The interesting MCP news is not the new capabilities bolted on top — server-rendered UI, long-running tasks — it is the plumbing underneath getting boring. A stateless protocol core turns MCP servers from stateful special cases into ordinary horizontally-scalable web services, and 'ordinary' is exactly what an agent integration needs to be before anyone should run it in front of real users.
The Model Context Protocol — the standard that lets agents discover and call tools — locked a release candidate for its next version, 2026-07-28, with the final specification due on 28 July after a ten-week validation window. The marquee additions are an Extensions framework, MCP Apps (servers can ship interactive HTML that the host renders in a sandboxed iframe), and Tasks for long-running work. But the load-bearing change is structural: the protocol core is now stateless.
Concretely, the new spec removes the initialize/initialized handshake and the Mcp-Session-Id header that pinned a client to one server instance. It adds Mcp-Method and Mcp-Name headers so a gateway can route a request without parsing the JSON body, ttlMs and cacheScope hints so responses can be cached intelligently, full JSON Schema 2020-12 for tool definitions, and W3C Trace Context in metadata so a call can be traced across services. Tasks, meanwhile, graduated out of the experimental core into an extension with explicit retry and expiry semantics.
Every team that moved MCP past a local demo ran into the same wall. A session-bound protocol means each connection has to keep landing on the same server instance, which forces sticky sessions or a shared session store, which breaks the moment you want to scale out, roll a deploy, or survive a pod restart. It is the difference between a tool that works on one developer's laptop and one you can put behind an autoscaler.
Stateless fixes that by making each request self-contained. An MCP server can now sit behind a round-robin load balancer with no shared state, scale horizontally like any other HTTP service, and be fronted by a gateway that routes and caches on headers alone. The authorization rework points the same direction: six proposals tighten alignment with OAuth 2.0 and OpenID Connect — issuer validation, application-type declaration, refresh-token handling — so MCP auth slots into the identity infrastructure enterprises already run rather than inventing its own.
This is what a protocol looks like when it crosses from interesting to operable. The first wave of agent tooling optimised for capability and demos; this revision optimises for the things that decide whether something stays up — scaling, caching, tracing, identity. The project also reorganised its governance from timed releases to standing working groups, which is the unglamorous sign of a standard settling in for the long haul rather than chasing a launch cadence.
It also reframes where the hard work in agents sits. The model picks the tool; the protocol and its plumbing decide whether that tool call survives contact with production traffic. As agents move from copilots to systems that act, the value migrates toward exactly this layer — discovery, routing, auth, observability — and away from the prompt that started the conversation.
If you maintain MCP servers, the validation window is the point: the changes are locked but not yet final, so test against the release candidate now rather than absorbing a breaking transport change on 28 July. The practical migration is to stop relying on session identity — make each request carry what it needs — and to confirm your servers behave correctly behind a load balancer with no sticky routing, which is the cheapest way to surface a hidden state dependency before users do.
If you are choosing how to expose internal tools to an agent, a stateless, OAuth-aligned MCP server is now a reasonable default rather than a workaround: it deploys on the same boring web infrastructure, scaling, and identity stack your other services use, which keeps an agent integration inside your existing security and operations perimeter instead of beside it. The takeaway is the one that keeps recurring in agent work — the model is rarely the bottleneck; the boundary around it is.
Agents get interesting at the boundary — tool access, auth, scaling, observability — long before the model is the limiting factor. If your team is trying to move an AI use case from demo to deployment, METECH helps scope, build, and validate the first working system in 2-3 weeks.