HeadlinesBriefing favicon HeadlinesBriefing.com

MCP Spec Compliance Tool Finds 90.8% Servers Unready

Hacker News •
×

A new command-line tool called mcp-spec-check probes live MCP servers for compliance with the upcoming 2026-07-28 specification — the largest protocol revision since launch. The spec removes the initialize handshake and Mcp-Session-Id in favor of a stateless core, requires Mcp-Method and Mcp-Name routing headers on every request, and replaces SSE elicitation with Multi Round-Trip Requests. SDKs and clients are already migrating, leaving non-migrated servers behind as support windows expire.

The author scanned all 7,850 servers in the official MCP registry on July 12, 2026. Of the 4,356 reachable endpoints, exactly one server passes all three required checks — discover, routing-headers, and session-independence — while 90.8% are not ready. The tool runs pure black-box HTTP probes against hosted URLs with no code access, zero runtime dependencies, and host-serial requests to avoid load. It returns a one-line verdict (YES/NO/UNKNOWN) plus a letter grade across eight total checks, with only the first three determining readiness.

mcp-spec-check integrates cleanly into CI pipelines with exit codes: 0 for ready, 1 for failing checks, 2 for inconclusive or auth-walled endpoints. Authenticated servers can be tested via --bearer or --header flags, and the auth-metadata check still runs against the /.well-known/oauth-protected-resource endpoint (RFC 9728) without credentials. Probe correctness is validated against two reference servers in CI — an old-spec SDK v1 server and a 2026-07-28 RC beta — plus a known-truth panel of live public servers including GitHub's MCP implementation.

The migration to the stateless core has barely begun, which is expected before the spec reaches GA. But the 90.8% unready rate signals a looming compatibility cliff: servers that don't implement server/discover and the new routing headers will fail behind load balancers once clients switch. Teams running remote MCP endpoints should run npx mcp-spec-check <url> --json now to baseline their position and plan migration before client support for the old handshake expires.