Address review: spec-correct x-mcp-header validation, drop server filter, typed Context params, strip-IIR schema derivation

Six review comments addressed in one pass:

- Drop the server-side x-mcp-header tools/list filter (_drop_invalid_header_tools).
  The spec MUST is on the client only; the filter ran on one transport and
  masked author bugs inconsistently. ClientSession.list_tools carries the
  requirement.

- find_invalid_x_mcp_header: walk nested schemas per the spec's
  'statically reachable via a chain of properties keys' rule — an annotation
  under items/anyOf/allOf/oneOf/not/if/then/else/$ref/$defs/patternProperties
  makes the whole tool invalid, and uniqueness is over all annotations in the
  schema. Iterative walk over JSON Schema 2020-12 schema positions; instance-
  data keywords and $ref are not entered so termination is structural. Also
  drop 'number' from the admitted types (spec names integer/string/boolean
  only; conformance#344 tracks the harness's stale wording).

- Context.input_responses/.request_state: read from the typed
  InputResponseRequestParams the runner already parsed instead of re-spelling
  wire aliases against the raw dict via a parallel TypeAdapter.

- func_metadata: strip InputRequiredResult arms from a union return annotation
  and derive on the residual, so 'SomeModel | InputRequiredResult' keeps its
  output schema and 'CallToolResult | str | InputRequiredResult' raises
  InvalidSignature consistently with the two-arm case. One noqa:UP007 on the
  runtime Union[tuple] rebuild — PEP 604 has no runtime-sequence syntax.

Author: maxisbey

src/mcp/server/_streamable_http_modern.py

@@ -45,7 +45,6 @@
     ERROR_CODE_HTTP_STATUS,
     InboundLadderRejection,
     classify_inbound_request,
-    find_invalid_x_mcp_header,
 )
 from mcp.shared.jsonrpc_dispatcher import handler_exception_to_error_data
 from mcp.shared.message import MessageMetadata, ServerMessageMetadata
@@ -127,30 +126,6 @@ async def _to_jsonrpc_response(
     return JSONRPCResponse(jsonrpc="2.0", id=request_id, result=result)
 
 
-def _drop_invalid_header_tools(result: dict[str, Any]) -> None:
-    """Remove tools whose `x-mcp-header` annotations fail validation from a `tools/list` result, in place.
-
-    Runs at the modern HTTP boundary so the version gate is structural (this
-    entry only ever serves a 2026-07-28+ request) rather than a conditional in
-    handler code. Dropped tools are logged so a server author sees why their
-    tool vanished from the wire.
-    """
-    match result.get("tools"):
-        case [*tools]:
-            pass
-        case _:
-            return
-    kept: list[Any] = []
-    for tool in tools:
-        match tool:
-            case {"inputSchema": schema, "name": name} if reason := find_invalid_x_mcp_header(schema):
-                logger.warning("dropping tool %r from tools/list: %s", name, reason)
-            case _:
-                kept.append(tool)
-    if len(kept) != len(tools):
-        result["tools"] = kept
-
-
 async def _write(
     msg: JSONRPCResponse | JSONRPCError,
     scope: Scope,
@@ -248,6 +223,4 @@ async def handle_modern_request(
     msg = await _to_jsonrpc_response(
         req.id, serve_one(app, dctx, req.method, req.params, connection=connection, lifespan_state=lifespan_state)
     )
-    if req.method == "tools/list" and isinstance(msg, JSONRPCResponse):
-        _drop_invalid_header_tools(msg.result)
     await _write(msg, scope, receive, send)

src/mcp/server/mcpserver/context.py

@@ -3,8 +3,8 @@
 from collections.abc import Iterable
 from typing import TYPE_CHECKING, Any, Generic
 
-from mcp_types import ClientCapabilities, InputResponses, LoggingLevel
-from pydantic import AnyUrl, BaseModel, TypeAdapter
+from mcp_types import ClientCapabilities, InputResponseRequestParams, InputResponses, LoggingLevel
+from pydantic import AnyUrl, BaseModel
 from typing_extensions import deprecated
 
 from mcp.server.context import LifespanContextT, RequestT, ServerRequestContext
@@ -18,8 +18,6 @@
 from mcp.server.lowlevel.helper_types import ReadResourceContents
 from mcp.shared.exceptions import MCPDeprecationWarning
 
-_INPUT_RESPONSES_ADAPTER: TypeAdapter[InputResponses] = TypeAdapter(InputResponses)
-
 if TYPE_CHECKING:
     from mcp.server.mcpserver.server import MCPServer
 
@@ -60,19 +58,22 @@ async def my_tool(x: int, ctx: Context) -> str:
 
     _request_context: ServerRequestContext[LifespanContextT, RequestT] | None
     _mcp_server: MCPServer | None
+    _input_params: InputResponseRequestParams | None
 
     # TODO(maxisbey): Consider making request_context/mcp_server required, or refactor Context entirely.
     def __init__(
         self,
         *,
         request_context: ServerRequestContext[LifespanContextT, RequestT] | None = None,
         mcp_server: MCPServer | None = None,
+        input_params: InputResponseRequestParams | None = None,
         # TODO(Marcelo): We should drop this kwargs parameter.
         **kwargs: Any,
     ):
         super().__init__(**kwargs)
         self._request_context = request_context
         self._mcp_server = mcp_server
+        self._input_params = input_params
 
     @property
     def mcp_server(self) -> MCPServer:
@@ -226,20 +227,17 @@ def input_responses(self) -> InputResponses | None:
         """Client responses to a prior `InputRequiredResult.input_requests`.
 
         `None` on the initial round, or when the client retried without
-        responses. Values are parsed into the typed result models.
+        responses.
         """
-        params = self.request_context.params
-        raw = params.get("inputResponses") if params else None
-        return None if raw is None else _INPUT_RESPONSES_ADAPTER.validate_python(raw)
+        return self._input_params.input_responses if self._input_params else None
 
     @property
     def request_state(self) -> str | None:
         """Opaque state echoed from a prior `InputRequiredResult.request_state`.
 
         `None` on the initial round.
         """
-        params = self.request_context.params
-        return params.get("requestState") if params else None
+        return self._input_params.request_state if self._input_params else None
 
     @property
     def client_capabilities(self) -> ClientCapabilities | None:

src/mcp/server/mcpserver/server.py

@@ -308,7 +308,7 @@ async def _handle_list_tools(
     async def _handle_call_tool(
         self, ctx: ServerRequestContext[LifespanResultT], params: CallToolRequestParams
     ) -> CallToolResult | InputRequiredResult:
-        context = Context(request_context=ctx, mcp_server=self)
+        context = Context(request_context=ctx, mcp_server=self, input_params=params)
         try:
             return await self.call_tool(params.name, params.arguments or {}, context)
         except MCPError:
@@ -324,7 +324,7 @@ async def _handle_list_resources(
     async def _handle_read_resource(
         self, ctx: ServerRequestContext[LifespanResultT], params: ReadResourceRequestParams
     ) -> ReadResourceResult:
-        context = Context(request_context=ctx, mcp_server=self)
+        context = Context(request_context=ctx, mcp_server=self, input_params=params)
         try:
             results = await self.read_resource(params.uri, context)
         except ResourceNotFoundError as err:
@@ -366,7 +366,7 @@ async def _handle_list_prompts(
     async def _handle_get_prompt(
         self, ctx: ServerRequestContext[LifespanResultT], params: GetPromptRequestParams
     ) -> GetPromptResult:
-        context = Context(request_context=ctx, mcp_server=self)
+        context = Context(request_context=ctx, mcp_server=self, input_params=params)
         return await self.get_prompt(params.name, params.arguments, context)
 
     async def list_tools(self) -> list[MCPTool]:

src/mcp/server/mcpserver/utilities/func_metadata.py

@@ -4,7 +4,7 @@
 from collections.abc import Awaitable, Callable, Sequence
 from itertools import chain
 from types import GenericAlias
-from typing import Annotated, Any, cast, get_args, get_origin, get_type_hints
+from typing import Annotated, Any, Union, cast, get_args, get_origin, get_type_hints
 
 import anyio
 import anyio.to_thread
@@ -29,6 +29,10 @@
 logger = get_logger(__name__)
 
 
+def _is_input_required_type(obj: Any) -> bool:
+    return isinstance(obj, type) and issubclass(obj, InputRequiredResult)
+
+
 class StrictJsonSchema(GenerateJsonSchema):
     """A JSON schema generator that raises exceptions instead of emitting warnings.
 
@@ -272,19 +276,29 @@ def func_metadata(
     # unknown (i.e. a bare `Final`).
     assert return_type_expr is not UNKNOWN
 
-    if isinstance(return_type_expr, type) and issubclass(return_type_expr, InputRequiredResult):
+    if _is_input_required_type(return_type_expr):
         # A tool annotated to return only InputRequiredResult never produces structured content.
         return FuncMetadata(arg_model=arguments_model)
 
+    # The annotation fed to schema derivation. Starts as the raw return annotation (preserving any
+    # Annotated[...] wrapper) and is narrowed below if InputRequiredResult arms are stripped.
+    effective_annotation: Any = sig.return_annotation
+
     if is_union_origin(get_origin(return_type_expr)):
         args = get_args(return_type_expr)
-        # A union containing InputRequiredResult means the tool may return either a complete
-        # value or a multi-round input request; treat the complete arm as unstructured (the
-        # pass-through in convert_result handles the InputRequiredResult arm).
-        if any(isinstance(arg, type) and issubclass(arg, InputRequiredResult) for arg in args):
+        # InputRequiredResult is a control-flow signal, not data: strip it so the residual arms
+        # drive schema derivation. convert_result short-circuits on an InputRequiredResult instance
+        # before output validation, so the schema only ever sees the data arms at runtime.
+        residual = tuple(a for a in args if not _is_input_required_type(a))
+        if not residual:
             return FuncMetadata(arg_model=arguments_model)
-        # Check if CallToolResult appears in the union (excluding None for Optional check)
-        if any(isinstance(arg, type) and issubclass(arg, CallToolResult) for arg in args if arg is not type(None)):
+        if len(residual) != len(args):
+            # PEP 604 has no syntax for "union of a runtime tuple"; Union[...] is the only spelling.
+            return_type_expr = residual[0] if len(residual) == 1 else Union[residual]  # noqa: UP007
+            effective_annotation = return_type_expr
+        if len(residual) > 1 and any(
+            isinstance(a, type) and issubclass(a, CallToolResult) for a in residual if a is not type(None)
+        ):
             raise InvalidSignature(
                 f"Function {func.__name__}: CallToolResult cannot be used in Union or Optional types. "
                 "To return empty results, use: CallToolResult(content=[])"
@@ -310,7 +324,7 @@ def func_metadata(
         else:
             return FuncMetadata(arg_model=arguments_model)
     else:
-        original_annotation = sig.return_annotation
+        original_annotation = effective_annotation
 
     output_model, output_schema, wrap_output = _try_create_model_and_schema(
         original_annotation, return_type_expr, func.__name__

src/mcp/shared/inbound.py

@@ -14,7 +14,7 @@
 import base64
 import binascii
 import re
-from collections.abc import Mapping, Sequence
+from collections.abc import Iterator, Mapping, Sequence
 from dataclasses import dataclass
 from types import MappingProxyType
 from typing import Any, Final, cast
@@ -81,10 +81,63 @@
 _HEADER_SAFE = re.compile(r"^[\x20-\x7E]*$")
 # RFC 9110 §5.6.2 token: the only characters permitted in an HTTP field name.
 _RFC9110_TOKEN = re.compile(r"^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$")
-# JSON-Schema types that stringify cleanly into a single header value. The spec
-# names string/integer/boolean; number is admitted because the conformance
-# harness emits it and float→str round-trips to within tolerance.
-_X_MCP_HEADER_PRIMITIVE_TYPES: Final = frozenset({"string", "integer", "boolean", "number"})
+# JSON-Schema types the spec permits to carry `x-mcp-header` (transports.mdx
+# §Custom Headers). `number` is explicitly forbidden — float→str is not
+# portable across implementations.
+_X_MCP_HEADER_PRIMITIVE_TYPES: Final = frozenset({"string", "integer", "boolean"})
+
+# JSON Schema 2020-12 applicator keywords whose values are themselves schema
+# positions, grouped by value shape. `properties` is handled separately as the
+# only keyword that preserves the statically-reachable chain; every keyword
+# here drops the chain to None. Instance-data keywords (`default`, `examples`,
+# `const`, `enum`) and `$ref`/`$dynamicRef` are deliberately absent so the
+# walk never mistakes data for an annotation and never dereferences.
+_SUBSCHEMA_SINGLE: Final = frozenset(
+    {
+        "items",
+        "contains",
+        "unevaluatedItems",
+        "additionalProperties",
+        "propertyNames",
+        "unevaluatedProperties",
+        "not",
+        "if",
+        "then",
+        "else",
+        "contentSchema",
+    }
+)
+_SUBSCHEMA_LIST: Final = frozenset({"allOf", "anyOf", "oneOf", "prefixItems"})
+_SUBSCHEMA_MAP: Final = frozenset({"patternProperties", "dependentSchemas", "$defs", "definitions"})
+
+
+def _walk_schema_positions(root: Any) -> Iterator[tuple[tuple[str, ...] | None, dict[str, Any]]]:
+    """Yield `(properties_path, schema)` for every schema position in `root`.
+
+    `properties_path` is the chain of `properties` keys from the root to the
+    position, or `None` once any other applicator keyword has been crossed.
+    The root itself yields `()`. Only the JSON Schema 2020-12 applicators
+    listed above are entered; instance-data keywords are not, and `$ref` is
+    not dereferenced, so the walk terminates on any finite JSON value. An
+    explicit stack keeps the function total even on pathologically deep input.
+    """
+    stack: list[tuple[tuple[str, ...] | None, Any]] = [((), root)]
+    while stack:
+        path, node = stack.pop()
+        if not isinstance(node, dict):
+            continue
+        schema = cast(dict[str, Any], node)
+        yield path, schema
+        for kw, val in schema.items():
+            if kw == "properties" and isinstance(val, dict):
+                for name, sub in cast(dict[str, Any], val).items():
+                    stack.append(((*path, name) if path is not None else None, sub))
+            elif kw in _SUBSCHEMA_SINGLE:
+                stack.append((None, val))
+            elif kw in _SUBSCHEMA_LIST and isinstance(val, list):
+                stack.extend((None, sub) for sub in cast(list[Any], val))
+            elif kw in _SUBSCHEMA_MAP and isinstance(val, dict):
+                stack.extend((None, sub) for sub in cast(dict[str, Any], val).values())
 
 
 def encode_header_value(value: str) -> str:
@@ -123,31 +176,33 @@ def decode_header_value(value: str | None) -> str | None:
 def find_invalid_x_mcp_header(input_schema: Any) -> str | None:
     """Return a reason string if any `x-mcp-header` annotation in `input_schema` is invalid; else `None`.
 
-    The spec restricts the annotation to top-level primitive properties whose
-    header name is a non-empty RFC 9110 token unique (case-insensitively) within
-    the schema. A `None` / non-object / property-less schema has nothing to
-    validate and returns `None`.
+    Walks every JSON Schema 2020-12 schema position. An annotation is valid
+    only when it sits on a property statically reachable from the root via a
+    chain of pure `properties` keys, names a non-empty RFC 9110 token, is on
+    an integer/string/boolean property, and is case-insensitively unique
+    across the whole schema. A `None` / non-mapping schema has no schema
+    positions and returns `None`.
     """
-    match input_schema:
-        case {"properties": {**properties}}:
-            pass
-        case _:
-            return None
     seen: dict[str, str] = {}
-    for prop_name, raw in properties.items():
-        if not isinstance(raw, dict) or X_MCP_HEADER_KEY not in raw:
+    for path, schema in _walk_schema_positions(input_schema):
+        if X_MCP_HEADER_KEY not in schema:
             continue
-        prop_schema = cast(dict[str, Any], raw)
-        header = prop_schema[X_MCP_HEADER_KEY]
+        if not path:  # None (off the pure-properties chain) or () (the root itself)
+            return f"{X_MCP_HEADER_KEY} found at a schema position not reachable via a pure `properties` chain"
+        where = ".".join(path)
+        header = schema[X_MCP_HEADER_KEY]
         if not isinstance(header, str) or not _RFC9110_TOKEN.fullmatch(header):
-            return f"property {prop_name!r}: {X_MCP_HEADER_KEY} {header!r} is not an RFC 9110 token"
-        prop_type = prop_schema.get("type")
+            return f"property {where!r}: {X_MCP_HEADER_KEY} {header!r} is not an RFC 9110 token"
+        prop_type = schema.get("type")
         if not isinstance(prop_type, str) or prop_type not in _X_MCP_HEADER_PRIMITIVE_TYPES:
-            return f"property {prop_name!r}: {X_MCP_HEADER_KEY} is only permitted on primitive-typed properties"
+            return (
+                f"property {where!r}: {X_MCP_HEADER_KEY} is only permitted on "
+                f"integer/string/boolean properties (got {prop_type!r})"
+            )
         lower = header.lower()
         if lower in seen:
-            return f"{X_MCP_HEADER_KEY} {header!r} on property {prop_name!r} duplicates property {seen[lower]!r}"
-        seen[lower] = prop_name
+            return f"{X_MCP_HEADER_KEY} {header!r} on property {where!r} duplicates property {seen[lower]!r}"
+        seen[lower] = where
     return None