diff --git a/blog/content/posts/client_registration/index.md b/blog/content/posts/client_registration/index.md index 75585fd31..5fbeeb1e6 100644 --- a/blog/content/posts/client_registration/index.md +++ b/blog/content/posts/client_registration/index.md @@ -58,9 +58,9 @@ For example, a malicious client could claim to be `Claude Desktop` on the consen ## Improving Client Registration in MCP -For MCP users, a common pattern is to connect to an MCP server by using its URL directly in a MCP client. +For MCP users, a common pattern is to connect to an MCP server by using its URL directly in an MCP client. -This goes against the typical OAuth authorization pattern because the user is selecting the resource server to connect to rather than the client developer. This problem is compounded by the fact that there is an unbounded number of authorization servers that a MCP server may use, meaning that clients need to be able to complete the authorization flow regardless of the provider used. +This goes against the typical OAuth authorization pattern because the user is selecting the resource server to connect to rather than the client developer. This problem is compounded by the fact that there is an unbounded number of authorization servers that an MCP server may use, meaning that clients need to be able to complete the authorization flow regardless of the provider used. Some client developers have implemented pre-registration with a select few authorization servers. In this scenario, the client doesn't need to rely on DCR when it detects an authorization server it knows. However, this is a solution that doesn't scale given the breadth of the MCP ecosystem - it's impossible to have every client be registered with every authorization server there is. To mitigate this challenge, we set out to outline some of the goals that we wanted to achieve with improving the client registration experience: diff --git a/docs/clients.mdx b/docs/clients.mdx index 28cd40de0..9788de3e6 100644 --- a/docs/clients.mdx +++ b/docs/clients.mdx @@ -59,6 +59,7 @@ This page provides an overview of applications that support the Model Context Pr | [Klavis AI Slack/Discord/Web][Klavis AI] | ✅ | ❌ | ✅ | ❓ | ❌ | ❌ | ❓ | | [Langflow][Langflow] | ❌ | ❌ | ✅ | ❓ | ❌ | ❌ | ❓ | | [LibreChat][LibreChat] | ❌ | ❌ | ✅ | ❓ | ❌ | ❌ | ❓ | +| [LM-Kit.NET][LM-Kit.NET] | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | | [LM Studio][LM Studio] | ❌ | ❌ | ✅ | ❓ | ❌ | ❌ | ❓ | | [Lutra][Lutra] | ✅ | ✅ | ✅ | ❓ | ❌ | ❌ | ❓ | | [MCP Bundler for MacOS][mcp-bundler] | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | @@ -124,7 +125,7 @@ This page provides an overview of applications that support the Model Context Pr [Amp]: https://ampcode.com [Apify MCP Tester]: https://apify.com/jiri.spilka/tester-mcp-client [AugmentCode]: https://augmentcode.com -[BeeAI Framework]: https://i-am-bee.github.io/beeai-framework +[BeeAI Framework]: https://framework.beeai.dev [BoltAI]: https://boltai.com [Call Chirp]: https://www.call-chirp.com [Chatbox]: https://chatboxai.app @@ -159,6 +160,7 @@ This page provides an overview of applications that support the Model Context Pr [Kilo Code]: https://github.com/Kilo-Org/kilocode [Langflow]: https://github.com/langflow-ai/langflow [LibreChat]: https://github.com/danny-avila/LibreChat +[LM-Kit.NET]: https://lm-kit.com/products/lm-kit-net/ [LM Studio]: https://lmstudio.ai [Lutra]: https://lutra.ai [mcp-bundler]: https://mcp-bundler.maketry.xyz @@ -185,7 +187,7 @@ This page provides an overview of applications that support the Model Context Pr [Simtheory]: https://simtheory.ai [Slack MCP Client]: https://github.com/tuannvm/slack-mcp-client [Smithery Playground]: https://smithery.ai/playground -[SpinAI]: https://spinai.dev +[SpinAI]: https://docs.spinai.dev [Superinterface]: https://superinterface.ai [Superjoin]: https://superjoin.ai [Swarms]: https://github.com/kyegomez/swarms @@ -327,7 +329,7 @@ It uses plain JavaScript (old-school style) and is hosted on Apify, allowing you ### BeeAI Framework -[BeeAI Framework](https://i-am-bee.github.io/beeai-framework) is an open-source framework for building, deploying, and serving powerful agentic workflows at scale. The framework includes the **MCP Tool**, a native feature that simplifies the integration of MCP servers into agentic workflows. +[BeeAI Framework](https://framework.beeai.dev) is an open-source framework for building, deploying, and serving powerful agentic workflows at scale. The framework includes the **MCP Tool**, a native feature that simplifies the integration of MCP servers into agentic workflows. **Key features:** @@ -747,6 +749,22 @@ Langflow is an open-source visual builder that lets developers rapidly prototype - Open-source and self-hostable, with secure multi-user support - Future roadmap includes expanded MCP feature support +### LM-Kit.NET + +[LM-Kit.NET] is a local-first Generative AI SDK for .NET (C# / VB.NET) that can act as an **MCP client**. Current MCP support: **Tools only**. + +**Key features:** + +- Consume MCP server tools over HTTP/JSON-RPC 2.0 (initialize, list tools, call tools). +- Programmatic tool discovery and invocation via `McpClient`. +- Easy integration in .NET agents and applications. + +**Learn more:** + +- [Docs: Using MCP in LM-Kit.NET](https://docs.lm-kit.com/lm-kit-net/api/LMKit.Mcp.Client.McpClient.html) +- [Creating AI agents](https://lm-kit.com/solutions/ai-agents) +- Product page: [LM-Kit.NET] + ### LM Studio [LM Studio](https://lmstudio.ai) is a cross-platform desktop app for discovering, downloading, and running open-source LLMs locally. You can now connect local models to tools via Model Context Protocol (MCP). @@ -964,7 +982,7 @@ MooPoint is a web-based AI chat platform built for developers and advanced users ### Needle -[Needle](https://needle.app) is a RAG worflow platform that also works as an MCP client, letting you connect and use MCP servers in seconds. +[Needle](https://needle.app) is a RAG workflow platform that also works as an MCP client, letting you connect and use MCP servers in seconds. **Key features:** @@ -1099,7 +1117,7 @@ Smithery Playground is a developer-first MCP client for exploring, testing and d ### SpinAI -[SpinAI](https://spinai.dev) is an open-source TypeScript framework for building observable AI agents. The framework provides native MCP compatibility, allowing agents to seamlessly integrate with MCP servers and tools. +[SpinAI](https://docs.spinai.dev) is an open-source TypeScript framework for building observable AI agents. The framework provides native MCP compatibility, allowing agents to seamlessly integrate with MCP servers and tools. **Key features:** diff --git a/docs/community/sep-guidelines.mdx b/docs/community/sep-guidelines.mdx index ce122f347..1cdc5169d 100644 --- a/docs/community/sep-guidelines.mdx +++ b/docs/community/sep-guidelines.mdx @@ -44,7 +44,7 @@ Each SEP must have an **SEP author** -- someone who writes the SEP using the sty SEPs should be submitted as a GitHub Issue in the [specification repository](https://github.com/modelcontextprotocol/modelcontextprotocol). The standard SEP workflow is: -1. You, the SEP author, create a [well-formatted](#sep-format) GitHub Issue with the `SEP` and `proposal` tags. The SEP number is the same as the GitHub Issue number, the two can be used interchangably. +1. You, the SEP author, create a [well-formatted](#sep-format) GitHub Issue with the `SEP` and `proposal` tags. The SEP number is the same as the GitHub Issue number, the two can be used interchangeably. 2. Find a Core Maintainer or Maintainer to sponsor your proposal. Core Maintainers and Maintainers will regularly go over the list of open proposals to determine which proposals to sponsor. You can tag relevant maintainers from [the maintainer list](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/MAINTAINERS.md) in your proposal. 3. Once a sponsor is found, the GitHub Issue is assigned to the sponsor. The sponsor will add the `draft` tag, ensure the SEP number is in the title, and assign a milestone. 4. The sponsor will informally review the proposal and may request changes based on community feedback. When ready for formal review, the sponsor will add the `in-review` tag. diff --git a/docs/docs/tutorials/security/authorization.mdx b/docs/docs/tutorials/security/authorization.mdx index a228939a9..be9441515 100644 --- a/docs/docs/tutorials/security/authorization.mdx +++ b/docs/docs/tutorials/security/authorization.mdx @@ -55,7 +55,7 @@ With the URI pointer to the PRM document, the client will fetch the metadata to } ``` -You can see a more comprehensive example in [RFC 9278 Section 3.2](https://datatracker.ietf.org/doc/html/rfc9728#name-protected-resource-metadata-r). +You can see a more comprehensive example in [RFC 9728 Section 3.2](https://datatracker.ietf.org/doc/html/rfc9728#name-protected-resource-metadata-r). @@ -97,7 +97,7 @@ If the registration succeeds, the authorization server will return a JSON blob w **No DCR or Pre-Registration** -In case a MCP client connects to a MCP server that doesn't use an authorization server that supports DCR and the client is not pre-registered with said authorization server, it's the responsibility of the client developer to provide an affordance for the end-user to enter client information manually. +In case an MCP client connects to an MCP server that doesn't use an authorization server that supports DCR and the client is not pre-registered with said authorization server, it's the responsibility of the client developer to provide an affordance for the end-user to enter client information manually. diff --git a/docs/specification/draft/basic/index.mdx b/docs/specification/draft/basic/index.mdx index 4697ee4d1..ceed72bbb 100644 --- a/docs/specification/draft/basic/index.mdx +++ b/docs/specification/draft/basic/index.mdx @@ -184,7 +184,7 @@ Consumers of icon metadata **MUST** take appropriate security precautions when h - Fetch icons without credentials. Do not send cookies, `Authorization` headers, or client credentials. - Verify that icon URIs are from the same origin as the server. This minimizes the risk of exposing data or tracking information to third-parties. - Exercise caution when fetching and rendering icons as the payload **MAY** contain executable content (e.g., SVG with [embedded JavaScript](https://www.w3.org/TR/SVG11/script.html) or [extended capabilities](https://www.w3.org/TR/SVG11/extend.html)). - - Consumers **MAY** choose to disallow specific file types or otherwize sanitize icon files before rendering. + - Consumers **MAY** choose to disallow specific file types or otherwise sanitize icon files before rendering. - Validate MIME types and file contents before rendering. Treat the MIME type information as advisory. Detect content type via magic bytes; reject on mismatch or unknown types. - Maintain a strict allowlist of image types. diff --git a/docs/specification/draft/basic/security_best_practices.mdx b/docs/specification/draft/basic/security_best_practices.mdx index e2e7ce365..ffa3dc451 100644 --- a/docs/specification/draft/basic/security_best_practices.mdx +++ b/docs/specification/draft/basic/security_best_practices.mdx @@ -363,7 +363,7 @@ Local MCP servers with inadequate restrictions or from untrusted sources introdu #### Mitigation -If a MCP client supports one-click local MCP server configuration, it **MUST** implement proper consent mechanisms prior to executing commands. +If an MCP client supports one-click local MCP server configuration, it **MUST** implement proper consent mechanisms prior to executing commands. **Pre-Configuration Consent** diff --git a/docs/specification/draft/schema.mdx b/docs/specification/draft/schema.mdx index e64a21a35..a951af0d3 100644 --- a/docs/specification/draft/schema.mdx +++ b/docs/specification/draft/schema.mdx @@ -81,11 +81,11 @@ if present).