MCP Turns One: Tasks, Extensions, and Agent Infrastructure’s Next Phase

MCP Just Turned One (and Brought Tasks Instead of Cake)

One year ago, MCP was an idea with a protocol attached. Yesterday,  instead of a birthday smash cake, we got long-awaited features like task-based workflows, better OAuth, and extensions that let the protocol scale without cracking. It’s infrastructure with governance, production workloads, and thousands of servers doing real things in real environments.  

Anthropic’s official post covers the full release, including glowing quotes from GitHub, OpenAI, Block, AWS, and more. It’s a well-earned celebration. But underneath the party hats is a message that matters: MCP is growing up, and it’s not just for experiments anymore.

Here’s what we took away from the new spec, why we think it matters, and how we’re building for what’s coming next.

No More Warm-Ups: MCP is Ready to Score

In its first year, MCP sprinted from open-source oddity to de facto standard. That growth came with all the usual startup side effects: missing docs, edge-case bugs, and “just ship it” energy from whichever contributor had the time. And to be honest, that velocity is what made it fun.

But when you’re powering systems at OpenAI, GitHub, Microsoft, and Block, the fun has to grow up.

The November 2025 spec does just that. It introduces real governance (hello SEP-1302), smoother auth (goodbye, OAuth proxy nightmares), and a cleaner separation of concerns with extensions. Standards are no longer being set by whoever merges first. There’s now process, predictability, and most importantly, room to evolve without breaking the entire ecosystem.

This is what it looks like when a protocol stops chasing the ball and starts running the midfield. (I may have started writing this while watching yesterday’s Chelsea vs. Barcelona game.)

Our Picks From the Release

What happens when agents start doing the actual work? Here are the biggest moves in the new spec—and why they matter if you're building anything beyond a demo.

Extensions:

A clean escape hatch for complexity. Instead of cramming every edge case into the core spec, extensions let developers bolt on specialized features (custom auth flows, UI interactions, industry-specific behavior) without breaking the protocol for everyone else. 

URL-Based Client Registration (SEP-991):

Quietly one of the most important fixes in the spec. Dynamic Client Registration was a headache of building OAuth proxies, managing token passthrough, manually registering every client. SEP-991 replaces all of that with a simple metadata URL. Drop a JSON file at a URL, and boom! It’s the kind of change that will save you hours every week.

URL Mode Elicitation (SEP-1036):

We broke down elicitations in this earlier blog post, but SEP-1036 takes it a step further, shifting sensitive flows to the browser, where secrets stay secure and client UX stays clean. SEP-1036 introduces a secure out-of-band flow where the MCP server can send users to an external URL to complete credential setup like OAuth, payment auth, or any scary security thing you don’t want piped through the client. This is especially huge for enterprise and regulated environments.

‍Sampling with Tools (SEP-1577):

This one’s subtle, but big: sampling can now call tools. That means MCP servers can run agentic loops themselves, creating smarter, self-coordinating agents that don’t rely on the client to do everything. It’s one step closer to agent orchestration becoming a server-native concept.

Task-Based Workflows (SEP-1686):

The MVP of the release. Tasks finally give MCP a native way to handle long-running, multi-step work. Think “agent is still thinking” or “come back when the results are ready,” but with state tracking, polling, lifecycle control, and proper security boundaries.

For teams building production-grade workflows (healthcare, research, test infra, multi-agent coordination), this is a massive unlock. Until now, everyone had to roll their own workaround. Now there’s a shared language for async work.

What the MCP Release Means for Builders

MCP started as a scrappy side project, a way to help agents stop guessing and start calling tools. But this release is what happens when the kid who hacked stuff together after school suddenly shows up with an enterprise badge and a security review checklist. (Note: I am not that kid.) 

For builders, that’s both exciting and mildly terrifying. The good news: fewer papercuts. No more guessing what “includeContext” really means. You’ve got Tasks for async work, extensions for edge cases, and URL-based auth flows that don’t require summoning your OAuth priest.

The challenge? MCP isn’t something you casually wire up over a weekend anymore. It’s no longer jumpers-for-goalposts and “let’s just see what works.” Now we’re talking structured playbooks, testable contracts, and clients that can handle more than happy paths (and more than one defender).

For folks building SDKs, runtime infra, or clients that touch real workloads: this is your cue to level up. Task support, extension awareness, enterprise auth are going to be how you get ahead of the game (Chelsea vs. Arsenal). 

From Scrappy to Strategic: MCP’s Next Chapter

This release institutionalizes the patterns developers have been hacking together in notebooks and Slack threads for months. There’s finally a shared grammar for task management, extension layering, and secure delegation. There’s governance. There’s process. And yes—it’s a little slower than “just ship it,” but it’s what you need when a protocol stops being a playground and starts powering real systems.

At Gentoro, we’re seeing this shift firsthand. Agents aren’t calling one-off tools anymore. They’re coordinating across systems, handling long-running ops, and brushing up against finance, healthcare, and security domains. MCP growing up is the best thing that could happen to agent infrastructure.

The MCP community has built something incredible. The next phase is about running smarter. We’re excited for what’s coming. Let’s goooooo! 

‍