Ecosystem

MCP Just Became Modular. 'MCP-Compliant' Is About to Stop Meaning Anything

The 2026-07-28 spec splits MCP into a stateless core plus optional extensions like Tasks and MCP Apps. Two servers can both be 'compliant' and support completely different things — which turns 'what does this server actually do?' into the ecosystem's hardest question.

MCPOrbit Team

MCPOrbit

Published
Updated
· Updated
Read time
· 6 min read
A grid of MCP server cards, each lit with a different set of capability badges

The next Model Context Protocol (MCP) spec — release candidate out now, final on July 28 — is the biggest revision since MCP launched. Most of the coverage is about what's new. The more important story is what it quietly does to a single word: compliant.

One protocol becomes a core plus a menu

Until now, 'supports MCP' was close to binary: a server spoke the protocol or it didn't. The 2026-07-28 release reorganizes MCP into a small, stateless core and a framework of optional extensions. Tasks adds long-running work. MCP Apps adds server-rendered UI. Enterprise-Managed Authorization adds identity-provider-controlled access. Each one is opt-in, negotiated per server.

'MCP-compliant' is now a matrix, not a checkbox

Two servers can both truthfully claim compliance and share almost none of the same capabilities. Before you wire either into an agent, the questions that actually matter are no longer answered by the word 'compliant':

In an ecosystem that has already crossed 5,800 community-published servers — where the loudest take on the MCP subreddit is that '95% of MCP servers are utter garbage' — the bottleneck was never the protocol. It's discovery: knowing which server to trust before you connect it. Modular extensions make that strictly harder.

The bottleneck is no longer the protocol itself; it's discovery.

Capability has to become discoverable metadata

The fix isn't reading every server's source or trusting its README. Capabilities need to be declared and inspectable before connection — the same way a Server Card at .well-known/mcp.json advertises a server's identity today. A useful capability record makes four things visible up front:

  • Extensions supported (Tasks, Apps, EMA, and the rest)
  • Target spec revision and deprecation status
  • Authentication model
  • When each capability claim was last verified

This is exactly the layer MCPOrbit builds: a registry where every server's real capability matrix is visible and continuously verified, so agent builders choose on evidence instead of README claims.

What to do before July 28


The protocol won. The next race is discovery — and modular extensions just raised the stakes.

About the author

MCPOrbit Team

MCPOrbit

The MCPOrbit team builds the control plane for Model Context Protocol — one view of every server in your stack and where each one sits on the migration curve.

Share this post

MCPOrbit

Test an MCP server in 60 seconds.

Download MCPOrbit for free. No signup, no telemetry. Hear about a server and test it before the curiosity wears off.

macOS 14+ · Apple Silicon & Intel · No account needed