Model Context Protocol Updates Bring Structured Output, Security Improvements, and Elicitation Support

The Model Context Protocol (MCP) specification has received a significant update with its latest revision dated 2025-06-18. The changes reflect the protocol’s ongoing evolution as a foundation for structured communication between AI systems, tools, and clients.

Here are the main updates worth noting:

MCP
Model Context Protocol Updates Bring Structured Output, Security Improvements, and Elicitation Support

Key Changes

1. JSON-RPC Batching Removed MCP no longer supports batching of JSON-RPC calls. This simplifies client-server interactions and reduces complexity on the server side, though it may require minor rework for clients previously using batched requests for performance.

2. Structured Tool Output Introduced Tool responses can now be returned in a structured format. This change allows client applications to more reliably interpret results, particularly when dealing with complex tools or workflows.

3. OAuth Resource Server Model Adopted MCP servers are now formally defined as OAuth 2.0 Resource Servers. They publish metadata that allows clients to discover the correct Authorization Server. This aligns MCP with industry-standard practices for access management.

4. Resource Indicators Required Clients are now required to use RFC 8707 Resource Indicators. This helps ensure access tokens are scoped to the correct resource, improving protection against token misuse.

5. Elicitation Support Added The protocol introduces a mechanism for elicitation, which allows servers to request additional input from users during an interaction. This is useful for handling incomplete or ambiguous requests in a structured way.

6. Resource Links in Tool Responses Tool outputs can now include links to related resources, helping clients present follow-up actions or contextual information to users more effectively.

7. MCP Protocol Version Header Required Clients using HTTP must now include an MCP-Protocol-Version header after version negotiation. This ensures consistency in behavior across sessions.

8. Lifecycle Operation Made Mandatory A previously recommended behavior in lifecycle operations is now mandatory, strengthening compliance expectations between clients and servers.

Schema Enhancements

  • A _meta field is now available in more interface types for attaching auxiliary information.
  • A context field was added to CompletionRequest, allowing inclusion of resolved variables across multiple interactions.
  • A title field was introduced to distinguish human-readable labels from machine-readable name fields.

Security Guidance Expanded

The update also expands the security section of the specification and introduces a new page on best practices. Topics include token handling, authorization boundaries, and resource isolation — all aimed at reducing implementation risks.

Summary

This MCP revision focuses on streamlining the protocol, improving interoperability, and reinforcing security. The removal of JSON-RPC batching simplifies communication models, while structured output and elicitation improve flexibility and clarity in tool-driven workflows.

For developers building on top of the MCP — whether for model orchestration, agent frameworks, or tool integrations — this update provides both stability and clearer guidance. The full changelog is available on GitHub.

Continue the conversation on Slack

Did this article spark your interest? Join our community of experts and enthusiasts to dive deeper, ask questions, and share your ideas.

Join our community

Related Articles

Claude Code: Remote MCP Servers for Streamlined Development

Claude Code: Remote MCP Servers for Streamlined Development

Anthropic has introduced support for remote MCP servers in Claude Code, enabling developers to connect their preferred tools and data sources for a more personalized coding experience, all without the complexities of managing local servers.

1 shared tag