The Model Context Protocol consists of several key components that work together:
Base Protocol: Core JSON-RPC message types
Lifecycle Management: Connection initialization, capability negotiation, and
session control
Server Features: Resources, prompts, and tools exposed by servers
Client Features: Sampling and root directory lists provided by clients
Utilities: Cross-cutting concerns like logging and argument completion
All implementations MUST support the base protocol and lifecycle management
components. Other components MAY be implemented based on the specific needs of the
application.These protocol layers establish clear separation of concerns while enabling rich
interactions between clients and servers. The modular design allows implementations to
support exactly the features they need.
JSON-RPC also defines a means to
batch multiple requests and notifications,
by sending them in an array. MCP implementations MAY support sending JSON-RPC
batches, but MUST support receiving JSON-RPC batches.
MCP provides an Authorization framework for use with HTTP.
Implementations using an HTTP-based transport SHOULD conform to this specification,
whereas implementations using STDIO transport SHOULD NOT follow this specification,
and instead retrieve credentials from the environment.Additionally, clients and servers MAY negotiate their own custom authentication and
authorization strategies.For further discussions and contributions to the evolution of MCP’s auth mechanisms, join
us in
GitHub Discussions
to help shape the future of the protocol!
The full specification of the protocol is defined as a
TypeScript schema.
This is the source of truth for all protocol messages and structures.There is also a
JSON Schema,
which is automatically generated from the TypeScript source of truth, for use with
various automated tooling.