Server Tests: 40/40 passed (100%) Client Tests: 3/4 scenarios passed (9/10 checks passed) Auth Tests: 14/15 scenarios fully passing (196 passed, 0 failed, 1 warning, 93.3% scenarios, 99.5% checks)
- Lifecycle & Utilities (4/4): initialize, ping, logging-set-level, completion-complete
- Tools (11/11): All scenarios including progress notifications ✨
- Elicitation (10/10): SEP-1034 defaults (5 checks), SEP-1330 enums (5 checks)
- Resources (6/6): list, read-text, read-binary, templates-read, subscribe, unsubscribe
- Prompts (4/4): list, simple, with-args, embedded-resource, with-image
- SSE Transport (2/2): Multiple streams
- Security (2/2): Localhost validation passes, DNS rebinding protection
- initialize (1/1): Protocol negotiation, clientInfo, capabilities
- tools_call (1/1): Tool discovery and invocation
- elicitation-sep1034-client-defaults (5/5): Default values for string, integer, number, enum, boolean
- sse-retry (1/2 + 1 warning):
- ✅ Reconnects after stream closure
- ❌ Does not respect retry timing
⚠️ Does not send Last-Event-ID header (SHOULD requirement)
Issue: Client treats retry: SSE field as invalid instead of parsing it for reconnection timing.
Status: 196 passed, 0 failed, 1 warning across 15 scenarios
Uses the client-spring-http-client module with Spring Security OAuth2 and the mcp-client-security library.
- auth/metadata-default (13/13): Default metadata discovery
- auth/metadata-var1 (13/13): Metadata discovery variant 1
- auth/metadata-var2 (13/13): Metadata discovery variant 2
- auth/metadata-var3 (13/13): Metadata discovery variant 3
- auth/scope-from-www-authenticate (14/14): Scope extraction from WWW-Authenticate header
- auth/scope-from-scopes-supported (14/14): Scope extraction from scopes_supported
- auth/scope-omitted-when-undefined (14/14): Scope omitted when not defined
- auth/scope-step-up (16/16): Scope step-up challenge
- auth/scope-retry-limit (11/11): Scope retry limit handling
- auth/token-endpoint-auth-basic (18/18): Token endpoint with HTTP Basic auth
- auth/token-endpoint-auth-post (18/18): Token endpoint with POST body auth
- auth/token-endpoint-auth-none (18/18): Token endpoint with no client auth
- auth/resource-mismatch (2/2): Resource mismatch handling
- auth/pre-registration (6/6): Pre-registered client credentials flow
- auth/basic-cimd (13/13 + 1 warning): Basic Client-Initiated Metadata Discovery — all checks pass, minor warning
- Client SSE Retry: Client doesn't parse or respect the
retry:field, reconnects immediately, and doesn't send Last-Event-ID header - Auth Basic CIMD: Minor conformance warning in the basic Client-Initiated Metadata Discovery flow
# Start server
./mvnw compile -pl conformance-tests/server-servlet -am exec:java
# Run tests (in another terminal)
npx @modelcontextprotocol/conformance server --url http://localhost:8080/mcp --suite active# Build
cd conformance-tests/client-jdk-http-client
../../mvnw clean package -DskipTests
# Run all scenarios
for scenario in initialize tools_call elicitation-sep1034-client-defaults sse-retry; do
npx @modelcontextprotocol/conformance client \
--command "java -jar target/client-jdk-http-client-1.1.0-SNAPSHOT.jar" \
--scenario $scenario
doneEnsure you run with the conformance testing suite 0.1.15 or higher.
# Build
cd conformance-tests/client-spring-http-client
../../mvnw clean package -DskipTests
# Run auth suite
npx @modelcontextprotocol/[email protected] client \
--spec-version 2025-11-25 \
--command "java -jar target/client-spring-http-client-1.1.0-SNAPSHOT.jar" \
--suite auth- Fix client SSE retry field handling in
HttpClientStreamableHttpTransport - Implement CIMD