Official MCP Go SDK
Official Go SDK for Model Context Protocol servers and clients, maintained by the MCP project in collaboration with Google, with packages for MCP, JSON-RPC, OAuth primitives, OAuth protected-resource metadata, clients, servers, transports, examples, and conformance work.
Open the source and read safety notes before installing.
Safety notes
- The official Go SDK is a protocol library; the risk is in the MCP clients, servers, tools, resources, prompts, and transports you build with it.
- Validate inputs, enforce capability checks, and bound side effects for every tool handler.
- Use local transports for local-only integrations, and add authentication, TLS, authorization, logging, and rate limits before exposing network transports.
- OAuth and protected-resource metadata are security-sensitive surfaces; test them against the current MCP specification and client expectations.
Privacy notes
- MCP clients and servers built with the SDK may expose request metadata, tool arguments, tool results, resource contents, prompt templates, OAuth state, errors, traces, and logs.
- Do not leak private resource contents, customer data, internal identifiers, tokens, privileged paths, or operational metadata in schemas, error messages, examples, or logs.
- Document which model provider, client, server, and transport can observe each request before deploying outside localhost.
Prerequisites
- Go toolchain compatible with the SDK's current `go.mod` requirement and Go support policy.
- A target MCP spec version and compatibility plan for the clients or servers you need to support.
- Authentication, authorization, and transport-security requirements for non-local MCP deployments.
- Reviewed tool, resource, prompt, and OAuth behavior before exposing production services.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 10 minutes
- Difficulty
- intermediate
- Pricing
- free
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- Cross-platform
Full copyable content
go get github.com/modelcontextprotocol/go-sdkAbout this resource
Overview
The official MCP Go SDK is the Model Context Protocol project's Go
implementation for building MCP clients and servers. The repository is
maintained by the modelcontextprotocol organization in collaboration with
Google and provides importable packages for MCP APIs, JSON-RPC transport work,
OAuth primitives, and protected-resource metadata extensions.
This entry covers the official SDK. The catalog may also include community Go
SDKs such as mark3labs/mcp-go; those remain viable alternatives, but this
source is the official SDK maintained under the Model Context Protocol project.
Core Capabilities
| Area | Official Go SDK Coverage |
|---|---|
| MCP APIs | github.com/modelcontextprotocol/go-sdk/mcp for constructing and using MCP clients and servers |
| JSON-RPC | github.com/modelcontextprotocol/go-sdk/jsonrpc for custom transport implementers |
| OAuth | auth primitives and oauthex extensions such as ProtectedResourceMetadata |
| Clients | mcp.NewClient, command transport usage, sessions, and tool calls |
| Servers | mcp.NewServer, tool registration, typed inputs/outputs, and stdio server examples |
| Spec Compatibility | README matrix for SDK versions and supported MCP specification versions |
| Examples | Example clients and servers in the repository |
Quick Start
Install the module:
go get github.com/modelcontextprotocol/go-sdk
A minimal server creates an MCP server, registers a typed tool, and runs over stdio:
package main
import (
"context"
"log"
"github.com/modelcontextprotocol/go-sdk/mcp"
)
type Input struct {
Name string `json:"name" jsonschema:"the name of the person to greet"`
}
type Output struct {
Greeting string `json:"greeting"`
}
func SayHi(ctx context.Context, req *mcp.CallToolRequest, input Input) (*mcp.CallToolResult, Output, error) {
return nil, Output{Greeting: "Hi " + input.Name}, nil
}
func main() {
server := mcp.NewServer(&mcp.Implementation{Name: "greeter", Version: "v1.0.0"}, nil)
mcp.AddTool(server, &mcp.Tool{Name: "greet", Description: "say hi"}, SayHi)
if err := server.Run(context.Background(), &mcp.StdioTransport{}); err != nil {
log.Fatal(err)
}
}
MCP Fit
Choose the official Go SDK when a Go application needs to track current MCP specification behavior closely, use official protocol types, or build clients and servers against the same project that maintains the protocol. It is a good fit for infrastructure teams, platform teams, and Go service owners adding MCP support to existing systems.
Because this is a protocol SDK, production safety depends on the handlers and transports you build. Treat each tool as an API endpoint and each resource as a model-visible data exposure.
Use Cases
- Add an MCP server to a Go service or CLI.
- Build an MCP client or test harness in Go.
- Implement a custom JSON-RPC transport around official MCP types.
- Prototype OAuth-protected MCP resources.
- Track compatibility with the current MCP specification version matrix.
- Compare official SDK behavior against community Go MCP SDKs.
Source Review
Verified on 2026-06-18:
- The upstream README identifies the repository as the official Go SDK for the Model Context Protocol.
- The README lists importable packages for
mcp,jsonrpc,auth, andoauthex, plus a version compatibility matrix for MCP specification support. go.moddeclares module pathgithub.com/modelcontextprotocol/go-sdk.- The license file documents the project's licensing transition to Apache-2.0 for new code/spec contributions, MIT for unrelicensed existing code, and CC-BY-4.0 for documentation contributions excluding specifications.
- pkg.go.dev resolves documentation for
github.com/modelcontextprotocol/go-sdk.
Safety and Privacy
The official SDK handles protocol mechanics; it does not make your tool surface safe by itself. Validate arguments, check user permissions, limit side effects, sanitize errors, and avoid exposing sensitive resources by default.
Network transports and OAuth flows should be threat-modeled before production. Document what data is visible to MCP clients, model providers, logs, traces, and resource servers for each deployment.
Duplicate Check
Checked current content/mcp/, content/tools/, content/skills/, open pull
requests, and repository-wide content for modelcontextprotocol/go-sdk,
official MCP Go SDK, Model Context Protocol Go SDK, Go MCP server official SDK,
Go MCP client official SDK, MCP JSON-RPC Go, and MCP OAuth Go SDK. Existing
work may cover the community mark3labs/mcp-go SDK, but no dedicated official
Go SDK entry, exact source URL duplicate, target file, or open duplicate PR was
found.
Source citations
Add this badge to your README
Show that Official MCP Go SDK is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/official-mcp-go-sdk)How it compares
Official MCP Go SDK side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Official MCP Go SDK Official Go SDK for Model Context Protocol servers and clients, maintained by the MCP project in collaboration with Google, with packages for MCP, JSON-RPC, OAuth primitives, OAuth protected-resource metadata, clients, servers, transports, examples, and conformance work. Open dossier | Official MCP C# SDK Official C# SDK for Model Context Protocol servers and clients, maintained by the MCP project in collaboration with Microsoft, with NuGet packages for core MCP APIs, hosting and dependency injection extensions, ASP.NET Core HTTP servers, samples, API documentation, and cross-application access support. Open dossier | Official MCP TypeScript SDK Official TypeScript SDK for Model Context Protocol clients and servers, with the production v1 `@modelcontextprotocol/sdk` package, active v2 server and client package work, Node.js, Bun, and Deno support, transports, OAuth helpers, tools, resources, prompts, examples, and API documentation. Open dossier | Official MCP Java SDK Official Java SDK for Model Context Protocol clients and servers, maintained in collaboration with Spring AI, with Java 17+ support, Maven artifacts, synchronous and asynchronous APIs, Reactive Streams, Project Reactor, JDK HttpClient, Servlet transport, JSON binding modules, and conformance tests. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools | tools |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | Model Context Protocol | Model Context Protocol | Model Context Protocol | Model Context Protocol |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI | CLI |
| Source repo | — | — | — | — |
| Safety notes | ✓The official Go SDK is a protocol library; the risk is in the MCP clients, servers, tools, resources, prompts, and transports you build with it. Validate inputs, enforce capability checks, and bound side effects for every tool handler. Use local transports for local-only integrations, and add authentication, TLS, authorization, logging, and rate limits before exposing network transports. OAuth and protected-resource metadata are security-sensitive surfaces; test them against the current MCP specification and client expectations. | ✓The official C# SDK is a protocol library; production risk comes from the MCP tools, resources, prompts, transports, and identity flows you implement with it. Treat every MCP tool handler as an API endpoint: validate arguments, enforce permissions, bound side effects, and sanitize errors. HTTP MCP servers need normal web-service controls, including authentication, TLS, request limits, logging policy, and abuse protections. Cross-application access and identity assertion flows are security-sensitive and should be tested against the current MCP specification and enterprise policy. | ✓The official TypeScript SDK is a protocol library; your MCP server's tool handlers, resources, prompts, transports, and auth logic determine the real risk. Treat every registered tool as a model-callable API endpoint and validate inputs, enforce permissions, bound side effects, and sanitize failures. HTTP and framework middleware deployments need host validation, authentication, TLS, request limits, logging policy, and abuse controls. The upstream main branch documents v2 pre-alpha work; use the production v1 package for stable deployments unless you intentionally accept alpha API churn. | ✓The official Java SDK is a protocol library; production risk comes from your MCP tools, resources, prompts, transports, authorization hooks, and framework integration. Validate tool inputs, enforce caller permissions, bound side effects, and avoid returning raw Java exceptions or internal stack details to MCP clients. Servlet, Spring, and remote transport deployments need authentication, TLS, request limits, observability policy, cancellation behavior, and abuse protection. Spring AI MCP security and annotation support may simplify integration, but application owners still need to review authorization, tenant boundaries, and data retention. |
| Privacy notes | ✓MCP clients and servers built with the SDK may expose request metadata, tool arguments, tool results, resource contents, prompt templates, OAuth state, errors, traces, and logs. Do not leak private resource contents, customer data, internal identifiers, tokens, privileged paths, or operational metadata in schemas, error messages, examples, or logs. Document which model provider, client, server, and transport can observe each request before deploying outside localhost. | ✓MCP clients and servers built with the SDK may expose tool arguments, tool results, resource contents, prompt templates, user identity assertions, errors, traces, and logs. Avoid leaking private resources, customer data, internal identifiers, tokens, privileged paths, or operational metadata in schemas, responses, examples, and logs. Document which MCP client, server, model provider, transport, and logging system can observe each request before production use. | ✓MCP clients and servers built with the SDK may expose tool arguments, tool results, resource contents, prompt templates, OAuth state, errors, traces, and logs. Avoid returning secrets, private file contents, customer data, privileged paths, internal identifiers, or operational metadata through schemas, examples, errors, or logs. Document which MCP client, server, model provider, transport, middleware layer, and logging system can observe each request. | ✓Java MCP clients and servers may expose tool arguments, tool results, resource contents, prompt templates, request metadata, correlation IDs, logs, traces, and authorization context. Avoid leaking secrets, customer data, private resources, internal identifiers, stack traces, privileged paths, or token values through schemas, responses, errors, or logs. Document which MCP client, server process, Java framework, model provider, transport, and observability system can observe each request. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.