Pull Requests
Volume
Open PRs
↑
7.89%82
Draft PRs
—11
Opened
—23
last 7 days
Opened
—104
last 30 days
Opened
—277
last 90 days
Merged
—14
last 7 days
Merged
—81
last 30 days
Merged
—210
last 90 days
Closed Unmerged
—73
last 90 days
Time to First Review
Average
—9d
Median
—15h
P90
—12d
P95
—43d
Merge Time
Average
—19d
Median
↓
4.33%1d
PRs Needing Maintainer Review
Open PRs with no maintainer review (excludes drafts from counts)
No Maintainer Review
↓
9.52%38
>24 hours
No Maintainer Review
—35
>7 days
PRs Awaiting Maintainer Review
Sorted by longest wait time first
| PR | Title | Author | Size | Reviews | Waiting |
|---|---|---|---|---|---|
| #678 | Remove references to enumNames | stickeegreg | +0 -9 | 0 | 304d |
| #813 | fix: deduplicate title definition in tools | connor4312 | +0 -9 | 0 | 293d |
| #1336 | SEP-1336: User Agent Guidance for Client Implementations | LucaButBoring | +184 -0 | 1 | 239d |
| #1515 | docs: add STDIO, SSE, and Streamable HTTP columns to clients matrix | theailanguage | +86 -83 | 0 | 199d |
| #1695 | Recommend 128 bits of entropy | loganaden | +1 -1 | 0 | 169d |
| #1803 | SEP-1803: Event Subscriptions | caseychow-oai | +184 -0 | 0 | 148d |
| #1822 | SEP-1821: Add dynamic tool search support | truehazker | +66 -4 | 1 | 143d |
| #1831 | chore: Add BizContext, extensions, and context support for task | He-Pin | +30 -3 | 2 | 142d |
| #1834 | chore: Add pending status to task | He-Pin | +6 -3 | 0 | 142d |
| #1862 | SEP-1862: Tool Resolution | SamMorrowDrums | +1723 -0 | 0 | 139d |
| #1905 (draft) | SEP-1905: Task Result Streaming and Immediate Result Acceptance | He-Pin | +709 -2 | 0 | 134d |
| #1904 | SEP-1904 : Add filtering support for tasks/list | He-Pin | +153 -2 | 0 | 134d |
| #1913 | SEP-1913: Trust and Sensitivity Annotations | SamMorrowDrums | +2347 -0 | 14 | 133d |
| #1921 | SEP-1921: Add Context Headers (Tool, Prompt, Resources) to MCP Requests for Fine-Grained Rate Limiting | Rajesh-Narayanappa87 | +75 -0 | 0 | 128d |
| #1975 | SEP-1975: Conversation Event Subscriptions | varun29ankuS | +172 -0 | 0 | 117d |
| #1984 | SEP-1984: Comprehensive Tool Annotations for Enhanced Governance and UX | sambhav | +488 -0 | 0 | 114d |
| #2001 | SEP-2001: Optional High Availability Patterns for Stateful Streaming in MCP Deployments | jizhuozhi | +138 -0 | 0 | 110d |
| #2007 | SEP-2007: Add MCP Payment Support Specification | shivankgoel | +1969 -0 | 43 | 107d |
| #2028 | SEP-2028: Automatic _meta to HTTP header forwarding for distributed tracing | monahk | +861 -0 | 13 | 101d |
| #2053 | SEP-2053: Server Variants extension | sambhav | +1613 -0 | 0 | 93d |
| #2061 (draft) | SEP-2061: Action Security Metadata for MCP Tools | rreichel3 | +292 -0 | 0 | 92d |
| #2072 | SEP-2072: Memory Portals | comradenala | +601 -0 | 0 | 87d |
| #2166 | SEP-2166: Out-of-Band Resource Access via HTTPS URLs | abrookins | +595 -0 | 1 | 71d |
| #2188 | SEP-2188: Add elicitation timeout coordination via notifications/elicitation/pe… | ArsalanShakil | +463 -0 | 0 | 66d |
| #2202 | SEP-2202: Allow Non-File URI Schemes for Roots | chughtapan | +230 -0 | 5 | 64d |
| #2268 (draft) | SEP-2268: Subtasks | LucaButBoring | +317 -0 | 0 | 50d |
| #2282 | SEP-2282: Server-Declared Behavioural Hooks | heyhayes | +871 -2 | 0 | 47d |
| #2317 | SEP-2290: Content Negotiation Extension | schlpbch | +104 -0 | 0 | 41d |
| #2325 | SEP-2325: SSH Custom Transport | tobert | +1017 -0 | 0 | 39d |
| #2339 | SEP-2339: Task Continuity | LucaButBoring | +1200 -230 | 23 | 37d |
| #2357 | SEP-2357: Dedicated structured media type for MCP HTTP transport | rvmillett | +365 -0 | 0 | 35d |
| #2355 | docs(spec): add internationalization guidance for Streamable HTTP | SamMorrowDrums | +25 -0 | 0 | 35d |
| #2385 | SEP-2385: Tool Auth Manifest | lececo | +167 -0 | 0 | 28d |
| #2391 (draft) | [WIP] Add spec annotator plugin to Claude Code marketplace | LucaButBoring | +2960 -3 | 0 | 28d |
| #2417 | SEP-2417: Model Preferences for Tools | ProductOfAmerica | +3043 -1 | 0 | 23d |
| #2419 | SEP-2419: cache_hint well-known key in CallToolResult._meta | clouatre | +456 -1 | 0 | 22d |
| #2433 | SEP-2433: Transfer Descriptors — Out-of-Band Data Transfer Negotiation | bhanquier | +1172 -47 | 0 | 18d |
| #2448 | SEP-2448: MCP server execution telemetry | savula15 | +250 -0 | 0 | 16d |
| #2487 (draft) | SEP-2487: Add execution.requirements field to Tool for preconditions | ZachGerman | +126 -4 | 0 | 12d |
| #2495 | SEP: Event-Driven Tool Invocation (Server-Push to LLM Re-entry) | hf75 | +119 -0 | 1 | 11d |
| #2509 (draft) | Draft SEP: add task output snapshots for in-progress tasks | shinzoxD | +550 -0 | 0 | 9d |
| #2517 (draft) | docs: update VS Code client entry with current MCP capabilities | digitarald | +9 -7 | 0 | 5d |
| #2528 | docs: Add deployment guidelines for proxying MCP servers | jeffyaw | +153 -1 | 0 | 3d |
| #2521 | SEP: Remote Server Deployment Guidelines | jeffyaw | +359 -0 | 0 | 3d |
| #2532 | SEP-2532: Resource Streaming for Binary Content Delivery | patrick-rodgers | +1249 -0 | 0 | 2d |
| #2548 | docs: Add Bob Shell to MCP clients documentation | Yashrajsingh2001 | +18 -0 | 0 | 0d |
PR Size Distribution
Open PRs by lines changed
Small
—23
<100 lines
Medium
—32
100-500 lines
Large
—27
>500 lines
Actionable vs target
↑
29.17%PRs where the ball is in our court.
Green: ≤ 25
Yellow: 26–50
Red: > 50
31of target/25
Auth
—Actionable PRs touching auth code.
Click to filter to these PRs.
No target — informational.
10of actionable/31 (32%)
Actioned (7d)
↓
78.57%Throughput: actionable→non-actionable transitions per day. A PR that cycles review→author→re-review counts each cycle. Sparkline shows daily values.
9
230 in last 30d
Merged (7d)
—PRs merged in the last 7 days — the terminal-outcome subset of Actioned. Rolling 7×24h window from last data refresh.
1
77 in last 30d
Hours to clear
↑
9.09%Estimated maintainer hours to clear all actionable PRs.
Green: < 5h
Yellow: 5–10h
Red: ≥ 10h
~8.4
1st review > 7d
—Community PRs past 7 days with no maintainer review — across all pressing states, not just the first-review bucket.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
3
of 6 eligible
Re-review > 24h
—PRs where the author acted (pushed/commented) after our review, past 24h — across all pressing states.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
12
of 14 eligible
Maintainer > 24h
—PRs from maintainers past 24 hours — across all pressing states. A maintainer PR in a cluster still counts.
Click to filter to these PRs.
Green: 0–1
Yellow: 2–3
Red: ≥ 4
8
of 10 eligible
Stats — volume, timing, size distribution
Volume
Open PRs
↑
14.75%70
Draft PRs
—22
Opened
—16
last 7 days
Opened
—176
last 30 days
Opened
—405
last 90 days
Merged
—1
last 7 days
Merged
—77
last 30 days
Merged
—175
last 90 days
Closed Unmerged
—239
last 90 days
Time to First Review
Average
—12d
Median
↓
2.53%2d
P90
—45d
P95
—55d
Merge Time
Average
—13d
Median
↑
0.24%2d
PR Size Distribution
Open PRs by lines changed
Small
—20
<100 lines
Medium
—34
100-500 lines
Large
—16
>500 lines
Breakdown by tier
| Tier | Count | Auth | Maint. | ~Time |
|---|---|---|---|---|
| 0 — Press a button | 3 | 0 | 2 | 3m |
| 1 — We're blocking someone | 15 | 5 | 5 | 5.0h |
| 2 — High leverage | 10 | 4 | 3 | 2.4h |
| 3 — Intake | 2 | 1 | 0 | 1.0h |
| 5 — Close candidates | 1 | 0 | 0 | 1m |
| total actionable | 31 | 10 | 10 | 8.4h |
| not our move | 38 | — | — | — |
Press a button (3) ⊕ ⊖
Already approved or already decided — ready for action.
2 SLA needs-merge (3) — Approved and CI-green — ready to merge.
| #1842 | KKonstantinov | maintainer`v2`: add guard methods | approved 0d ago, green | +172-3 | 8d |
| #1866 | felixweinberger | ci: skip lefthook on spec-sync bot push | approved 0d ago, green | +4-1 | 0d |
| #1691 | travisbreaks | 1st-reviewfeat: add multi-server chatbot client example | approved 0d ago, green | +202-1 | 24d |
We're blocking someone (15) ⊕ ⊖
Author did what we asked and is waiting on us. Longest-waiting first.
9 SLA5 auth needs-re-review (10) — Author pushed changes after review feedback — needs re-review.
| #1521 | LucaButBoring | re-reviewauthfix(client): retry SSE stream after receiving session ID | author pushed after CHANGES_REQUESTED (3d waiting) | +417-0 | 58d |
| #1563 | gogakoreli | re-reviewfix: inline local $ref in tool inputSchema for LLM consumption | author pushed after CHANGES_REQUESTED (1d waiting) | +632-1 | 48d |
| #1627 | nielskaspers | re-reviewdocs(server): add unit testing guide using InMemoryTransport | author pushed after CHANGES_REQUESTED (7d waiting) | +110-3 | 36d |
| #1653 | rechedev9 | re-reviewauthfix: validate clientMetadataUrl at construction time (fail-fast) | author pushed after CHANGES_REQUESTED (7d waiting) | +113-2 | 31d |
| #1657 | rechedev9 | re-reviewauthfix: accumulate OAuth scopes on 401/403 instead of overwriting | author pushed after CHANGES_REQUESTED (7d waiting) | +618-50 | 30d |
| #1712 | travisbreaks | re-reviewfeat(server): add host process watchdog to StdioServerTransport | author pushed after CHANGES_REQUESTED (3d waiting) | +59-1 | 21d |
| #1718 | Maverick-666 | re-reviewauthfix(client): recover streamable HTTP session on 404 for session-bound requests | author pushed after CHANGES_REQUESTED (7d waiting) | +238-3 | 21d |
| #1724 | guoyangzhen | re-reviewauthfix: throw error on auth fallback for non-root AS paths | author pushed after CHANGES_REQUESTED (7d waiting) | +82-16 | 20d |
| #1726 | rcdailey | re-reviewfeat(server): add keepAliveInterval for standalone GET SSE stream | author pushed after CHANGES_REQUESTED (7d waiting) | +211-19 | 19d |
| #1854 | haydenrear | Added default mcp tool call timeout from env | author disagreement after CHANGES_REQUESTED (0d waiting) [llm] | +133-2 | 4d |
4 SLA maintainer-intake (5) — Maintainer-authored PR awaiting review from another maintainer.
| #1764 | felixweinberger | maintainer[v2] Make ToolTaskHandler.getTask/getTaskResult optional and actually invoke them | 15d, no maintainer has looked yet | +340-315 | 15d |
| #1785 | felixweinberger | maintainerfix: UriTemplate.match() handles optional, out-of-order, and encoded query parameters | 13d, community reviewed (mgyarmathy) | +162-7 | 14d |
| #1827 | felixweinberger | maintainerfix(client): suppress onerror when SSE disconnect will be handled by reconnect | 9d, no maintainer has looked yet | +49-13 | 9d |
| #1828 | felixweinberger | maintainerfix(client): allow transport restart after close() | 9d, no maintainer has looked yet | +113-5 | 9d |
| #1867 | felixweinberger | docs: seed initial review rules for automated code review | 0d, no maintainer has looked yet | +84-0 | 0d |
High leverage (10) ⊕ ⊖
One decision unblocks or closes multiple things.
1 auth duplicate-cluster (1 clusters, 2 PRs) — Multiple PRs address the same issue — one will be picked, others closed as duplicates.
Issue #1397 — 2 PRs ⭐ #1855 (Both PRs have unknown CI status, so that criterion doesn't differentiate them. #1821 is labeled "PoC" (proof of concept) and touches 30 files, indicating a broad exploratory approach. #1855 makes a targeted, minimal change across only 2 files — adding `| undefined` to the specific transport option callbacks that require it for `exactOptionalPropertyTypes` compatibility. With CI unknown for both, the smallest-focused-diff criterion applies next: a 2-file surgical fix is lower risk, easier to review, and less likely to introduce unintended side effects than a 30-file refactor. #1821's scope may also carry merge conflict risk given how many files it touches.)
| #1821 | KKonstantinov | authPoC: TS exactOptionalPropertyTypes support | shares issue #1397; #1855 is the pick | +534-485 | 10d |
| #1855 | Christian-Sidak | fix: add | undefined to transport option callbacks for exactOptionalPropertyTypes | [llm pick] cluster primary for issue #1397: Both PRs have unknown CI status, so that criterion doesn't differentiate them. #1821 is labeled "PoC" (proof of concept) and touches 30 files, indicating a broad exploratory approach. #1855 makes a targeted, minimal change across only 2 files — adding `| undefined` to the specific transport option callbacks that require it for `exactOptionalPropertyTypes` compatibility. With CI unknown for both, the smallest-focused-diff criterion applies next: a 2-file surgical fix is lower risk, easier to review, and less likely to introduce unintended side effects than a 30-file refactor. #1821's scope may also carry merge conflict risk given how many files it touches. | +7-7 | 4d |
5 SLA2 auth needs-decision (6) — Maintainer discussed but hasn't approved or requested changes yet.
| #1826 | felixweinberger | maintainerauthfix(client): remove redundant onerror in _startOrAuthSse catch | maintainer COMMENTED but took no stance | +122-59 | 10d |
| #1838 | felixweinberger | maintainerauthchore(ci): switch publish to OIDC trusted publishing | maintainer COMMENTED but took no stance | +6-3 | 8d |
| #1322 | shellRaining | re-reviewfix: #780 onerror and other listener not remove after client close | maintainer COMMENTED but took no stance | +107-26 | 111d |
| #1516 | andershagbard | re-reviewModify registerPrompt to accept undefined Args type | maintainer COMMENTED but took no stance | +49-2 | 58d |
| #1717 | travisbreaks | re-reviewfeat(core): add opt-in periodic ping for connection health monitoring | maintainer COMMENTED but took no stance | +383-1 | 21d |
| #1857 | nielskaspers | docs: document tool list changed notifications | maintainer COMMENTED but took no stance | +79-31 | 4d |
3 SLA2 auth backport-follows-primary (3) — v1.x sibling of a main-branch PR. Review together — backport diff is usually mechanical.
| #1839 | felixweinberger | maintainerauthchore(ci): switch publish to OIDC trusted publishing | follows #1838 | +3-3 | 8d |
| #1083 | mgyarmathy | 1st-review[v1.x] fix: Update UriTemplate implementation to handle optional/omitted, out-of-order, and encoded query parameters | follows #1785 (same issue #149, different branch) | +156-11 | 155d |
| #1520 | LucaButBoring | 1st-reviewauth[1.x] fix(client): retry SSE stream after receiving session ID | follows #1521 | +419-0 | 58d |
Intake (2) ⊕ ⊖
PRs not yet reviewed by a maintainer. Oldest first.
Close candidates (1) ⊕ ⊖
Likely to be closed — inactive, stale, or needing more context. Reviewed before closing.
stale-ci-abandoned (1) — CI has been failing for over a month with no activity.
| #1335 | LucaButBoring | [v1.x] Fix registerToolTask's getTask and getTaskResult handlers not being invoked | red CI 107d, no activity | +311-167 | 107d |
Not our move (38) ⊕ ⊖
Clock is on the author or blocked externally. No action owed today.
4 auth awaiting-author (16) — Changes requested; waiting for author response.
| #1283 | evalstate | Fix/onprogress error handling | 9d since feedback | +23-1 | 120d |
| #1493 | TheodorNEngoy | hono: add maxBodyBytes guard for JSON parsing | 10d since feedback | +88-3 | 61d |
| #1496 | TheodorNEngoy | server: add maxBodyBytes guard to WebStandardStreamableHTTPServerTransport | 10d since feedback | +132-2 | 61d |
| #1500 | TheodorNEngoy | ci: retry pkg-pr-new publish on transient 5xx | 10d since feedback | +30-3 | 61d |
| #1509 | corvid-agent | fix: pass empty args to registerToolTask handler when no inputSchema | 10d since feedback | +8-3 | 59d |
| #1664 | Vadaski | fix: surface input validation errors for task-augmented tool calls | 13d since feedback | +107-0 | 29d |
| #1666 | Vadaski | fix: allow registering tools/resources/prompts after connect when capabilities pre-declared (#893) | 7d since feedback | +218-19 | 29d |
| #1669 | Vadaski | authfix: include scope parameter in OAuth authorization code token exchange | 10d since feedback | +122-6 | 29d |
| #1681 | meirk-brd | fix(server): stop replay cleanly when streamable HTTP replay stream c… | 13d since feedback | +131-23 | 26d |
| #1769 | felixweinberger | fix(server): align ProtocolError re-throw with spec error classification | 7d since feedback | +220-58 | 14d |
| #1776 | KKonstantinov | v2 remove console warns on middleware | 7d since feedback | +135-116 | 14d |
| #1813 | Aboudjem | authfix(auth): deduplicate concurrent token refresh requests | 7d since feedback | +386-0 | 12d |
| #1814 | MayCXC | authfix: async onclose, stdin EOF detection, SIGTERM in examples | 10d since feedback | +211-43 | 12d |
| #1830 | claygeo | fix(server): sanitize internal error details in tool error responses | 0d since feedback | +160-5 | 9d |
| #1862 | sid293 | authfix:close transport on connection failure | 0d since feedback | +38-11 | 1d |
| #1865 | pch007 | fix(server): handle ZodEffects in normalizeObjectSchema and getObjectShape | 0d since feedback | +246-0 | 1d |
5 auth stale-draft (12) — Draft with no activity for over a week.
| #872 | LucaButBoring | authfeat: use informative user agent in HTTP requests | draft idle 240d | +407-142 | 240d |
| #1081 | dejarp | feat: implement streaming tool calls support | draft idle 156d | +2729-67 | 156d |
| #1169 | domdomegg | fix: allow any JSON Schema type for outputSchema | draft idle 135d | +6-17 | 135d |
| #1416 | maxisbey | ci: use conformance composite action | draft idle 78d | +68-41 | 78d |
| #1554 | jonathanhefner | Update `README.md` and `docs/faq.md` to link full quickstart guides | draft idle 50d | +893-259 | 50d |
| #1624 | SamMorrowDrums | authfeat(server): OAuth scope challenge support (step-up auth) | draft idle 36d | +1243-3 | 36d |
| #1701 | felixweinberger | examples: MRTR dual-path options for 2025-11 client compat | draft idle 22d | +1727-0 | 22d |
| #1721 | pcarleton | authfix(xaa): address review nits from #1593 & use discoveryState | draft idle 20d | +55-153 | 20d |
| #1722 | pcarleton | auth[v1.x backport] SEP-990 Cross-App Access | draft idle 20d | +874-3 | 20d |
| #1786 | felixweinberger | auth[RFC] feat(server): multi-node session hydration (C# SDK parity) | draft idle 13d | +268-11 | 13d |
| #1834 | felixweinberger | fix(core): export InMemoryTransport, tighten migration docs | draft idle 8d | +71-11 | 8d |
| #1846 | felixweinberger | feat(core): add custom request/notification handler API to Protocol | draft idle 7d | +734-1 | 7d |
1 auth parked (6) — Maintainer draft >30d, intentionally shelved.
| #1292 | ochafik | feat: generate schemas from types, improve type definitions | maintainer draft, 118d | +9663-3551 | 118d |
| #1463 | mattzcarey | fix: tighten setRequestHandler types for Client and Server | maintainer draft, 65d | +44-15 | 66d |
| #1492 | ochafik | Add request/response compression support for HTTP transports | maintainer draft, 62d | +1253-10 | 62d |
| #1531 | pcarleton | authAlternative: XAA as OAuthClientProvider with Layer 2 utilities | maintainer draft, 55d | +441-140 | 56d |
| #1597 | pcarleton | examples: MRTR backwards-compatibility exploration demos | maintainer draft, 41d | +1185-0 | 41d |
| #1633 | ochafik | [SEP-2356] File input support for tools and elicitation | maintainer draft, 35d | +306-8 | 35d |
draft-active (2) — Author is still working. Fresh draft.
| #1868 | felixweinberger | feat(core): add extension() registrar for SEP-2133 capability-aware custom methods | 0d old | +640-0 | 0d |
| #1871 | felixweinberger | refactor(client,server): move stdio transports to ./stdio subpath export | 0d old | +142-26 | 0d |
bot-release (1) — Changesets 'Version Packages' — release trigger, not for triage.
| #1845 | app/github-actions | Version Packages (alpha) | release bot PR | +31-4 | 8d |
stale-draft-pinged (1) — Draft; maintainer pinged for status over a week ago with no response.
| #997 | chughtapan | SEP: Allow non-file URI schemes for Roots | pinged 189d ago | +45-3 | 189d |
Actionable vs target
↑
7.76%PRs where the ball is in our court.
Green: ≤ 25
Yellow: 26–50
Red: > 50
125of target/25
Auth
—Actionable PRs touching auth code.
Click to filter to these PRs.
No target — informational.
44of actionable/125 (35%)
Actioned (7d)
↑
100.00%Throughput: actionable→non-actionable transitions per day. A PR that cycles review→author→re-review counts each cycle. Sparkline shows daily values.
16
123 in last 30d
Merged (7d)
—PRs merged in the last 7 days — the terminal-outcome subset of Actioned. Rolling 7×24h window from last data refresh.
2
25 in last 30d
Hours to clear
↑
1.95%Estimated maintainer hours to clear all actionable PRs.
Green: < 5h
Yellow: 5–10h
Red: ≥ 10h
~36.6
1st review > 7d
—Community PRs past 7 days with no maintainer review — across all pressing states, not just the first-review bucket.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
53
of 63 eligible
Re-review > 24h
—PRs where the author acted (pushed/commented) after our review, past 24h — across all pressing states.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
23
of 23 eligible
Maintainer > 24h
—PRs from maintainers past 24 hours — across all pressing states. A maintainer PR in a cluster still counts.
Click to filter to these PRs.
Green: 0–1
Yellow: 2–3
Red: ≥ 4
5
of 6 eligible
Stats — volume, timing, size distribution
Volume
Open PRs
↑
7.10%166
Draft PRs
—29
Opened
—25
last 7 days
Opened
—120
last 30 days
Opened
—463
last 90 days
Merged
—2
last 7 days
Merged
—25
last 30 days
Merged
—148
last 90 days
Closed Unmerged
—229
last 90 days
Time to First Review
Average
—3d
Median
—3h
P90
—6d
P95
—11d
Merge Time
Average
—3d
Median
↓
5.00%4h
PR Size Distribution
Open PRs by lines changed
Small
—69
<100 lines
Medium
—69
100-500 lines
Large
—28
>500 lines
Breakdown by tier
| Tier | Count | Auth | Maint. | ~Time |
|---|---|---|---|---|
| 1 — We're blocking someone | 19 | 6 | 3 | 4.8h |
| 2 — High leverage | 20 | 8 | 3 | 4.2h |
| 3 — Intake | 53 | 21 | 0 | 26.5h |
| 4 — Hygiene | 18 | 6 | 3 | 51m |
| 5 — Close candidates | 15 | 3 | 0 | 15m |
| total actionable | 125 | 44 | 9 | 36.6h |
| not our move | 27 | — | — | — |
We're blocking someone (19) ⊕ ⊖
Author did what we asked and is waiting on us. Longest-waiting first.
9 SLA2 auth author-pinged-after-procedural (9) — Author addressed maintainer feedback and pinged — awaiting response.
| #1440 | ChenyangLi4288 | re-reviewFixes protocol compliance gap described in issue #1419 | author pinged @felixweinberger 136d ago | +34-1 | 184d |
| #1486 | daamitt | re-reviewfeat: Add support for specifying NotificationOptions | author pinged @maxisbey, @felixweinberger 145d ago | +16-4 | 176d |
| #1578 | gyang-xai | re-reviewFix issue where client tool call hangs forever if server crashes or connection dies when using streamable-http | author pinged @maxisbey 107d ago | +332-44 | 156d |
| #1709 | dgenio | re-reviewfeat: Add LLM provider adapter documentation and examp | author pinged @felixweinberger 40d ago | +1745-0 | 129d |
| #1810 | punitmahes | re-reviewauthfeat(cmid-server): Implement Server-Side Support for Client ID Metadata Documents (CIMD) | author pinged @maxisbey 36d ago | +189-1 | 110d |
| #1856 | codefromthecrypt | re-reviewfix: suppress GeneratorExit during client cleanup | author pinged @Kludex 65d ago | +180-13 | 85d |
| #2077 | mrutunjay-kinagi | re-reviewauthfix(auth): forward user-agent to oauth flow requests | author pinged @maxisbey 16d ago | +104-3 | 51d |
| #2099 | dgenio | re-reviewfeat: expand InitializationState with explicit lifecycle state machine | author pinged @maxisbey 40d ago | +421-9 | 49d |
| #2124 | gspeter-max | re-reviewfix(client): propagate HTTP transport exceptions to caller | author pinged @maxisbey, @felixweinberger, @Kludex 47d ago | +81-31 | 47d |
7 SLA3 auth needs-re-review (7) — Author pushed changes after review feedback — needs re-review.
| #1436 | yarnabrina | re-review[DOC] simple mcp client with sampling capability | author pushed after CHANGES_REQUESTED (104d waiting) | +1204-645 | 185d |
| #1516 | stvnksslr | re-reviewdocs(instructions): | author pushed after CHANGES_REQUESTED (156d waiting) | +161-0 | 165d |
| #1550 | vincent0426 | re-reviewfeat: Implement SEP-986: Tool Name Guidance | author pushed after CHANGES_REQUESTED (146d waiting) | +27-2 | 161d |
| #1721 | BinoyOza-okta | re-reviewauthImplement SEP-990 Enterprise Managed OAuth | author pushed after CHANGES_REQUESTED (15d waiting) | +2988-3 | 126d |
| #2039 | wdawson | re-reviewauthSEP-2207: Refresh token guidance | push after approval (1 commits, 10d waiting) | +392-17 | 57d |
| #2119 | jonathanhefner | re-reviewauthType-check docstring code examples via companion files and unified sync script | author pushed after CHANGES_REQUESTED (44d waiting) | +1306-270 | 48d |
| #2198 | Varun6578 | re-reviewfix: prevent tool exceptions from leaking internal details to client | author pushed after CHANGES_REQUESTED (34d waiting) | +53-11 | 38d |
2 SLA1 auth maintainer-intake (3) — Maintainer-authored PR awaiting review from another maintainer.
| #2008 | Kludex | maintainerdocs: restructure documentation with quickstart, concepts, and new nav | 61d, no maintainer has looked yet | +390-135 | 62d |
| #2404 | felixweinberger | maintainerauthfix(auth): coerce empty-string optional URL fields to None in OAuthClientMetadata | 1d, no maintainer has looked yet | +92-1 | 1d |
| #2413 | maxisbey | docs: modernize development guidelines and rename to AGENTS.md | 0d, no maintainer has looked yet | +139-175 | 0d |
High leverage (20) ⊕ ⊖
One decision unblocks or closes multiple things.
8 SLA8 auth duplicate-cluster (11 clusters, 25 PRs) — Multiple PRs address the same issue — one will be picked, others closed as duplicates.
Issue #1257 — 2 PRs ⭐ #2190 (Both PRs have unknown CI status. Neither is confirmed to include tests. Falling back to diff size and age: #2190 touches 1 file versus #2371's 2 files, making it the smaller, more focused change. #2190 is also the older PR (lower number). #2371's Windows-specific framing in its title suggests it may scope the fix narrowly to one platform, while #2190's title ("remove shell=True from subprocess calls") implies a straightforward removal applied uniformly. On the two concrete tiebreakers available — smallest focused diff and oldest — #2190 wins both.)
| #2190 | Br1an67 | 1st-reviewfix: remove shell=True from subprocess calls in mcp dev | cluster primary for issue #1257 (2 PRs) | +3-5 | 39d |
| #2371 | raashish1601 | Avoid shell=True when launching mcp dev inspector on Windows | shares linked issue #1257 with #2190 | +71-24 | 12d |
Issue #1401 — 2 PRs ⭐ #2374 (Both PRs have unknown CI status and neither is documented as including tests, so the tiebreaker is diff size. #2374 touches 2 files versus #2122's 3 files, making it the smaller, more focused change. On approach: #2374 fixes the silent-swallow directly in the default message_handler — a minimal, targeted intervention. #2122's SSE stream error propagation spans more files, which increases review surface and merge-conflict risk. Given equivalent CI/test standing, the narrower diff in #2374 is preferred per the stated criteria.)
| #2122 | heyhayes | fix: propagate SSE stream errors to waiting requests | shares issue #1401; #2374 is the pick | +115-16 | 47d |
| #2374 | Aboudjem | 1st-reviewauthfix(session): log exceptions in default message_handler instead of silently swallowing | [llm pick] cluster primary for issue #1401: Both PRs have unknown CI status and neither is documented as including tests, so the tiebreaker is diff size. #2374 touches 2 files versus #2122's 3 files, making it the smaller, more focused change. On approach: #2374 fixes the silent-swallow directly in the default message_handler — a minimal, targeted intervention. #2122's SSE stream error propagation spans more files, which increases review surface and merge-conflict risk. Given equivalent CI/test standing, the narrower diff in #2374 is preferred per the stated criteria. | +141-0 | 12d |
Issue #1811 — 2 PRs ⭐ #1838 (Both PRs report unknown CI status and touch the same number of files (2), so no distinction can be drawn on CI or diff size from the available metadata. PR #1838 is the older of the two (lower PR number), which is the stated tiebreaker when CI, test coverage, and diff size are equivalent. The title of #1838 ("without resumption token") is more precise about the exact condition being fixed, while #1949's broader phrasing ("without response") may indicate scope creep or overlap with other logic — but this cannot be verified without diff access. On the stated preference order, oldest wins.)
| #1838 | jayhemnani9910 | 1st-reviewauthfix: send error on SSE disconnect without resumption token | cluster primary for issue #1811 (2 PRs) | +83-1 | 93d |
| #1949 | skyvanguard | fix: send error to client when SSE stream disconnects without response | shares linked issue #1811 with #1838 | +196-2 | 75d |
Issue #1919 — 2 PRs ⭐ #1938 (Both PRs have unknown CI and neither's test coverage is confirmable from metadata alone. Falling to the remaining tiebreakers: #1938 touches 4 files versus #2019's 5, giving it a smaller, more focused diff; and #1938 is the older PR. Both tiebreakers favor #1938. Additionally, its title scope ("URL fields", plural) suggests it addresses the problem more broadly than #2019's single-field fix ("issuer URL"), which may leave other affected fields unfixed.)
| #1938 | maxisbey | maintainerauthfix: strip trailing slashes from OAuth metadata URL fields | cluster primary for issue #1919 (2 PRs) | +28-10 | 76d |
| #2019 | BabyChrist666 | authfix: strip trailing slash from issuer URL in OAuth metadata serialization | shares linked issue #1919 with #1938 | +111-11 | 60d |
Issue #1933 — 2 PRs ⭐ #2391 (Both PRs address the same issue and both have unknown CI status. The deciding factor is diff size: #2391 touches 1 file versus #2040's 2 files, making it the more focused fix. A smaller surface area reduces the chance of unintended side effects. #2040 is older (lower PR number), but smallest focused diff ranks above age in the selection criteria.)
| #2040 | adityuhkapoor | fix: prevent stdio_server from closing process stdio handles | shares issue #1933; #2391 is the pick | +66-10 | 57d |
| #2391 | 717986230 | Fix #1933: Prevent closing real stdio when server exits | [llm pick] cluster primary for issue #1933: Both PRs address the same issue and both have unknown CI status. The deciding factor is diff size: #2391 touches 1 file versus #2040's 2 files, making it the more focused fix. A smaller surface area reduces the chance of unintended side effects. #2040 is older (lower PR number), but smallest focused diff ranks above age in the selection criteria. | +36-17 | 6d |
Issue #2216 — 4 PRs ⭐ #2224 (All four PRs have unknown CI status. #2301 is eliminated first: 5 files changed and its approach (removing the scope check from the authorize handler) is a broader restructure rather than a targeted fix to validate_scope. #2403 is next out at 3 files. #2224 and #2368 are tied on size (2 files each) with equivalent approaches—both fix validate_scope to treat a None registered-scopes value as meaning no restriction. The tiebreaker is age: #2224 is the oldest of the two (lower PR number), so it gets the nod per the stated preference.)
| #2224 | shivama205 | 1st-reviewauthfix: validate_scope treats None registered scopes as no restrictions | cluster primary for issue #2216 (4 PRs) | +45-4 | 35d |
| #2301 | maxisbey | authfix: remove scope registration check from authorize handler | shares linked issue #2216 with #2224 | +37-56 | 24d |
| #2368 | IgnazioDS | authfix: handle None required_scopes in validate_scope | shares linked issue #2216 with #2224 | +50-4 | 12d |
| #2403 | enjoykumawat | authfix: validate_scope allows any scope when client has no registered scope restriction | shares linked issue #2216 with #2224 | +48-8 | 2d |
Issue #226 — 2 PRs ⭐ #2295 (Both PRs have unknown CI status. Neither has a confirmed test file advantage — #2295 changes 2 files and #2390 changes 3 files, but the extra file in #2390 cannot be confirmed as a test without inspecting the diff. Falling through to the remaining tiebreakers — smallest focused diff and oldest — #2295 wins both: it touches fewer files (2 vs 3), indicating a tighter, more targeted change, and it was opened first (PR #2295 predates #2390 by ~95 PR numbers). If the third file in #2390 is confirmed to be a test, that finding would override this recommendation.)
| #2295 | ameenalkhaldi | 1st-reviewfeat: extract parameter descriptions from docstrings into tool JSON schemas | cluster primary for issue #226 (2 PRs) | +248-0 | 25d |
| #2390 | Thibbeer | feat: extract parameter descriptions from docstrings into JSON schema | shares linked issue #226 with #2295 | +337-0 | 6d |
Issue #2393 — 3 PRs ⭐ #2397 (CI is unknown for all three PRs. No test coverage data is available from the stated file counts alone. Falling back to diff size: #2397 touches 1 file versus 2 files each for #2395 and #2398, making it the most focused change. Among the two 2-file PRs, #2395 is older, but #2397's smaller footprint takes priority under the stated tiebreaker order (smallest focused diff beats oldest). Without diff content or CI results, #2397's reduced surface area carries the least merge-conflict risk and is easiest to review.)
| #2395 | Dharit13 | Fix infinite reconnection loop in StreamableHTTP client | shares issue #2393; #2397 is the pick | +62-9 | 4d |
| #2397 | Christian-Sidak | Fix infinite retry loop in _handle_reconnection | [llm pick] cluster primary for issue #2393: CI is unknown for all three PRs. No test coverage data is available from the stated file counts alone. Falling back to diff size: #2397 touches 1 file versus 2 files each for #2395 and #2398, making it the most focused change. Among the two 2-file PRs, #2395 is older, but #2397's smaller footprint takes priority under the stated tiebreaker order (smallest focused diff beats oldest). Without diff content or CI results, #2397's reduced surface area carries the least merge-conflict risk and is easiest to review. | +2-2 | 4d |
| #2398 | chernistry | fix: prevent infinite retry loop in StreamableHTTP client reconnection | shares linked issue #2393 with #2395 | +90-4 | 3d |
Issue #397 — 2 PRs ⭐ #2366 (CI is unknown for both PRs. Test coverage cannot be determined from available metadata. Falling back to diff size: #2366 touches 2 files versus #1907's 3 files, making it the smaller, more focused change. A tighter diff reduces review surface and lowers the risk of unintended side effects when fixing a spec-compliance issue.)
| #1907 | akshay-kumar-bm | fix: Make context logging functions spec-compliant - Fixes #397 | shares issue #397; #2366 is the pick | +91-7 | 82d |
| #2366 | paikend | 1st-reviewfix: align Context logging methods with MCP spec data type | [llm pick] cluster primary for issue #397: CI is unknown for both PRs. Test coverage cannot be determined from available metadata. Falling back to diff size: #2366 touches 2 files versus #1907's 3 files, making it the smaller, more focused change. A tighter diff reduces review surface and lowers the risk of unintended side effects when fixing a spec-compliance issue. | +25-41 | 13d |
Semantic: BrokenResourceError not caught in stdio client shutdown path — both PRs make the identical src/mcp/client/stdio.py change, adding anyio.BrokenResourceError alongside anyio.ClosedResourceError in the except clauses of stdout_reader and stdin_writer. (2 PRs) — 2 PRs ⭐ #2268 (PR #2268 and #2143 are byte-for-byte identical on the src/mcp/client/stdio.py diff. They diverge only in their test files (index 08c233b2e vs 2439d1825). #2268's title explicitly names the root cause ('race condition during shutdown'), which is more precise than #2143's 'shutdown path'. If #2268's tests cover the race condition more thoroughly, it is the stronger candidate; #2143 can be closed as a duplicate.)
| #2143 | aframedelta | Handle BrokenResourceError in stdio client shutdown path | [llm] duplicates #2268: BrokenResourceError not caught in stdio client shutdown path — both PRs make the identical src/mcp/client/stdio.py change, adding anyio.BrokenResourceError alongside anyio.ClosedResourceError in the except clauses of stdout_reader and stdin_writer. | +16-2 | 44d |
| #2268 | weiguangli-io | 1st-reviewFix stdio_client BrokenResourceError race condition during shutdown | [llm] cluster primary: BrokenResourceError not caught in stdio client shutdown path — both PRs make the identical src/mcp/client/stdio.py change, adding anyio.BrokenResourceError alongside anyio.ClosedResourceError in the except clauses of stdout_reader and stdin_writer. (2 PRs) | +40-2 | 30d |
Semantic: Both PRs add CLI flag reference documentation for the same three `mcp` subcommands (`mcp run`, `mcp dev`, `mcp install`) to README.v2.md, covering the same flags (`--transport`, `--with-editable`, `--with`, `--name`). (2 PRs) — 2 PRs ⭐ #2409 (PR #2409 is more complete: it adds a TOC entry (`CLI Reference`), uses a richer table schema (includes a Type column), and organizes content under proper `####`-level subsections with file_spec signatures. PR #2192 uses ad-hoc bold headers without TOC integration and omits the Type column. Both cover the same commands and flags, so #2192 would be fully superseded by #2409.)
| #2192 | Br1an67 | docs: add CLI command flags reference to README | [llm] duplicates #2409: Both PRs add CLI flag reference documentation for the same three `mcp` subcommands (`mcp run`, `mcp dev`, `mcp install`) to README.v2.md, covering the same flags (`--transport`, `--with-editable`, `--with`, `--name`). | +46-0 | 39d |
| #2409 | RudrenduPaul | docs: add CLI reference table for mcp dev/run/install flags | [llm] cluster primary: Both PRs add CLI flag reference documentation for the same three `mcp` subcommands (`mcp run`, `mcp dev`, `mcp install`) to README.v2.md, covering the same flags (`--transport`, `--with-editable`, `--with`, `--name`). (2 PRs) | +38-0 | 1d |
8 SLA3 auth needs-decision (8) — Maintainer discussed but hasn't approved or requested changes yet.
| #2096 | localden | maintainerauthFix the session binding logic for tasks. | maintainer COMMENTED but took no stance | +681-247 | 50d |
| #1397 | samchenatti | re-reviewValidate metadata keys | 2 maintainer comments, zero reviews | +110-1 | 197d |
| #1439 | beaterblank | re-reviewEnhanced ResourceTemplate URI matching and type handling logic. | maintainer COMMENTED but took no stance | +2350-66 | 185d |
| #1517 | yukuanj | re-reviewauthAdd resource_owner field to AuthorizationCode and AccessToken classes | maintainer COMMENTED but took no stance | +9-0 | 165d |
| #1825 | Ilan-kayesar | re-reviewAdded descriptions for arguments taken from docstring | maintainer COMMENTED but took no stance | +253-8 | 96d |
| #2075 | BabyChrist666 | re-reviewReject JSON-RPC requests with null id instead of misclassifying as notifications | maintainer COMMENTED but took no stance | +60-1 | 51d |
| #2117 | sreenithi | re-reviewauthPluggable Transport Abstractions for Client and Shared sessions | maintainer COMMENTED but took no stance | +837-83 | 48d |
| #2342 | perhapzz | re-reviewtest: convert context_aware_server to in-process threads for coverage | maintainer COMMENTED but took no stance | +41-18 | 16d |
1 SLA1 auth backport-follows-primary (1) — v1.x sibling of a main-branch PR. Review together — backport diff is usually mechanical.
| #2405 | felixweinberger | maintainerauth[v1.x] fix(auth): coerce empty-string optional URL fields to None in OAuthClientMetadata | follows #2404 | +92-1 | 1d |
Intake (53) ⊕ ⊖
PRs not yet reviewed by a maintainer. Oldest first.
46 SLA21 auth needs-first-review (53) — Not yet reviewed by a maintainer.
| #1531 | vincent0426 | 1st-reviewauthfix: Add accept json headers for token request | 163d | +10-2 | 163d |
| #1566 | bjoaquinc | 1st-reviewtest: update SSE tests to use StreamingASGITransport instead of uvicorn for server testing | 157d | +366-367 | 157d |
| #1582 | vincent0426 | 1st-reviewfix: Raise resource not found error | 155d | +50-10 | 155d |
| #1597 | bjoaquinc | 1st-reviewauthfix: validate PRM resource field per RFC 9728 Section 3.3 | 151d | +62-5 | 151d |
| #1611 | kylestratis | 1st-reviewClient notification support | 150d | +889-4 | 150d |
| #1666 | matthew-gries | 1st-reviewfix: Fix logic that determines standard resource vs. resource template to account for context param (#1635) | 136d | +280-58 | 136d |
| #1674 | AydarAkhmetzyanov | 1st-reviewRace condition in streamable http | 134d | +73-2 | 134d |
| #1697 | dgenio | 1st-reviewdocs: clarify Streamable HTTP stateless mode semantics and usage | 132d | +149-1 | 132d |
| #1807 | sesajad | 1st-reviewMake `errlog` optional in `stdio_client` and update default to `None` | 111d | +73-2 | 111d |
| #1812 | ivanbelenky | 1st-reviewfix: `handle_sse_response` causing dangling client's read_stream | 110d | +20-1 | 110d |
| #1817 | challenger71498 | 1st-reviewauthfix: cleanup resources properly on `BaseSession::_receive_loop` cleanup | 105d | +89-11 | 105d |
| #1818 | jayhemnani9910 | 1st-reviewauthfix: auto-reinitialize client session on HTTP 404 | 100d | +671-9 | 100d |
| #1824 | hanzili | 1st-reviewAdd custom content support to ToolError for isError responses | 96d | +269-1 | 96d |
| #1846 | jayhemnani9910 | 1st-reviewauthfix: respect token_endpoint_auth_method=none when client_secret exists | 90d | +72-3 | 90d |
| #1847 | challenger71498 | 1st-reviewauthfeat: fully support Basic Authorization header at token request | 88d | +148-58 | 88d |
| #1849 | newbiehwang | 1st-reviewauthFix: Raise RuntimeError when ClientSession is used without context manager to prevent hangs | 88d | +40-0 | 88d |
| #1943 | sicoyle | 1st-reviewfix: prevent silent failure on GET stream so clients don't hang | 76d | +185-2 | 76d |
| #2032 | adityuhkapoor | 1st-reviewfix: skip JSON pre-parsing for str union annotations in pre_parse_json | 58d | +38-1 | 58d |
| #2041 | BryceEWatson | 1st-reviewauthfeat: expose progress_callback in ServerSession methods | 57d | +144-1 | 57d |
| #2065 | IT-HONGREAT | 1st-reviewauthfeat: add auth parameter to ClientSessionGroup server parameters | 54d | +107-1 | 54d |
| #2078 | BabyChrist666 | 1st-reviewauthfix: restore eager OAuth discovery to avoid slow unauthenticated roundtrip | 51d | +303-99 | 51d |
| #2093 | aabmass | 1st-reviewOpenTelemetry inject trace context propagation in `_meta` | 50d | +544-102 | 50d |
| #2147 | akshan-main | 1st-reviewshutdown CPU busy-loop in HTTP/SSE transports | 43d | +156-18 | 43d |
| #2187 | Br1an67 | 1st-reviewfix: preserve notification metadata when related_request_id is 0 | 39d | +43-1 | 39d |
| #2191 | Br1an67 | 1st-reviewauthfix: reject unsupported HTTP methods early in session manager | 39d | +88-0 | 39d |
| #2193 | harsh543 | 1st-reviewauthfeat(auth): add Authlib-backed OAuth adapter (related to #1240) | 39d | +1011-2 | 39d |
| #2196 | Varun6578 | 1st-reviewauthfix: only retry 403 responses for insufficient_scope error | 39d | +53-5 | 38d |
| #2207 | weiguangli-io | 1st-reviewauthfix: pass related_request_id in Context.report_progress() | 36d | +51-3 | 36d |
| #2209 | shivama205 | 1st-reviewauthfeat: add subject and claims fields to AccessToken | 36d | +127-1 | 36d |
| #2243 | Varun6578 | 1st-reviewfix: preserve API gateway path prefix in SSE client URL resolution | 34d | +134-3 | 34d |
| #2261 | namabile | 1st-reviewauthfix: include "none" in token_endpoint_auth_methods_supported metadata | 31d | +9-5 | 31d |
| #2271 | oedokumaci | 1st-reviewauthfix(oauth): preserve existing refresh_token when refresh response omits it | 29d | +116-1 | 29d |
| #2281 | omar-y-abdi | 1st-reviewAdd client callbacks for list_changed notifications | 29d | +179-4 | 29d |
| #2296 | ameenalkhaldi | 1st-reviewdocs: add environment variables guide | 25d | +124-0 | 25d |
| #2321 | goingforstudying-ctrl | 1st-reviewauthfeat: Add protocol_version parameter to ClientSession | 20d | +122-1 | 20d |
| #2335 | rgoldstein1989 | 1st-reviewfeat: add remove_prompt(), remove_resource(), and remove_resource_template() | 18d | +242-1 | 18d |
| #2341 | perhapzz | 1st-reviewtest: replace subprocess servers with in-process threaded servers for coverage tracking | 16d | +459-182 | 16d |
| #2343 | mangelajo | 1st-reviewExpose optional stdin/stdout on MCPServer stdio entrypoints | 15d | +76-5 | 16d |
| #2347 | YouFoxGirl | 1st-reviewFix AttributeError when tool fields are None in OpenAI Agents SDK instrumentation (#1285) | 15d | +701-0 | 15d |
| #2352 | perhapzz | 1st-reviewrefactor: decompose func_metadata() into smaller focused helpers | 15d | +153-76 | 15d |
| #2357 | BlocksecPHD | 1st-reviewfix(streamable-http): reduce stateless termination log noise | 14d | +44-1 | 14d |
| #2360 | app/dependabot | 1st-reviewchore(deps): bump the github-actions group across 1 directory with 7 updates | 13d | +25-25 | 13d |
| #2361 | 4444J99 | 1st-reviewfix: accept single supported content type in SSE mode Accept header | 13d | +34-13 | 13d |
| #2362 | raashish1601 | 1st-reviewauthfix: terminate active streamable http sessions on shutdown | 13d | +68-2 | 13d |
| #2365 | raashish1601 | 1st-reviewfix: make Windows stdio pywin32 optional | 13d | +117-15 | 13d |
| #2377 | guoyangzhen | 1st-reviewfix: allow custom Content-Type header in StreamableHTTPTransport | 11d | +10-2 | 11d |
| #2394 | verdie-g | feat: implement OTEL mcp.server.* metrics | 4d | +1116-751 | 4d |
| #2402 | Maanik23 | feat: parse Google-style docstrings to populate tool parameter descriptions | 2d | +441-1 | 2d |
| #2406 | app/dependabot | chore(deps): bump cryptography from 46.0.5 to 46.0.7 in the uv group across 1 directory | 1d | +51-51 | 1d |
| #2407 | dgenio | authfeat: add public setter methods for ClientSession callbacks | 1d | +177-1 | 1d |
| #2410 | RudrenduPaul | fix: allow integer file descriptors for errlog in stdio_client | 1d | +13-5 | 1d |
| #2411 | Smeet23 | authfix(session): return INVALID_REQUEST error instead of crashing on pre-init requests | 1d | +74-2 | 0d |
| #2414 | mplemay | feat: add resource seeding to mcpserver | 0d | +72-3 | 0d |
Hygiene (18) ⊕ ⊖
Batchable procedural ops — pings, rebases, peer reviews.
1 auth stale-awaiting-author (6) — Changes requested over two weeks ago with no author response.
| #2175 | Kludex | Return `CallToolResult` from `convert_result` instead of a tuple | 39d since feedback | +14-27 | 40d |
| #1638 | calvingiles | Add support for _meta attributes in resource contents | CI ping 140d ago, no fix | +426-4 | 143d |
| #1851 | domdomegg | chore: update licensing to Apache 2.0 for new contributions | 64d since feedback | +203-8 | 87d |
| #2020 | BabyChrist666 | feat: support stderr logging in Jupyter notebook environments | author self-diagnosed CI 52d ago, never fixed | +285-10 | 60d |
| #2146 | BabyChrist666 | feat: public API for runtime handler registration/deregistration | author self-diagnosed CI 20d ago, never fixed | +187-26 | 43d |
| #2253 | weiguangli-io | authfix: terminate active StreamableHTTP sessions during shutdown | author self-diagnosed CI 30d ago, never fixed | +14-0 | 31d |
approved-rotted (1) — Was approved, now conflicting. Rebase or ask author.
| #1872 | DePasqualeOrg | fix: correct unknown tool/prompt/resource error handling | approved 27d ago, now conflicting | +63-35 | 84d |
5 auth ci-red-silent (11) — CI failing, not yet flagged to the author.
| #2339 | maxisbey | authchore: enforce type annotations on all functions via ruff ANN rules | red CI 16d | +162-121 | 16d |
| #2387 | Kludex | Add richer OTel MCP span attributes | red CI 7d | +196-17 | 7d |
| #2327 | mrutunjay-kinagi | authfeat(client): add explicit session_id support for Streamable HTTP resumption | red CI 19d | +244-8 | 19d |
| #2348 | ShashankGupta28 | Fix documentation related to Quickstart | red CI 15d | +7-7 | 15d |
| #2353 | sebastiondev | fix: reject URL-encoded path separators in resource template parameters | red CI 14d | +21-1 | 14d |
| #2363 | raashish1601 | authFix stale auth context in stateful StreamableHTTP sessions | red CI 13d | +307-49 | 13d |
| #2369 | raashish1601 | Add stdio regression test for raw invalid UTF-8 tool arguments | red CI 12d | +127-0 | 12d |
| #2372 | raashish1601 | Return METHOD_NOT_FOUND for invalid request methods | red CI 12d | +70-2 | 12d |
| #2373 | chasewhughes | authfix(auth): respect explicitly-set client_metadata.scope during discovery | red CI 12d | +143-5 | 12d |
| #2401 | enjoykumawat | authfix: prefix auth routes with issuer_url base path for gateway deployments | red CI 2d | +62-6 | 2d |
| #2415 | mplemay | refactor: make tool registration object-based | red CI 0d | +199-148 | 0d |
Close candidates (15) ⊕ ⊖
Likely to be closed — inactive, stale, or needing more context. Reviewed before closing.
3 auth stale-ci-abandoned (15) — CI has been failing for over a month with no activity.
| #1570 | carlosemart | Disable logs reconfigure on startup | red CI 157d, no activity | +45-7 | 156d |
| #1608 | cbcoutinho | authfeat: propagate session_id from transport to tool context | red CI 150d, no activity | +330-1 | 150d |
| #1647 | FanisPapakonstantinou | Improve exception handling for ClientDisconnect errors | red CI 140d, no activity | +10-1 | 140d |
| #1712 | vemonet | Add working example to easily integrate a FastMCP endpoint to a FastAPI app (which is not trivial) | red CI 129d, no activity | +128-6 | 129d |
| #1784 | keurcien | authFix `token_expiry_time` upon context initialization for stored tokens. | red CI 118d, no activity | +109-0 | 118d |
| #1934 | williamomeara | authFix RFC 8252 Section 7.3 compliance for loopback redirect URIs | red CI 77d, no activity | +229-4 | 77d |
| #1947 | skyvanguard | fix: handle ClientDisconnect gracefully instead of returning HTTP 500 | red CI 75d, no activity | +245-49 | 76d |
| #2004 | SimonZehetner | fix: Remove logging initialization from `MCPServer.__init__` | red CI 62d, no activity | +1-28 | 62d |
| #2042 | hashwnath | fix: handle callable class instances in find_context_parameter() | red CI 57d, no activity | +61-1 | 57d |
| #2145 | wiggzz | Fix stateless HTTP task accumulation causing memory leak | red CI 43d, no activity | +296-20 | 43d |
| #2180 | dgenio | fix: add SSRF redirect protection to httpx client factory | red CI 40d, no activity | +266-2 | 40d |
| #2199 | Varun6578 | fix: handle HTTP 4xx/5xx gracefully in StreamableHTTP transport | red CI 38d, no activity | +133-5 | 38d |
| #2215 | yaowubarbara | fix(stdio): allow configurable memory stream buffer size | red CI 35d, no activity | +85-3 | 35d |
| #2245 | Varun6578 | fix: collapse single-exception ExceptionGroups from task groups | red CI 34d, no activity | +333-23 | 34d |
| #2252 | BabyChrist666 | refactor: consistent raise-based error handling in MCPServer handlers | red CI 32d, no activity | +227-25 | 32d |
Not our move (27) ⊕ ⊖
Clock is on the author or blocked externally. No action owed today.
6 auth stale-draft (14) — Draft with no activity for over a week.
| #1800 | the-ayyi | Add propagate_through_tool_handlers attribute to McpError for protocol flow control | draft idle 113d | +194-8 | 112d |
| #1998 | bgaidioz | authFix: Refresh auth context per Streamable HTTP request | draft idle 63d | +196-0 | 63d |
| #2130 | jonathanhefner | authImport "Build an LLM-powered chatbot" quickstart guide | draft idle 45d | +2024-268 | 45d |
| #2132 | aabmass | OpenTelemetry MCP client spans | draft idle 45d | +1612-118 | 45d |
| #2133 | aabmass | OpenTelemetry extract trace context from `_meta` in incoming requests | draft idle 45d | +814-114 | 45d |
| #2138 | jonathanhefner | authImport "Build a weather server" quickstart guide | draft idle 44d | +2600-268 | 44d |
| #2139 | jonathanhefner | authReplace Claude for Desktop with VS Code + Copilot in server quickstart | draft idle 44d | +2514-268 | 44d |
| #2320 | maxisbey | Extract JSON-RPC wrapping into a Dispatcher component | draft idle 20d | +523-223 | 20d |
| #2322 | maxisbey | draft: MRTR (SEP-2322) lowlevel plumbing + handler-shape comparison | draft idle 20d | +2609-14 | 20d |
| #2336 | maxisbey | authfeat(auth): add BearerAuth for minimal bearer-token authentication | draft idle 16d | +829-10 | 16d |
| #2340 | maxisbey | fix: propagate pre-endpoint errors in sse_client instead of deadlocking | draft idle 16d | +119-9 | 16d |
| #2344 | pja-ant | fix(server): return -32602 for resource not found (SEP-2164) | draft idle 15d | +17-5 | 15d |
| #2346 | maxisbey | authfeat: add MCP_HIDE_INPUT_IN_ERRORS env var to redact payloads from validation errors | draft idle 15d | +75-3 | 15d |
| #2356 | maxisbey | feat: RFC 6570 URI templates with operator-aware security | draft idle 14d | +3093-38 | 14d |
3 auth parked (7) — Maintainer draft >30d, intentionally shelved.
| #1855 | pcarleton | authAdd conformance auth server for OAuth server authentication testing | maintainer draft, 85d | +302-0 | 86d |
| #1921 | maxisbey | ci: use conformance repo's composite GitHub Action | maintainer draft, 78d | +25-40 | 78d |
| #1999 | pcarleton | authfix: pass new conformance auth scenarios, bump to 0.1.13 | maintainer draft, 63d | +137-4 | 63d |
| #2217 | ochafik | [SEP-2356] File input support for tools and elicitation | maintainer draft, 35d | +174-0 | 35d |
| #2238 | maxisbey | authTruncate untrusted peer-controlled values before logging/raising | maintainer draft, 34d | +41-38 | 34d |
| #2263 | maxisbey | fix: eliminate test port allocation race by running uvicorn in-thread | maintainer draft, 30d | +152-279 | 30d |
| #2264 | maxisbey | tests: eliminate port-allocation races in SSE/StreamableHTTP tests | maintainer draft, 30d | +647-1119 | 30d |
1 auth stale-draft-pinged (4) — Draft; maintainer pinged for status over a week ago with no response.
| #946 | agronholm | Improved Trio support | pinged 195d ago | +125-138 | 302d |
| #1222 | wenxuwan | fix: Handle SSE Disconnects Properly When use starlette middleware | pinged 192d ago | +26-20 | 252d |
| #1395 | Bumshakalaka | authfix: update response status code for invalid session ID in HTTPSessionManger | pinged 191d ago | +2-1 | 197d |
| #2029 | Ashutosh0x | fix: use ASGI callable for SSE endpoint to avoid BaseHTTPMiddleware AssertionError (#883) | pinged 57d ago | +108-8 | 58d |
draft-active (1) — Author is still working. Fresh draft.
| #2388 | Kludex | Add MCP proxy helper | 6d old | +699-12 | 6d |
bot-release (1) — Changesets 'Version Packages' — release trigger, not for triage.
| #2043 | app/github-actions | chore: weekly dependency update | release bot PR | +910-763 | 57d |
Volume
Open PRs
↑
25.00%40
Draft PRs
—9
Opened
—11
last 7 days
Opened
—58
last 30 days
Opened
—271
last 90 days
Merged
—6
last 7 days
Merged
—31
last 30 days
Merged
—194
last 90 days
Closed Unmerged
—48
last 90 days
Time to First Review
Average
—1d
Median
—2h
P90
—3d
P95
—5d
Merge Time
Average
—3d
Median
↑
0.53%19h
PRs Needing Maintainer Review
Open PRs with no maintainer review (excludes drafts from counts)
No Maintainer Review
↑
120.00%11
>24 hours
No Maintainer Review
—7
>7 days
PRs Awaiting Maintainer Review
Sorted by longest wait time first
| PR | Title | Author | Size | Reviews | Waiting |
|---|---|---|---|---|---|
| #1120 (draft) | WIP: Reduce copies, eliminate a lot of UTF-16 transcoding | Tyler-IN | +2145 -425 | 1 | 106d |
| #1238 | ClientOAuthProvider.Scopes have priority again (#1236) | halllo | +45 -3 | 0 | 66d |
| #1367 | Mcp.core.distributed | xiangyan99 | +4033 -1 | 2 | 44d |
| #1393 (draft) | ProtectedMcpServer: enforce per-user concurrent tool-call limit with `PartitionedRateLimiter` in call-tool filter | copilot-swe-agent | +35 -1 | 0 | 42d |
| #1423 | Augment conceptual docs with Docker-based MCP server deployment guidance | john-mckillip | +224 -94 | 0 | 29d |
| #1444 | fix: propagate auth errors (401/403) immediately instead of falling b… | xue-cai | +72 -1 | 0 | 24d |
| #1474 | Implement authorization server binding and credential isolation (MCP SEP-2352) | copilot-swe-agent | +376 -3 | 0 | 11d |
| #1484 (draft) | Add MCP Apps extension support (typed metadata, attribute, and helpers) | copilot-swe-agent | +893 -4 | 0 | 9d |
| #1496 | feature: Added configurable token endpoint auth method selection | RobotechUSA | +26 -1 | 0 | 7d |
| #1495 | Fix flaky DiagnosticTests.Session_TracksActivities by waiting for full server activity predicate | copilot-swe-agent | +28 -13 | 0 | 7d |
| #1501 | Add HTTP call completion logging for exceptions and non-success status codes | copilot-swe-agent | +86 -8 | 0 | 6d |
| #1500 | Bump the npm_and_yarn group across 1 directory with 5 updates | dependabot | +19 -19 | 0 | 6d |
| #1499 (draft) | Fix McpTask double-wrapping when tool returns its own task | copilot-swe-agent | +150 -1 | 0 | 6d |
| #1505 | Bump the other-testing group with 1 update | dependabot | +1 -1 | 0 | 3d |
| #1506 | Bump Anthropic from 12.9.0 to 12.11.0 | dependabot | +1 -1 | 0 | 3d |
PR Size Distribution
Open PRs by lines changed
Small
—15
<100 lines
Medium
—13
100-500 lines
Large
—12
>500 lines
Actionable vs target
↑
91.67%PRs where the ball is in our court.
Green: ≤ 25
Yellow: 26–50
Red: > 50
23of target/25 (92%)
Auth
—Actionable PRs touching auth code.
Click to filter to these PRs.
No target — informational.
8of actionable/23 (35%)
Actioned (7d)
↓
71.43%Throughput: actionable→non-actionable transitions per day. A PR that cycles review→author→re-review counts each cycle. Sparkline shows daily values.
4
22 in last 30d
Merged (7d)
—PRs merged in the last 7 days — the terminal-outcome subset of Actioned. Rolling 7×24h window from last data refresh.
0
12 in last 30d
Hours to clear
↑
135.90%Estimated maintainer hours to clear all actionable PRs.
Green: < 5h
Yellow: 5–10h
Red: ≥ 10h
~9.2
1st review > 7d
—Community PRs past 7 days with no maintainer review — across all pressing states, not just the first-review bucket.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
4
of 15 eligible
Re-review > 24h
—PRs where the author acted (pushed/commented) after our review, past 24h — across all pressing states.
Click to filter to these PRs.
Green: < 5
Yellow: 5–9
Red: ≥ 10
1
of 1 eligible
Maintainer > 24h
—PRs from maintainers past 24 hours — across all pressing states. A maintainer PR in a cluster still counts.
Click to filter to these PRs.
Green: 0–1
Yellow: 2–3
Red: ≥ 4
4
of 4 eligible
Stats — volume, timing, size distribution
Volume
Open PRs
↑
78.57%25
Draft PRs
—2
Opened
—13
last 7 days
Opened
—34
last 30 days
Opened
—106
last 90 days
Merged
—0
last 7 days
Merged
—12
last 30 days
Merged
—43
last 90 days
Closed Unmerged
—44
last 90 days
Time to First Review
Average
—5d
Median
↓
80.35%3h
P90
—19d
P95
—22d
Merge Time
Average
—5d
Median
↓
78.31%4h
PR Size Distribution
Open PRs by lines changed
Small
—11
<100 lines
Medium
—5
100-500 lines
Large
—9
>500 lines
Breakdown by tier
| Tier | Count | Auth | Maint. | ~Time |
|---|---|---|---|---|
| 1 — We're blocking someone | 5 | 2 | 4 | 1.7h |
| 3 — Intake | 15 | 4 | 0 | 7.4h |
| 4 — Hygiene | 1 | 1 | 0 | 5m |
| 5 — Close candidates | 1 | 1 | 0 | 1m |
| bot corner | 1 | 0 | 0 | — |
| total actionable | 23 | 8 | 4 | 9.2h |
| not our move | 2 | — | — | — |
We're blocking someone (5) ⊕ ⊖
Author did what we asked and is waiting on us. Longest-waiting first.
1 SLA needs-re-review (1) — Author pushed changes after review feedback — needs re-review.
| #165 | lux999 | re-reviewfix: tools-call-simple-text now fails when tool returns isError: true | push after approval (1 commits, 15d waiting) | +2-0 | 45d |
4 SLA2 auth maintainer-intake (4) — Maintainer-authored PR awaiting review from another maintainer.
| #73 | pcarleton | maintainerAdd SSE polling Phase 2 and Phase 3 tests (SEP-1699) | 128d, no maintainer has looked yet | +691-1 | 128d |
| #106 | pcarleton | maintainerauthfeat: add step-up auth scenario for server auth testing | 85d, no maintainer has looked yet | +346-1 | 85d |
| #200 | pja-ant | maintainerfeat: add conformance scenario for SEP-2164 resource-not-found error code | 13d, no maintainer has looked yet | +160-2 | 13d |
| #203 | pcarleton | maintainerauthfix: rename routePrefix to issuerPath and add issuer-mismatch scenario | 10d, no maintainer has looked yet | +150-20 | 10d |
Intake (15) ⊕ ⊖
PRs not yet reviewed by a maintainer. Oldest first.
4 SLA4 auth needs-first-review (14) — Not yet reviewed by a maintainer.
| #155 | wdawson | 1st-reviewauthImprovements to the Draft Server Auth Conformance tests | 49d | +8122-2049 | 49d |
| #188 | CaitieM20 | 1st-reviewConformance Tests for SEP-2322 MRTR | 23d | +2095-5 | 23d |
| #204 | app/dependabot | 1st-reviewchore(deps): bump @modelcontextprotocol/sdk from 1.27.1 to 1.29.0 in /examples/servers/typescript in the all-dependencies group | 8d | +5-5 | 8d |
| #206 | nbarbettini | 1st-reviewauthfeat: Session ID ASCII validation check | 7d | +191-1 | 7d |
| #210 | app/dependabot | chore(deps): bump path-to-regexp from 8.3.0 to 8.4.2 in /examples/servers/typescript | 6d | +3-3 | 6d |
| #209 | app/dependabot | chore(deps): bump path-to-regexp from 8.3.0 to 8.4.2 | 6d | +3-3 | 6d |
| #212 | tnorimat | authfeat: check for PKCE of authorization server metadata | 5d | +73-24 | 5d |
| #214 | app/dependabot | chore(deps): bump @hono/node-server from 1.19.11 to 1.19.13 in /examples/servers/typescript | 2d | +3-3 | 2d |
| #215 | app/dependabot | chore(deps): bump @hono/node-server from 1.19.11 to 1.19.13 | 2d | +3-3 | 2d |
| #216 | app/dependabot | chore(deps): bump hono from 4.12.9 to 4.12.12 in /examples/servers/typescript | 2d | +3-3 | 2d |
| #217 | app/dependabot | chore(deps): bump hono from 4.12.9 to 4.12.12 | 2d | +3-3 | 2d |
| #218 | app/dependabot | chore(deps-dev): bump defu from 6.1.4 to 6.1.7 | 2d | +3-3 | 2d |
| #219 | app/dependabot | chore(deps-dev): bump vite from 8.0.2 to 8.0.7 | 2d | +321-11 | 2d |
| #220 | max-stytch | authfeat: add conformance tests for iss parameter (SEP-2468) | 1d | +741-3 | 1d |
community-reviewed (1) — Community members have reviewed, but no maintainer has engaged yet.
| #221 | max-stytch | fix: use dynamic port in server scenario tests to avoid conflicts | 1d, reviewed by nbarbettini | +18-4 | 1d |
Hygiene (1) ⊕ ⊖
Batchable procedural ops — pings, rebases, peer reviews.
1 auth stale-awaiting-author (1) — Changes requested over two weeks ago with no author response.
| #139 | jdmaturen | authfeat: add token refresh and rotation conformance scenarios | 55d since feedback | +612-47 | 60d |
Close candidates (1) ⊕ ⊖
Likely to be closed — inactive, stale, or needing more context. Reviewed before closing.
1 auth pre-ci-ghost (1) — Over 90 days old and CI never ran.
| #64 | tobinsouth | authAdd server OAuth protection conformance tests | CI never ran, 134d old | +4101-9 | 134d |
Bot corner (1) ⊕ ⊖
Dependabot/renovate PRs that need human attention.
bot-broke-ci (1) — Automated dependency update with failing CI.
| #205 | app/dependabot | chore(deps): bump the all-dependencies group with 6 updates | bot PR, red CI | +331-325 | 8d |
Not our move (2) ⊕ ⊖
Clock is on the author or blocked externally. No action owed today.