: validate_scope rejects client scopes when required scopes in None	bug P2	4	—	81d
#156	grll	support logging to stderr in Jupyter Notebook Environments.	bug P3	6	—	493d
#396	omasoud	MCP Server: Inconsistent Exception Handling in @app.call_tool and Client Undetected Server Termination via Stdio	bug P3	1	—	420d
#514	growler	FastMCP server with SSE transport fails to shut down on a signal	bug P3	11	—	406d
#671	ycycycl	MCP Tool execution hangs indefinitely in stdio mode when calling external Python scripts	bug P3	6	—	381d
#1141	abhishekgahlot2	Progress notifications cause server to hang on stdio transport	bug P3	4	—	315d
#1251	de-code	Incorrect typing hint for FastMCP.call_tool	bug P3	—	—	290d
#1579	fennb	FastMCP read_resource() returns incorrect error code when resource not found	bug P3	4	—	201d
#436	Gelembjuk	Question: How to get a resource argument containing "/" ?	bug	7	—	415d
#1307	jennsun	Error & Mismatch in OAuth scope resolution between Claude.ai/MCP Python SDK and Inspector	bug	1	—	273d

needs-maintainer (4) — Reporter replied, or bot/triage flagged for maintainer judgment.

#	Author	Title	Labels	💬	🤖	Age
#2057	clouatre	Requests with "id": null silently misclassified as notifications	bug P2	10	—	101d
#1103	kdheeraz	MCP client not able to initiate StdioServerParameters while running in Jupyter Notebook	bug	5	—	321d
#1372	SinDongHwan	fastmcp.run() runtimeerror: task group is not initialized. make sure to use run().	bug	3	—	250d
#1960	newsbubbles	BrokenResourceError race condition in stdio_client cleanup when context exits quickly	bug	4	—	119d

close-candidates (2) — Bot says already-fixed/not-a-bug, or repro request expired (>14d).

#	Author	Title	Labels	💬	🤖	Age
#1053	sidgangs99	Streamable HTTP transport fails when accessing MCP server on Cloud Run using sdk	bug	4	—	331d
#1805	h-filzer	Possible ressource leak / race condition in streamable_http_client	bug	10	—	157d

waiting (1) — Reporter owes repro/confirmation, or a PR is in flight, or blocked.

#	Author	Title	Labels	💬	🤖	Age
#1332	dsp-ant	Implement consistent structuredContent handling per specification clarification	bug P3	1	—	266d

backlog (10) — Triaged bug, no status — plan into a sprint or label.

#	Author	Title	Labels	💬	🤖	Age
#1581	maxisbey	Add RFC 9728 resource field validation for protected resource metadata discovery	bug P1	—	—	201d
#2110	maxisbey	HTTP transport swallows non-2xx status codes causing client to hang	bug P1	7	—	95d
#2114	maxisbey	ExceptionGroup wrapping obscures real errors from task groups	bug P1	3	—	95d
#2107	maxisbey	Handle list_changed notifications instead of dropping them	bug P2	—	—	95d
#1564	ParthibanRajasekaran	stdio_client fails with BrokenResourceError during initialization	bug P3	3	—	204d
#1573	maxisbey	Fix flaky test test_response in test_streamable_http.py	bug P3	—	—	202d
#1795	maxisbey	Make JSON-RPC ID type coercion configurable	bug P3	2	—	159d
#1933	hyn0027	Using transport="stdio" closes real stdio, causing ValueError after server exits	bug P3	3	—	123d
#1974	mjahr	find_context_parameter() fails to detect Context parameter in callable class instances	bug P3	1	—	116d
#2208	maxisbey	get_access_token() returns stale token in stateful streamable-HTTP sessions	bug	—	—	82d

Enhancements (101)

Decisions — say yes/no, then design or implement.

in-progress (13) — Assigned — someone is on it.

#	Author	Title	Labels	💬	🤖	Age
#1240	yannj-fr	Implement OAuth relying on Authlib	enhancement P1	7	—	293d
#1253	Kludex	Python SDK v2	enhancement P1	2	—	289d
#1701	dgenio	Define and document the public Python SDK API surface	enhancement P1	4	—	178d
#1739	maxisbey	Support clean server shutdown	enhancement P1	1	—	171d
#1889	felixweinberger	Add transport types to Client + infer_transport() for auto-detection	enhancement P1	—	—	129d
#857	Kludex	Drop uvicorn from test suite	enhancement P2	7	—	360d
#348	ezyang	No way to set isError=True for arbitrary tool result content	enhancement P3	3	—	428d
#421	fali007	Adding Opentelemetry to MCP SDK	enhancement P3	15	—	417d
#1038	thomasst	MCP server: AccessToken class should have field for subject claim ("sub")	enhancement P3	5	—	333d
#1593	felixweinberger	Implement SEP-990: Enterprise Managed Authorization (Extension)	enhancement	3	—	199d
#2051	maxisbey	Simplify README and move examples to documentation site	enhancement	—	—	101d
#2121	martimfasantos	Allow `OAuthClientProvider` to accept a pre-configured auth server URL	enhancement	—	—	93d
#2141	enkidulan	Add wildcard pattern support for `allowed_hosts` in transport security	enhancement	—	—	90d

decide (46) — needs decision — say yes (→ ready/design/backlog) or no (→ close). P1 first.

#	Author	Title	Labels	💬	🤖	Age
#420	carlosemart	Option to not rewrite the logging configuration	enhancement P1	10	—	417d
#194	mconflitti-pbc	Allow customization of the Starlette app (middleware, routes, etc)	enhancement P1	8	—	472d
#1509	damianoneill	Support Per-Request HTTP Headers in call_tool()	enhancement P1	7	—	214d
#220	dsp-ant	Support for `path` convertor `{value:path}` in FastMCP	enhancement P1	4	—	459d
#378	ciccolo-anthropic	FastMCP should support all of RFC 6570	enhancement P1	4	—	425d
#1429	maxisbey	feat: enhance dynamic tool management with notifications and enable/disable	enhancement P1	4	—	231d
#1207	samuelcolvin	Excessive use of generics	enhancement P1	3	—	301d
#299	john0312	Low-level Server support for mcp dev and mcp run command	enhancement P1	2	—	435d
#1233	dsp-ant	Middleware Support in MCP	enhancement P1	1	—	294d
#12	jspahrsummers	Add conveniences for MCP proxy pattern	enhancement P1	—	—	591d
#47	jspahrsummers	Validate local capabilities	enhancement P1	—	—	559d
#226	salman1993	Improving how function docstring gets converted to tool's jsonschema for FastMCP	enhancement P2	11	—	458d
#710	skunkwerk	how to trigger a resources_changed or listChanged	enhancement P2	10	—	377d
#509	maxschulz-COL	Force returning tool result/ressource as artifact without regeneration	enhancement P2	6	—	406d
#1335	whitewg77	Using /.well-known/ OAuth endpoints behind custom path on GKE	enhancement P2	4	—	265d
#1374	ochafik	No default timeout for requests (unlike TS SDK)	enhancement P2	4	—	250d
#600	grll	SDKs and other middleware SHOULD allow these timeouts to be configured on a per-request basis.	enhancement P2	3	—	391d
#1788	felixweinberger	Consider extensible pattern for protocol flow-control exceptions	enhancement P2	3	—	161d
#1801	maxisbey	Implement server-side support for Client ID Metadata Documents (CIMD)	enhancement P2	3	—	158d
#1126	chrisagrams	Specifying capabilities w/ FastMCP Server	enhancement P2	2	—	318d
#1281	FallenDeity	Modular system to define MCP Primitives	enhancement P2	2	—	280d
#1723	erwang01	`auth` specification in `ClientSessionGroup`	enhancement P2	2	—	172d
#2453	NeelakandanNC	feat: Add roots enforcement utility to FastMCP (get_roots, assert_within_roots, @within_roots_check)	enhancement P2	1	—	39d
#230	ihrpr	No way to get `request_id` for a tool call to cancel it	enhancement P2	1	—	455d
#1023	magicbrighter	Support for Parameter Passing in MCP Configuration and Runtime Context	enhancement P2	1	—	334d
#1671	maxisbey	ServerSession methods (create_message, elicit_form) don't expose progress_callback parameter	enhancement P2	1	—	181d
#1393	caffeinism	Lazy HTTP connections seem to make error handling difficult.	enhancement P2	—	—	244d
#235	yu-iskw	Official Adapter Functions for LLM Providers in MCP Python SDK	enhancement P3	8	—	452d
#193	mconflitti-pbc	Add default /docs route to list information about the HTTP MCP server	enhancement P3	5	—	472d
#2422	DevonFulcher	Specific ToolNotFoundError for easier handling than ToolError in multi-tenant environments	enhancement P3	3	—	45d
#762	surister	Allow installing mcp servers from pypi	enhancement P3	3	—	370d
#817	huang-sh	STDIO hangs forever when the using multiprocessing in tools	enhancement P3	3	—	363d
#837	davenpi	Type system complexity creating developer friction and maintenance overhead	enhancement P3	2	—	361d
#1302	DebajitKumarPhukan	[Feature Request]: Support For "Proxy" in SSE and Streamable HTTP Client	enhancement P3	2	—	274d
#3	dsp-ant	Specific transports could be Python package extras	enhancement P3	1	—	607d
#73	dsp-ant	Better logging of when handlers are called and what they return when DEBUG is set	enhancement P3	1	—	545d
#622	bendavis78	[Feature] De-couple Starlette from FastMCP to make it easier to implement MCP endpoints in other frameworks	enhancement P3	1	—	387d
#1121	wiltshirek	MCP tool proxy, planned pull request. Allowing for Seamless Human or determinism (private keys, etc) in the middle.	enhancement P3	1	—	319d
#1678	felixweinberger	test_streamable_http.py isn't covered by test coverage	enhancement P3	1	—	179d
#1700	dgenio	Refactor func_metadata() into smaller components for schema & metadata generation	enhancement P3	1	—	178d
#1806	sesajad	More control over stderr in stdio client	enhancement P3	1	—	157d
#2408	dgenio	Introduce strategy/registry pattern for type handling in _create_output_model()	enhancement P3	—	—	46d
#767	DamyanBG	Feature Proposal: Modular Router System for MCP Python SDK	enhancement P3	—	—	369d
#1128	simba-git	Native sampling method on Context	enhancement P3	—	—	318d
#1347	felixweinberger	Address currently ignored ruff rules in Python SDK	enhancement P3	—	—	262d
#1696	dgenio	Clarify semantics, limitations, and naming for stateless HTTP mode	enhancement P3	—	—	178d

close-candidates (6) — Bot flagged duplicate/out-of-scope, or confirmation expired.

#	Author	Title	Labels	💬	🤖	Age
#309	mattzh72	Synchronous Python Client	enhancement P2	7	—	434d
#1692	dgenio	Revisit single-use semantics of StreamableHTTPSessionManager.run()	enhancement	1	—	178d
#1702	dgenio	Clarify and improve behavior when tool output fails schema validation	enhancement	1	—	178d
#1705	dgenio	Document and provide hooks for sandboxing file and network access in MCP tools	enhancement	1	—	178d
#1843	davidbernat	Function parameter coercion ("false" => False) failures in properly documented FastMCP tools?	enhancement	5	—	136d
#2083	rf-ellamind	Optionally(?) allow plaintext on localhost subdomains	enhancement	—	—	96d

waiting (5) — Reporter owes detail, or PR in flight, or SEP/hold.

#	Author	Title	Labels	💬	🤖	Age
#881	SoldierSacha	Client Credentials In the token Handler	enhancement P1	1	—	356d
#1545	felixweinberger	Implement SEP-1649: MCP Server Cards (.well-known Discovery)	enhancement	—	—	207d
#1544	felixweinberger	Implement SEP-1442: Make MCP Stateless	enhancement	—	—	207d
#1690	dgenio	Introduce a shared Transport abstraction to reduce stdio/SSE/WebSocket/HTTP duplication	enhancement	2	—	178d
#1691	dgenio	Simplify and harden session lifecycle with an explicit state machine	enhancement P2	2	—	178d

backlog (31) — Acknowledged, not prioritized — explicit backlog label or no status yet.

#	Author	Title	Labels	💬	🤖	Age
#1743	maxisbey	Extract OAuth flow logic into reusable components for proxy use cases	enhancement P1	9	—	171d
#2098	maxisbey	Expose session, auth, and transport information on handler Context	enhancement P1	1	—	95d
#2113	maxisbey	Redesign lifespan: separate server-scoped and session-scoped lifetimes	enhancement P1	1	—	95d
#1733	maxisbey	Refactor examples to use PEP 723 inline script metadata	enhancement P1	—	—	171d
#2116	sr07asthana	Support MCP client session resumption (sessionId reuse) in Python SDK	enhancement P2	2	—	94d
#1475	maxisbey	FastMCP: Support dynamic annotation updates	enhancement P2	2	—	224d
#1741	maxisbey	Support pluggable logging for structured output and correlation IDs	enhancement P2	1	—	171d
#1742	maxisbey	Introduce typed error classes with metadata	enhancement P2	—	—	171d
#1746	maxisbey	Support multiple MCP protocol versions	enhancement P2	—	—	171d
#1744	maxisbey	Improve exception tracebacks for easier debugging	enhancement P2	—	—	171d
#1734	maxisbey	Audit and document the MCP server publishing experience	enhancement P2	—	—	171d
#2108	maxisbey	Design client-side caching for list_tools/list_prompts/list_resources	enhancement P3	2	—	95d
#2556	CJGjr	Add `list_all_*` helpers to drain pagination	enhancement P3	1	—	18d
#1745	maxisbey	Remove jsonschema dependency	enhancement P3	1	—	171d
#2111	maxisbey	Support serializable session state for distributed deployments	enhancement P3	—	—	95d
#1315	Mars9934	OAuth TokenHandler should check Authorization header for client credentials	enhancement	3	—	271d
#1305	wenhuizhang	Feature Proposal: Secure Tool/Resource/Prompt Decorators with Auth + Encrypted I/O	enhancement	2	—	274d
#1031	davemssavage	Enable FastMCP to filter tools, prompts, resources using a fine grained policy	enhancement	2	—	334d
#1966	somaraani	Per-Request Transport Configuration for MCP Clients	enhancement	1	—	118d
#2052	maxisbey	Audit MCPServer constructor parameters	enhancement	1	—	101d
#2202	maxisbey	Type the MCPServer handler pipeline: tool/resource/prompt return types	enhancement	—	—	84d
#2201	maxisbey	Add Tasks support to `MCPServer`	enhancement	—	—	84d
#2153	maxisbey	MCPServer handlers should raise exceptions, not return error objects	enhancement	—	—	87d
#992	andrey-star	Support granular OAuth2 flow with state and verifier persistence	enhancement	—	—	339d
#1368	vitorbal	OAuth client should support bi-phasic oauth flows	enhancement	—	—	252d
#2135	maxisbey	Public API for runtime handler registration/deregistration on low-level Server	enhancement	—	—	90d
#2105	maxisbey	Support custom method handlers with custom params and return types on MCPServer	enhancement	—	—	95d
#2024	nypdmax	Support multi-protocol authentication with spec-aligned discovery and OAuth fallback	enhancement	—	—	105d
#2054	maxisbey	Add dependency injection support to MCPServer	enhancement	—	—	101d
#2053	maxisbey	Replace Field(description=...) with proper docstrings in auth models	enhancement	—	—	101d
#1319	localden	Support selection of authorization servers from PRM document	enhancement	—	—	270d

Questions (8)

Inbox — answer, then close or convert to bug/enhancement.

answer (8) — No maintainer response yet, or reporter followed up.

#	Author	Title	Labels	💬	🤖	Age
#1052	yurikunash	The resource URL path is ignored when building the protected resource metadata URL	question P3	2	—	331d
#1277	ilvalerione	How to get environment variables on the server?	question P2	2	—	283d
#1410	asheshvidyut	Cancelling a Call Tool Request from Client	question P1	—	—	238d
#1512	venetak	Add client subscription and server event broadcasting	question	—	—	213d
#1521	cfytrok	How to manually set client_id client_secret?	question	—	—	209d
#1625	cdreetz	Running Streamable HTTP Servers	question	—	—	193d
#1798	Junyi-99	Guide: Resolving "421 Invalid Host Header" (DNS Rebinding Protection)	question P2	11	—	159d
#2501	lottopotato	Was it a bad idea to stream the text generation process using Context.report_progress()?	question	—	—	31d

Docs (10)

Documentation issues.

docs (10) — Documentation issues — fold into a docs sprint.

#	Author	Title	Labels	💬	🤖	Age
#431	Gelembjuk	Question: How to authorise a client with Bearer header with SSE?	documentation P1	18	—	416d
#457	alnickle	Documentation for mcp command flags	documentation P1	2	—	412d
#498	dgzxx-2000	How do python clients and servers use prompt	documentation P1	4	—	408d
#539	z29	We need some more client and sampling examples and use-cases.	documentation P1	7	—	402d
#702	Westerby	Auth for MCP - Starlette middleware vs. OAuthAuthorizationServerProvider	documentation P1	6	—	377d
#880	karthich	[horizontal scaling] How to actually build session persistence in streamable http MCP server?	documentation P1	18	—	356d
#1205	yarnabrina	Controlling Context in Client for Sampling Requests	documentation P1	9	—	302d
#1464	felixweinberger	Improve docs on how to use `instructions` on `InitializeResult`	documentation P1	3	—	227d
#339	exeex	[docs] How to run FastMCP with args or env vars?	documentation P2	2	—	430d
#766	CakeCrusher	(discussion) How to best handle instrumenting for `resources` and `prompts`	documentation P2	1	—	370d

Volume

Open Issues

↑ 4.48%

140

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

last 90 days

Response Time

Time to first maintainer response

Average

—

26d

Median

↑ 31.02%

P90

—

58d

P95

—

200d

Stale Issues

Issues with no activity

Stale

↑ 8.33%

104

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
enhancement	61
bug	46
needs confirmation	24
ready for work	16
P2	13
P3	7
documentation	7
area-auth	6
question	4
help wanted	3
P1	2
blocked	2
area-infrastructure	1
area-tests	1
needs repro	1

Issues Awaiting Maintainer Response

Sorted by longest wait time first

Issue	Title	Labels	Comments	Waiting
#236	Pass context from request endpoint to message handler	enhancementneeds confirmation	2	412d
#350	MAUI application create mcp client throw exception:The server shut down unexpectedly.	bug	5	396d
#433	McpServerPrimitiveCollection needs transactions/updates	enhancementneeds confirmation	0	372d
#450	Resource-based authorization on tools	enhancementarea-auth+1	0	364d
#611	Host several MCP in one ASP.Net application	questionneeds confirmation	1	318d
#640	Dictionary<string, JsonElement> overload for CallToolAsync	enhancement	0	307d
#648	OAuth authentication request fails with MS Entra-ID	ready for work	4	303d
#654	When Absolute Uri passed as McpAuthenticationOptions.ResourceMetadataUri, /.well-known/oauth-protected-resource endpoint returns 404	bug	2	301d
#659	AspNetCore TestHost client transport	enhancement	0	299d
#657	Release signed binaries in nuget package	enhancement	0	299d
#667	MCP Framework Tool Invocation Fails Based on Method Name Despite Identical Implementation	bug	2	296d
#684	Using incorrect oauth-authorization-server endpoint	bugarea-auth+1	1	291d
#681	Not able to authenticate MCP Servers	bug	6	291d
#689	ProtectedMcpServer sample doesn't work with VSCode auth flow	bug	0	290d
#720	Passing ACR_VALUES TO Token Endpoint	enhancement	0	278d
#730	SDK Implementation of Authorization is not compatible with the specification. code_challenge_methods_supported is handled incorrectly	bug	1	273d
#738	Server-side keep-alive Scheduler for SSE responses	bug	0	270d
#752	How can a server using the SSE (Server-Sent Events) model over HTTP support additional content like images within the conversational context?	enhancement	2	264d
#788	Passing a malformed body throws a 500 error instead of 400. Very hard to figure out what is incorrect in the request being issued by the caller	bug	0	249d
#812	Support PRM subpaths per RFC 9728 (multiple resources per host)	enhancement	0	244d
#842	OAuth Flow not working for Atlassian MCP and Github MCP	bug	4	228d
#887	Scopes not forwarded to DCR endpoint and duplication of RedirectUris	bug	0	220d
#917	Support externally sourced JWT in Auth header from MCP client	enhancement	2	213d
#932	Transfer-Encoding=Chunked causes issues with locally run Azure Functions	bug	0	205d
#964	403 error with Authorization Bearer	needs confirmation	2	191d
#1026	Provide an example of how to connect telemetry with Application Insights	enhancement	1	181d
#1052	Practical OAuth implementation for production	documentationhelp wanted+2	0	173d
#1119	OAuth Resource URI Validation Too Strict - Fails When MCP Server Uses Subpath	bug	0	154d
#1126	Request for Sample: ASP.NET Core MCP Client with One Persisted Connection Per User Session	documentationhelp wanted+1	5	146d
#1132	Streamable HTTP transport doesn't correctly handle empty response	bugneeds confirmation	1	137d
#1150	Allow JsonSerializerOptions without TypeInfoResolver	bug	0	130d
#1166	Github copilot not setting bearer token on acces to tools.	bug	2	126d
#1172	Support using WithStreamServerTransport for multiple in-process mcp servers	bug	0	122d
#1216	Version-Based Tool Registration for MCP Server	enhancement	0	115d
#1236	Specified ClientOAuthOptions.Scopes are ignored	bugarea-auth+1	1	111d
#1314	Custom filters	enhancementready for work+1	0	94d
#1389	Sample: stdio-to-HTTP bridge for AI clients that only support stdio transport	documentationenhancement	0	89d
#1413	Export Control Classification Number for these packages?	documentationquestion	0	80d
#1434	CreateOutputSchema wraps non-object schemas without rewriting internal $ref pointers	bugP2	0	70d
#1446	[Auth] OAuth proxy / DCR facade for non-DCR providers (e.g. Entra ID + Claude Code)	enhancement	3	68d
#1470	McpClient.CreateAsync times out behind APIM in .NET SDK while MCP Inspector/Azure AI Foundry succeed	bugP2	0	59d
#1480	Tool returning McpTask is double-wrapped when client sends task-augmented request	bugready for work+1	0	55d
#1487	Authorization Server & Protected Resource Metadata inspection	enhancement	0	54d
#1494	[Documentation request] Authentication architecture suggestions	documentationenhancement	3	53d
#1516	MCP Tool description from external source	(unlabeled)	1	40d
#1526	`AutoDetect` transport hides the real error: surfaces 405 to the user when the server actually returned 415	bug	0	34d
#1556	Method not found: 'System.String Microsoft.Extensions.AI.HostedMcpServerTool.get_AuthorizationToken()	bug	0	23d
#1557	Option to support declarative tool registration activated by version (e.g. "beta")	enhancement	0	22d
#1575	Tool.InputSchema silently defaults to {"type":"object"} when absent from JSON, masking missing required field	(unlabeled)	1	11d
#1574	Invalid Content-Encoding: identity header in SSE responses (RFC 9110 violation)	bug	1	11d
#1578	Stdio dispatch hangs after exactly 2 sequential tools/call requests (PowerShell client, sequential not concurrent)	(unlabeled)	0	10d
#1580	Streamable HTTP server accepts mismatched header/body protocol versions on `initialize`	bug	0	9d
#1587	OAuth token refresh fails with AADSTS9010010	bug	0	6d
#1593	`McpClientOptions` has no way to inject `_meta` into the `initialize` request	bug	0	4d
#1592	RunSessionHandler (MCPEXP002): omitting`server.RunAsync(ct) silently hangs all MCP requests indefinitely with no diagnostic	bug	1	4d
#1601	StdioClientTransportOptions is failing with space in Command	bug	0	0d

Volume

Open Issues

↑ 11.11%

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

last 90 days

Response Time

Time to first maintainer response

Average

—

19d

Median

—

P90

—

49d

P95

—

70d

Stale Issues

Issues with no activity

Stale

↑ 38.46%

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
bug	8
enhancement	7

Issues Awaiting Maintainer Response

Sorted by longest wait time first

Issue	Title	Labels	Comments	Waiting
#150	github actions running error	bug	0	99d
#151	tier-check: support monorepos with multiple SDK packages	(unlabeled)	0	98d
#182	tier-check reports 0/30 server conformance despite all tests passing	(unlabeled)	0	80d
#208	Add positive tests for the Authorization Code Grant	enhancement	6	52d
#223	Workload Identity Federation (SEP-1933) - Client Conformance	(unlabeled)	0	44d
#226	Add scenario option to authorization server conformance test	enhancement	1	40d
#225	Add JSON-based setup option to authorization server conformance test	enhancement	0	40d
#234	Add check for CIMD of authorization server metadata	enhancement	1	38d
#244	Proposal: Tasks conformance scenarios (spec 2025-11-25)	(unlabeled)	1	31d
#258	Add support for a stdio testing	enhancement	2	25d
#261	Add SEP-2663 Tasks Extension conformance scenarios	(unlabeled)	0	19d
#266	Add SEP-2575 conformance tests	(unlabeled)	1	13d
#274	initialize scenario test server violates specification causing client failure	bug	0	11d
#315	caching scenario should use DRAFT-2026-v1	bug	0	1d
#313	docs: two specReferences[].url strings return 404	bug	0	1d
#312	server-stateless doesn't set `mcp-method` etc.	bug	0	1d
#311	http-header-validation missing io.modelcontextprotocol/protocolVersion	bug	0	1d

Volume

Open Issues

—

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

last 90 days

Response Time

Time to first maintainer response

Average

—

88d

Median

—

102d

P90

—

151d

P95

—

154d

Stale Issues

Issues with no activity

Stale

↑ 3.45%

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
enhancement	19
bug	12
question	1

Issues Awaiting Maintainer Response

Sorted by longest wait time first

Issue	Title	Labels	Comments	Waiting
#9	What does "bundle a complete virtual environment" mean?	question	3	332d
#10	How to specify platform-specific overrides based on CPU architecture?	enhancement	4	332d
#35	Local development workflow doesn't work	bug	1	328d
#54	ENOENT no such file or directory, open '/path/to/manifest.json'	bug	1	320d
#68	Proposal: Add `post_install` and `post_uninstall` script hooks to DXT manifest	enhancement	3	315d
#71	Code signing requires private key PEM, but providers (e.g., Certum) don’t provide private key for download	enhancement	2	314d
#91	Low severity vulnerabilities introduced by dxt	bug	0	277d
#149	Feat: Tool icons	enhancement	0	204d
#164	Support oauth settings	enhancement	2	180d
#165	Feature Request: Add enum/dropdown support for user_config fields	enhancement	1	173d
#177	Feature Request: Declarative Filesystem Permissions in MCPB Manifest	enhancement	1	137d
#176	Support for remote MCP servers (streamable HTTP transport)	enhancement	1	137d
#179	Feature Request: Add server.type = "bash" for Bash-based MCP servers	enhancement	1	130d
#180	Incompatibility with native modules (ABI mismatch) in Node.js bundles	(unlabeled)	2	128d
#182	Feature Request: Support for MCP servers integrated with native applications	enhancement	2	126d
#202	support configuration of an already installed MCP server	enhancement	1	75d
#218	[BUG] mcpb validate warns about icon size even for 512x512 PNGs	bug	1	64d
#219	Filesystem MCP write_file returns success but files don't exist (Claude Desktop 1.1.8308, macOS)	bug	1	62d
#223	[BUG] Claude Desktop (Windows MSIX) — MSIX registry silo prevents all C:\Windows\System32\OpenSSH\ binaries from executing in child processes	bug	0	55d
#224	Feature Request: Bundle Attestation for API Backend Verification	(unlabeled)	4	52d
#225	Claude Desktop (Store): stdio MCP tools discovered but tools/call never reaches server (regression)	bug	0	48d
#229	macOS: UtilityProcess rejects third-party native Node modules due to library validation (distinct from #180)	(unlabeled)	1	40d
#226	Claude Desktop crashes on invalid semver in manifest version field	(unlabeled)	0	40d
#232	Desktop Extension submission status inquiry — Overboard Studio	(unlabeled)	0	36d
#236	Claude Desktop: Local DXT connector tool calls never dispatched after MCP handshake (silent timeout)	bug	0	25d
#235	mcpb pack on Windows produces .mcpb without Unix file permissions	bug	0	25d
#238	Freeze on mounting folders in claude coworkers	bug	1	21d
#240	채팅 검색 시 프로젝트에 속한 채팅분류	enhancement	0	20d
#239	채팅 일부 삭제기능 건의	enhancement	0	20d
#241	Default EXCLUDE_PATTERNS in mcpb pack is too broad	bug	0	17d
#244	Claude Desktop: sensitive user_config fields displayed in plain text in environment variables panel	(unlabeled)	0	13d
#247	Feature request: Native connector for Bloom.io	enhancement	0	10d

Volume

Open Issues

↑ 2.70%

Opened

—

last 7 days

Opened

—

last 30 days

Opened

—

last 90 days

Closed

—

last 7 days

Closed

—

last 30 days

Closed

—

last 90 days

Response Time

Time to first maintainer response

Average

—

20d

Median

↓ 8.87%

P90

—

61d

P95

—

82d

Stale Issues

Issues with no activity

Stale

↑ 18.75%

>30 days

Stale

—

>60 days

Stale

—

>90 days

Reopen Rate

—

100%

Issues by Label

Label	Count
enhancement	30
bug	15
protocol	4
v2	3
documentation	2
needs more work	1
upstream-host	1
v1	1

Issues Awaiting Maintainer Response

Sorted by longest wait time first

Issue	Title	Labels	Comments	Waiting
#26	ui:// protocol needs to be registered with IANA	bug	1	180d
#269	SEP: Duplicate placement of `McpUiResourceMeta` in the resource metadata and the resource read value leads to confusion.	bug	0	131d
#412	Side Panels For Interactive Documents	enhancement	0	117d
#423	Angular based MCP apps example	enhancement	1	111d
#481	MCP Apps: No shared session identity between AppBridge and Model sub-connections	(unlabeled)	1	100d
#458	Multiple `initialize` calls per conversation breaks `Mcp-Session-Id` linking	(unlabeled)	2	99d
#465	Feature parity with Apps SDK setWidgetState	enhancement	0	96d
#500	Proposal: Slot-based updateModelContext() for independent context channels	(unlabeled)	0	89d
#511	[Proposal] Rich UI elicitation — attach an MCP App to an elicitation/create request	enhancement	2	86d
#513	[Proposal] Features for speeding up slow Python/ Pyodide based apps	enhancement	1	84d
#515	CSP: Clarify/Allow '*' and scheme-based policies	enhancement	1	83d
#542	PostMessageTransport: Race condition with srcdoc iframes — host misses ui/initialize	(unlabeled)	2	78d
#558	ui/update-model-context: How should hosts handle multiple instances of the same app resource?	(unlabeled)	1	65d
#566	[Proposal] Support web workers (`worker-src`) via `workerDomains` on `McpUiResourceCsp`	enhancement	0	61d
#574	`downloadFile` not implemented on Claude iOS (error -32601)	(unlabeled)	1	57d
#598	Feature Request: Contextual Inline Citations with Modal/Dialog Popups for MCP Apps	enhancement	0	51d
#611	Version negotiation mechanism exists but HOST behavior doesn't change based on negotiated version	(unlabeled)	0	41d
#617	server-pdf: get_viewer_state always returns pageCount: 1 and get_text returns empty in VS Code	(unlabeled)	0	35d
#634	Spec 2026-01-26: misleading "View initialize" example uses `initialize` + `clientInfo` instead of `ui/initialize` + `appInfo`	bug	0	33d
#633	bug: Safari/WebKit event.source identity mismatch in sandbox.ts relay breaks PostMessageTransport	(unlabeled)	0	33d
#635	Feature: Add Angular basic example	enhancement	3	32d
#644	v1.7.0 refreshRoots() clears allowedLocalDirs when host advertises roots capability but returns empty list — wipes CLI-arg directories	(unlabeled)	1	27d
#646	basic-host does not forward toolResult _meta to the ui.	bug	0	26d
#647	`tools/call` requests no longer echo `Mcp-Session-Id` (violates Streamable HTTP spec)	bug	1	24d
#649	app-bridge pulls in entire Zod library (~1.4MB pre-minified) - most of it unused	(unlabeled)	0	23d
#652	unsafe-eval warning is thrown from AJV via @modelcontextprotocol/sdk dependency	bug	0	19d
#655	McpUiHostCapabilities missing tools field — widget-declared tools unimplementable by hosts	(unlabeled)	0	18d
#659	Proposal: Allow Views to subscribe to server resource updates via resources/subscribe	(unlabeled)	1	15d
#661	,.	enhancement	1	7d
#664	Clarification Request: Standardized Guidance for Detecting Malicious Patterns in Widget HTML	(unlabeled)	0	2d
#665	@modelcontextprotocol/ext-apps consumers ship ~140K of unused zod v4 locale files in browser bundles	(unlabeled)	1	1d