What's in the draft
- Capability scopes. Tools can declare
read,write,destructive, and custom domain scopes. Clients can present a permission UI grouping tools by scope instead of asking per-call. - Resource subscriptions. Servers can push change notifications when a watched resource updates — the foundation for "agent reacts to my Slack inbox" patterns without constant polling.
- OAuth Dynamic Client Registration. First-class support for remote-server auth that doesn't require pre-registering every agent client.
- Cancellation semantics. A standard way to abort an in-flight tool call when the user navigates away.
What it means
The 1.0 ecosystem (1k+ public servers as of Q2 2026) keeps working — 2.0 is additive. Net-new servers should target the draft. Existing servers gain the most by adding scope declarations to their tool manifests.
For product teams: the cancellation primitive is the sleeper feature. "User clicked away mid-request" is currently a leaked tool call in most agent stacks. 2.0 makes it a clean abort.
What to watch
The draft is open for public comment until late July 2026. The contentious bit is the resource-subscription transport — push (server-initiated) vs long-poll. Push is simpler but breaks more firewall configurations; long-poll is uglier but works everywhere.