README
¶
MCP (Model Context Protocol) for Go
MCP is a Go implementation of the Model Context Protocol — a standardized way for applications to communicate with AI models. It allows developers to seamlessly bridge applications and AI models using a lightweight, JSON-RPC–based protocol.
This repository contains the shared protocol definitions and schemas for MCP. It is used by MCP, which provides the actual implementation of the MCP server and client framework.
Official Model Context Protocol Specification
Overview
MCP (Model Context Protocol) is designed to provide a standardized communication layer between applications and AI models. The protocol simplifies the integration of AI capabilities into applications by offering a consistent interface for resource access, prompt management, model interaction, and tool invocation.
Key features:
- JSON-RPC 2.0–based communication
- Support for multiple transport protocols (HTTP/SSE, stdio)
- Server-side features:
- Resource management
- Model prompting and completion
- Tool invocation
- Subscriptions for resource updates
- Logging
- Progress reporting
- Request cancellation
- Client-side features:
- Roots
- Sampling
Architecture
For detailed guides on custom server implementations and authentication, see docs/implementer.md and docs/authentication.md.
MCP is built around the following components:
- Server: Handles incoming requests and dispatches to the protocol implementation
- Client: Makes requests to MCP-compatible servers
- Protocol Implementation (server.Handler): Provides the actual functionality behind each protocol method
High-Level Architecture
graph LR
Client[MCP Client] -->|JSON-RPC / HTTP/SSE| Server[MCP Server]
Server -->|Dispatches to| Handler[MCP Server]
subgraph Auth[Authentication / Authorization]
OAuth2[OAuth2 / OIDC]
end
Client -.->|Bearer Token| OAuth2
Server -.->|Token Validation| OAuth2
Getting Started
Installation
go get github.com/viant/mcp
If you just need to connect **existing tools** to a remote MCP server you might prefer to use the standalone **Bridge** binary instead of embedding the Go package. See [Bridge Guide](docs/bridge.md) for details.
Creating a Server
Quick Start: Default Server
DefaultHandler can be used to quickly set up an MCP server. It provides no-op stubs for all methods, allowing you to focus on implementing only the methods you need. Register handlers inline without writing a custom server type:
package main
import (
"context"
"encoding/json"
"fmt"
"github.com/viant/jsonrpc"
"github.com/viant/mcp-protocol/schema"
serverproto "github.com/viant/mcp-protocol/server"
"github.com/viant/mcp/server"
"log"
)
func main() {
type Addition struct {
A int `json:"a"`
B int `json:"b"`
}
type Output struct {
Result int
}
newHandler := serverproto.WithDefaultHandler(context.Background(), func(server *serverproto.DefaultHandler) error {
// Register a simple resource
server.RegisterResource(schema.Resource{Name: "hello", Uri: "/hello"},
func(ctx context.Context, request *schema.ReadResourceRequest) (*schema.ReadResourceResult, *jsonrpc.Error) {
return &schema.ReadResourceResult{Contents: []schema.ReadResourceResultContentsElem{{Text: "Hello, world!"}}}, nil
})
type Addition struct {
A int `json:"a"`
B int `json:"b"`
}
type Result struct {
Result int `json:"acc"`
}
// Register a simple calculator tool: adds two integers
if err := serverproto.RegisterTool[*Addition, *Result](server.Registry, "add", "Add two integers", func(ctx context.Context, input *Addition) (*schema.CallToolResult, *jsonrpc.Error) {
sum := input.A + input.B
out := &Result{Result: sum}
data, err := json.Marshal(out)
if err != nil {
return nil, jsonrpc.NewInternalError(fmt.Sprintf("failed to marshal result: %v", err), nil)
}
return &schema.CallToolResult{Content: []schema.CallToolResultContentElem{{Text: string(data)}}}, nil
}); err != nil {
return err
}
return nil
})
srv, err := server.New(
server.WithNewHandler(newHandler),
server.WithImplementation(schema.Implementation{"default", "1.0"}),
)
if err != nil {
log.Fatalf("Failed to create server: %v", err)
}
// Choose one transport (see below). Example: HTTP (SSE by default)
log.Fatal(srv.HTTP(context.Background(), ":4981").ListenAndServe())
}
Starting the Server
-
Stdio (typical for editor integrations):
stdioSrv := srv.Stdio(context.Background()) log.Fatal(stdioSrv.ListenAndServe()) -
HTTP over SSE (default):
httpSrv := srv.HTTP(context.Background(), ":4981") log.Fatal(httpSrv.ListenAndServe()) -
HTTP Streamable (toggle):
srv.UseStreamableHTTP(true) httpSrv := srv.HTTP(context.Background(), ":4981") log.Fatal(httpSrv.ListenAndServe())
If you prefer a single configuration object, see NewServer in server.go which accepts transport options and can enable Streamable HTTP based on Transport.Type.
Endpoints and Routing
- By default, both transports are mounted:
- SSE:
GET /sseandPOST /message - Streamable HTTP:
POST/GET /mcp
- SSE:
- You can enable root redirect so
"/"forwards to the active transport base:WithRootRedirect(true)
- You can also customize the endpoint paths:
WithStreamableURI("/api/mcp")WithSSEURI("/api/sse")WithSSEMessageURI("/api/rpc")
Example:
srv, _ := mcp.New(
mcp.WithNewHandler(newHandler),
mcp.WithStreamableURI("/api/mcp"),
mcp.WithSSEURI("/api/sse"),
mcp.WithSSEMessageURI("/api/rpc"),
mcp.WithRootRedirect(true), // redirects "/" to /api/mcp if UseStreamableHTTP(true), else /api/sse
)
srv.UseStreamableHTTP(true)
httpSrv := srv.HTTP(context.Background(), ":4981")
log.Fatal(httpSrv.ListenAndServe())
Add a Resource
Register a readable resource URI and return its content from your handler.
h.RegisterResource(schema.Resource{Name: "hello", Uri: "/hello"},
func(ctx context.Context, req *schema.ReadResourceRequest) (*schema.ReadResourceResult, *jsonrpc.Error) {
return &schema.ReadResourceResult{Contents: []schema.ReadResourceResultContentsElem{{Text: "Hello, world!", Uri: req.Params.Uri}}}, nil
})
To notify clients about updates, emit resources/updated via h.Notifier.
Add a Prompt
Expose reusable prompt templates that clients can list and resolve.
prompt := &schema.Prompt{Name: "welcome", Arguments: []schema.PromptArgument{{Name: "name", Required: ptr(true)}}}
h.RegisterPrompts(prompt, func(ctx context.Context, p *schema.GetPromptRequestParams) (*schema.GetPromptResult, *jsonrpc.Error) {
return &schema.GetPromptResult{Messages: []schema.PromptMessage{{Role: schema.RoleAssistant, Content: schema.TextContent{Type: "text", Text: "Hello, " + p.Arguments["name"] + "!"}}}}, nil
})
See the Server Guide for deeper coverage of resources and prompts.
Further Reading
- Server Implementation Guide: docs/implementer.md
- Server Guide (Tools, Resources, Prompts): docs/server_guide.md
- Authentication Guide: docs/authentication.md
- Bridge (local proxy) Guide: docs/bridge.md
- Client Guide: docs/client.md
Creating a Client
You can connect to an MCP server over stdio, HTTP/SSE, or HTTP streamable.
-
SSE client (simple):
ctx := context.Background() sseTransport, _ := sse.New(ctx, "http://localhost:4981/sse") cli := client.New("Demo", "1.0", sseTransport) if _, err := cli.Initialize(ctx); err != nil { log.Fatal(err) } tools, _ := cli.ListTools(ctx, nil) fmt.Println("tools:", len(tools.Tools)) -
Streamable client:
ctx := context.Background() streamTransport, _ := streamable.New(ctx, "http://localhost:4981/") cli := client.New("Demo", "1.0", streamTransport) _, _ = cli.Initialize(ctx) -
Stdio client (spawn a child process):
stdioTransport, _ := stdio.New("./your-mcp-server-binary", stdio.WithArguments("--flag1", "value")) cli := client.New("Demo", "1.0", stdioTransport) _, _ = cli.Initialize(context.Background()) -
OAuth2/OIDC (optional):
See the Authentication section below for creating an
http.Clientwith token handling and passing it to the SSE/streamable transports.
Advanced: If you need automatic reconnect and integrated auth, use the helper mcp.NewClient(handler, *ClientOptions) from the root package, which builds the transport and wires an auth interceptor. Supply a pclient.Handler implementation if your client needs to support server-initiated calls (roots, sampling, elicitation).
Authentication & Authorization Summary
MCP supports transport-agnostic authentication and authorization (HTTP or HTTP-SSE) via OAuth2/OIDC in two modes:
-
Global Resource Protection (spec-based):
github.com/viant/mcp/server/auth.AuthServerenforces a Bearer token across all endpoints, except those excluded viaExcludeURI(e.g./sse).- Configure by creating an
auth.Servicefromauthorization.Policyand wiring it with:server.WithProtectedResourcesHandler(service.ProtectedResourcesHandler),server.WithAuthorizer(service.Middleware), andserver.WithJRPCAuthorizer(service.EnsureAuthorized). - Exposes
/.well-known/oauth-protected-resourcefor metadata discovery (RFC 9728).
-
Fine-Grained Tool/Resource Control (experimental):
- Implements
auth.AuthorizerinAuthServer.EnsureAuthorized, returning401 Unauthorizedper JSON-RPC request. - Configure per-tool/resource metadata via
Config.ToolsorConfig.Tenantsinauthorization.Policy.
- Implements
-
Fallback Token Fetching:
github.com/viant/mcp/server/auth.FallbackAuthwraps a strictAuthServer.- On
401challenge, fetches tokens viaProtectedResourceTokenSourceand optional ID tokens viaIdTokenSource, then retries. - Create with
auth.NewFallbackAuth(strictAuthServer, tokenSource, idTokenSource).
-
Client-Side Support:
- Use
github.com/viant/mcp/client/auth/transport.Newwith:WithStore(store.Store): handles client config, metadata & token caching.WithAuthFlow(flow.AuthFlow): selects interactive auth flow (e.g., browser PKCE).
- The RoundTripper automatically:
- Handles the initial
401challenge (WWW-Authenticate header). - Discovers protected resource and auth server metadata.
- Acquires tokens and retries the original request with
Authorization: Bearer <token>.
- Handles the initial
- Use
-
Example SSE integration:
rt, _ := transport.New( transport.WithStore(myStore), transport.WithAuthFlow(flow.NewBrowserFlow()), ) httpClient := &http.Client{Transport: rt} sseTransport, _ := sse.New(ctx, "https://myapp.example.com/sse", sse.WithClient(httpClient)) mcpClient := client.New("MyClient", "1.0", sseTransport, client.WithCapabilities(schema.ClientCapabilities{}))
These features are transport-agnostic and apply equally over HTTP, SSE, or other supported transports.
Protocol Methods
MCP supports the following Server Side methods:
initialize- Initialize the connectionping- Check server statusresources/list- List available resourcesresources/read- Read resource contentsresources/templates/list- List resource templatesresources/subscribe- Subscribe to resource updatesresources/unsubscribe- Unsubscribe from resource updatesprompts/list- List available promptsprompts/get- Get prompt detailstools/list- List available toolstools/call- Call a specific toolcomplete- Get completions from the modellogging/setLevel- Set logging level
MCP supports the following Client Side methods:
roots/list- List available rootssampling/createMessage- A standardized way for servers to request LLM sampling (“completions” or “generations”) from language models via clients.elicitation/create- Ask the client to perform an elicitation (model completion) using provided prompts.interaction/create- Initiate a user-interaction request, allowing the server to prompt the user via the client UI.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This project is licensed under the Apache License 2.0.
Credits
Author: Adrian Witas
This project is maintained by Viant.
Documentation
¶
Overview ¶
Package mcp provides high-level helpers for working with the Model Context Protocol (MCP).
The package glues the low-level protocol types defined in the github.com/viant/mcp-protocol module with concrete transports, authentication layers and convenience configuration structures. In practice it is used as an umbrella package that exposes two primary entry-points:
- NewClient – returns a fully configured MCP client instance and
- NewServer – returns a fully configured MCP server instance.
Both constructors accept option structures that can be populated from CLI flags or configuration files, making it straightforward to spin up an MCP client/server with support for HTTP(SSE) or stdio transports, OAuth2 / "backend-for-frontend" flows and custom metadata.
Example:
srv, _ := mcp.NewServer(myImplementation, &mcp.ServerOptions{ /* … */ })
cli, _ := mcp.NewClient(srv, &mcp.ClientOptions{ /* … */ })
See the README for a more complete introduction.
Index ¶
- func NewClient(handler pclient.Handler, options *ClientOptions) (*client.Client, error)
- func NewServer(newHandler protoserver.NewHandler, options *ServerOptions) (*server.Server, error)
- type ClientAuth
- type ClientOptions
- type ClientTransport
- type ClientTransportHTTP
- type ClientTransportStdio
- type ServerOptionAuth
- type ServerOptions
- type ServerTransport
- type ServerTransportOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClient ¶
NewClient creates an MCP client with transport and authorization configured via ClientOptions.
func NewServer ¶
func NewServer(newHandler protoserver.NewHandler, options *ServerOptions) (*server.Server, error)
NewServer creates a new MCP server with the given implementer and options.
Types ¶
type ClientAuth ¶
type ClientAuth struct {
OAuth2ConfigURL []string `yaml:"oauth2ConfigURL,omitempty" json:"oauth2ConfigURL,omitempty" short:"c" long:"config" description:"oauth2 config file"`
EncryptionKey string `yaml:"encryptionKey,omitempty" json:"encryptionKey,omitempty" short:"k" long:"key" description:"encryption key"`
UseIdToken bool `yaml:"useIdToken,omitempty" json:"useIdToken,omitempty"`
BackendForFrontend bool `` /* 149-byte string literal not displayed */
// Store allows injecting a persistent token store so tokens survive
// across multiple client instances (e.g., per-user cache in caller).
Store store.Store `yaml:"-" json:"-"`
}
ClientAuth defines authentication options for an MCP client.
type ClientOptions ¶
type ClientOptions struct {
Name string `yaml:"name" json:"name,omitempty" short:"n" long:"name" description:"mcp name"`
Version string `yaml:"version,omitempty" json:"version,omitempty" short:"v" long:"version" description:"mcp version"`
ProtocolVersion string `yaml:"protocol,omitempty" json:"protocol,omitempty" short:"p" long:"protocol" description:"mcp protocol"`
Namespace string `yaml:"namespace,omitempty" json:"namespace,omitempty" short:"N" long:"namespace" description:"mcp namespace"`
Transport ClientTransport `yaml:"transport,omitempty" json:"transport,omitempty" short:"t" long:"transport" description:"mcp transport options"`
Auth *ClientAuth `yaml:"auth,omitempty" json:"auth,omitempty" short:"a" long:"auth" description:"mcp auth options"`
// CookieJar, if set, is attached to the underlying HTTP client so that
// servers using cookies (e.g., BFF flows) can persist session cookies
// across reconnects and calls.
CookieJar http.CookieJar `yaml:"-" json:"-"`
// PingIntervalSeconds overrides the default background ping interval
// used to keep MCP sessions warm and detect transport failures.
// If <= 0, the default is used (currently 60 seconds).
PingIntervalSeconds int `yaml:"pingIntervalSeconds,omitempty" json:"pingIntervalSeconds,omitempty"`
// contains filtered or unexported fields
}
ClientOptions
defines options for configuring an MCP client.
func (*ClientOptions) AuthStore ¶ added in v0.7.3
func (c *ClientOptions) AuthStore() store.Store
AuthStore exposes the underlying token store used by the auth transport. It allows callers to persist and reuse tokens across client instances.
func (*ClientOptions) Init ¶
func (c *ClientOptions) Init()
func (*ClientOptions) Options ¶
func (c *ClientOptions) Options(authRT *authtransport.RoundTripper) []client.Option
Options builds client options (metadata and auth interceptor) based on ClientOptions.Auth and Namespace.
type ClientTransport ¶
type ClientTransport struct {
Type string `` /* 167-byte string literal not displayed */
ClientTransportStdio `yaml:",inline"`
ClientTransportHTTP `yaml:",inline"`
}
ClientTransport defines transport options for an MCP client.
type ClientTransportHTTP ¶
type ClientTransportHTTP struct {
URL string `yaml:"url" json:"url" short:"u" long:"url" description:"mcp url"`
}
ClientTransportHTTP defines options for a server-sent events transport for an MCP client.
type ClientTransportStdio ¶
type ClientTransportStdio struct {
Command string `yaml:"command" json:"command" short:"C" long:"command" description:"mcp command"`
Arguments []string `yaml:"arguments" json:"arguments" short:"A" long:"arguments" description:"mcp command arguments"`
}
ClientTransportStdio defines options for a standard input/output transport for an MCP client.
type ServerOptionAuth ¶
type ServerOptionAuth struct {
ProtectedResourcesHandler http.HandlerFunc
Authorizer server.Middleware
JRPCAuthorizer auth.JRPCAuthorizer //experimental
UseJRPCAuthorizer bool // if true, JRPCAuthorizer will be used for JSON-RPC requests
//Optional metadata for protected resources
Policy *authorization.Policy
}
type ServerOptions ¶
type ServerOptions struct {
Name string `yaml:"name" json:"name"`
Version string `yaml:"version" json:"version"`
ProtocolVersion string `yaml:"protocol" json:"protocol" short:"p" long:"protocol" description:"mcp protocol"`
LoggerName string `yaml:"loggerName" json:"loggerName"`
Transport *ServerTransport `yaml:"transport" json:"transport"`
}
ServerOptions defines options for configuring an MCP server.
type ServerTransport ¶
type ServerTransport struct {
Type string `yaml:"type" json:"type"`
Options *ServerTransportOptions `yaml:"options" json:"options"`
Auth *ServerOptionAuth `yaml:"-" json:"-"`
CustomHandlers map[string]http.HandlerFunc `yaml:"-" json:"-"`
}
type ServerTransportOptions ¶
type ServerTransportOptions struct {
Type string `` /* 167-byte string literal not displayed */
Port int `yaml:"port" json:"port"`
Endpoint string `yaml:"endpoint" json:"endpoint"`
MessageEndpoint string `yaml:"messageEndpoint" json:"messageEndpoint"`
Cors *server.Cors `yaml:"cors" json:"cors"`
// Optional HTTP transport configuration
SSEURI string `yaml:"sseURI" json:"sseURI"`
SSEMessageURI string `yaml:"sseMessageURI" json:"sseMessageURI"`
StreamableURI string `yaml:"streamableURI" json:"streamableURI"`
RootRedirect bool `yaml:"rootRedirect" json:"rootRedirect"`
}
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Command bridge is a standalone binary that runs an MCP bridge.
|
Command bridge is a standalone binary that runs an MCP bridge. |
|
mcp
Package mcp provides the implementation of the `bridge` proxy service.
|
Package mcp provides the implementation of the `bridge` proxy service. |
|
Package clientHandler implements a high-level Go clientHandler for the Model Context Protocol (MCP).
|
Package clientHandler implements a high-level Go clientHandler for the Model Context Protocol (MCP). |
|
auth
Package auth contains supporting helpers that enable fine-grained client side authorization when talking to an MCP server.
|
Package auth contains supporting helpers that enable fine-grained client side authorization when talking to an MCP server. |
|
auth/mock
Package mock provides in-memory and stub implementations that facilitate unit testing of the client-side authorization flow.
|
Package mock provides in-memory and stub implementations that facilitate unit testing of the client-side authorization flow. |
|
auth/store
Package store defines simple token and client-configuration stores used by the authorization helpers in the parent `auth` package.
|
Package store defines simple token and client-configuration stores used by the authorization helpers in the parent `auth` package. |
|
auth/transport
Package transport implements an http.RoundTripper that performs the OAuth 2.1 [Protected Resource Metadata](https://www.rfc-editor.org/rfc/rfc9728) discovery, token acquisition and automatic request retry logic required by MCP when a server challenges the client with `401 Unauthorized`.
|
Package transport implements an http.RoundTripper that performs the OAuth 2.1 [Protected Resource Metadata](https://www.rfc-editor.org/rfc/rfc9728) discovery, token acquisition and automatic request retry logic required by MCP when a server challenges the client with `401 Unauthorized`. |
|
Package example contains self-contained snippets and integration tests that demonstrate how to use the MCP client/server libraries.
|
Package example contains self-contained snippets and integration tests that demonstrate how to use the MCP client/server libraries. |
|
auth/experimental
Package term shows an experimental end-to-end flow that exercises the MCP authorization stack using a browser-based OAuth 2.1 flow.
|
Package term shows an experimental end-to-end flow that exercises the MCP authorization stack using a browser-based OAuth 2.1 flow. |
|
auth/percall
Package percall demonstrates per-call token usage.
|
Package percall demonstrates per-call token usage. |
|
auth/term
Package term demonstrates how to integrate terminal-based user interaction with an MCP server secured by OAuth2/OIDC.
|
Package term demonstrates how to integrate terminal-based user interaction with an MCP server secured by OAuth2/OIDC. |
|
custom
Package custom shows how to implement a fully custom MCP tool and register it with a server.
|
Package custom shows how to implement a fully custom MCP tool and register it with a server. |
|
fs
Package fs contains examples that treat a local filesystem subtree as an MCP resource provider.
|
Package fs contains examples that treat a local filesystem subtree as an MCP resource provider. |
|
resource
Package resource contains helper types used by other examples to model simple resources exposed over MCP.
|
Package resource contains helper types used by other examples to model simple resources exposed over MCP. |
|
tool
Package tool implements a very small sample tool that can be registered with an MCP server for demonstration purposes (see tests in the parent example packages).
|
Package tool implements a very small sample tool that can be registered with an MCP server for demonstration purposes (see tests in the parent example packages). |
|
internal
|
|
|
conv
Package conv collects tiny helper functions that are not part of the public API but aid internal conversions.
|
Package conv collects tiny helper functions that are not part of the public API but aid internal conversions. |
|
Package handler provides a configurable MCP handler implementation.
|
Package handler provides a configurable MCP handler implementation. |
|
auth
Package auth exposes helpers that make it easy to protect an MCP server with OAuth2/OIDC.
|
Package auth exposes helpers that make it easy to protect an MCP server with OAuth2/OIDC. |
|
namespace
Package namespace provides a reusable, policy-aware namespace resolution utility for MCP servers and services.
|
Package namespace provides a reusable, policy-aware namespace resolution utility for MCP servers and services. |
|
oob
Package oob provides minimal, generic primitives to manage out-of-band (OOB) interactions using typed pending entries bound to a namespace.
|
Package oob provides minimal, generic primitives to manage out-of-band (OOB) interactions using typed pending entries bound to a namespace. |
Click to show internal directories.
Click to hide internal directories.