Merge remote-tracking branch 'origin/main' into enforce-120-length

Author: Kludex

examples/servers/simple-auth/mcp_simple_auth/server.py

@@ -207,7 +207,7 @@ async def exchange_authorization_code(
 
         return OAuthToken(
             access_token=mcp_token,
-            token_type="bearer",
+            token_type="Bearer",
             expires_in=3600,
             scope=" ".join(authorization_code.scopes),
         )

examples/servers/simple-resource/mcp_simple_resource/server.py

@@ -2,7 +2,7 @@
 import click
 import mcp.types as types
 from mcp.server.lowlevel import Server
-from pydantic import AnyUrl
+from pydantic import AnyUrl, FileUrl
 
 SAMPLE_RESOURCES = {
     "greeting": "Hello! This is a sample text resource.",
@@ -26,7 +26,7 @@ def main(port: int, transport: str) -> int:
     async def list_resources() -> list[types.Resource]:
         return [
             types.Resource(
-                uri=AnyUrl(f"file:///{name}.txt"),
+                uri=FileUrl(f"file:///{name}.txt"),
                 name=name,
                 description=f"A sample text resource named {name}",
                 mimeType="text/plain",

examples/servers/simple-streamablehttp-stateless/mcp_simple_streamablehttp_stateless/server.py

@@ -43,7 +43,12 @@ def main(
     @app.call_tool()
     async def call_tool(
         name: str, arguments: dict
-    ) -> list[types.TextContent | types.ImageContent | types.EmbeddedResource]:
+    ) -> list[
+        types.TextContent
+        | types.ImageContent
+        | types.AudioContent
+        | types.EmbeddedResource
+    ]:
         ctx = app.request_context
         interval = arguments.get("interval", 1.0)
         count = arguments.get("count", 5)

examples/servers/simple-streamablehttp/mcp_simple_streamablehttp/server.py

@@ -47,7 +47,12 @@ def main(
     @app.call_tool()
     async def call_tool(
         name: str, arguments: dict
-    ) -> list[types.TextContent | types.ImageContent | types.EmbeddedResource]:
+    ) -> list[
+        types.TextContent
+        | types.ImageContent
+        | types.AudioContent
+        | types.EmbeddedResource
+    ]:
         ctx = app.request_context
         interval = arguments.get("interval", 1.0)
         count = arguments.get("count", 5)

examples/servers/simple-tool/mcp_simple_tool/server.py

@@ -7,7 +7,9 @@
 
 async def fetch_website(
     url: str,
-) -> list[types.TextContent | types.ImageContent | types.EmbeddedResource]:
+) -> list[
+    types.TextContent | types.ImageContent | types.AudioContent | types.EmbeddedResource
+]:
     headers = {
         "User-Agent": "MCP Test Server (github.com/modelcontextprotocol/python-sdk)"
     }
@@ -31,7 +33,12 @@ def main(port: int, transport: str) -> int:
     @app.call_tool()
     async def fetch_tool(
         name: str, arguments: dict
-    ) -> list[types.TextContent | types.ImageContent | types.EmbeddedResource]:
+    ) -> list[
+        types.TextContent
+        | types.ImageContent
+        | types.AudioContent
+        | types.EmbeddedResource
+    ]:
         if name != "fetch":
             raise ValueError(f"Unknown tool: {name}")
         if "url" not in arguments:

src/mcp/client/streamable_http.py

@@ -184,7 +184,10 @@ async def handle_get_stream(
                 "GET",
                 self.url,
                 headers=headers,
-                timeout=httpx.Timeout(self.timeout.seconds, read=self.sse_read_timeout.seconds),
+                timeout=httpx.Timeout(
+                    self.timeout.total_seconds(),
+                    read=self.sse_read_timeout.total_seconds(),
+                ),
             ) as event_source:
                 event_source.response.raise_for_status()
                 logger.debug("GET SSE connection established")
@@ -213,7 +216,10 @@ async def _handle_resumption_request(self, ctx: RequestContext) -> None:
             "GET",
             self.url,
             headers=headers,
-            timeout=httpx.Timeout(self.timeout.seconds, read=ctx.sse_read_timeout.seconds),
+            timeout=httpx.Timeout(
+                self.timeout.total_seconds(),
+                read=ctx.sse_read_timeout.total_seconds(),
+            ),
         ) as event_source:
             event_source.response.raise_for_status()
             logger.debug("Resumption GET SSE connection established")
@@ -443,7 +449,10 @@ async def streamablehttp_client(
 
             async with httpx_client_factory(
                 headers=transport.request_headers,
-                timeout=httpx.Timeout(transport.timeout.seconds, read=transport.sse_read_timeout.seconds),
+                timeout=httpx.Timeout(
+                    transport.timeout.total_seconds(),
+                    read=transport.sse_read_timeout.total_seconds(),
+                ),
                 auth=transport.auth,
             ) as client:
                 # Define callbacks that need access to tg

src/mcp/server/auth/handlers/authorize.py

@@ -2,7 +2,7 @@
 from dataclasses import dataclass
 from typing import Any, Literal
 
-from pydantic import AnyHttpUrl, AnyUrl, BaseModel, Field, RootModel, ValidationError
+from pydantic import AnyUrl, BaseModel, Field, RootModel, ValidationError
 from starlette.datastructures import FormData, QueryParams
 from starlette.requests import Request
 from starlette.responses import RedirectResponse, Response
@@ -24,7 +24,7 @@
 class AuthorizationRequest(BaseModel):
     # See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
     client_id: str = Field(..., description="The client ID")
-    redirect_uri: AnyHttpUrl | None = Field(None, description="URL to redirect to after authorization")
+    redirect_uri: AnyUrl | None = Field(None, description="URL to redirect to after authorization")
 
     # see OAuthClientMetadata; we only support `code`
     response_type: Literal["code"] = Field(..., description="Must be 'code' for authorization code flow")
@@ -54,8 +54,8 @@ def best_effort_extract_string(key: str, params: None | FormData | QueryParams)
     return None
 
 
-class AnyHttpUrlModel(RootModel[AnyHttpUrl]):
-    root: AnyHttpUrl
+class AnyUrlModel(RootModel[AnyUrl]):
+    root: AnyUrl
 
 
 @dataclass
@@ -102,7 +102,7 @@ async def error_response(
                     if params is not None and "redirect_uri" not in params:
                         raw_redirect_uri = None
                     else:
-                        raw_redirect_uri = AnyHttpUrlModel.model_validate(
+                        raw_redirect_uri = AnyUrlModel.model_validate(
                             best_effort_extract_string("redirect_uri", params)
                         ).root
                     redirect_uri = client.validate_redirect_uri(raw_redirect_uri)

src/mcp/server/auth/handlers/token.py

@@ -4,7 +4,7 @@
 from dataclasses import dataclass
 from typing import Annotated, Any, Literal
 
-from pydantic import AnyHttpUrl, BaseModel, Field, RootModel, ValidationError
+from pydantic import AnyHttpUrl, AnyUrl, BaseModel, Field, RootModel, ValidationError
 from starlette.requests import Request
 
 from mcp.server.auth.errors import stringify_pydantic_error
@@ -18,7 +18,7 @@ class AuthorizationCodeRequest(BaseModel):
     # See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
     grant_type: Literal["authorization_code"]
     code: str = Field(..., description="The authorization code")
-    redirect_uri: AnyHttpUrl | None = Field(None, description="Must be the same as redirect URI provided in /authorize")
+    redirect_uri: AnyUrl | None = Field(None, description="Must be the same as redirect URI provided in /authorize")
     client_id: str
     # we use the client_secret param, per https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
     client_secret: str | None = None

src/mcp/server/auth/provider.py

@@ -2,7 +2,7 @@
 from typing import Generic, Literal, Protocol, TypeVar
 from urllib.parse import parse_qs, urlencode, urlparse, urlunparse
 
-from pydantic import AnyHttpUrl, BaseModel
+from pydantic import AnyUrl, BaseModel
 
 from mcp.shared.auth import OAuthClientInformationFull, OAuthToken
 
@@ -11,7 +11,7 @@ class AuthorizationParams(BaseModel):
     state: str | None
     scopes: list[str] | None
     code_challenge: str
-    redirect_uri: AnyHttpUrl
+    redirect_uri: AnyUrl
     redirect_uri_provided_explicitly: bool
 
 
@@ -21,7 +21,7 @@ class AuthorizationCode(BaseModel):
     expires_at: float
     client_id: str
     code_challenge: str
-    redirect_uri: AnyHttpUrl
+    redirect_uri: AnyUrl
     redirect_uri_provided_explicitly: bool
 
 

src/mcp/server/fastmcp/prompts/base.py

@@ -7,9 +7,9 @@
 import pydantic_core
 from pydantic import BaseModel, Field, TypeAdapter, validate_call
 
-from mcp.types import EmbeddedResource, ImageContent, TextContent
+from mcp.types import AudioContent, EmbeddedResource, ImageContent, TextContent
 
-CONTENT_TYPES = TextContent | ImageContent | EmbeddedResource
+CONTENT_TYPES = TextContent | ImageContent | AudioContent | EmbeddedResource
 
 
 class Message(BaseModel):

src/mcp/server/fastmcp/server.py

@@ -52,6 +52,7 @@
 from mcp.shared.context import LifespanContextT, RequestContext, RequestT
 from mcp.types import (
     AnyFunction,
+    AudioContent,
     EmbeddedResource,
     GetPromptResult,
     ImageContent,
@@ -257,7 +258,7 @@ def get_context(self) -> Context[ServerSession, object, Request]:
 
     async def call_tool(
         self, name: str, arguments: dict[str, Any]
-    ) -> Sequence[TextContent | ImageContent | EmbeddedResource]:
+    ) -> Sequence[TextContent | ImageContent | AudioContent | EmbeddedResource]:
         """Call a tool by name with arguments."""
         context = self.get_context()
         result = await self._tool_manager.call_tool(name, arguments, context=context)
@@ -841,12 +842,12 @@ async def get_prompt(self, name: str, arguments: dict[str, Any] | None = None) -
 
 def _convert_to_content(
     result: Any,
-) -> Sequence[TextContent | ImageContent | EmbeddedResource]:
+) -> Sequence[TextContent | ImageContent | AudioContent | EmbeddedResource]:
     """Convert a result to a sequence of content objects."""
     if result is None:
         return []
 
-    if isinstance(result, TextContent | ImageContent | EmbeddedResource):
+    if isinstance(result, TextContent | ImageContent | AudioContent | EmbeddedResource):
         return [result]
 
     if isinstance(result, Image):

src/mcp/server/lowlevel/server.py

@@ -384,7 +384,9 @@ def call_tool(self):
         def decorator(
             func: Callable[
                 ...,
-                Awaitable[Iterable[types.TextContent | types.ImageContent | types.EmbeddedResource]],
+                Awaitable[
+                    Iterable[types.TextContent | types.ImageContent | types.AudioContent | types.EmbeddedResource]
+                ],
             ],
         ):
             logger.debug("Registering handler for CallToolRequest")
@@ -510,9 +512,7 @@ async def _handle_message(
                     await self._handle_notification(notify)
 
             for warning in w:
-                logger.info(
-                    "Warning: %s: %s", warning.category.__name__, warning.message
-                )
+                logger.info("Warning: %s: %s", warning.category.__name__, warning.message)
 
     async def _handle_request(
         self,

src/mcp/shared/auth.py

@@ -1,6 +1,6 @@
 from typing import Any, Literal
 
-from pydantic import AnyHttpUrl, BaseModel, Field
+from pydantic import AnyHttpUrl, AnyUrl, BaseModel, Field, field_validator
 
 
 class OAuthToken(BaseModel):
@@ -9,11 +9,20 @@ class OAuthToken(BaseModel):
     """
 
     access_token: str
-    token_type: Literal["bearer"] = "bearer"
+    token_type: Literal["Bearer"] = "Bearer"
     expires_in: int | None = None
     scope: str | None = None
     refresh_token: str | None = None
 
+    @field_validator("token_type", mode="before")
+    @classmethod
+    def normalize_token_type(cls, v: str | None) -> str | None:
+        if isinstance(v, str):
+            # Bearer is title-cased in the spec, so we normalize it
+            # https://datatracker.ietf.org/doc/html/rfc6750#section-4
+            return v.title()
+        return v
+
 
 class InvalidScopeError(Exception):
     def __init__(self, message: str):
@@ -32,7 +41,7 @@ class OAuthClientMetadata(BaseModel):
     for the full specification.
     """
 
-    redirect_uris: list[AnyHttpUrl] = Field(..., min_length=1)
+    redirect_uris: list[AnyUrl] = Field(..., min_length=1)
     # token_endpoint_auth_method: this implementation only supports none &
     # client_secret_post;
     # ie: we do not support client_secret_basic
@@ -69,7 +78,7 @@ def validate_scope(self, requested_scope: str | None) -> list[str] | None:
                 raise InvalidScopeError(f"Client was not registered with scope {scope}")
         return requested_scopes
 
-    def validate_redirect_uri(self, redirect_uri: AnyHttpUrl | None) -> AnyHttpUrl:
+    def validate_redirect_uri(self, redirect_uri: AnyUrl | None) -> AnyUrl:
         if redirect_uri is not None:
             # Validate redirect_uri against client's registered redirect URIs
             if redirect_uri not in self.redirect_uris:
@@ -104,19 +113,19 @@ class OAuthMetadata(BaseModel):
     token_endpoint: AnyHttpUrl
     registration_endpoint: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
-    response_types_supported: list[Literal["code"]] = ["code"]
+    response_types_supported: list[str] = ["code"]
     response_modes_supported: list[Literal["query", "fragment"]] | None = None
-    grant_types_supported: list[Literal["authorization_code", "refresh_token"]] | None = None
-    token_endpoint_auth_methods_supported: list[Literal["none", "client_secret_post"]] | None = None
+    grant_types_supported: list[str] | None = None
+    token_endpoint_auth_methods_supported: list[str] | None = None
     token_endpoint_auth_signing_alg_values_supported: None = None
     service_documentation: AnyHttpUrl | None = None
     ui_locales_supported: list[str] | None = None
     op_policy_uri: AnyHttpUrl | None = None
     op_tos_uri: AnyHttpUrl | None = None
     revocation_endpoint: AnyHttpUrl | None = None
-    revocation_endpoint_auth_methods_supported: list[Literal["client_secret_post"]] | None = None
+    revocation_endpoint_auth_methods_supported: list[str] | None = None
     revocation_endpoint_auth_signing_alg_values_supported: None = None
     introspection_endpoint: AnyHttpUrl | None = None
-    introspection_endpoint_auth_methods_supported: list[Literal["client_secret_post"]] | None = None
+    introspection_endpoint_auth_methods_supported: list[str] | None = None
     introspection_endpoint_auth_signing_alg_values_supported: None = None
-    code_challenge_methods_supported: list[Literal["S256"]] | None = None
+    code_challenge_methods_supported: list[str] | None = None