- Current Version: v2.5.0 (released 2026-07-04)
- MCP Registry Status: Published
- Test Suite: 1375 unit tests + 85 integration tests. Integration tests gate on environment: a sandbox Redmine, plugin flags (
REDMINE_AGILE_ENABLEDetc.), and the destructive OAuth test behindRUN_DESTRUCTIVE_TESTS=1. Tests that can't run in the current environment skip cleanly with a clear reason. Run them locally withpython tests/run_tests.py --allor--integration. - Tools: 41 core + 6 plugin-gated + 1 admin-gated (maximum 48 with all flags enabled)
The MCP spec release candidate locked on 2026-05-21, with GA targeted for 2026-07-28. Protocol-level work is gated on FastMCP shipping support for the new spec; the goal is a single coordinated v3.0 release rather than two breaking cutovers.
Gate status (2026-07-04): still closed. FastMCP latest is v3.4.1 (2026-06-05) with no 2026-07-28 support yet (stateless transport, per-request _meta, or the new OAuth/OIDC SEPs); it does carry Apps Phase 1 from v3.2.0, relevant to the Interactive UI (MCP Apps) track below. The official Python SDK targets beta 2026-06-30 and stable v2 2026-07-27. Spec timeline unchanged.
v3.0 scope (target: Q3 2026, gated on FastMCP):
- Stateless transport. Adopt the new request model once FastMCP supports it. The
initializehandshake andMcp-Session-Idheader are removed by the spec; per-request_metareplaces them. - Authorization hardening. Fold the six OAuth/OIDC SEPs that ship with 2026-07-28 (mandatory
issvalidation per RFC 9207, OIDCapplication_typedeclaration, refresh-token handling improvements) onto the FastMCP-backed auth path that now exists (the introspectionoauthmode shipped in v2.1, extended by theoauth-proxymode in v2.3). Landing the SEP work on this foundation avoids a second breaking change for operators. - Error-code update. Switch missing-resource errors from
-32002to-32602on/files/{file_id}. - Cacheable list responses. Add
ttlMs/cacheScopehints to slow-changing read-only tools (list_redmine_projects,list_redmine_issue_statuses,list_redmine_issue_priorities,list_redmine_trackers,list_redmine_users,list_redmine_versions,list_redmine_roles,list_project_members,list_time_entry_activities). - JSON Schema 2020-12. Use composition operators (
oneOf,anyOf) where they improvemanage_X(action=...)ergonomics. - W3C Trace Context propagation in the OAuth middleware, added as part of the auth migration touch.
v3.1+ (post-spec GA):
- Tasks Extension for long-running operations: bulk
import_time_entries,search_entire_redmine,summarize_project_status.
Interactive UI via MCP Apps moved out of this list into its own near-term track below, since Apps already shipped (Jan 2026) and is not gated on the 2026-07-28 spec.
Out of scope for this track: Roots and Sampling are deprecated by 2026-07-28 but the project does not use them, so the 12-month removal window is a no-op.
Committed direction (2026-06-27): become a reference adopter of the official MCP Apps extension (ext-apps, spec 2026-01-26), letting the agent render live, interactive views in the conversation instead of text. This is not gated on the 2026-07-28 spec track above: Apps shipped in January 2026 and already renders in the major clients (Claude, Claude Desktop, ChatGPT, VS Code GitHub Copilot, Microsoft 365 Copilot, Goose, and more), and FastMCP carries Apps support (Phase 1 from v3.2.0). Prefab (FastMCP's UI layer) is optional: an App is just a tool that declares a ui:// HTML resource the host renders in a sandboxed iframe, with the app calling tools back over postMessage, so the UI can be authored directly without that dependency.
Prioritizing views with feedback. Five candidate views are mocked up and open for feedback in discussion #168: issue board, Gantt/timeline, project dashboard, time-sheet, and sprint burndown. That signal prioritizes which views come after the first slice, not whether Apps ships at all: the direction is already committed, and #168 has had little reach so far because outreach has not run, so its current quiet is a distribution artifact rather than a demand signal. The plan is to drive traffic to it as part of the visibility push (link it from the MCP/Redmine community posts) so it becomes a real experiment.
First slice (proceeding). A read-only triage-board that renders live issues from list_redmine_issues, proven end-to-end in one target client before any write-back is wired. It is the cheapest view and seeds the committed Apps work, so it proceeds without waiting on the #168 poll; the poll shapes view #2 onward. Two server-specific unknowns to settle in design: serving the ui:// resource over the streamable-HTTP transport, and how the app's tools/call callbacks authenticate under the oauth / oauth-proxy modes (the auth-times-UI intersection is the genuinely hard part). Interactive writes (for example drag-to-reassign via update_redmine_issue) follow once rendering is proven.
- Read-only
triage-boardslice rendered in one target client (proceeds now) - Resolve
ui://-over-streamable-HTTP serving and app-callback auth under the OAuth modes - Drive traffic to #168 via the visibility push to prioritize later views
- Interactive write-back, plus additional views prioritized by the #168 signal
-
MCP Prompts (workflow layer) — parked, not planned. The idea: named, parameterized prompts (
triage-sprint,standup-digest, etc.) that compose the existing tools into one-invocation slash-command workflows via a@mcp.prompt()decorator in a newprompts.py. Why it is parked, not scheduled: there is no evidence of user demand, and the value-add is thin: a strong client model already orchestrates the tools from a plain-English request, so the only real benefit is correctness-scaffolding for weaker models plus saving a retyped paragraph on repeated workflows. The motives that survive scrutiny (making the promo demo's sprint-triage narrative a real capability instead of client-side fiction; seeding future MCP Apps work) are internal, not user pain. If revisited: validate cheaply by shipping exactly one prompt (triage-sprint, which the demo already narrates) and watch for any usage or request signal before committing to a "layer." Reconsider in earnest only if the Interactive UI (MCP Apps) track lands and needs workflow definitions to render. -
OpenTelemetry observability. Optional
opentelemetry-sdkdependency. Zero overhead when unconfigured; production-grade tracing (tool calls, Redmine API latency, error rates) when the OTEL SDK is present. Would need to document OTEL configuration incontributing.md. Note: the 2026-07-28 spec deprecates protocol-level logging in favor of stderr or OpenTelemetry, so this item is increasingly aligned with the upstream direction. -
Enterprise-Managed Authorization (EMA). Anthropic's enterprise-managed auth (beta, Okta-first) lets a Claude Team/Enterprise admin provision connector access centrally through the org's IdP, so users inherit access by group membership instead of each running a per-connector OAuth flow. It ships as an optional, additive extension to the MCP authorization spec (
modelcontextprotocol/ext-auth), so it would not disturb the existinglegacy/legacy-per-user/oauth/oauth-proxymodes. The structural mismatch: EMA assumes an enterprise IdP sits above the resource server, whereas this server's authorization server is Redmine's own Doorkeeper. Supporting it would mean a fifth auth mode that trusts IdP-issued tokens and maps the IdP subject to a Redmine user. That mapping (likely a Redmine-side OmniAuth/SSO bridge or service-account impersonation model), not the MCP plumbing, is the real blocker. Relevant only to operators who already front Redmine with Okta/Entra under Claude Enterprise; theoauth-proxymode already covers centralized-OAuth needs for most self-hosters. Revisit when the extension graduates from beta and a user with that topology asks.
These are not planned. They will be considered only if users open issues asking for them:
- YAML response format option
- User instructions file (
REDMINE_INSTRUCTIONS) - Bulk operations beyond
import_time_entries
For per-release detail (features, fixes, CVE patches, contributor credits, breaking changes), see:
CHANGELOG.md— canonical changelog, every version since v0.1- GitHub Releases — release notes with installation instructions
Last Updated: 2026-07-04