48 days until the 2026-07-28 cutover
Is your MCP server ready for July 28, 2026?
Paste your remote server's URL. We run six read-only JSON-RPC probes against it and score the machine-verifiable breaking changes from the 07-28 release candidate. Free, no signup, nothing stored.
~10 seconds · six read-only JSON-RPC probes · nothing stored ·
What the audit checks
Protocol negotiation SEP-2575
We send initialize with protocolVersion 2026-07-28 and report whether your server negotiates gracefully, already speaks the RC version, or errors out.
Session dependence SEP-2567
We check whether initialize issues an Mcp-Session-Id, and whether a fresh sessionless request still works — on 07-28, clients stop sending session IDs entirely.
Mcp-* headers SEP-2243
We send the new mandatory Mcp-Method header and verify nothing on your request path blocks it, then send a header/body mismatch to see whether you already enforce the RC's rejection rule.
Error codes SEP-2164
We elicit error responses and look for the legacy -32002 code, which the RC replaces with the standard -32602.
Deprecated capabilities SEP-2577
We inspect the capabilities your server advertises for roots, sampling, and logging — all three are deprecated with 12-month removal windows.
What it can't check
A remote probe cannot see your code. Session-keyed application state, OAuth and protected-resource metadata correctness, long-lived SSE push flows, and error paths we didn't happen to trigger all require a code-level audit — those checks report unknown rather than a guess. The full breaking-change list, with migration steps for each, is in the migration guide.