build-mcp-sdk

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Build MCP SDK

构建MCP SDK

Build and maintain MCP servers using

@modelcontextprotocol/sdk

v1.x (single package, Zod-based, protocol version 2025-11-25). Covers

McpServer

registerTool

registerResource

registerPrompt

, transports, OAuth 2.1, sessions, and deployment.

When to use a different skill instead:

Imports from

@modelcontextprotocol/server

(split packages) → use

build-mcp-sdk-v2

Handlers use
```
ctx.mcpReq
```
instead of flat
```
extra
```
→ use
```
build-mcp-sdk-v2
```
Uses the
```
mcp-use
```
wrapper library → use
```
build-mcp-use-server
```
Auditing/optimizing an existing server → use
```
optimize-mcp-server
```

How to detect v1:

@modelcontextprotocol/sdk

(single package) in

package.json

. Handlers use

(args, extra)

with

extra.sendNotification

extra.authInfo

extra.signal

at the top level.

Core rules:

Always use
```
McpServer
```
— the
```
Server
```
class is deprecated for direct use

Always use

registerTool

registerResource

registerPrompt

— positional

tool()

resource()

prompt()

overloads are deprecated

Always use
```
zod
```
for input/output schemas — the SDK converts them to JSON Schema 2020-12 automatically

Always use

StreamableHTTPServerTransport

for HTTP —

SSEServerTransport

is deprecated

Access
```
server.server
```
only for sampling, elicitation, resource subscriptions, or custom protocol extensions
Tool names SHOULD be 1-128 chars using letters, digits, underscore, hyphen, dot
Input validation errors SHOULD be returned as tool execution errors (
```
isError: true
```
) not protocol errors — enables LLM self-correction

使用

@modelcontextprotocol/sdk

v1.x构建和维护MCP服务器（单包、基于Zod、协议版本2025-11-25）。内容覆盖

McpServer

、

registerTool

、

registerResource

、

registerPrompt

、传输层、OAuth 2.1、会话和部署。

何时应使用其他skill：

从

@modelcontextprotocol/server

（拆分包）导入 → 使用

build-mcp-sdk-v2

处理程序使用
```
ctx.mcpReq
```
而非扁平结构的
```
extra
```
→ 使用
```
build-mcp-sdk-v2
```
使用
```
mcp-use
```
封装库 → 使用
```
build-mcp-use-server
```
审计/优化现有服务器 → 使用
```
optimize-mcp-server
```

如何识别v1版本：

package.json

中存在

@modelcontextprotocol/sdk

（单包）。处理程序使用

(args, extra)

的参数形式，顶层包含

extra.sendNotification

、

extra.authInfo

、

extra.signal

等属性。

核心规则：

始终使用
```
McpServer
```
—— 直接使用
```
Server
```
类已被弃用

始终使用

registerTool

registerResource

registerPrompt

—— 位置参数形式的

tool()

resource()

prompt()

重载已被弃用

始终使用
```
zod
```
定义输入/输出schema —— SDK会自动将其转换为JSON Schema 2020-12

HTTP场景始终使用

StreamableHTTPServerTransport

——

SSEServerTransport

已被弃用

仅在采样、启发式交互、资源订阅或自定义协议扩展时才访问
```
server.server
```
工具名称应为1-128个字符，仅使用字母、数字、下划线、连字符、点
输入验证错误应作为工具执行错误返回（
```
isError: true
```
）而非协议错误 —— 便于LLM自我修正

Workflow

工作流

1 — Detect what exists

1 — 检测现有内容

Run

tree -L 3

and

ls package.json tsconfig.json

in the project directory. Look for:

```
@modelcontextprotocol/sdk
```
in
```
package.json
```
dependencies → existing MCP server
```
mcp-use
```
in dependencies → wrong skill, redirect to
```
build-mcp-use-server
```
```
.mcp.json
```
or
```
mcp
```
key in
```
package.json
```
→ MCP client config, not server code
```
src/
```
with tool/resource handler files → existing implementation to extend

Summarize: existing server (go to Step 2A) or new server (go to Step 2B).

在项目目录下运行

tree -L 3

和

ls package.json tsconfig.json

，查找以下内容：

```
package.json
```
依赖中存在
```
@modelcontextprotocol/sdk
```
→ 现有MCP服务器
依赖中存在
```
mcp-use
```
→ 选错了skill，请跳转至
```
build-mcp-use-server
```
存在
```
.mcp.json
```
或
```
package.json
```
中有
```
mcp
```
字段 → MCP客户端配置，不是服务端代码
```
src/
```
目录下有工具/资源处理程序文件 → 可扩展的现有实现

判断结果：现有服务器（进入步骤2A）或新服务器（进入步骤2B）。

2A — Audit an existing SDK server

2A — 审计现有SDK服务器

When an MCP server already exists, do not rebuild. Read the implementation and assess:

Which API style is used? If deprecated
```
tool()
```
/
```
resource()
```
, migrate to
```
registerTool
```
/
```
registerResource
```
Are Zod schemas defined for all tool inputs? If raw JSON Schema objects, convert to Zod

Is the transport current? If

SSEServerTransport

, migrate to

StreamableHTTPServerTransport

Are tool annotations set? Add

readOnlyHint

destructiveHint

idempotentHint

openWorldHint

where missing

Does the server validate
```
Origin
```
header for HTTP transport? Add
```
createMcpExpressApp()
```
or
```
hostHeaderValidation
```
Does the server declare capabilities correctly during initialization? Check
```
tools
```
,
```
resources
```
,
```
prompts
```
,
```
logging
```

Then proceed to the user's requested changes (add tools, fix bugs, add auth, etc.).

当已有MCP服务器时，不要完全重构。阅读实现并评估：

使用的是哪种API风格？如果是已弃用的
```
tool()
```
/
```
resource()
```
，请迁移到
```
registerTool
```
/
```
registerResource
```
所有工具输入都定义了Zod schema吗？如果是原始JSON Schema对象，请转换为Zod格式
传输层是当前版本吗？如果是
```
SSEServerTransport
```
，请迁移到
```
StreamableHTTPServerTransport
```

工具注解是否已设置？补充缺失的

readOnlyHint

、

destructiveHint

、

idempotentHint

、

openWorldHint

服务器是否对HTTP传输的
```
Origin
```
头做了校验？添加
```
createMcpExpressApp()
```
或
```
hostHeaderValidation
```
服务器初始化时是否正确声明了能力？检查
```
tools
```
、
```
resources
```
、
```
prompts
```
、
```
logging
```
配置

然后继续处理用户请求的改动（添加工具、修复bug、添加认证等）。

2B — Scope a new server

2B — 定义新服务器的范围

Ask or infer from context:

What does the server wrap? (API, database, file system, CLI tool, etc.)
Transport? stdio for local CLI integration, Streamable HTTP for remote/multi-client
Auth needed? Bearer token, OAuth 2.1, or none (local stdio)
Tools, resources, or prompts? Most servers need tools; resources for data access; prompts for reusable templates
Client features needed? Sampling (LLM completions), elicitation (user input), roots (filesystem access)

询问或从上下文推断：

服务器封装的是什么？（API、数据库、文件系统、CLI工具等）
使用什么传输层？ 本地CLI集成用stdio，远程/多客户端场景用Streamable HTTP
需要认证吗？ Bearer令牌、OAuth 2.1或无需认证（本地stdio场景）
需要工具、资源还是提示词？ 大多数服务器需要工具；数据访问场景用资源；可复用模板用提示词
需要哪些客户端功能？ 采样（LLM补全）、启发式交互（用户输入）、根目录访问（文件系统权限）

3 — Choose the implementation branch

3 — 选择实现分支

Scenario	Action
New stdio server	Scaffold from quick-start template → `references/guides/quick-start.md`
New HTTP server (stateful)	Scaffold with session management → `references/guides/transports.md`
New HTTP server (stateless)	Scaffold without sessions → `references/guides/transports.md`
Add tools to existing server	Read `references/guides/tools-and-schemas.md` , register new tools
Add resources	Read `references/guides/resources-and-prompts.md`
Add authentication	Read `references/guides/authentication.md`
Add sampling or elicitation	Read `references/guides/sessions-and-lifecycle.md`
Deploy to production	Read `references/patterns/deployment.md`
Understand the MCP protocol	Read `references/guides/protocol-spec.md`

场景	操作
新stdio服务器	基于快速入门模板脚手架搭建 → `references/guides/quick-start.md`
新HTTP服务器（有状态）	带会话管理的脚手架 → `references/guides/transports.md`
新HTTP服务器（无状态）	不带会话的脚手架 → `references/guides/transports.md`
给现有服务器添加工具	阅读 `references/guides/tools-and-schemas.md` ，注册新工具
添加资源	阅读 `references/guides/resources-and-prompts.md`
添加认证	阅读 `references/guides/authentication.md`
添加采样或启发式交互	阅读 `references/guides/sessions-and-lifecycle.md`
部署到生产环境	阅读 `references/patterns/deployment.md`
了解MCP协议	阅读 `references/guides/protocol-spec.md`

4 — Preflight setup

4 — 前期准备

Before writing server code, confirm:

Node.js 18+ installed (required for
```
globalThis.crypto
```
)

npm install @modelcontextprotocol/sdk zod

— both are required

TypeScript 5+ with
```
"moduleResolution": "node16"
```
or
```
"nodenext"
```
in tsconfig
If HTTP transport:
```
npm install express
```
(Express 5 recommended)

编写服务器代码前，确认：

已安装Node.js 18+（
```
globalThis.crypto
```
依赖此版本）

执行

npm install @modelcontextprotocol/sdk zod

—— 两者都是必需依赖

TypeScript 5+，tsconfig中配置
```
"moduleResolution": "node16"
```
或
```
"nodenext"
```
如果用HTTP传输：
```
npm install express
```
（推荐Express 5）

5 — Build or extend the server

5 — 构建或扩展服务器

Default implementation sequence:

Create
```
McpServer
```
instance with name, version, and optional description/icons
Define Zod schemas for each tool's input (and output if
```
structuredContent
```
is needed)
Register tools with
```
server.registerTool()
```
— input schema, annotations, async handler
Register resources with
```
server.registerResource()
```
if the server exposes data
Register prompts with
```
server.registerPrompt()
```
if the server provides templates
Create transport and connect:
```
await server.connect(transport)
```
Handle graceful shutdown with
```
process.on('SIGINT', ...)
```

Refer to

references/examples/server-recipes.md

for complete working examples.

默认实现顺序：

创建
```
McpServer
```
实例，配置名称、版本，可选描述/图标
为每个工具的输入定义Zod schema（如果需要
```
structuredContent
```
则还要定义输出schema）
使用
```
server.registerTool()
```
注册工具 —— 配置输入schema、注解、异步处理程序
如果服务器暴露数据，使用
```
server.registerResource()
```
注册资源
如果服务器提供模板，使用
```
server.registerPrompt()
```
注册提示词
创建传输层并连接：
```
await server.connect(transport)
```
用
```
process.on('SIGINT', ...)
```
处理优雅关闭

完整可运行示例请参考

references/examples/server-recipes.md

。

6 — Validate

6 — 验证

stdio: Test with
```
npx @anthropic-ai/mcp-inspector
```
or pipe JSON-RPC messages directly
HTTP: Start the server, then test with
```
curl
```
or the MCP Inspector
Tool schemas: Verify Zod validation catches bad input (pass invalid args, confirm error response)
Annotations: Check that
```
readOnlyHint
```
/
```
destructiveHint
```
are accurate for each tool
Capabilities: Verify the server declares the correct capabilities during initialization

stdio: 使用
```
npx @anthropic-ai/mcp-inspector
```
测试，或直接传输JSON-RPC消息测试
HTTP: 启动服务器，然后用
```
curl
```
或MCP Inspector测试
工具schema: 验证Zod校验可以捕获错误输入（传入无效参数，确认返回错误响应）
注解: 检查每个工具的
```
readOnlyHint
```
/
```
destructiveHint
```
配置是否准确
能力: 验证服务器初始化时声明的能力正确

Quick start — minimal stdio server

快速入门 —— 最简stdio服务器

typescript

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";

const server = new McpServer(
  { name: "my-server", version: "1.0.0" },
  { instructions: "A helpful server" }
);

server.registerTool("greet", {
  description: "Greet a user by name",
  inputSchema: { name: z.string().describe("The user's name") },
  annotations: { readOnlyHint: true, destructiveHint: false },
}, async ({ name }) => ({
  content: [{ type: "text", text: `Hello, ${name}!` }],
}));

const transport = new StdioServerTransport();
await server.connect(transport);

typescript

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";

const server = new McpServer(
  { name: "my-server", version: "1.0.0" },
  { instructions: "A helpful server" }
);

server.registerTool("greet", {
  description: "Greet a user by name",
  inputSchema: { name: z.string().describe("The user's name") },
  annotations: { readOnlyHint: true, destructiveHint: false },
}, async ({ name }) => ({
  content: [{ type: "text", text: `Hello, ${name}!` }],
}));

const transport = new StdioServerTransport();
await server.connect(transport);

Core API summary

核心API摘要

McpServer

typescript

new McpServer(
  { name: string, version: string, description?: string, icons?: Icon[] },
  { capabilities?: ServerCapabilities, instructions?: string }
)

server.connect(transport: Transport): Promise<void>
server.close(): Promise<void>
server.registerTool(name, config, handler): RegisteredTool
server.registerResource(name, uri | template, config, handler): RegisteredResource
server.registerPrompt(name, config, handler): RegisteredPrompt
server.sendToolListChanged(): void
server.sendResourceListChanged(): void
server.sendPromptListChanged(): void
server.sendLoggingMessage(params): Promise<void>

typescript

new McpServer(
  { name: string, version: string, description?: string, icons?: Icon[] },
  { capabilities?: ServerCapabilities, instructions?: string }
)

server.connect(transport: Transport): Promise<void>
server.close(): Promise<void>
server.registerTool(name, config, handler): RegisteredTool
server.registerResource(name, uri | template, config, handler): RegisteredResource
server.registerPrompt(name, config, handler): RegisteredPrompt
server.sendToolListChanged(): void
server.sendResourceListChanged(): void
server.sendPromptListChanged(): void
server.sendLoggingMessage(params): Promise<void>

registerTool config

registerTool配置

typescript

{
  title?: string,              // Human-readable display name
  description?: string,        // LLM reads this to decide when to call the tool
  inputSchema?: ZodRawShape | ZodSchema,
  outputSchema?: ZodRawShape | ZodSchema,   // Enables structuredContent validation
  annotations?: {
    readOnlyHint?: boolean,    // Does not modify state
    destructiveHint?: boolean, // May delete/modify data
    idempotentHint?: boolean,  // Repeated calls safe
    openWorldHint?: boolean,   // Interacts with external services
  },
  icons?: Icon[],              // Visual identifier (2025-11-25)
}

typescript

{
  title?: string,              // 人类可读的展示名称
  description?: string,        // LLM通过这个描述判断何时调用工具
  inputSchema?: ZodRawShape | ZodSchema,
  outputSchema?: ZodRawShape | ZodSchema,   // 启用structuredContent校验
  annotations?: {
    readOnlyHint?: boolean,    // 不修改状态
    destructiveHint?: boolean, // 可能删除/修改数据
    idempotentHint?: boolean,  // 重复调用是安全的
    openWorldHint?: boolean,   // 与外部服务交互
  },
  icons?: Icon[],              // 视觉标识（2025-11-25版本新增）
}

CallToolResult

typescript

{
  content: Array<
    | { type: "text", text: string }
    | { type: "image", data: string, mimeType: string }
    | { type: "audio", data: string, mimeType: string }
    | { type: "resource", resource: { uri: string, text?: string, blob?: string } }
    | { type: "resource_link", uri: string, name?: string, description?: string }
  >,
  structuredContent?: Record<string, unknown>,
  isError?: boolean,
}

typescript

{
  content: Array<
    | { type: "text", text: string }
    | { type: "image", data: string, mimeType: string }
    | { type: "audio", data: string, mimeType: string }
    | { type: "resource", resource: { uri: string, text?: string, blob?: string } }
    | { type: "resource_link", uri: string, name?: string, description?: string }
  >,
  structuredContent?: Record<string, unknown>,
  isError?: boolean,
}

RequestHandlerExtra (v1.x)

Every handler receives

extra

as the last argument:

typescript

{
  signal: AbortSignal,         // For cooperative cancellation
  authInfo?: AuthInfo,         // From OAuth middleware
  sessionId?: string,          // Current session ID
  requestId: RequestId,        // JSON-RPC request ID
  requestInfo?: RequestInfo,   // Original HTTP request metadata
  _meta?: RequestMeta,         // Protocol-level metadata
  sendNotification: (notification) => Promise<void>,
  sendRequest: (request, schema, options?) => Promise<Result>,
}

Note: In v2 alpha, this becomes

ServerContext

with a restructured API. See

references/guides/v2-migration.md

每个处理程序最后一个参数都是

extra

：

typescript

{
  signal: AbortSignal,         // 用于协作式取消
  authInfo?: AuthInfo,         // 来自OAuth中间件
  sessionId?: string,          // 当前会话ID
  requestId: RequestId,        // JSON-RPC请求ID
  requestInfo?: RequestInfo,   // 原始HTTP请求元数据
  _meta?: RequestMeta,         // 协议级元数据
  sendNotification: (notification) => Promise<void>,
  sendRequest: (request, schema, options?) => Promise<Result>,
}

注意：在v2 alpha版本中，这部分变成了

ServerContext

，API结构有调整。参见

references/guides/v2-migration.md

。

Error handling

错误处理

typescript

import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";

// Hard protocol errors (tool not found, bad params):
throw new McpError(ErrorCode.InvalidParams, "Missing required field: query");

// Soft tool errors (API failures the LLM can handle):
return { content: [{ type: "text", text: "Error: rate limit exceeded" }], isError: true };

Per spec: input validation errors SHOULD use

isError: true

(tool execution errors) rather than protocol errors — this enables model self-correction.

typescript

import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";

// 严重协议错误（工具不存在、参数错误）：
throw new McpError(ErrorCode.InvalidParams, "Missing required field: query");

// 可由LLM处理的轻度工具错误（API调用失败）：
return { content: [{ type: "text", text: "Error: rate limit exceeded" }], isError: true };

根据协议规范：输入验证错误应使用

isError: true

（工具执行错误）而非协议错误 —— 这可以让模型实现自我修正。

Decision rules

决策规则

Prefer
```
ZodRawShape
```
(
```
{ name: z.string() }
```
) for simple inputs — use full
```
z.object()
```
only for transforms, refinements, or discriminated unions
Prefer
```
isError: true
```
soft errors over thrown
```
McpError
```
for recoverable failures — LLMs handle soft errors better
Prefer stdio for local-only servers — zero infrastructure, single client
Prefer Streamable HTTP for remote or multi-client servers
Prefer stateful HTTP (with
```
sessionIdGenerator
```
) when the server needs progress notifications, resumability, or multi-turn context
Prefer stateless HTTP (
```
sessionIdGenerator: undefined
```
) for simple request-response tools
Set
```
annotations
```
on every tool — LLMs use them to decide execution safety; treat annotations as untrusted unless from a trusted server
Use
```
server.server
```
(the underlying
```
Server
```
) only when
```
McpServer
```
lacks the method you need
Use
```
outputSchema
```
when the tool must return validated structured data alongside text content
Tool names: use
```
service_action_resource
```
format (e.g.
```
github_search_repos
```
), 1-128 characters

简单输入优先使用
```
ZodRawShape
```
（
```
{ name: z.string() }
```
）—— 仅在需要转换、校验优化或可辨识联合时才使用完整的
```
z.object()
```
可恢复故障优先使用
```
isError: true
```
软错误，而非抛出
```
McpError
```
—— LLM对软错误的处理效果更好
仅本地使用的服务器优先使用stdio —— 无需基础设施，仅支持单客户端
远程或多客户端服务器优先使用Streamable HTTP
当服务器需要进度通知、可恢复性或多轮上下文时，优先使用有状态HTTP（带
```
sessionIdGenerator
```
）
简单请求-响应工具优先使用无状态HTTP（
```
sessionIdGenerator: undefined
```
）
每个工具都要设置
```
annotations
```
—— LLM用它来判断执行安全性；除非来自可信服务器，否则将注解视为不可信内容
仅当
```
McpServer
```
缺少你需要的方法时，才使用
```
server.server
```
（底层
```
Server
```
实例）
当工具需要返回经过校验的结构化数据和文本内容时，使用
```
outputSchema
```
工具命名：使用
```
service_action_resource
```
格式（例如
```
github_search_repos
```
），长度1-128字符

Guardrails

护栏规则

Never use the deprecated
```
tool()
```
,
```
resource()
```
, or
```
prompt()
```
positional-argument methods
Never use the deprecated
```
SSEServerTransport
```
in new servers
Never use the deprecated
```
Server
```
class directly — always go through
```
McpServer
```
Never expose internal error details to clients — return user-friendly error messages
Never skip
```
zod
```
schemas for tool inputs — unvalidated input is a security risk
Never hardcode secrets — use environment variables for API keys and tokens
Never omit graceful shutdown handling for HTTP servers
Never run HTTP servers on localhost without DNS rebinding protection (
```
createMcpExpressApp()
```
or
```
hostHeaderValidation
```
middleware)
Never use
```
inputSchema: null
```
— for parameterless tools, omit
```
inputSchema
```
entirely
Servers MUST validate
```
Origin
```
header on HTTP transport to prevent DNS rebinding; respond with 403 for invalid origins

永远不要使用已弃用的
```
tool()
```
、
```
resource()
```
或
```
prompt()
```
位置参数方法
新服务器永远不要使用已弃用的
```
SSEServerTransport
```
永远不要直接使用已弃用的
```
Server
```
类 —— 始终通过
```
McpServer
```
使用
永远不要向客户端暴露内部错误详情 —— 返回用户友好的错误信息
永远不要省略工具输入的
```
zod
```
schema —— 未校验的输入存在安全风险
永远不要硬编码密钥 —— API密钥和令牌使用环境变量存储
永远不要省略HTTP服务器的优雅关闭处理
永远不要在localhost上运行没有DNS重绑定保护的HTTP服务器（使用
```
createMcpExpressApp()
```
或
```
hostHeaderValidation
```
中间件）
永远不要使用
```
inputSchema: null
```
—— 无参数工具直接省略
```
inputSchema
```
即可
服务器必须对HTTP传输的
```
Origin
```
头做校验，防止DNS重绑定；无效origin返回403

Reference routing

参考文档导航

Use the smallest relevant set for the branch of work.

针对你当前的工作分支，使用最相关的最小参考集。

Start here

入门参考

Reference	When to read
`references/guides/quick-start.md`	Scaffolding a new server from scratch
`references/guides/tools-and-schemas.md`	Registering tools, defining Zod schemas, handling tool results
`references/guides/transports.md`	Choosing and configuring stdio, Streamable HTTP, or SSE (legacy)

参考文档	阅读时机
`references/guides/quick-start.md`	从零搭建新服务器脚手架
`references/guides/tools-and-schemas.md`	注册工具、定义Zod schema、处理工具返回结果
`references/guides/transports.md`	选择和配置stdio、Streamable HTTP或SSE（遗留）传输层

Server capabilities

服务器能力参考

Reference	When to read
`references/guides/resources-and-prompts.md`	Adding resources (static/template URI) or prompts
`references/guides/authentication.md`	Adding OAuth 2.1, bearer tokens, or custom auth
`references/guides/client-api.md`	Building MCP clients — connecting, calling tools, reading resources, auth, sampling
`references/guides/sessions-and-lifecycle.md`	Managing sessions, sampling, elicitation, resumability, graceful shutdown
`references/guides/experimental-tasks.md`	Durable long-running tool operations — registerToolTask, InMemoryTaskStore, callToolStream
`references/guides/protocol-spec.md`	Understanding protocol lifecycle, capabilities, message format, security requirements
`references/guides/v2-migration.md`	Planning for v2 alpha migration — package split, Standard Schema, ServerContext, framework adapters

参考文档	阅读时机
`references/guides/resources-and-prompts.md`	添加资源（静态/模板URI）或提示词
`references/guides/authentication.md`	添加OAuth 2.1、Bearer令牌或自定义认证
`references/guides/client-api.md`	构建MCP客户端 —— 连接、调用工具、读取资源、认证、采样
`references/guides/sessions-and-lifecycle.md`	管理会话、采样、启发式交互、可恢复性、优雅关闭
`references/guides/experimental-tasks.md`	持久化长时间运行的工具操作 —— registerToolTask、InMemoryTaskStore、callToolStream
`references/guides/protocol-spec.md`	了解协议生命周期、能力、消息格式、安全要求
`references/guides/v2-migration.md`	规划v2 alpha版本迁移 —— 包拆分、标准Schema、ServerContext、框架适配器

Build and ship

构建和发布参考

Reference	When to read
`references/examples/server-recipes.md`	Copy-paste working server examples for common patterns
`references/patterns/deployment.md`	Deploying to production (Docker, serverless, cloud)
`references/patterns/production-patterns.md`	Logging, error handling, rate limiting, monitoring
`references/patterns/anti-patterns.md`	Common mistakes and how to fix them

参考文档	阅读时机
`references/examples/server-recipes.md`	复制常用场景的可运行服务器示例
`references/patterns/deployment.md`	部署到生产环境（Docker、Serverless、云服务）
`references/patterns/production-patterns.md`	日志、错误处理、限流、监控
`references/patterns/anti-patterns.md`	常见错误和修复方案

Specification Enhancement Proposals (SEPs)

规范增强提案（SEP）

Reference	When to read
`references/seps/overview.md`	Understanding what SEPs exist and their developer impact
`references/seps/auth-security.md`	Implementing OAuth flows, enterprise auth, URL elicitation, client security
`references/seps/tools-metadata.md`	Tool naming rules, icons, validation errors, sampling with tools, tasks, tracing
`references/seps/protocol-transport.md`	JSON Schema dialect, SSE polling, extensions framework, elicitation improvements, MCP Apps
`references/seps/upcoming.md`	Accepted SEPs not yet Final — upcoming breaking changes to prepare for

参考文档	阅读时机
`references/seps/overview.md`	了解现有SEP及其对开发者的影响
`references/seps/auth-security.md`	实现OAuth流程、企业认证、URL启发式交互、客户端安全
`references/seps/tools-metadata.md`	工具命名规则、图标、校验错误、工具采样、任务、链路追踪
`references/seps/protocol-transport.md`	JSON Schema方言、SSE轮询、扩展框架、启发式交互优化、MCP应用
`references/seps/upcoming.md`	已接受但尚未最终落地的SEP —— 即将到来的破坏性变更提前准备

Why migrate to v2?

为什么要迁移到v2？

v2 (

@modelcontextprotocol/server

@modelcontextprotocol/client

) shipped in early 2026. Key benefits over v1:

Structured handler context —

ctx.mcpReq.log()

ctx.mcpReq.elicitInput()

ctx.mcpReq.requestSampling()

replace manual

extra.sendRequest()

calls

Framework adapters —
```
createMcpExpressApp()
```
and
```
createMcpHonoApp()
```
from dedicated packages instead of manual wiring
Standard Schema support — use Zod v4, Valibot, or ArkType for tool schemas (not locked to Zod)
JSON Schema 2020-12 by default — v1 defaults to Draft-7 via
```
zod-to-json-schema
```
; v2 uses native
```
z.toJSONSchema()
```
Better auth — client middleware system (
```
withOAuth
```
,
```
withLogging
```
,
```
applyMiddlewares
```
), grant-agnostic
```
prepareTokenRequest()
```
, discovery caching
Smaller bundles — split packages mean you only install what you use
ESM-only — cleaner module resolution, no CJS baggage

Community adoption is still early (Q1 2026 release). Most production servers remain on v1.x. See

references/guides/v2-migration.md

for the full source-verified migration guide, or use

build-mcp-sdk-v2

for new v2 projects.

v2（

@modelcontextprotocol/server

@modelcontextprotocol/client

）于2026年初发布。相比v1的核心优势：

结构化处理上下文 ——

ctx.mcpReq.log()

、

ctx.mcpReq.elicitInput()

、

ctx.mcpReq.requestSampling()

替代手动的

extra.sendRequest()

调用

框架适配器 —— 来自专用包的
```
createMcpExpressApp()
```
和
```
createMcpHonoApp()
```
，无需手动配置
标准Schema支持 —— 工具schema支持Zod v4、Valibot或ArkType（不绑定Zod）
默认使用JSON Schema 2020-12 —— v1通过
```
zod-to-json-schema
```
默认使用Draft-7；v2使用原生
```
z.toJSONSchema()
```
更好的认证能力 —— 客户端中间件系统（
```
withOAuth
```
、
```
withLogging
```
、
```
applyMiddlewares
```
）、授权无关的
```
prepareTokenRequest()
```
、发现缓存
更小的包体积 —— 拆分包意味着你只需要安装用到的部分
仅支持ESM —— 更简洁的模块解析，没有CJS遗留问题

目前社区采用率还比较低（2026年Q1发布），大多数生产服务器仍然使用v1.x版本。完整的经过源码验证的迁移指南参见

references/guides/v2-migration.md

，新的v2项目可以使用

build-mcp-sdk-v2

。

Compatibility note

兼容性说明

This skill targets

@modelcontextprotocol/sdk

v1.x (stable,

v1.x

branch). Source-verified against the TypeScript SDK repository.

Key 2025-11-25 spec additions: icons for tools/resources/prompts, tool name guidance (SEP-986), URL-mode elicitation (SEP-1036), tool calling in sampling (SEP-1577), experimental tasks (SEP-1686), JSON Schema 2020-12 as default dialect (SEP-1613), extensions framework (SEP-2133).

本skill针对

@modelcontextprotocol/sdk

v1.x（稳定版，

v1.x

分支），已对照TypeScript SDK仓库源码验证。

2025-11-25版本协议核心新增内容：工具/资源/提示词图标、工具命名规范（SEP-986）、URL模式启发式交互（SEP-1036）、采样中的工具调用（SEP-1577）、实验性任务（SEP-1686）、默认使用JSON Schema 2020-12方言（SEP-1613）、扩展框架（SEP-2133）。