SEP-2127: MCP Server Cards - HTTP Server Discovery via .well-known#2127
SEP-2127: MCP Server Cards - HTTP Server Discovery via .well-known#2127dsp-ant wants to merge 33 commits into
Conversation
774dde0 to
b199c35
Compare
|
Just adding a note of context for any readers here that as of the current commit, this is the text of the original SEP proposal, but a lot of folks have contributed feedback to the specifics of reworking the shape in this Google Doc. Pasting here for readability: {
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-10-17/server.schema.json",
"name": "io.modelcontextprotocol.anonymous/brave-search",
"description": "MCP server for Brave Search API integration",
"title": "Brave Search",
"websiteUrl": "https://anonymous.modelcontextprotocol.io/examples",
"repository": {
"url": "https://github.com/modelcontextprotocol/servers",
"source": "github",
"subfolder": "src/everything"
},
"version": "1.0.2",
"supportedProtocolVersions": [ "2025-03-12", "2025-06-15" ],
"icons": [ ... ],
"remotes": [ ... ],
"packages": [ ... ],
"capabilities": { ... },
"requires": { ... },
"resources": [ ... ],
"tools": [ ... ],
"prompts": [ ... ],
"_meta": { ... }
}Most significant sticking points so far:
The rest is largely just details we can bikeshed. I think it's important to design this so we introduce no breaking changes to server.json, as any breaking changes would cause major problems for a lot of production registry-related infrastructure and systems in the ecosystem. So my high level thinking would be to:
I also liked @yoannarz's points here that there is a use case for non-owners of MCP servers to use Server Cards. So if we're going to require Server Cards to be comprehensive descriptors of all the capabilities of a server that only a server owner can advertise, we still have a gap like "how do I as a restaurant owner advertise that Yelp's MCP server is the way to make bookings on my website; I don't actually control the details of its tools and capabilities but I know where it lives and want to put that on my website's .well-known" So maybe there is a path where we make Server Card a strict subset of server.json to elegantly fulfill all the above (e.g. perhaps Server Cards = purely Discovery concerns; then server.json is Discovery+Capabilities); will think more on that and circle back. |
|
Shall we also add an optional extended card for ancillary information (such as additional metadata)? |
|
@tadasant It would be great if we can avoid getting two different formats. Instead we could extend the MCP Registry server.json to also cover the requirements that came up here. Then an MCP Server Card would basically be conventions of what has to be provided (required) for describing remote MCP Servers. The discovery mechanism (.well-known) could be moved to the AI Card initiative, then MCP and A2A (potentially also other AI protocols) could share the discovery mechanism and providers / registries can use one instead of multiple. For this, I just drafted a SEP in AI Cards: Agent-Card/ai-catalog#14 My colleagues Vyshnavi and Raluca prepared a JSON Schema of how the MCP Server Card could look like if we combine it as hinted at above. This may help to see if we can get this together. In discussions with @dsp-ant the question came also up if we need two formats or not. As stated, we should not have two different formats to describe an MCP Server for the same protocol. But the registry itself may have additional information, so for consumers of the registry it is plausible to have a superset model of what the registry provides (like calculated properties, more context). I would keep this separate from the format for self-description and publishing to keep that as simple as possible. |
|
@dsp-ant Hi David fyi @tadasant |
|
@dsp-ant to help drive this forward, I've opened a PR against your branch here. If you are aligned with the direction it's going, could we get it merged and then continue community discussion on the remaining open questions (more detail below)? I'm happy to formally sign on as sponsor for this or as an author if helpful. I've taken into account all the feedback from:
Big thank you to @ggoodman, @PederHP, @sdatspun2, @connor4312, @SamMorrowDrums, @Fannon, @maiargu, @electrocucaracha, @ibuildthecloud, @yoannarz, @pcarleton and everyone else commenting and contributing so far; the feedback is all helping progress this forward. I have avoided iterating on some of the more controversial topics, like Pasting the rest of the text from my PR for readability here: Some highlights worth pulling out Relationship to AI CardThe AI Card standard is paving a path to providing a protocol-agnostic MCP Server Cards will provide a richer, MCP-specific definition that can be used by MCP clients to actually connect and start performing MCP operations. We will store these values at Example:
We can develop and iterate on MCP Server Cards largely independently from the broader effort to integrate with AI Cards, as long as we maintain some integration point so it is possible to understand when an entry in an AI Card references an MCP Server Card that is hosted and maintained elsewhere. Instructions as a field in the Server Card@PederHP had a good point here. I think it's reasonable to consider, but we don't have it in supportedProtocolVersionI've moved this field inside the I think it would be reasonable to consider removing this from the SEP to simplify, as we don't currently have it in authenticationI've also moved this field inside the Some topics I think we should continue discussing (but out of scope for landing this PR) into the SEP -- Removing $schema from server.json and not including it in Server CardI've removed the explicit $schema field in this PR. We were planning to do this for the MCP Registry in the next iteration of server.json (rationale here, cc @rdimitrov). Basically, hardcoding the $schema field there introduces an unnecessary breaking change across versions, when we don't have intention to make breaking changes to these shapes. A better solution here would probably be to use something like @vyshnavigadamsetti's suggestion of Removing
|
|
Thanks for driving this forward! Just a quick question for clarity, there was a PR previously opened for community feedback iteration. Happy to align with whatever works best for you and the group. |
My suggestion (feel free to direct us otherwise @dsp) would be that going forward, now that we have solid high level alignment, folks should open PRs for discrete sub-topics. For example, one PR proposing Then David can choose what he wants to pull it on a topic by topic basis and/or make changes to the SEP directly himself. Open threads worth iterating on:
I think each of these could be separate PRs. I'll definitely work on (1) very soon, and can draft more if other folks don't jump on them first. Edit: and maybe some of the smaller changes that are pretty constrained to modifying just one section of the SEP could be made directly as comments and discussed as threads, PR might be overkill for all of them. |
|
Thanks for the suggestion, @tadasant . This makes sense to me. Breaking things down into discrete PRs per sub-topic feels like the right next step now that there's high-level alignment. I'd also be interested to see a bit more community feedback on this approach, and then I'd be happy to help review or contribute where it's most useful. Looking forward to the follow-up PRs! |
|
I opened #2186 as a follow up to @dsp's comment
In the meantime I'll start working on a PR for:
Edit: that PR^ is somewhat intertwined with AI Card discussions, so will likely see where those land before putting something up here. |
|
I tried to clarify the reverse-DNS namespacing for Some ambiguity around reverse-DNS namespacing surfaced during discussions about the modelcontextprotocol/registry#926 Please let me know if this matches the intended interpretation. |
|
Thanks for the thoughtful work on this proposal! (let me know if this feedback/comment is better suited for a different PR) Wanted to raise a scenario we're seeing frequently in practice. We’re working with many small services businesses (gyms, home services, restaurants, spas..etc) to stand up MCP servers or MCP Apps for their business. A large number of these businesses run their websites on hosted platforms like Wix, or Squarespace, and similar builders. They own their custom domains, but many don't have the ability to place arbitrary files at Some more advanced hosting setups for WordPress sites could likely serve files from These businesses are building capabilities like bookings, availability, quotes..etc and will want to adopt server cards to enable better discoverability of their tools, but likely won’t be able to without support from their website hosting platform (which could prioritize platform specific features versus the range of saas products that the small business might be using to enable their tools). I might be misunderstanding how the Just wanted to raise this scenario and consideration to small services businesses building MCP capabilities and looking to evolve with new standards for discoverability. |
|
Excited to see this specification moving forward! On our end, we have a strong need to support localized Would it make sense to extend the current schema to accommodate localized fields? For example, we could modify the description field (and similarly for title) to support either:
To ensure consistency, we should also apply this localization pattern to tool metadata (title and description). This would allow MCP hosts to display tool information in the user’s language, aligning with the broader goal of a localized UX. Happy to discuss about it and see if others feel the need of localization. |
Re-type SEP-2127 (MCP Server Cards) from Standards Track to Extensions Track and slim the body to a charter (SEP-1865 shape), delegating the detailed wire format to the experimental-ext-server-card repository. - Type -> Extensions Track; add Extension Identifier and Server Card Working Group attribution to the frontmatter (SEP-2663 conventions). - Add a top-of-file <Note> pointing to the extension repo as spec home. - Move out the Server Card schema, server.json schema, field tables, .well-known endpoint mechanics, full Security Implications, and IETF Registration; keep Abstract, Motivation, Rationale, a high-level Specification pointer, and a Security posture summary. - Replace the empty Reference Implementation section with a pointer to the incubation work; note the SDK reference implementation remains a Final-gating item. - Record open items: IANA registration, media-type and .well-known path convergence, and the discovery-doc primitives contradiction. - Regenerate docs/seps/index.mdx and docs/seps/2127-mcp-server-cards.mdx. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace Nick Cooper (@nickcoai) with Sam Morrow (@SamMorrowDrums) in the author and Extension Maintainers lines. Regenerate the rendered SEP doc. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Soften the high-level pointers that delegate discovery to the extension repo so they read 'discovery mechanics / discovery path / Discovery' rather than presuming a '.well-known' mechanism, which is not yet settled. The deliberate design-choice references (the 'Why .well-known?' rationale, RFC 5785 discussion, and the IANA-registration / path-spelling open items) are intentionally left as-is. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The high-level Specification bullet asserted that Server Cards omit primitive listings; that decision may still change. Replace the detail with a pointer to the extension repo's schema.ts for the precise field set, keeping the charter agnostic on the contested question. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cross-referenced the open issues in experimental-ext-server-card so the charter does not assert things the WG is still deciding: - Reference Implementation: cite python-sdk#2696 (open, in review) as the in-progress SDK reference impl instead of claiming none exists (#16). - Stop presenting .well-known as locked: add a discovery-mechanism open item for the .well-known-vs-GET-on-URL question (#12) and make the IANA registration conditional on that outcome. - Align the path/media-type open items with the reference impl's slash-form vote (#11) and the application/mcp-server-card+json direction (#9). - Add an auth-shape open item flagging the limited initial shape and the additive SEP-2742 auth fast-follow / forward-compat requirement (#13, #17). - Note that whether to add primitive listings is itself open (#10). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A published SEP is frozen and not updated over time, so process-y and temporal notes (open questions, in-progress status) do not belong in the body. Remove the "Open Items" section and rephrase Reference Implementation to a non-temporal description of the incubation repo and python-sdk#2696. These tracking notes now live in the PR description instead. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@a-akimov heads up, we are refactoring this SEP to be on the Extensions track instead of the Standards track, which will trample a lot of your feedback. I pulled one comment I think will remain relevant in this issue, but please feel free to file more. |
@tadasant thank you, happy to contribute. |
SummaryA running, schema-validated example of carrying project context on a Server Card via a reverse-DNS How it works
Receipts
It's the same minimal-card + deterministic- — |
|
Quick update from production. We tracked the #22 path move on our 810-pack multi-server host today; cards now live at Three production datapoints worth sharing:
Both ambiguities we flagged earlier are tracked now — Alex's We'll keep the v1 redirects up indefinitely. Happy to file repro issues on experimental-ext-server-card if anything else comes up. — Bruce, Pipeworx (https://pipeworx.io) |
Maintainer Activity CheckHi @dsp-ant! You're assigned to this SEP but there hasn't been any activity from you in 14 days. Please provide an update on:
If you're no longer able to sponsor this SEP, please let us know so we can find another maintainer. This is an automated message from the SEP lifecycle bot. |
…s-track-refactor SEP-2127: refactor to Extensions Track charter (delegate spec to experimental-ext-server-card)
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
This SEP proposes adding a standardized discovery mechanism for HTTP-based MCP servers using a
.well-known/mcp.jsonendpoint.Moved from: #1649
Summary
This enables clients to automatically discover:
...all before establishing a connection.
Key Features
.well-known/mcp/server-card.json: HTTP endpoint for pre-connection discoverymcp://server-card.json: MCP resource for post-connection discoverySee the full specification in
seps/2127-mcp-server-cards.md.