Add HTTP client close for explicit session termination

Per MCP spec, clients that no longer need a session SHOULD send an HTTP
DELETE to the MCP endpoint with the Mcp-Session-Id header to explicitly
terminate it. Servers MAY respond with 405 Method Not Allowed when they
don't support client-initiated termination.

`MCP::Client::HTTP#close` sends the DELETE with session headers, clears
local session state regardless of outcome, and is a no-op when no
session has been established.

https://modelcontextprotocol.io/specification/2025-11-25/basic/transports#session-management

Author: atesgoral

docs/building-clients.md

@@ -85,6 +85,12 @@ http_transport.protocol_version # => "2025-11-25"
 
 If the server terminates the session, subsequent requests return HTTP 404 and the transport raises `MCP::Client::SessionExpiredError` (a subclass of `RequestHandlerError`). Session state is cleared automatically; callers should start a new session by sending a fresh `initialize` request.
 
+To explicitly terminate a session (e.g., when the client application is shutting down), call `close`. The transport sends an HTTP DELETE to the MCP endpoint with the session header and clears local session state. A `405 Method Not Allowed` response from servers that don't support client-initiated termination is treated as success; other transport errors are swallowed so local cleanup always succeeds. Calling `close` without an active session is a no-op.
+
+```ruby
+http_transport.close
+```
+
 ### Authorization
 
 Provide custom headers for authentication:

lib/mcp/client/http.rb

@@ -94,6 +94,28 @@ def send_request(request:)
         )
       end
 
+      # Terminates the session by sending an HTTP DELETE to the MCP endpoint
+      # with the current `Mcp-Session-Id` header, and clears locally tracked
+      # session state afterward. No-op when no session has been established.
+      #
+      # Per spec, the server MAY respond with HTTP 405 Method Not Allowed when
+      # it does not support client-initiated termination; this is not treated
+      # as an error. Any Faraday error is swallowed so local cleanup always
+      # succeeds.
+      # https://modelcontextprotocol.io/specification/2025-11-25/basic/transports#session-management
+      def close
+        return unless @session_id
+
+        begin
+          client.delete("", nil, session_headers)
+        rescue Faraday::Error
+          # Swallowed: spec allows 405, and other transport errors must not
+          # block local cleanup.
+        ensure
+          clear_session
+        end
+      end
+
       private
 
       attr_reader :headers

test/mcp/client/http_test.rb

@@ -601,8 +601,103 @@ def test_clears_session_state_on_404
         assert_nil(client.protocol_version)
       end
 
+      def test_close_sends_delete_with_session_headers
+        initialize_session
+
+        stub_request(:delete, url)
+          .with(
+            headers: {
+              "Mcp-Session-Id" => "session-abc",
+              "MCP-Protocol-Version" => "2025-11-25",
+            },
+          )
+          .to_return(status: 200)
+
+        client.close
+      end
+
+      def test_close_clears_session_state
+        initialize_session
+        stub_request(:delete, url).to_return(status: 200)
+
+        client.close
+
+        assert_nil(client.session_id)
+        assert_nil(client.protocol_version)
+      end
+
+      def test_close_without_session_is_noop
+        client.close
+
+        assert_not_requested(:delete, url)
+        assert_nil(client.session_id)
+      end
+
+      def test_close_tolerates_405_response
+        initialize_session
+        stub_request(:delete, url).to_return(status: 405)
+
+        client.close
+
+        assert_nil(client.session_id)
+      end
+
+      def test_close_tolerates_server_errors
+        initialize_session
+        stub_request(:delete, url).to_return(status: 500)
+
+        client.close
+
+        assert_nil(client.session_id)
+      end
+
+      def test_close_is_idempotent
+        initialize_session
+        stub_request(:delete, url).to_return(status: 200)
+
+        client.close
+        client.close
+
+        assert_requested(:delete, url, times: 1)
+      end
+
+      def test_close_allows_reinitializing_a_fresh_session
+        initialize_session
+        stub_request(:delete, url).to_return(status: 200)
+        client.close
+
+        stub_request(:post, url)
+          .to_return(
+            status: 200,
+            headers: {
+              "Content-Type" => "application/json",
+              "Mcp-Session-Id" => "session-xyz",
+            },
+            body: { result: { protocolVersion: "2025-11-25" } }.to_json,
+          )
+
+        client.send_request(request: { jsonrpc: "2.0", id: "2", method: "initialize" })
+
+        assert_equal("session-xyz", client.session_id)
+        assert_equal("2025-11-25", client.protocol_version)
+      end
+
       private
 
+      def initialize_session
+        stub_request(:post, url)
+          .to_return(
+            status: 200,
+            headers: {
+              "Content-Type" => "application/json",
+              "Mcp-Session-Id" => "session-abc",
+            },
+            body: { result: { protocolVersion: "2025-11-25" } }.to_json,
+          )
+
+        client.send_request(request: { jsonrpc: "2.0", id: "1", method: "initialize" })
+      end
+
       def stub_request(method, url)
         WebMock.stub_request(method, url)
       end