chore: bump fastmcp from 3.0.2 to 3.1.1

[dependabot]

Bumps fastmcp from 3.0.2 to 3.1.1.

Release notes

Sourced from fastmcp's releases.

v3.1.1: 'Tis But a Patch

Pins pydantic-monty<0.0.8 to fix a breaking change in Monty that affects code mode. Monty 0.0.8 removed the external_functions constructor parameter, causing MontySandboxProvider to fail. This patch caps the version so existing installs work correctly.

What's Changed

Fixes 🐞

• Pin pydantic-monty<0.0.8 to fix code mode by @​jlowin in PrefectHQ/fastmcp#3497

Full Changelog: PrefectHQ/fastmcp@v3.1.0...v3.1.1

v3.1.0: Code to Joy

FastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer — 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist.

Code Mode

Standard MCP has two scaling problems. The entire tool catalog loads into context upfront — with a large server, that's tens of thousands of tokens before the LLM reads a single word of the user's request. And every tool call is a round-trip: the LLM calls a tool, the result flows back through the context window, the LLM reasons about it, calls another tool, and so on. Intermediate results that only exist to feed the next step still burn tokens every time.

CodeMode is an experimental transform that solves both. Instead of seeing your tool catalog directly, the LLM gets meta-tools: it searches for relevant tools on demand (using BM25), inspects their schemas, then writes Python that chains call_tool() calls in a sandbox and returns a final answer. Discovery is staged and targeted; intermediate results never touch the model's context window.

from fastmcp import FastMCP
from fastmcp.experimental.transforms.code_mode import CodeMode
mcp = FastMCP("Server", transforms=[CodeMode()])

Your existing tools don't change — CodeMode wraps them. The default three-stage flow (search → get schemas → execute) is configurable: collapse it to two stages for smaller catalogs, skip discovery entirely for tiny ones. The sandbox supports resource limits on time, memory, and recursion depth.

Read the docs here.

Search Transforms

Code Mode's discovery layer is also available as a standalone transform. SearchTools adds BM25 text search to any server — clients can query against tool names and descriptions and receive ranked results, without needing to know tool names upfront. This is useful anywhere the tool catalog is large, dynamic, or not known in advance.

Prefab Apps

3.1 adds early integration with Prefab, a frontend framework with a Python DSL that compiles to React. The vision: Python developers building MCP servers shouldn't have to leave Python to ship a proper UI. Prefab is still under very active development (their words: "probably shouldn't use it yet"), but the integration is here, the pieces are aligning, and 3.2 is where this gets interesting.

Auth Additions

MultiAuth lets you compose multiple token verification sources into a single auth layer — useful when you need to accept tokens from more than one provider (e.g., internal JWTs alongside a third-party OAuth provider). This release also adds out-of-the-box support for PropelAuth and a Google GenAI sampling handler.

Under the Hood

Heavy imports are now lazy-loaded, meaningfully reducing startup time for servers that don't use every feature. fastmcp run and dev inspector gain a -m/--module flag for module-style invocation, MCPConfigTransport now correctly persists sessions across tool calls, and search_result_serializer gives you a hook to customize how search results are serialized for markdown output. Eight new contributors, and the usual round of fixes.

... (truncated)

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true tag: NEW

v3.0.2: Threecovery Mode II

Two community-contributed fixes: auth headers from MCP transport no longer leak through to downstream OpenAPI APIs, and background task workers now correctly receive the originating request ID. Plus a new docs example for context-aware tool factories.

Fixes 🐞

• fix: prevent MCP transport auth header from leaking to downstream OpenAPI APIs by @​stakeswky in #3262
• fix: propagate origin_request_id to background task workers by @​gfortaine in #3175

Docs 📚

• Add v3.0.1 release notes by @​jlowin in #3259
• docs: add context-aware tool factory example by @​machov in #3264

Full Changelog: v3.0.1...v3.0.2

v3.0.1: Three-covery Mode

First patch after 3.0 — mostly smoothing out rough edges discovered in the wild. The big ones: middleware state that wasn't surviving the trip to tool handlers now does, Tool.from_tool() accepts callables again, OpenAPI schemas with circular references no longer crash discovery, and decorator overloads now return the correct types in function mode. Also adds verify_id_token to OIDCProxy for providers (like some Azure AD configs) that issue opaque access tokens but standard JWT id_tokens.

Enhancements 🔧

• Add verify_id_token option to OIDCProxy by @​jlowin in #3248

Fixes 🐞

• Fix v3.0.0 changelog compare link by @​jlowin in #3223
• Fix MDX parse error in upgrade guide prompts by @​jlowin in #3227
• Fix non-serializable state lost between middleware and tools by @​jlowin in #3234
• Accept callables in Tool.from_tool() by @​jlowin in #3235
• Preserve skill metadata through provider wrapping by @​jlowin in #3237
• Fix circular reference crash in OpenAPI schemas by @​jlowin in #3245
• Fix NameError with future annotations and Context/Depends parameters by @​jlowin in #3243
• Fix ty ignore syntax in OpenAPI provider by @​jlowin in #3253
• Use max_completion_tokens instead of deprecated max_tokens in OpenAI handler by @​jlowin in #3254
• Fix ty compatibility with upgraded deps by @​jlowin in #3257
• Fix decorator overload return types for function mode by @​jlowin in #3258

Docs 📚

• Sync README with welcome.mdx, fix install count by @​jlowin in #3224
• Document dict-to-Message prompt migration in upgrade guides by @​jlowin in #3225
• Fix v2 upgrade guide: remove incorrect v1 import advice by @​jlowin in #3226

... (truncated)

Commits

• 53dab03 Pin pydantic-monty<0.0.8 to fix code mode (#3497)
• 8bc3136 Restructure docs navigation: CLI section, Composition, More (#3361)
• 8a356ad Add include_unversioned option to VersionFilter (#3349)
• fccbd43 Add FASTMCP_TRANSPORT setting for default transport selection (#1796)
• 404b820 Add ListTools, search limit, and catalog size annotation to CodeMode (#3359)
• 49534ce Add Google GenAI Sampling Handler (#2977)
• af55738 feat(contrib): auto-sync MCPMixin decorators with from_function signatures (#...
• 902b63f chore: Update SDK documentation (#3313)
• f2dd2e5 Fix session persistence across tool calls in multi-server MCPConfigTransport ...
• 2ab8beb Remove system role references from docs (#3356)
• Additional commits viewable in compare view