Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.2.0 - 2026-06-05

Optional OAuth 2.1 authorization (Urchin.Auth). Urchin can act as an OAuth 2.1 resource server: RFC 9728 Protected Resource Metadata discovery (served at the well-known URI and advertised via WWW-Authenticate: resource_metadata), pluggable token validation (Urchin.Auth.TokenValidator), RFC 8707 audience binding, scope enforcement and 401/403/400 challenges. Enable it with the :auth option on the transport, Urchin.Endpoint or Urchin.start_link/2, or compose the Urchin.Auth.Plug and Urchin.Auth.Metadata plugs. Validated claims reach handlers as ctx.auth. Authorization remains off by default.

Initial release: a Model Context Protocol (MCP) server library implementing the 2025-11-25 specification over the Streamable HTTP transport.

Server authoring via the Urchin.Server behaviour and a tool/resource/resource_template/prompt DSL with automatic capability derivation.
Tools, resources (plus templates and subscriptions), prompts, completion and logging.
Server-initiated requests over SSE: sampling, elicitation and roots.
Progress notifications, cancellation, pagination and resumable SSE streams.
A mountable Plug (Urchin.Transport.StreamableHTTP) and a standalone Bandit endpoint (Urchin.Endpoint, Urchin.start_link/2), plus Urchin.broadcast/2 for fan-out notifications.