Merge branch 'main' into fix-1664-forward-user-agent-auth-flow

Author: mrutunjay-kinagi

.github/workflows/claude-code-review.yml

@@ -19,13 +19,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 1
 
       - name: Run Claude Code Review
         id: claude-review
-        uses: anthropics/claude-code-action@v1
+        uses: anthropics/claude-code-action@2f8ba26a219c06cfb0f468eef8d97055fa814f97 # v1.0.53
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           plugin_marketplaces: "https://github.com/anthropics/claude-code.git"

.github/workflows/claude.yml

@@ -27,13 +27,13 @@ jobs:
       actions: read # Required for Claude to read CI results on PRs
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 1
 
       - name: Run Claude Code
         id: claude
-        uses: anthropics/claude-code-action@v1
+        uses: anthropics/claude-code-action@2f8ba26a219c06cfb0f468eef8d97055fa814f97 # v1.0.53
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           use_commit_signing: true

.github/workflows/publish-docs-manually.yml

@@ -31,3 +31,5 @@ jobs:
 
       - run: uv sync --frozen --group docs
       - run: uv run --frozen --no-sync mkdocs gh-deploy --force
+        env:
+          ENABLE_SOCIAL_CARDS: "true"

.github/workflows/weekly-lockfile-update.yml

@@ -14,9 +14,9 @@ jobs:
   update-lockfile:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: astral-sh/setup-uv@v7.2.1
+      - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
         with:
           version: 0.9.5
 

CLAUDE.md

@@ -31,6 +31,11 @@ This document contains critical information about working with this codebase. Fo
    - IMPORTANT: Before pushing, verify 100% branch coverage on changed files by running
      `uv run --frozen pytest -x` (coverage is configured in `pyproject.toml` with `fail_under = 100`
      and `branch = true`). If any branch is uncovered, add a test for it before pushing.
+   - Avoid `anyio.sleep()` with a fixed duration to wait for async operations. Instead:
+     - Use `anyio.Event` — set it in the callback/handler, `await event.wait()` in the test
+     - For stream messages, use `await stream.receive()` instead of `sleep()` + `receive_nowait()`
+     - Exception: `sleep()` is appropriate when testing time-based features (e.g., timeouts)
+   - Wrap indefinite waits (`event.wait()`, `stream.receive()`) in `anyio.fail_after(5)` to prevent hangs
 
 Test files mirror the source tree: `src/mcp/client/streamable_http.py` → `tests/client/test_streamable_http.py`
 Add tests to the existing file for that module.

SECURITY.md

@@ -1,15 +1,21 @@
 # Security Policy
 
-Thank you for helping us keep the SDKs and systems they interact with secure.
+Thank you for helping keep the Model Context Protocol and its ecosystem secure.
 
 ## Reporting Security Issues
 
-This SDK is maintained by [Anthropic](https://www.anthropic.com/) as part of the Model Context Protocol project.
+If you discover a security vulnerability in this repository, please report it through
+the [GitHub Security Advisory process](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)
+for this repository.
 
-The security of our systems and user data is Anthropic’s top priority. We appreciate the work of security researchers acting in good faith in identifying and reporting potential vulnerabilities.
+Please **do not** report security vulnerabilities through public GitHub issues, discussions,
+or pull requests.
 
-Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/anthropic-vdp/reports/new?type=team&report_type=vulnerability).
+## What to Include
 
-## Vulnerability Disclosure Program
+To help us triage and respond quickly, please include:
 
-Our Vulnerability Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic-vdp).
+- A description of the vulnerability
+- Steps to reproduce the issue
+- The potential impact
+- Any suggested fixes (optional)

docs/migration.md

@@ -371,7 +371,7 @@ async def handle_call_tool(ctx: ServerRequestContext, params: CallToolRequestPar
 server = Server("my-server", on_call_tool=handle_call_tool)
 ```
 
-### `RequestContext` and `ProgressContext` type parameters simplified
+### `RequestContext` type parameters simplified
 
 The `RequestContext` class has been split to separate shared fields from server-specific fields. The shared `RequestContext` now only takes 1 type parameter (the session type) instead of 3.
 
@@ -380,40 +380,59 @@ The `RequestContext` class has been split to separate shared fields from server-
 - Type parameters reduced from `RequestContext[SessionT, LifespanContextT, RequestT]` to `RequestContext[SessionT]`
 - Server-specific fields (`lifespan_context`, `experimental`, `request`, `close_sse_stream`, `close_standalone_sse_stream`) moved to new `ServerRequestContext` class in `mcp.server.context`
 
-**`ProgressContext` changes:**
-
-- Type parameters reduced from `ProgressContext[SendRequestT, SendNotificationT, SendResultT, ReceiveRequestT, ReceiveNotificationT]` to `ProgressContext[SessionT]`
-
 **Before (v1):**
 
 ```python
 from mcp.client.session import ClientSession
 from mcp.shared.context import RequestContext, LifespanContextT, RequestT
-from mcp.shared.progress import ProgressContext
 
 # RequestContext with 3 type parameters
 ctx: RequestContext[ClientSession, LifespanContextT, RequestT]
-
-# ProgressContext with 5 type parameters
-progress_ctx: ProgressContext[SendRequestT, SendNotificationT, SendResultT, ReceiveRequestT, ReceiveNotificationT]
 ```
 
 **After (v2):**
 
 ```python
 from mcp.client.context import ClientRequestContext
-from mcp.client.session import ClientSession
 from mcp.server.context import ServerRequestContext, LifespanContextT, RequestT
-from mcp.shared.progress import ProgressContext
 
 # For client-side context (sampling, elicitation, list_roots callbacks)
 ctx: ClientRequestContext
 
 # For server-specific context with lifespan and request types
 server_ctx: ServerRequestContext[LifespanContextT, RequestT]
+```
+
+### `ProgressContext` and `progress()` context manager removed
+
+The `mcp.shared.progress` module (`ProgressContext`, `Progress`, and the `progress()` context manager) has been removed. This module had no real-world adoption — all users send progress notifications via `Context.report_progress()` or `session.send_progress_notification()` directly.
+
+**Before:**
+
+```python
+from mcp.shared.progress import progress
 
-# ProgressContext with 1 type parameter
-progress_ctx: ProgressContext[ClientSession]
+with progress(ctx, total=100) as p:
+    await p.progress(25)
+```
+
+**After — use `Context.report_progress()` (recommended):**
+
+```python
+@server.tool()
+async def my_tool(x: int, ctx: Context) -> str:
+    await ctx.report_progress(25, 100)
+    return "done"
+```
+
+**After — use `session.send_progress_notification()` (low-level):**
+
+```python
+await session.send_progress_notification(
+    progress_token=progress_token,
+    progress=25,
+    total=100,
+)
 ```
 
 ### Resource URI type changed from `AnyUrl` to `str`

examples/snippets/clients/url_elicitation_client.py

@@ -24,8 +24,6 @@
 
 import asyncio
 import json
-import subprocess
-import sys
 import webbrowser
 from typing import Any
 from urllib.parse import urlparse
@@ -56,15 +54,19 @@ async def handle_elicitation(
         )
 
 
+ALLOWED_SCHEMES = {"http", "https"}
+
+
 async def handle_url_elicitation(
     params: types.ElicitRequestParams,
 ) -> types.ElicitResult:
     """Handle URL mode elicitation - show security warning and optionally open browser.
 
     This function demonstrates the security-conscious approach to URL elicitation:
-    1. Display the full URL and domain for user inspection
-    2. Show the server's reason for requesting this interaction
-    3. Require explicit user consent before opening any URL
+    1. Validate the URL scheme before prompting the user
+    2. Display the full URL and domain for user inspection
+    3. Show the server's reason for requesting this interaction
+    4. Require explicit user consent before opening any URL
     """
     # Extract URL parameters - these are available on URL mode requests
     url = getattr(params, "url", None)
@@ -75,6 +77,12 @@ async def handle_url_elicitation(
         print("Error: No URL provided in elicitation request")
         return types.ElicitResult(action="cancel")
 
+    # Reject dangerous URL schemes before prompting the user
+    parsed = urlparse(str(url))
+    if parsed.scheme.lower() not in ALLOWED_SCHEMES:
+        print(f"\nRejecting URL with disallowed scheme '{parsed.scheme}': {url}")
+        return types.ElicitResult(action="decline")
+
     # Extract domain for security display
     domain = extract_domain(url)
 
@@ -105,7 +113,11 @@ async def handle_url_elicitation(
 
     # Open the browser
     print(f"\nOpening browser to: {url}")
-    open_browser(url)
+    try:
+        webbrowser.open(url)
+    except Exception as e:
+        print(f"Failed to open browser: {e}")
+        print(f"Please manually open: {url}")
 
     print("Waiting for you to complete the interaction in your browser...")
     print("(The server will continue once you've finished)")
@@ -121,20 +133,6 @@ def extract_domain(url: str) -> str:
         return "unknown"
 
 
-def open_browser(url: str) -> None:
-    """Open URL in the default browser."""
-    try:
-        if sys.platform == "darwin":
-            subprocess.run(["open", url], check=False)
-        elif sys.platform == "win32":
-            subprocess.run(["start", url], shell=True, check=False)
-        else:
-            webbrowser.open(url)
-    except Exception as e:
-        print(f"Failed to open browser: {e}")
-        print(f"Please manually open: {url}")
-
-
 async def call_tool_with_error_handling(
     session: ClientSession,
     tool_name: str,

mkdocs.yml

@@ -112,7 +112,8 @@ watch:
 
 plugins:
   - search
-  - social
+  - social:
+      enabled: !ENV [ENABLE_SOCIAL_CARDS, false]
   - glightbox
   - mkdocstrings:
       handlers:

pyproject.toml

@@ -75,7 +75,7 @@ dev = [
 docs = [
     "mkdocs>=1.6.1",
     "mkdocs-glightbox>=0.4.0",
-    "mkdocs-material>=9.5.45",
+    "mkdocs-material[imaging]>=9.5.45",
     "mkdocstrings-python>=2.0.1",
 ]