fix(deps): update dependency fastmcp to v3

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
fastmcp	>=2.0.0,<3 → >=3.1.1,<4

---

Release Notes

PrefectHQ/fastmcp (fastmcp)

v3.1.1: : 'Tis But a Patch

Compare Source

Pins pydantic-monty<0.0.8 to fix a breaking change in Monty that affects code mode. Monty 0.0.8 removed the external_functions constructor parameter, causing MontySandboxProvider to fail. This patch caps the version so existing installs work correctly.

What's Changed

Fixes 🐞

• Pin pydantic-monty<0.0.8 to fix code mode by @​jlowin in #​3497

Full Changelog: PrefectHQ/fastmcp@v3.1.0...v3.1.1

v3.1.0: : Code to Joy

Compare Source

FastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer — 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist.

Code Mode

Standard MCP has two scaling problems. The entire tool catalog loads into context upfront — with a large server, that's tens of thousands of tokens before the LLM reads a single word of the user's request. And every tool call is a round-trip: the LLM calls a tool, the result flows back through the context window, the LLM reasons about it, calls another tool, and so on. Intermediate results that only exist to feed the next step still burn tokens every time.

CodeMode is an experimental transform that solves both. Instead of seeing your tool catalog directly, the LLM gets meta-tools: it searches for relevant tools on demand (using BM25), inspects their schemas, then writes Python that chains call_tool() calls in a sandbox and returns a final answer. Discovery is staged and targeted; intermediate results never touch the model's context window.

from fastmcp import FastMCP
from fastmcp.experimental.transforms.code_mode import CodeMode

mcp = FastMCP("Server", transforms=[CodeMode()])

Your existing tools don't change — CodeMode wraps them. The default three-stage flow (search → get schemas → execute) is configurable: collapse it to two stages for smaller catalogs, skip discovery entirely for tiny ones. The sandbox supports resource limits on time, memory, and recursion depth.

Read the docs here.

Search Transforms

Code Mode's discovery layer is also available as a standalone transform. SearchTools adds BM25 text search to any server — clients can query against tool names and descriptions and receive ranked results, without needing to know tool names upfront. This is useful anywhere the tool catalog is large, dynamic, or not known in advance.

Prefab Apps

3.1 adds early integration with Prefab, a frontend framework with a Python DSL that compiles to React. The vision: Python developers building MCP servers shouldn't have to leave Python to ship a proper UI. Prefab is still under very active development (their words: "probably shouldn't use it yet"), but the integration is here, the pieces are aligning, and 3.2 is where this gets interesting.

Auth Additions

MultiAuth lets you compose multiple token verification sources into a single auth layer — useful when you need to accept tokens from more than one provider (e.g., internal JWTs alongside a third-party OAuth provider). This release also adds out-of-the-box support for PropelAuth and a Google GenAI sampling handler.

Under the Hood

Heavy imports are now lazy-loaded, meaningfully reducing startup time for servers that don't use every feature. fastmcp run and dev inspector gain a -m/--module flag for module-style invocation, MCPConfigTransport now correctly persists sessions across tool calls, and search_result_serializer gives you a hook to customize how search results are serialized for markdown output. Eight new contributors, and the usual round of fixes.

What's Changed

New Features 🎉

• feat: Search transforms for tool discovery by @​jlowin in #​3154
• Add experimental CodeMode transform by @​aaazzam in #​3297
• Add Prefab Apps integration for MCP tool UIs by @​jlowin in #​3316

Enhancements 🔧

• Lazy-load heavy imports to reduce import time by @​jlowin in #​3295
• Add http_client parameter to all token verifiers for connection pooling by @​jlowin in #​3300
• Add in-memory caching for token introspection results by @​jlowin in #​3298
• Add SessionStart hook to install gh CLI in cloud sessions by @​jlowin in #​3308
• Fix ty 0.0.19 type errors by @​jlowin in #​3310
• Code Mode: Add resource limits to MontySandboxProvider by @​jlowin in #​3326
• Accept transforms as FastMCP init kwarg by @​jlowin in #​3324
• Split large test files to comply with loq line limit by @​jlowin in #​3328
• Add -m/--module flag to fastmcp run and dev inspector by @​dgenio in #​3331
• Add search_result_serializer hook and serialize_tools_for_output_markdown by @​MagnusS0 in #​3337
• Add MultiAuth for composing multiple token verification sources by @​jlowin in #​3335
• Adds PropelAuth as an AuthProvider by @​andrew-propelauth in #​3358
• Replace vendored DI with uncalled-for by @​chrisguidry in #​3301
• Decompose CodeMode into composable discovery tools by @​jlowin in #​3354
• feat(contrib): auto-sync MCPMixin decorators with from_function signatures by @​AnkeshThakur in #​3323
• Add Google GenAI Sampling Handler by @​strawgate in #​2977
• Add ListTools, search limit, and catalog size annotation to CodeMode by @​jlowin in #​3359
• Allow configuring FastMCP transport setting in the same way as other configuration by @​jvdmr in #​1796
• Add include_unversioned option to VersionFilter by @​yangbaechu in #​3349

Fixes 🐞

• Fix docs banner pushing nav down by @​jlowin in #​3282
• fix: Replace hardcoded TTL with DEFAULT_TTL_MS - issue #​3279 by @​cedric57 in #​3280
• fix: stop suppressing server stderr in fastmcp call by @​jlowin in #​3283
• fix: skip max_completion_tokens when maxTokens is None by @​eon01 in #​3284
• OpenAPI: rewrite $ref under propertyNames and patternProperties in _replace_ref_with_defs; add regression test for dict[StrEnum, Model] by @​manojPal23234 in #​3306
• Remove stale add_resource() key parameter from docs by @​jlowin in #​3309
• Handle AuthorizationError as exclusion in AuthMiddleware list hooks by @​yangbaechu in #​3338
• Fix flaky OpenAPI performance test threshold by @​jlowin in #​3355
• Fix flaky SSE timeout test by @​jlowin in #​3343
• Remove system role references from docs by @​jlowin in #​3356
• Fix session persistence across tool calls in multi-server MCPConfigTransport by @​jer805 in #​3330

Docs 📚

• Add v3.0.2 release notes by @​jlowin in #​3276
• Fix "FastMCP Constructor Parameters" in documentation server.mdx (Remove old parameters & Add new parameter) by @​wangyy04 in #​3317
• Fix stale docs: tag filtering API and missing output_schema param by @​jlowin in #​3322
• Narrate search example clients by @​jlowin in #​3321
• Code Mode: Document resource limits and fix docs formatting by @​jlowin in #​3327
• Add reverse proxy (nginx) section to HTTP deployment docs by @​dgenio in #​3344
• Restructure docs navigation: CLI section, Composition, More by @​jlowin in #​3361

Other Changes 🦾

• Don't advertise sampling.tools capability by default by @​jlowin in #​3334

New Contributors

• @​cedric57 made their first contribution in #​3280
• @​eon01 made their first contribution in #​3284
• @​manojPal23234 made their first contribution in #​3306
• @​wangyy04 made their first contribution in #​3317
• @​yangbaechu made their first contribution in #​3338
• @​andrew-propelauth made their first contribution in #​3358
• @​jer805 made their first contribution in #​3330
• @​jvdmr made their first contribution in #​1796

Full Changelog: PrefectHQ/fastmcp@v3.0.2...v3.1.0

v3.0.2: : Threecovery Mode II

Compare Source

Two community-contributed fixes: auth headers from MCP transport no longer leak through to downstream OpenAPI APIs, and background task workers now correctly receive the originating request ID. Plus a new docs example for context-aware tool factories.

What's Changed

Fixes 🐞

• fix: prevent MCP transport auth header from leaking to downstream OpenAPI APIs (#​3260) by @​stakeswky in #​3262
• fix: propagate origin_request_id to background task workers by @​gfortaine in #​3175

Docs 📚

• Add v3.0.1 release notes by @​jlowin in #​3259
• docs: add context-aware tool factory example by @​machov in #​3264

New Contributors

• @​stakeswky made their first contribution in #​3262
• @​machov made their first contribution in #​3264

Full Changelog: PrefectHQ/fastmcp@v3.0.1...v3.0.2

v3.0.1: : Threecovery Mode

Compare Source

First patch after 3.0 — mostly smoothing out rough edges discovered in the wild. The big ones: middleware state that wasn't surviving the trip to tool handlers now does, Tool.from_tool() accepts callables again, OpenAPI schemas with circular references no longer crash discovery, and decorator overloads now return the correct types in function mode. Also adds verify_id_token to OIDCProxy for providers (like some Azure AD configs) that issue opaque access tokens but standard JWT id_tokens.

What's Changed

Enhancements 🔧

• Add verify_id_token option to OIDCProxy by @​jlowin in #​3248

Fixes 🐞

• Fix v3.0.0 changelog compare link by @​jlowin in #​3223
• Fix MDX parse error in upgrade guide prompts by @​jlowin in #​3227
• Fix non-serializable state lost between middleware and tools by @​jlowin in #​3234
• Accept callables in Tool.from_tool() by @​jlowin in #​3235
• Preserve skill metadata through provider wrapping by @​jlowin in #​3237
• Fix circular reference crash in OpenAPI schemas by @​jlowin in #​3245
• Fix NameError with future annotations and Context/Depends parameters by @​jlowin in #​3243
• Fix ty ignore syntax in OpenAPI provider by @​jlowin in #​3253
• Use max_completion_tokens instead of deprecated max_tokens in OpenAI handler by @​jlowin in #​3254
• Fix ty compatibility with upgraded deps by @​jlowin in #​3257
• Fix decorator overload return types for function mode by @​jlowin in #​3258

Docs 📚

• Sync README with welcome.mdx, fix install count by @​jlowin in #​3224
• Document dict-to-Message prompt migration in upgrade guides by @​jlowin in #​3225
• Fix v2 upgrade guide: remove incorrect v1 import advice by @​jlowin in #​3226
• Animated banner by @​jlowin in #​3231
• Document mounted server state store isolation in upgrade guide by @​jlowin in #​3236

Full Changelog: PrefectHQ/fastmcp@v3.0.0...v3.0.1

v3.0.0: : Three at Last

Compare Source

FastMCP 3.0 is stable. Two betas, two release candidates, 21 new contributors, and more than 100,000 pre-release installs later — the architecture held up, the upgrade path was smooth, and we're shipping it.

The surface API is largely unchanged — @mcp.tool() still works exactly as before. What changed is everything underneath: a provider/transform architecture that makes FastMCP extensible, observable, and composable in ways v2 couldn't support. If we did our jobs right, you'll barely notice the redesign. You'll just notice that more is possible.

This is also the release where FastMCP moves from jlowin/fastmcp to PrefectHQ/fastmcp. GitHub forwards all links, PyPI is the same, imports are the same. A major version felt like the right moment to make it official.

Build servers from anything

🔌 Components no longer have to live in one file with one server. FileSystemProvider discovers tools from directories with hot-reload. OpenAPIProvider wraps REST APIs. ProxyProvider proxies remote MCP servers. SkillsProvider delivers agent skills as resources. Write your own provider for whatever source makes sense. Compose multiple providers into one server, share one across many, or chain them with transforms that rename, namespace, filter, version, and secure components as they flow to clients. ResourcesAsTools and PromptsAsTools expose non-tool components to tool-only clients.

Ship to production

🔐 Component versioning: serve @tool(version="2.0") alongside older versions from one codebase. Granular authorization on individual components with async auth checks, server-wide policies via AuthMiddleware, and scope-based access control. OAuth gets CIMD, Static Client Registration, Azure OBO via dependency injection, JWT audience validation, and confused-deputy protections. OpenTelemetry tracing with MCP semantic conventions. Response size limiting. Background tasks with distributed Redis notification and ctx.elicit() relay. Security fixes include dropping diskcache (CVE-2025-69872) and upgrading python-multipart and protobuf for additional CVEs.

Adapt per session

💾 Session state persists across requests via ctx.set_state() / ctx.get_state(). ctx.enable_components() and ctx.disable_components() let servers adapt dynamically per client — show admin tools after authentication, progressively reveal capabilities, or scope access by role.

Develop faster

⚡ --reload auto-restarts on file changes. Standalone decorators return the original function, so decorated tools stay callable in tests and non-MCP contexts. Sync functions auto-dispatch to a threadpool. Tool timeouts, MCP-compliant pagination, composable lifespans, PingMiddleware for keepalive, and concurrent tool execution when the LLM returns multiple calls in one response.

Use FastMCP as a CLI

🖥️ fastmcp list and fastmcp call query and invoke tools on any server from a terminal. fastmcp discover scans your editor configs (Claude Desktop, Cursor, Goose, Gemini CLI) and finds configured servers by name. fastmcp generate-cli writes a standalone typed CLI where every tool is a subcommand. fastmcp install registers your server with Claude Desktop, Cursor, or Goose in one command.

Build apps (3.1 preview)

📱 Spec-level support for MCP Apps is in: ui:// resource scheme, typed UI metadata via AppConfig, extension negotiation, and runtime detection. The full Apps experience lands in 3.1.

---

If you hit 3.0 because you didn't pin your dependencies and something breaks — the upgrade guides will get you sorted. We minimized breaking changes, but a major version is a major version.

pip install fastmcp -U

📖 Documentation
🚀 Upgrade from FastMCP v2
🔀 Upgrade from MCP Python SDK
📰 What's New in FastMCP 3.0

What's Changed

New Features 🎉

• Refactor resource behavior and add meta support by @​jlowin in #​2611
• Refactor prompt behavior and add meta support by @​jlowin in #​2610
• feat: Provider abstraction for dynamic MCP components by @​jlowin in #​2622
• Unify component storage in LocalProvider by @​jlowin in #​2680
• Introduce ResourceResult as canonical resource return type by @​jlowin in #​2734
• Introduce Message and PromptResult as canonical prompt types by @​jlowin in #​2738
• Add --reload flag for auto-restart on file changes by @​jlowin in #​2816
• Add FileSystemProvider for filesystem-based component discovery by @​jlowin in #​2823
• Add standalone decorators and eliminate fastmcp.fs module by @​jlowin in #​2832
• Add authorization checks to components and servers by @​jlowin in #​2855
• Decorators return functions instead of component objects by @​jlowin in #​2856
• Add transform system for modifying components in provider chains by @​jlowin in #​2836
• Add OpenTelemetry tracing support by @​chrisguidry in #​2869
• Add component versioning and VersionFilter transform by @​jlowin in #​2894
• Add version discovery and calling a certain version for components by @​jlowin in #​2897
• Refactor visibility to mark-based enabled system by @​jlowin in #​2912
• Add session-specific visibility control via Context by @​jlowin in #​2917
• Add Skills Provider for exposing agent skills as MCP resources by @​jlowin in #​2944
• Add MCP Apps Phase 1 — SDK compatibility (SEP-1865) by @​jlowin in #​3009
• Add fastmcp list and fastmcp call CLI commands by @​jlowin in #​3054
• Add fastmcp generate-cli command by @​jlowin in #​3065
• Add CIMD (Client ID Metadata Document) support for OAuth by @​jlowin in #​2871

Enhancements 🔧

• Convert mounted servers to MountedProvider by @​jlowin in #​2635
• Simplify .key as computed property by @​jlowin in #​2648
• Refactor MountedProvider into FastMCPProvider + TransformingProvider by @​jlowin in #​2653
• Enable background task support for custom component subclasses by @​jlowin in #​2657
• Use CreateTaskResult for background task creation by @​jlowin in #​2660
• Refactor provider execution: components own their execution by @​jlowin in #​2663
• Add supports_tasks() method to replace string mode checks by @​jlowin in #​2664
• Replace type: ignore[attr-defined] with isinstance assertions in tests by @​jlowin in #​2665
• Add poll_interval to TaskConfig by @​jlowin in #​2666
• Refactor task module: rename protocol.py to requests.py and reduce redundancy by @​jlowin in #​2667
• Refactor FastMCPProxy into ProxyProvider by @​jlowin in #​2669
• Move OpenAPI to providers/openapi submodule by @​jlowin in #​2672
• Use ergonomic provider initialization pattern by @​jlowin in #​2675
• Fix ty 0.0.5 type errors by @​jlowin in #​2676
• Remove execution methods from Provider base class by @​jlowin in #​2681
• Add type-prefixed keys for globally unique component identification by @​jlowin in #​2704
• Skip parallel MCP config test on Windows by @​jlowin in #​2711
• Consolidate notification system with unified API by @​jlowin in #​2710
• Skip test_multi_client on Windows by @​jlowin in #​2714
• Parallelize provider operations by @​jlowin in #​2716
• Consolidate get_* and list* methods into single API by @​jlowin in #​2719
• Consolidate execution method chains into single public API by @​jlowin in #​2728
• Add documentation check to required PR workflow by @​jlowin in #​2730
• Parallelize list_* calls in Provider.get_tasks() by @​jlowin in #​2731
• Consistent decorator-based MCP handler registration by @​jlowin in #​2732
• Make ToolResult a BaseModel for serialization support by @​jlowin in #​2736
• Align prompt handler with resource pattern by @​jlowin in #​2740
• Update classes to inherit from FastMCPBaseModel instead of BaseModel by @​jlowin in #​2739
• Convert provider tests to use direct server calls by @​jlowin in #​2748
• Add explicit task_meta parameter to FastMCP.call_tool() by @​jlowin in #​2749
• Add task_meta parameter to read_resource() for explicit task control by @​jlowin in #​2750
• Add task_meta to prompts and centralize fn_key enrichment by @​jlowin in #​2751
• Remove unused include_tags/exclude_tags settings by @​jlowin in #​2756
• Parallelize provider access when executing components by @​jlowin in #​2744
• Add tests for OAuth generator cleanup and use aclosing by @​jlowin in #​2759
• Deprecate tool_serializer parameter by @​jlowin in #​2753
• Feature/supabase custom auth route by @​EloiZalczer in #​2632
• Add regression tests for caching with mounted server prefixes by @​jlowin in #​2762
• Update CLI banner with FastMCP 3.0 notice by @​jlowin in #​2766
• Make FASTMCP_SHOW_SERVER_BANNER apply to all server startup methods by @​jlowin in #​2771
• Add MCP tool annotations to smart_home example by @​bryankthompson in #​2777
• Cherry-pick debug logging for OAuth token expiry to main by @​jlowin in #​2797
• Turn off negative CLI flags by default by @​jlowin in #​2801
• Configure ty to fail on warnings by @​jlowin in #​2804
• Dereference $ref in tool schemas for MCP client compatibility by @​jlowin in #​2814
• Add v3.0 feature tracking document by @​jlowin in #​2822
• Remove deprecated WSTransport by @​jlowin in #​2826
• Add composable lifespans by @​jlowin in #​2828
• Replace FastMCP.as_proxy() with create_proxy() function by @​jlowin in #​2829
• Add docs-broken-links command and fix docstring markdown parsing by @​jlowin in #​2830
• Add PingMiddleware for keepalive connections by @​jlowin in #​2838
• Add CLI update notifications by @​jlowin in #​2840
• Add agent skills for testing and code review by @​jlowin in #​2846
• Add loq pre-commit hook for file size enforcement by @​jlowin in #​2847
• Add transport property to Context by @​jlowin in #​2850
• Add loq file size limits and clean up type ignores by @​jlowin in #​2859
• Run sync tools/resources/prompts in threadpool automatically by @​jlowin in #​2865
• Add timeout parameter for tool foreground execution by @​jlowin in #​2872
• Adopt OpenTelemetry MCP semantic conventions by @​chrisguidry in #​2886
• Add client_secret_post authentication to IntrospectionTokenVerifier by @​shulkx in #​2884
• Add enable_rich_logging setting to disable rich formatting by @​strawgate in #​2893
• Rename _fastmcp metadata namespace to fastmcp and make non-optional by @​jlowin in #​2895
• Refactor FastMCP to inherit from Provider by @​jlowin in #​2901
• Swap public/private method naming in Provider by @​jlowin in #​2902
• Add MCP-compliant pagination support by @​jlowin in #​2903
• Support VersionSpec in enable/disable for range-based filtering by @​jlowin in #​2914
• Remove sync notification infrastructure by @​jlowin in #​2915
• Immutable transform wrapping for providers by @​jlowin in #​2913
• Unify discovery API: deduplicate at protocol layer only by @​jlowin in #​2919
• Split transports.py into modular structure by @​jlowin in #​2921
• Move session visibility logic to enabled.py by @​jlowin in #​2924
• Refactor Client class into mixins and add timeout utilities by @​jlowin in #​2933
• Refactor OAuthProxy into focused modules by @​jlowin in #​2935
• Refactor LocalProvider into mixin modules by @​jlowin in #​2936
• Refactor server.py into mixins by @​jlowin in #​2939
• Consolidate test fixtures and refactor large test files by @​jlowin in #​2941
• Refactor transform list methods to pure function pattern by @​jlowin in #​2942
• Add ResourcesAsTools transform by @​jlowin in #​2943
• Add PromptsAsTools transform by @​jlowin in #​2946
• Add client utilities for downloading skills by @​jlowin in #​2948
• Rename Enabled transform to Visibility by @​jlowin in #​2950
• Make duplicate bot less aggressive by @​jlowin in #​2981
• Remove uv lockfile monitoring from Dependabot by @​jlowin in #​2986
• Run static checks with --upgrade, remove lockfile check by @​jlowin in #​2988
• Adjust workflow triggers for Marvin by @​strawgate in #​3010
• Move tests to a reusable action and enable nightly checks by @​strawgate in #​3017
• feat: option to add upstream claims to the FastMCP proxy JWT by @​JonasKs in #​2997
• Fix ty 0.0.14 compatibility and upgrade dependencies by @​jlowin in #​3027
• fix: automatically include offline_access as a scope in the Azure provider to enable automatic token refreshing by @​JonasKs in #​3001
• feat: expand --reload to watch frontend file types by @​jlowin in #​3028
• Add fastmcp install stdio command by @​jlowin in #​3032
• Update martian-issue-triage.yml for Workflow editing guidance by @​strawgate in #​3033
• feat: Goose integration + dedicated install command by @​jlowin in #​3040
• [Doc]: fixing spelling issues in multiple files by @​didier-durand in #​2996
• Add fastmcp discover and name-based server resolution by @​jlowin in #​3055
• feat(context): Add background task support for Context (SEP-1686) by @​gfortaine in #​2905
• Add server version to banner by @​richardkmichael in #​3076
• Add @​handle_tool_errors decorator for standardized error handling by @​dgenio in #​2885
• Update Anthropic and OpenAI clients to use Omit instead of NotGiven by @​jlowin in #​3088
• Add ResponseLimitingMiddleware for tool response size control by @​dgenio in #​3072
• Infer MIME types from OpenAPI response definitions by @​jlowin in #​3101
• Remove require_auth in favor of scope-based authorization by @​jlowin in #​3103
• generate-cli: auto-generate SKILL.md agent skill by @​jlowin in #​3115
• Scope Martian triage to bug-labeled issues for jlowin by @​jlowin in #​3124
• Add Azure OBO dependencies, auth token injection, and documentation by @​jlowin in #​2918
• feat: add Static Client Registration (#​3085) by @​martimfasantos in #​3086
• Add concurrent tool execution with sequential flag by @​strawgate in #​3022
• Add validate_output option for OpenAPI tools by @​jlowin in #​3134
• Relay task elicitation through standard MCP protocol by @​chrisguidry in #​3136
• Bump py-key-value-aio to >=0.4.0,<0.5.0 by @​strawgate in #​3143
• Support async auth checks by @​jlowin in #​3152
• Make $ref dereferencing optional via FastMCP(dereference_refs=...) by @​jlowin in #​3151
• Expose local_provider property, deprecate FastMCP.remove_tool() by @​jlowin in #​3155
• Add helpers for converting FunctionTool and TransformedTool to SamplingTool by @​strawgate in #​3062
• Updates to github actions / workflows for claude by @​strawgate in #​3157
• Minimize resolved review threads in PRs by @​strawgate in #​3200
• Exclude auto-generated python-sdk docs from CodeRabbit reviews by @​jlowin in #​3206
• Update repository references for transfer to prefecthq by @​jlowin in #​3207
• Fix MDX parsing error and update card images by @​jlowin in #​3213

Fixes 🐞

• Let FastMCPError propagate from dependencies by @​chrisguidry in #​2646
• Fix task execution for tools with custom names by @​chrisguidry in #​2645
• fix: check the cause of the tool error by @​rjolaverria in #​2674
• Bump pydocket to 0.16.3 for task cancellation support by @​chrisguidry in #​2683
• Fix uvicorn 0.39+ test timeouts and FastMCPError propagation by @​jlowin in #​2699
• Fix Prefect website URL in docs footer by @​mgoldsborough in #​2701
• Fix: resolve root-level $ref in outputSchema for MCP spec compliance by @​majiayu000 in #​2720
• Fix Provider.get_tasks() to include custom component subclasses by @​jlowin in #​2729
• Fix Proxy provider to return all resource contents by @​jlowin in #​2742
• Fix prompt return type documentation by @​jlowin in #​2741
• fix: Client OAuth async_auth_flow() method causing MCP-SDK self.context.lock error. by @​lgndluke in #​2644
• Fix rate limit detection during teardown phase by @​jlowin in #​2757
• fix: set pytest-asyncio default fixture loop scope to function by @​jlowin in #​2758
• Fix OAuth Proxy resource parameter validation by @​jlowin in #​2764
• [BugFix] Fix openapi_version Check So 3.1 Is Included by @​deeleeramone in #​2768
• Fix titled enum elicitation schema to comply with MCP spec by @​jlowin in #​2773
• Fix base_url fallback when url is not set by @​bhbs in #​2776
• Lazy import DiskStore to avoid sqlite3 dependency on import by @​jlowin in #​2784
• Fix OAuth token storage TTL calculation by @​jlowin in #​2796
• Use consistent refresh_ttl for JTI mapping store by @​jlowin in #​2799
• Return 401 for invalid_grant token errors per MCP spec by @​jlowin in #​2800
• Fix client hanging on HTTP 4xx/5xx errors by @​jlowin in #​2803
• Fix unawaited coroutine warning and treat as test error by @​jlowin in #​2806
• Fix keep_alive passthrough in StdioMCPServer.to_transport() by @​jlowin in #​2791
• Dereference $ref in tool schemas for MCP client compatibility by @​jlowin in #​2808
• Prefix Redis keys with docket name for ACL isolation by @​chrisguidry in #​2811
• fix smart_home example: HueAttributes schema and deprecated prefix by @​zzstoatzz in #​2818
• Fix redirect URI validation docs to match implementation by @​jlowin in #​2824
• Fix timeout not propagating to proxy clients in multi-server MCPConfig by @​jlowin in #​2809
• Fix ContextVar propagation for ASGI-mounted servers with tasks by @​chrisguidry in #​2844
• Fix HTTP transport timeout defaulting to 5 seconds by @​jlowin in [#​2849](https://redirect.github.com/PrefectHQ/fastmcp/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud