SEP-2091: Server Capability Signatures#2091
Closed
SamMorrowDrums wants to merge 16 commits intomodelcontextprotocol:mainfrom
Closed
SEP-2091: Server Capability Signatures#2091SamMorrowDrums wants to merge 16 commits intomodelcontextprotocol:mainfrom
SamMorrowDrums wants to merge 16 commits intomodelcontextprotocol:mainfrom
Conversation
This SEP proposes a new 'signature' method that enables MCP servers to declare their complete set of possible capabilities upfront, allowing clients to establish trust boundaries based on the full scope of server behavior while preserving dynamic list filtering within those bounds. Key points: - New signature endpoint returns all possible tools/prompts/resources - Enables security constraining without prohibiting dynamic behavior - Backwards compatible with existing schema freezing approaches - Separates 'what is possible' from 'what is currently available'
- Add 'Relationship to Other SEPs' section linking to SEP-1881 (Scope-Filtered Tool Discovery), SEP-1821 (Dynamic Tool Discovery), and SEP-1442 (Make MCP Stateless) - Replace underscore emphasis with asterisks for consistency - Remove em dash from capability example - Replace contractions (don't -> do not) - Rename title to 'Server Capability Signature' for clarity
- Link to SEP-1862 (Tool Resolution) in related SEPs section - Add 'Registry Fingerprinting' rationale section explaining how signatures enable server identification, change detection, and compatibility matching for registries and discovery services - Add 'Signature and Tool Resolution' section showing how signatures can declare all possible tool behaviors upfront via resolvedVariants - Add open question about whether resolvedVariants should be part of the core signature spec - Update hashing question to mention registry fingerprinting value
- Link to SEP-1913 (Trust and Sensitivity Annotations) in related SEPs - Clarify that schema freezing either exposes failing tools or fails to provide them for everyone - Fix author name to Sam Morrow
- Document the alternative approach of servers exposing all tools and clients filtering based on annotations/scopes - Explain why this was not chosen (less dynamic, privacy concerns, annotation limitations, wasted context, error-prone) - Note that client-side filtering remains complementary
- Add Tadas Antanavicius (PulseMCP) to acknowledgments - Add SEP-1649 (Server Cards) to related SEPs as primary overlap - Add major section evaluating Server Cards and InitializeResult as alternatives - Update Open Questions to include method vs existing mechanism question - Recommendation to potentially refocus SEP toward Server Card integration
- Major editorial revision reducing length from ~530 to ~385 lines - Removed redundant sections and trimmed verbose explanations - Fixed caching approach: HTTP headers (ETag, Cache-Control) for Server Cards - Removed etag field from ServerSignature (HTTP handles this) - Fixed worst-case annotation example (destructiveHint: true, readOnlyHint: false) - Updated SignatureResource to clarify resource vs template type distinction - Clarified behavioral requirements section - Improved precision throughout document
SamMorrowDrums
changed the title
Clarifies that tools in signature may not appear in initial tools/list, but can appear later via list_changed. Provides example flow and lists supported patterns (progressive disclosure, conditional access, etc.)
Servers can advertise tools that are not yet active but could be enabled, supporting marketplace integrations, optional features, and tiered service levels where users choose which tools to activate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SEP: Server Capability Signature
Summary
This SEP proposes a new
signaturemethod that enables MCP servers to declare their complete set of possible capabilities upfront, including all tools, prompts, resources, and resource templates that the server could offer.Rendered: link
Problem Statement
Several MCP client implementations have adopted "schema freezing" approaches, capturing initial
tools/listresults and treating subsequent changes as policy violations. While motivated by legitimate security concerns, this approach conflates security (constraining what is possible) with availability (what is currently offered).This creates friction with legitimate server capabilities:
tools/list_changednotifications exist precisely for runtime changesProposed Solution
A new
signaturemethod that returns the complete universe of capabilities a server could offer:Key behavioral requirements:
Relationship to Other SEPs
resolvedVariantsAdditional Use Cases
Registry Fingerprinting
Signatures enable registries to fingerprint servers for identification, change detection, and compatibility matching.
Tool Resolution Integration
When combined with SEP-1862, signatures can declare all possible
resolvedVariantsupfront, enabling hosts to pre-compute permission sets and optimize authorization flows.Backward Compatibility
Fully backward compatible:
signaturecapability is opt-inStatus: Draft
Type: Standards Track
Author: @SamMorrowDrums
Seeking Sponsor