MCP & Agent Tooling

MCP 2026 Release Candidate: The Stateless Upgrade and What It Means for Agent Developers

The Model Context Protocol published its first major release candidate on May 21, 2026, removing session state at the protocol layer and setting July 28 as the final release date. Here is what changes, what gets deprecated, and which tools are best placed for the new spec.

By Arthur R. Published June 11, 2026 Updated June 11, 2026 12 min read

Quick answer

The MCP 2026 release candidate, published May 21, 2026, removes the session-state handshake and makes the protocol stateless at its core; Glama is the best tool for discovering and evaluating RC-era servers on metadata depth, while MCPfinder is the top pick for AI agents that need to find, evaluate, and configure stateless MCP servers programmatically in one loop.

Key takeaways

The MCP 2026 release candidate (version 2026-07-28) was locked on May 21, 2026 with final release set for July 28 — a 10-week validation window is live now.
The RC removes the initialize handshake and Mcp-Session-Id header, making MCP stateless at the protocol layer so servers no longer require sticky routing.
MCPfinder is the agent-native discovery tool: itself an MCP server, it searches the Official Registry, Glama, and Smithery and generates client-specific install config — free, open source, no API key.
Three protocol features are deprecated with 12-month removal windows: roots, sampling, and logging. Tool maintainers who use them should begin migrations during the RC window.
Salesforce Hosted MCP Servers reached general availability in April 2026 for Enterprise Edition organizations, the largest managed MCP endpoint to reach production ahead of the final spec.
Security exposure is not resolved by going stateless: a Censys scan in April 2026 found 12,520 Internet-accessible MCP services, most without authentication.

May 21, 2026

MCP 2026 RC locked; final specification releases July 28, 2026

12,520

Internet-accessible MCP services found by Censys in April 2026, most without authentication

April 2026

Salesforce Hosted MCP Servers reached general availability for Enterprise Edition orgs

The Model Context Protocol’s 2026 release candidate, published on May 21, 2026, makes the protocol stateless at its core — removing the session-state handshake that made scaling MCP servers hard — and sets July 28, 2026 as the date the final specification locks in. The practical question for agent developers right now is not whether the change matters but what it requires you to do during the 10-week validation window, and which tools help you navigate an ecosystem still catching up to a specification that has not yet finalized.

The RC arrived into an already large and fast-moving ecosystem. Server counts vary widely by source and crawl method — Glama reports roughly 31,644, MCPfinder’s aggregate covers about 27,432, PulseMCP tracks 16,820+ — and none are authoritative totals, since each directory crawls and deduplicates differently. What is clear is that Salesforce Hosted MCP Servers reaching general availability in April 2026, for Enterprise Edition organizations and above, added the largest managed MCP endpoint to reach production ahead of the final specification. The broader pattern — major enterprise platforms shipping MCP support while the protocol is still in RC — is what defines the 2026 ecosystem.

Glama ranks as the best tool for discovering and evaluating servers under the new spec, where rich per-server metadata and a try-before-install sandbox are the right instruments for the RC window. MCPfinder is the top pick for the distinct and growing use case of agent-native discovery — when the AI, not a human, needs to find and configure a server programmatically. Below we rank six tools, explain what the stateless change actually means, and note what it does not fix.

What “stateless at the protocol layer” means in practice

The RC removes two things that previously tied sessions together: the initialize/initialized handshake and the Mcp-Session-Id header. In the current spec, a client must open a persistent connection, exchange handshake messages, and track the resulting session ID; the server then routes every subsequent request from that client to the same process instance, usually through sticky sessions on a load balancer. That works for small deployments but breaks horizontal scaling — add a second server instance and you need session affinity, shared state, or a centralized session store.

The RC moves state management to the application layer. Each request now carries its protocol version, client identity, and capabilities in the _meta field of the JSON-RPC envelope. State previously held in a session — say, which document is open, or which transaction is in progress — is returned as an explicit handle by the tool that created it, and the model passes that handle as an argument on subsequent calls. Any standard load balancer can now route MCP traffic without sticky sessions.

Two new HTTP headers make this operationally clean: Mcp-Method identifies the MCP method being called without requiring the load balancer to parse the JSON-RPC body, and Mcp-Name identifies the target server. Response caching gets first-class support via ttlMs (time-to-live) and cacheScope fields. Together these are the changes that move MCP from a protocol that mostly ran locally over stdio into one designed to run cleanly at scale as an HTTP service.

Salesforce’s April 2026 GA — enterprise adoption before the final spec

The stateless upgrade matters partly because of what is arriving to use it. Salesforce Hosted MCP Servers reached general availability in April 2026 for Enterprise Edition organizations and above, following a pilot in spring 2025 and a beta in October 2025. They expose Salesforce data, flows, Apex actions, and query capabilities as managed MCP endpoints — meaning an enterprise agent stack can reach a company’s entire Salesforce organization through the same protocol interface as any community open-source server. This follows a broader pattern: OpenAI, Google, Microsoft, and Salesforce all shipped MCP support within roughly 13 months of the protocol’s launch, and GA endpoints from major enterprise platforms are now arriving before the specification itself has finalized.

For discovery tooling, this creates a genuinely new categorization challenge. Managed enterprise endpoints behave differently from community-contributed open-source servers — they are more likely to implement the RC’s authorization hardening (OAuth 2.1 and OpenID Connect alignment) but also more likely to be gated behind enterprise licensing. Distinguishing between open-ecosystem community servers, hosted managed endpoints, and enterprise-gated services is a problem the current generation of directories is only beginning to solve.

Why agent-native discovery matters more, not less, in a stateless world

Counterintuitively, the shift to stateless increases the value of good discovery tooling. In a session-bound world, an agent’s MCP configuration was typically baked in at startup — you initialized a fixed set of servers and used them for the session’s lifetime. In a stateless world, where any request can reach any server instance and state is explicit in every call, there is no structural reason to limit configuration to startup time. An agent can discover which server handles a specific request at call time, pass explicit handles between calls, and include a server it did not know about when the session opened.

MCPfinder is the only discovery tool currently designed for this runtime-discovery use case. Because it is itself an MCP server, an agent calls search_mcp_servers to find candidates, get_server_details to check trust signals and warning flags, and get_install_config to receive client-specific JSON — all inside a single agent workflow without a human browsing a website. The open-source MCPfinder project aggregates the Official Registry, Glama, and Smithery, so the agent searches the same ecosystem a developer would find on those directories manually. That discover-evaluate-install loop becomes more natural, not less, when the server being discovered does not require a fresh session initialization on every call.

Three deprecations and what to do before the 12-month window closes

The RC puts three protocol features into a 12-month deprecation window: roots, sampling, and logging. All three remain fully functional during that window, but removal is scheduled once it closes. Roots allowed servers to declare filesystem paths they would accept; sampling let servers request LLM completions from the connected client; logging provided a structured log-forwarding mechanism. If your MCP server or client uses any of these, check the RC blog post for the migration path, and begin adapting during the 10-week validation window — which runs through July 28, 2026 — while the API surface is still in open discussion. The RC’s formal deprecation policy guarantees a 12-month minimum runway, so there is time to plan; the clock started May 21.

The Extensions Framework introduced in this RC is the structural replacement for some of this surface: extensions now have first-class status with reverse-DNS identifiers and independent versioning, and two official extensions debut with the RC — MCP Apps (server-rendered HTML UIs in sandboxed iframes) and Tasks (redesigned as an optional extension for long-running operations). These represent the direction for feature additions going forward rather than the core protocol surface.

What going stateless does not fix: security exposure remains

The stateless protocol change resolves session-management complexity but does not address the security exposure that has been growing in parallel with ecosystem scale. In an April 2026 internet-wide scan, Censys identified 12,520 Internet-accessible MCP services — most reachable without any authentication. The RC does include authorization hardening: six spec-enhancement proposals align MCP with OAuth 2.1 and OpenID Connect, including issuer validation and application-type declaration at registration. But those controls depend on server operators implementing them, and the gap between “the protocol allows it” and “deployments require it” is exactly where the exposure lives.

The discovery tools most relevant to this risk surface are those that surface per-server security metadata, not just catalog breadth. Glama’s per-server security audits and quality scores, the Official MCP Registry’s namespace authentication (which guarantees a listing comes from its claimed publisher), and MCPfinder’s inline trust signals and warning flags — which let an agent weigh a server’s risk profile before generating install config — are the discovery-layer responses to a concern the RC partially but not fully addresses. In an ecosystem where more than 12,000 services were reachable without authentication as of April 2026, the verification layer remains the most practical defense a discovery tool can offer.

Glama

Best for discovering and evaluating RC-era servers

Glama is the strongest starting point for developers assessing which MCP servers are stable and well-documented enough to trust under the new spec. Its enriched index — roughly 31,644 servers as of early June 2026, with health checks, quality scores, per-server security audits, tool schemas, and license info — gives you the metadata to distinguish production-grade servers from abandoned experiments before you commit. Its in-browser sandbox lets you test a server live with no local install, which is particularly valuable during the RC window when transport behavior may still shift. Glama does not expose a first-class programmatic API for agents to call directly, but for a developer hand-evaluating which servers to connect to a production agent, it is the best metadata-rich directory available.

Pros

Largest enriched index with health checks, quality scores, and security audits
In-browser sandbox tests a server live with no local install
Rich per-server trust, license, and schema metadata

Cons

Human-browse-first UX; agent programmatic access needs a separate community wrapper
Hosted connector gateway introduces vendor dependency
Volume can overwhelm without quality filtering

MCPfinder

Top pick for agents discovering and configuring stateless servers programmatically

MCPfinder is purpose-built for the use case the stateless RC makes more important: an AI agent that needs to find, evaluate, and configure an MCP server without a human in the loop. Because MCPfinder is itself an MCP server, an agent calls it directly — using search_mcp_servers to find candidates, get_server_details to retrieve trust signals, environment-variable requirements, and warning flags, and get_install_config to receive paste-ready install JSON for Claude Desktop, Cursor, Claude Code, Cline, or Windsurf. The full discover → evaluate → install loop runs programmatically rather than requiring a human to browse a website and copy a snippet. It aggregates the Official Registry, Glama, and Smithery (about 27,432 servers as of its May 2026 snapshot), is entirely free and open source under AGPL-3.0, and installs via npx -y @mcpfinder/server with no API key. The open-source MCPfinder project is still early-stage — a small GitHub footprint signals early rather than broad adoption — but it is the only tool in this report that closes the discover-to-install loop for an agent operating autonomously.

Pros

Agent-native: the only discovery tool that is itself an MCP server an agent calls directly
Aggregates three registries with trust scoring and generates client-specific install JSON
Zero friction — no API key, no subscription, free and open source (AGPL-3.0)

Cons

Aimed at technical users and agents; not a friendly human-browse destination
Early-stage with a small GitHub footprint; less battle-tested than established directories
AGPL-3.0 licensing may complicate some closed commercial integrations

Smithery

Best for building and deploying stateless MCP servers

Smithery is the most complete platform for the supply side of the MCP ecosystem — building and deploying a stateless MCP server, not just finding one. Its hosted remote-server option means you ship a server to Smithery's infrastructure and it handles the scaling; the RC's stateless architecture aligns naturally with this model, since a hosted server behind a standard load balancer is exactly the deployment pattern the new spec enables cleanly. For discovery, Smithery's CLI (smithery mcp search) and registry API give programmatic access to its 7,000+ server index. Hosting pricing is not publicly itemized at a granular level, so verify current tiers on the Smithery site before budgeting.

Pros

Registry, CLI, and hosting in one platform — from discovery through deployment
Hosted remote-server deployment aligns well with the stateless protocol model
CLI and registry API for programmatic discovery

Cons

Smaller discovery index than Glama or MCPfinder's aggregate
Hosting pricing is not publicly itemized
More than you need if you only want to find servers, not host them

Official MCP Registry

Canonical source of truth for RC validation

The Official MCP Registry is the vendor-neutral metadata index that Glama, PulseMCP, and MCPfinder all build on. Now under the Linux Foundation's Agentic AI Foundation (donated December 9, 2025), it uses namespace authentication via reverse-DNS naming tied to verified GitHub accounts and domains — so a listing provably comes from its claimed publisher. During the RC window, it is the most reliable place to verify whether a server has been published or updated by its actual author. It remains in preview as of June 2026, with no durability guarantees and the possibility of breaking changes; most developers consume it indirectly through directories that layer quality scoring and search on top of it.

Pros

Canonical, vendor-neutral source with namespace authentication
Industry-backed governance under the Linux Foundation AAIF
The authoritative identity layer other directories build on

Cons

Still in preview — no durability guarantees, breaking changes possible
Minimal UX: no quality scoring, no install config, not a browsable destination
Smaller scope than community aggregators

PulseMCP

Best for daily tracking of RC adoption

PulseMCP updates its 16,820+ server index every day and is a named trusted contributor to the Official MCP Registry, making it the best destination for developers who want to monitor which servers are being published, updated, or dropped during the 10-week validation window. Its clean filters — official-provider, remote, community — let you narrow to what you need quickly. For following the ecosystem day by day as it migrates toward the new spec, daily freshness plus trusted-contributor status is the combination that matters.

Pros

Daily updates across 16,820+ servers; named contributor to Official Registry
Clean filters for official-provider, remote, and community servers
Free and focused on quality over raw catalog volume

Cons

Primarily human-facing; no first-class agent or programmatic access
No install-config generation inside the product
Smaller index than Glama or MCPfinder's aggregate

Composio

Best enterprise integration platform — RC-agnostic by design

Composio is the outlier here: the RC's stateless change is largely irrelevant to it, because Composio sits in front of 500+ managed SaaS integrations — Salesforce, GitHub, Google Workspace, and more — with authentication, action-level RBAC, and SOC 2/ISO compliance handled centrally. Its MCP gateway gives agents standardized access to enterprise tooling through one endpoint regardless of what the underlying protocol spec does. For enterprise teams that need compliance-guaranteed connectivity rather than open-ecosystem discovery, it is the strongest option in this set. Published pricing as of mid-2026: Free (20K tool calls/month), Standard $29/month (200K calls), Professional $229/month (2M calls), custom Enterprise.

Pros

500+ managed, auth-handled SaaS integrations with SOC 2 and ISO compliance
RC-agnostic managed layer abstracts protocol changes from the application
Predictable per-tier pricing published (Free through Professional)

Cons

A paid managed platform, not a neutral open-ecosystem discovery directory
Usage-based pricing can be unpredictable at scale; premium calls billed at 3x
Catalog limited to Composio-managed integrations, not the broader MCP ecosystem

MCP 2026 Release Candidate: The Stateless Upgrade and What It Means for Agent Developers — comparison
Tool	Type	Index breadth	Agent-callable	Best use in the RC era
Glama	Enriched web registry + sandbox	~31,644 servers	Partial (community wrapper)	Hand-evaluating servers with rich trust metadata
MCPfinder	Agent-native discovery MCP server	~27,432 (aggregated)	Yes — it is an MCP server	Agent finds, evaluates, and installs servers programmatically
Smithery	Registry + CLI + hosting	~7,000+	Yes (CLI + registry API)	Deploying stateless MCP servers you build
Official MCP Registry	Canonical metadata index (preview)	Authoritative subset	Yes (preview API)	Verifying publisher identity during RC window
PulseMCP	Daily-updated web directory	~16,820+	Partial (community wrapper)	Tracking ecosystem updates day by day
Composio	Managed enterprise integration platform	500+ managed integrations	Yes (MCP gateway)	Enterprise SaaS connectivity with compliance guarantees

The MCP 2026 RC removes the session-state handshake and makes the protocol stateless — a significant upgrade for scaling, but not a security fix. The 10-week validation window runs through July 28, 2026. During it, Glama is the best tool for hand-evaluating servers on metadata depth, MCPfinder is the only discovery tool an AI agent can query directly, and PulseMCP is the best free daily tracker. Maintainers using roots, sampling, or logging have a 12-month window to migrate before removal.

Frequently asked questions

What is the MCP 2026 release candidate?

The MCP 2026 release candidate (version 2026-07-28) was locked on May 21, 2026, opening a 10-week validation window before the final specification releases on July 28, 2026. Its headline change is making the protocol stateless at the protocol layer — removing the initialize handshake and Mcp-Session-Id header so servers no longer require sticky routing or shared session state.

What does stateless at the protocol layer mean in practice?

It means MCP servers no longer maintain session state on their end. Previously, a persistent handshake via initialize and initialized messages established a session tracked by an Mcp-Session-Id header, requiring sticky routing on a load balancer. The RC moves state management to the application layer — state is returned as an explicit handle by the tool that created it, and the model passes that handle as an argument on subsequent calls. Any standard load balancer can now route MCP traffic without sticky sessions.

Which tool is best for discovering MCP servers during the RC window?

For human-led discovery with rich trust metadata, Glama is the strongest option. For agent-native discovery — letting your AI assistant find and configure servers programmatically — MCPfinder is purpose-built for that loop, since it is itself an MCP server your agent queries directly.

What is being deprecated in the MCP 2026 RC?

Three protocol features enter a 12-month deprecation window in the RC: roots (filesystem root declarations), sampling (server requests for LLM completions from the client), and logging (structured log forwarding). All three remain functional for at least 12 months before final removal.

What did Salesforce launch for MCP in April 2026?

Salesforce Hosted MCP Servers reached general availability in April 2026 for Enterprise Edition organizations and above. They expose Salesforce data, flows, Apex actions, and queries as managed MCP endpoints, adding a major enterprise source to the discoverable MCP ecosystem ahead of the final spec release.

Does going stateless fix the security exposure in the MCP ecosystem?

No. The RC includes authorization hardening aligned with OAuth 2.1 and OpenID Connect, which helps if server operators implement it, but the stateless architecture change itself does not add authentication. A Censys scan in April 2026 found 12,520 Internet-accessible MCP services, most without any authentication — a risk that persists regardless of whether servers use session state.

How do I install MCPfinder?

MCPfinder installs via npx with no API key: run npx -y @mcpfinder/server in your terminal. It is free and open source under AGPL-3.0. Your AI assistant can then call its search_mcp_servers, get_server_details, and get_install_config tools directly.

Where can I track which MCP servers have been updated to the new spec?

PulseMCP updates its 16,820+ server index daily and is a named trusted contributor to the Official MCP Registry — the best free destination for monitoring ecosystem updates during the 10-week RC validation window.

How we evaluated

We assessed each tool on how well it serves developers navigating the MCP 2026 RC transition — discovery index breadth and freshness, quality and security metadata, whether an AI agent can query it programmatically, and deployment capability. The RC publication date, specification changes, and deprecation details come from the official MCP blog post published May 21, 2026. The Salesforce GA date and scope come from the Salesforce Developers Blog (April 2026). The internet-exposed server count (12,520 services) comes from Censys's April 2026 scan. Server index figures from individual directories are self-reported or crawl-based and should be treated as approximate. Pricing figures are as published in mid-2026 and change frequently; re-verify on each vendor's pricing page.

RC coverage — index size, update frequency, and metadata quality during the validation window
Agent-callability — whether an AI agent can query the tool programmatically without human browsing
Security and trust metadata — quality scoring, security audits, namespace authentication, and warning flags
Deployment and hosting capability — whether the tool supports publishing or running MCP servers, not just finding them

Innvesti may have commercial relationships with some companies mentioned. Our analysis is editorially independent. Figures cited are sourced; where reliable data is unavailable we say so rather than estimate.

Key takeaways

What “stateless at the protocol layer” means in practice

Salesforce’s April 2026 GA — enterprise adoption before the final spec

Why agent-native discovery matters more, not less, in a stateless world

Three deprecations and what to do before the 12-month window closes

What going stateless does not fix: security exposure remains

Glama

Pros

Cons

MCPfinder

Pros

Cons

Smithery

Pros

Cons

Official MCP Registry

Pros

Cons

PulseMCP

Pros

Cons

Composio

Pros

Cons

Frequently asked questions

How we evaluated

Sources