Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: modelcontextprotocol/python-sdk
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: modelcontextprotocol/python-sdk
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: claude/sdk-v2-api-plan-ZhCuZ
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 3 files changed
  • 1 contributor

Commits on Jan 30, 2026

  1. Add public API hardening plan for v2 

    Adds docs/public-api-plan.md: a comprehensive plan to tighten the public
API surface by enforcing a private-by-default policy.

The plan covers:
- Audit findings: ~40 leaked implementation modules, missing __all__
  declarations, name collisions, and absent re-exports
- Design principles (private-by-default, stable import paths, automated enforcement)
- Tooling recommendations (griffe-based CI audit script, pyright reportPrivateUsage,
  ruff __all__ rules, optional type stubs)
- Full enumerated allowlist across 8 tiers: core entry points, transports,
  MCPServer types, auth, elicitation, callbacks, protocol types, experimental
- Explicit privatization tables: which modules get renamed to _module.py,
  which internal names get prefixed with _
- Needs-decision items for team discussion
- Four implementation phases from tooling setup through type stubs
    @claude
    claude committed Jan 30, 2026
    Configuration menu
    Copy the full SHA
    b2ebaa8 View commit details
    Browse the repository at this point in the history

  2. Add public API audit script and allowlist baseline 

    scripts/audit_public_api.py enumerates the live public surface using AST
parsing and reports three categories:
  - Leaked modules: .py files without _ prefix that are directly importable
    but never gated by __init__.py (84 found today)
  - Missing __all__: non-empty __init__.py files with no __all__ (11 found)
  - Declared surface vs allowlist drift

docs/public_api_allowlist.txt is the target public surface. It matches the
current declared-via-__all__ surface (290 names) exactly. Phase 2 additions
(transport re-exports, auth types, elicitation types, callback protocols) are
commented out with [TODO] markers — they become active once the corresponding
__init__.py re-exports land.

The script exits 0 only when there are zero leaked modules, zero missing
__all__, and the declared surface matches the allowlist.
    @claude
    claude committed Jan 30, 2026
    Configuration menu
    Copy the full SHA
    2e9133f View commit details
    Browse the repository at this point in the history
Loading