deps: update modelcontextprotocol/go-sdk to v1.2.0

[Cali0707]

This PR updates the MCP SDK to v1.2.0 and fixes the functional test failures we were seeing on the dependabot PR.

The root cause is that the SDK introduced a non serializable parameter into the ServerRequest.RequestExtra struct, leading to our serialization of output to fail. From discussion in modelcontextprotocol/go-sdk#743 these types were not meant to be fully serializable. As we are serializing this info to help devs debug MCP evaluation scenarios, we still need to serialize this. So, this PR introduces a bit of custom serialization logic.

Summary by CodeRabbit

• Chores

  • Updated go-sdk dependency to the latest version for improved compatibility and stability.

• Refactor

  • Enhanced internal request handling and serialization mechanisms.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The go.mod dependency for github.com/modelcontextprotocol/go-sdk is bumped from v1.1.0 to v1.2.0. The record.go file introduces a generic SafeServerRequest wrapper with token and header context, plus custom JSON marshalers for ToolCall, ResourceRead, and PromptGet types.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Updated github.com/modelcontextprotocol/go-sdk from v1.1.0 to v1.2.0
Safe Request Wrappers & Serialization pkg/mcpproxy/record.go	Added generic SafeServerRequest[P] wrapper type and SafeRequestExtra struct to carry session, params, token info, and HTTP headers. Added SafeServerRequestFromUnsafe[P] helper function. Implemented custom MarshalJSON() methods for ToolCall, ResourceRead, and PromptGet to serialize requests as safe wrapper types. New imports: encoding/json, net/http, auth.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change in the changeset: updating the modelcontextprotocol/go-sdk dependency from v1.1.0 to v1.2.0, which is the primary focus of this PR.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5e5352 and 37d4550.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• go.mod
• pkg/mcpproxy/record.go

🔇 Additional comments (5)

pkg/mcpproxy/record.go (5)

4-5: LGTM: Imports are appropriate.

The new imports support the custom JSON marshaling and safe request wrapping functionality.

Also applies to: 9-9

---

34-52: LGTM: Conversion logic is sound.

The function correctly handles nil input and selectively copies serializable fields from RequestExtra, which addresses the SDK's non-serializable field issue.

---

54-57: LGTM: SafeRequestExtra structure is appropriate.

The struct correctly extracts only the serializable fields (TokenInfo and Header) from the SDK's RequestExtra.

---

67-77: LGTM: Custom marshaling is correctly implemented.

The alias pattern correctly avoids infinite recursion, and SafeServerRequestFromUnsafe properly converts the Request field to a serializable form.

Also applies to: 87-97

---

28-32: Generic constraint correctly uses mcp.Params from the SDK.

The SafeServerRequest[P mcp.Params] generic constraint is properly defined. The mcp.Params interface exists in the SDK and is the correct constraint for parameter types in MCP requests.

[matzew]

LGTM