Official MCP Kotlin SDK
Official Kotlin Multiplatform SDK for Model Context Protocol clients and servers, maintained in collaboration with JetBrains, with JVM, Native, JS, and Wasm targets, coroutine APIs, Gradle artifacts, Ktor integration, stdio, SSE, Streamable HTTP, WebSocket, tools, resources, prompts, sampling, and roots.
Open the source and read safety notes before installing.
Safety notes
- The official Kotlin SDK is a protocol library; risk comes from your MCP tools, resources, prompts, transports, Ktor engine choices, and server deployment.
- Validate all tool inputs, enforce caller permissions, bound file and network access, and sanitize errors before returning MCP responses.
- HTTP, SSE, Streamable HTTP, WebSocket, and Ktor deployments need authentication, TLS, CORS/host review, request limits, logging policy, and abuse protection.
- Kotlin Multiplatform targets can behave differently across JVM, Native, JS, and Wasm; test transport and serialization behavior on the exact target you ship.
Privacy notes
- Kotlin MCP clients and servers may expose tool arguments, tool results, resource contents, prompt templates, transport metadata, coroutine errors, logs, and traces.
- Avoid leaking secrets, customer data, private resources, internal identifiers, privileged paths, or raw stack traces through schemas, responses, errors, or logs.
- Document which MCP client, server target, Ktor engine, model provider, transport, and observability system can observe each request.
Prerequisites
- Kotlin 2.2+ project with Gradle and Maven Central configured.
- A selected target set: JVM, Native, JS, Wasm, or Kotlin Multiplatform common code.
- Ktor client or server engine dependencies when using HTTP, SSE, or Streamable HTTP transports.
- Authorization, side-effect, and data-exposure boundaries for production MCP tools and resources.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 20 minutes
- Difficulty
- intermediate
- Pricing
- free
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- Cross-platform
Full copyable content
dependencies {
implementation("io.modelcontextprotocol:kotlin-sdk:0.13.0")
}About this resource
Overview
The official MCP Kotlin SDK is the Model Context Protocol project's Kotlin
Multiplatform implementation for building MCP clients and servers. It is
maintained under the modelcontextprotocol organization in collaboration with
JetBrains and publishes Gradle/Maven artifacts under io.modelcontextprotocol.
The SDK targets JVM, Native, JS, and Wasm, which makes it useful for teams that want one Kotlin codebase to cover local tools, backend services, desktop-adjacent clients, and multiplatform agent infrastructure.
Gradle Dependency
For the umbrella SDK artifact:
dependencies {
implementation("io.modelcontextprotocol:kotlin-sdk:0.13.0")
}
For smaller dependency surfaces, upstream also documents:
dependencies {
implementation("io.modelcontextprotocol:kotlin-sdk-client:0.13.0")
implementation("io.modelcontextprotocol:kotlin-sdk-server:0.13.0")
}
MCP Fit
Choose the official Kotlin SDK when you need MCP support in Kotlin Multiplatform, JVM, Ktor, or JetBrains-oriented environments. It is a strong fit for Kotlin service teams, multiplatform tool builders, Android-adjacent experiments, and JVM teams that prefer coroutine-first APIs.
Because the SDK supports multiple runtime targets and transports, production review should happen per target. A safe JVM server configuration does not prove the same behavior on Native, JS, or Wasm.
Core Capabilities
| Area | Kotlin SDK Coverage |
|---|---|
| Artifacts | kotlin-sdk, kotlin-sdk-client, and kotlin-sdk-server |
| Targets | JVM, Native, JS, and Wasm through Kotlin Multiplatform |
| Transports | stdio, SSE, Streamable HTTP, WebSocket, and ChannelTransport for testing |
| Server features | Tools, resources, prompts, completion, logging, and pagination |
| Client features | Roots, sampling, and server interaction APIs |
| Runtime integration | Ktor client/server dependencies supplied by the application |
Use Cases
- Add an MCP server to a Kotlin or JVM service.
- Build a Kotlin MCP client for agent tooling or internal automation.
- Share MCP protocol code across JVM, Native, JS, and Wasm targets.
- Wire Streamable HTTP or SSE support through Ktor.
- Use client-only or server-only artifacts to reduce dependency scope.
- Test MCP behavior with ChannelTransport before exposing a real transport.
Source Review
Verified on 2026-06-18:
- The upstream repository description identifies it as the official Kotlin SDK for Model Context Protocol clients and servers, maintained in collaboration with JetBrains.
- The README describes a Kotlin Multiplatform SDK for MCP targeting JVM, Native, JS, and Wasm.
- The README documents artifacts for umbrella, client-only, and server-only SDK usage.
- The README covers stdio, SSE, Streamable HTTP, WebSocket, ChannelTransport, tools, resources, prompts, completion, logging, pagination, roots, and sampling.
gradle.propertiesdeclares groupio.modelcontextprotocoland version0.13.0.- The license file documents the MCP project's license transition terms for Apache-2.0, MIT, and CC-BY-4.0 documentation contributions.
Safety and Privacy
Kotlin MCP applications often bridge JVM services, Ktor servers, local tools, and multiplatform clients. Keep tool schemas narrow, validate all inputs, check user authorization, and avoid exposing private data through resources or error paths.
Review each target and transport separately. Ktor engine choices, browser-like targets, Native builds, WebSocket/SSE behavior, and logging pipelines can all change the practical privacy boundary.
Duplicate Check
Checked current content/mcp/, content/tools/, content/skills/, open pull
requests, and repository-wide content for modelcontextprotocol/kotlin-sdk,
official MCP Kotlin SDK, Model Context Protocol Kotlin SDK, Kotlin Multiplatform
MCP, Kotlin MCP server SDK, Kotlin MCP client SDK, JetBrains MCP Kotlin,
io.modelcontextprotocol:kotlin-sdk, and Ktor MCP server. Existing JetBrains
content covers the JetBrains IDE MCP server, not this SDK. No dedicated official
Kotlin SDK entry, exact source URL duplicate, target file, or open duplicate PR
was found.
Source citations
Add this badge to your README
Show that Official MCP Kotlin SDK is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/official-mcp-kotlin-sdk)How it compares
Official MCP Kotlin SDK side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Official MCP Kotlin SDK Official Kotlin Multiplatform SDK for Model Context Protocol clients and servers, maintained in collaboration with JetBrains, with JVM, Native, JS, and Wasm targets, coroutine APIs, Gradle artifacts, Ktor integration, stdio, SSE, Streamable HTTP, WebSocket, tools, resources, prompts, sampling, and roots. Open dossier | Official MCP C# SDK Official C# SDK for Model Context Protocol servers and clients, maintained by the MCP project in collaboration with Microsoft, with NuGet packages for core MCP APIs, hosting and dependency injection extensions, ASP.NET Core HTTP servers, samples, API documentation, and cross-application access support. Open dossier | Official MCP Go SDK Official Go SDK for Model Context Protocol servers and clients, maintained by the MCP project in collaboration with Google, with packages for MCP, JSON-RPC, OAuth primitives, OAuth protected-resource metadata, clients, servers, transports, examples, and conformance work. Open dossier | Official MCP Java SDK Official Java SDK for Model Context Protocol clients and servers, maintained in collaboration with Spring AI, with Java 17+ support, Maven artifacts, synchronous and asynchronous APIs, Reactive Streams, Project Reactor, JDK HttpClient, Servlet transport, JSON binding modules, and conformance tests. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools | tools |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | Model Context Protocol | Model Context Protocol | Model Context Protocol | Model Context Protocol |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI | CLI |
| Source repo | — | — | — | — |
| Safety notes | ✓The official Kotlin SDK is a protocol library; risk comes from your MCP tools, resources, prompts, transports, Ktor engine choices, and server deployment. Validate all tool inputs, enforce caller permissions, bound file and network access, and sanitize errors before returning MCP responses. HTTP, SSE, Streamable HTTP, WebSocket, and Ktor deployments need authentication, TLS, CORS/host review, request limits, logging policy, and abuse protection. Kotlin Multiplatform targets can behave differently across JVM, Native, JS, and Wasm; test transport and serialization behavior on the exact target you ship. | ✓The official C# SDK is a protocol library; production risk comes from the MCP tools, resources, prompts, transports, and identity flows you implement with it. Treat every MCP tool handler as an API endpoint: validate arguments, enforce permissions, bound side effects, and sanitize errors. HTTP MCP servers need normal web-service controls, including authentication, TLS, request limits, logging policy, and abuse protections. Cross-application access and identity assertion flows are security-sensitive and should be tested against the current MCP specification and enterprise policy. | ✓The official Go SDK is a protocol library; the risk is in the MCP clients, servers, tools, resources, prompts, and transports you build with it. Validate inputs, enforce capability checks, and bound side effects for every tool handler. Use local transports for local-only integrations, and add authentication, TLS, authorization, logging, and rate limits before exposing network transports. OAuth and protected-resource metadata are security-sensitive surfaces; test them against the current MCP specification and client expectations. | ✓The official Java SDK is a protocol library; production risk comes from your MCP tools, resources, prompts, transports, authorization hooks, and framework integration. Validate tool inputs, enforce caller permissions, bound side effects, and avoid returning raw Java exceptions or internal stack details to MCP clients. Servlet, Spring, and remote transport deployments need authentication, TLS, request limits, observability policy, cancellation behavior, and abuse protection. Spring AI MCP security and annotation support may simplify integration, but application owners still need to review authorization, tenant boundaries, and data retention. |
| Privacy notes | ✓Kotlin MCP clients and servers may expose tool arguments, tool results, resource contents, prompt templates, transport metadata, coroutine errors, logs, and traces. Avoid leaking secrets, customer data, private resources, internal identifiers, privileged paths, or raw stack traces through schemas, responses, errors, or logs. Document which MCP client, server target, Ktor engine, model provider, transport, and observability system can observe each request. | ✓MCP clients and servers built with the SDK may expose tool arguments, tool results, resource contents, prompt templates, user identity assertions, errors, traces, and logs. Avoid leaking private resources, customer data, internal identifiers, tokens, privileged paths, or operational metadata in schemas, responses, examples, and logs. Document which MCP client, server, model provider, transport, and logging system can observe each request before production use. | ✓MCP clients and servers built with the SDK may expose request metadata, tool arguments, tool results, resource contents, prompt templates, OAuth state, errors, traces, and logs. Do not leak private resource contents, customer data, internal identifiers, tokens, privileged paths, or operational metadata in schemas, error messages, examples, or logs. Document which model provider, client, server, and transport can observe each request before deploying outside localhost. | ✓Java MCP clients and servers may expose tool arguments, tool results, resource contents, prompt templates, request metadata, correlation IDs, logs, traces, and authorization context. Avoid leaking secrets, customer data, private resources, internal identifiers, stack traces, privileged paths, or token values through schemas, responses, errors, or logs. Document which MCP client, server process, Java framework, model provider, transport, and observability system can observe each request. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.