v1.0.0-RC1 - Security Hardening, Enterprise Controls & Quality

[crivetimihai]

v1.0.0-RC1 - Security Hardening, Enterprise Controls & Quality

This release delivers enterprise security hardening, comprehensive RBAC improvements, and production-quality enforcement with 189 issues resolved.

🏆 Major Achievements

Release 1.0.0-RC1 hardens ContextForge for enterprise production deployments:

• 🔐 31 Features - Enterprise security controls, unified policy decision point (Cedar/OPA), tool circuit breakers, session affinity, zero-config TLS, elicitation support, unified search, self-service password reset, license compliance, encoded exfiltration detector, flexible UI sections
• 🔧 106 Bug Fixes - Authentication flows, RBAC, Admin UI, MCP protocol, team management, multi-tenancy, pre-commit hooks, pagination, token handling, migration compatibility, SSO/OAuth, session affinity
• 🛡️ 4 Security Hardening - ReDoS protection in validators and plugins, WebSocket token validation, encryption and secrets testing
• ⚡ 9 Performance - Plugin regex precompilation, crypto threadpool offload, Cedar async, llm-guard optimization
• 🧪 14 Testing - 80%+ code coverage gate, JMeter baseline, Playwright improvements, manual test plans, local load testing, edge-case boundary conditions, iFrame mode
• 🔧 22 Chores - SonarQube cleanup, dependency updates, Helm improvements, linting fixes, CI/CD migration validation, template scaffolding
• 📝 3 Documentation - Password reset guide, contributing guide fixes

Security Highlights: This release overhauls authentication defaults to be secure by default. JWT tokens now require JTI and expiration claims, basic auth is disabled for API endpoints, public registration is off by default, and admin lockout protection is enforced. Enterprise security controls add credential protection, SSRF prevention, and granular RBAC.

---

⚠️ Breaking Changes

🔐 Streamlined Authentication Model & Secure Defaults (#2555)

Action Required: Multiple authentication defaults have changed to secure-by-default values.

Token Validation Defaults

• REQUIRE_JTI now defaults to true - JWT tokens must include a JTI claim for revocation support
• REQUIRE_TOKEN_EXPIRATION now defaults to true - JWT tokens must include an expiration claim
• PUBLIC_REGISTRATION_ENABLED now defaults to false - Self-registration disabled by default

Migration: Existing tokens without JTI or expiration claims will be rejected. Generate new tokens with python -m mcpgateway.utils.create_jwt_token which includes these claims by default.

AdminAuthMiddleware

• Added API token authentication support for /admin/* routes
• Added platform admin bootstrap support for initial setup scenarios
• Unified authentication methods with main API authentication
• Admin UI uses session-based email/password login

Basic Auth Configuration

• API_ALLOW_BASIC_AUTH now defaults to false - Basic auth disabled for API endpoints by default
• DOCS_ALLOW_BASIC_AUTH remains false by default
• Gateway credentials scoped to local authentication only

Migration: If you use Basic auth for API access, either:

1. (Recommended) Migrate to JWT tokens: export MCPGATEWAY_BEARER_TOKEN=$(python -m mcpgateway.utils.create_jwt_token ...)
2. Set API_ALLOW_BASIC_AUTH=true to restore previous behavior

Note: Gateways without configured auth_value will send unauthenticated requests to remote servers. Configure per-gateway authentication for servers that require it.

Cookie Authentication Rejected for API Requests

• API endpoints now reject cookie-only authentication with HTTP 401
• All API requests must use Authorization header (Bearer token, API key, or Basic auth if enabled)
• Admin UI session cookies continue to work for /admin/* routes

SSO Redirect Validation

• Redirect URI validation uses server-side allowlist
• Validates against ALLOWED_ORIGINS and APP_DOMAIN settings

🔑 JWT Session Token Format Change (#2757)

Action Required: Session JWT tokens (login/SSO) no longer embed teams or namespaces claims.

• Session tokens now use a token_use: "session" claim to signal server-side team resolution
• Teams are resolved from the database/cache on each request instead of being embedded in the token
• Reduces JWT cookie size to stay within browser 4KB limit for users with many team memberships

Migration: If your clients parse JWT session tokens to extract team membership, switch to the /auth/email/me endpoint or server-side team resolution. API tokens still embed teams claims as before.

📋 Strict JSON Schema Validation (#2348)

Action Required: Invalid JSON schemas are now rejected at registration time.

• JSON_SCHEMA_VALIDATION_STRICT now defaults to true - Invalid JSON schemas rejected with HTTP 400
• All schemas default to Draft 2020-12 validator if $schema field is missing
• Affects POST/PUT on /tools, /prompts, /resources endpoints

Migration: Validate existing tool/prompt/resource schemas before upgrading. Set JSON_SCHEMA_VALIDATION_STRICT=false to temporarily restore permissive behavior while fixing schemas.

🛡️ SSRF Protection Enabled by Default (#2663)

Action Required: Gateway and tool URLs pointing to private/internal networks are now blocked.

• SSRF_PROTECTION_ENABLED now defaults to true
• Default blocklist includes cloud metadata endpoints (169.254.169.254), Kubernetes service IPs, and link-local addresses
• Configurable via SSRF_BLOCKED_NETWORKS and SSRF_BLOCKED_HOSTS

Migration: If your gateways or tools connect to internal services, add them to the allowlist or set SSRF_PROTECTION_ENABLED=false. Review SSRF_BLOCKED_NETWORKS for your environment.

🔒 Admin Demotion Protection (#2763)

• PROTECT_ALL_ADMINS now defaults to true - Prevents any admin from being demoted, deactivated, or locked out via API/UI
• Set PROTECT_ALL_ADMINS=false to allow demoting all-but-last-admin (previous behavior)

👥 Mandatory Default Role Assignment (#2694, #2741)

• All users now receive default RBAC roles upon creation or migration
• Admin users: platform_admin (global) + team_admin (team scope)
• Non-admin users: platform_viewer (global) + team_admin (team scope)
• Database migration automatically assigns roles to existing users

Migration: Run alembic upgrade head to apply the role assignment migration. Review assigned roles in Admin UI after upgrade.

🌐 RFC 9728 OAuth Protected Resource Metadata (#2706)

Action Required: OAuth Protected Resource Metadata endpoint URLs have changed for RFC 9728 compliance.

• GET /.well-known/oauth-protected-resource?server_id={id} now returns HTTP 404 (previously returned metadata)
• GET /servers/{id}/.well-known/oauth-protected-resource now returns HTTP 301 redirect to the new path
• New canonical endpoint: GET /.well-known/oauth-protected-resource/servers/{UUID}/mcp
• Response field authorization_servers is now a JSON array (was a string)

Migration: Update MCP clients and integrations to use the new path-based endpoint. Ensure clients handle the authorization_servers field as an array.

🔑 Token Expiration Enforced at Creation (#2898)

Action Required: Token creation now rejects tokens without expiration when REQUIRE_TOKEN_EXPIRATION=true (the default).

• POST /tokens returns HTTP 400 if expires_in_days is not provided
• Previously, REQUIRE_TOKEN_EXPIRATION only validated incoming tokens at authentication time

Migration: Update any automation or scripts that create tokens via the API to include expires_in_days. Set REQUIRE_TOKEN_EXPIRATION=false to restore previous behavior.

🔒 Account Lockout Defaults Changed (#2628)

• MAX_FAILED_LOGIN_ATTEMPTS default changed from 5 to 10
• ACCOUNT_LOCKOUT_DURATION_MINUTES default changed from 30 to 1

Migration: If your deployment relies on specific lockout thresholds for compliance, set MAX_FAILED_LOGIN_ATTEMPTS and ACCOUNT_LOCKOUT_DURATION_MINUTES explicitly in your .env.

🖼️ X-Frame-Options Empty String Behavior (#2958)

• Setting X_FRAME_OPTIONS="" (empty string) previously fell through to DENY (blocking iframe embedding)
• Empty string is now normalized to None, which omits the header entirely and allows iframe embedding from any origin

Migration: If you intend to block iframe embedding, set X_FRAME_OPTIONS=DENY explicitly. Use X_FRAME_OPTIONS=SAMEORIGIN to allow same-origin iframes only.

🔐 Encryption Service v2 Format (#2724)

• New secret encryptions use v2:{json} format with Argon2id-derived keys (old PBKDF2HMAC format still readable)
• encrypt_secret() now raises AlreadyEncryptedError if called on already-encrypted data
• decrypt_secret() now raises NotEncryptedError if called on plaintext data

Migration: Custom plugins or extensions calling EncryptionService.encrypt_secret() or decrypt_secret() directly must handle the new exceptions. Use decrypt_secret_or_plaintext() for idempotent decryption behavior.

📊 Admin UI Behavior Changes

• Non-admin users no longer see admin-only menu entries (#2675)
• Delete and Update buttons hidden for public MCP servers created by other users/teams (#2760)
• Token-scoped filtering enforced on list endpoints - results filtered by token's team scope (#2663)

---

✨ Highlights

🔐 Enterprise Security Controls

Credential protection, SSRF prevention, and granular multi-tenant isolation

This release introduces a comprehensive enterprise security layer with defense-in-depth controls:

• SSRF Prevention - Blocks requests to private networks, cloud metadata endpoints, and link-local addresses
• Credential Protection - Secure defaults for JWT validation, token expiration, and basic auth
• Multi-Tenant Isolation - Token-scoped filtering enforces team boundaries across all list endpoints
• Admin Lockout Protection - Admin accounts protected from lockout via failed login attempts

🏛️ Unified Policy Decision Point (Cedar/OPA)

Pluggable authorization engine supporting Cedar, OPA, and native policy evaluation

A new policy abstraction layer (#2223) enables enterprise authorization decisions through Cedar policies, OPA rules, or the built-in native RBAC engine.

⚡ Tool Circuit Breaker & Timeouts

Configurable timeouts with circuit breaker pattern for tool invocations

New resilience controls (#2078) prevent cascading failures from slow or failing downstream MCP servers with configurable timeouts and automatic circuit breaking.

🔗 Session Affinity

Sticky sessions for stateful MCP workflows

Session affinity (#1986) ensures stateful MCP interactions are routed to the same backend server, enabling reliable multi-turn tool workflows.

🔍 Unified Search Experience

Cross-entity search across all MCP Gateway resources

Unified search (#2109) provides a single search interface across tools, prompts, resources, servers, gateways, and agents in the Admin UI.

🔒 Self-Service Password Reset

Forgot password flow for self-service password recovery

Users can now reset their passwords (#2542) through a self-service workflow without requiring administrator intervention.

📡 Elicitation Support (MCP 2025-06-18)

Interactive user input during tool execution per MCP specification

Elicitation support (#234) enables MCP servers to request additional user input during tool execution, following the MCP 2025-06-18 specification.

---

🆕 Added

🔐 Security & Policy

• Enterprise Security Controls (#2663) - Credential protection, SSRF prevention, multi-tenant isolation, and granular RBAC
• Unified Policy Decision Point (#2223) - Cedar/OPA/native policy abstraction for authorization decisions
• Extensible Default Roles (#2187) - Add additional roles during bootstrap via configuration
• Admin Lockout Protection (#2763) - Admin accounts protected from lockout via failed login attempts
• Self-Service Password Reset Workflow (#2542) - Forgot password flow for self-service password recovery
• Encoded Exfiltration Detector Plugin (#2953) - Suspicious encoded payload leak prevention plugin

🔌 Plugins & Extensibility

• External Plugin STDIO Launch Options (#2535) - Configure cmd, env, and cwd for external plugin processes
• Tool Invocation Timeouts & Circuit Breaker (#2078) - Configurable timeouts with circuit breaker pattern for tool invocations
• Improved MCP Server Catalog Registration (#2644) - Broader catalog server compatibility
• JWT Claims and Metadata Extraction Plugin (#1439) - Plugin for extracting JWT claims and metadata
• Rust Secrets Detection Plugin (#2729) - Rust implementation for secrets detection plugin

🏗️ Infrastructure & Deployment

• Zero-Config TLS for Nginx (#2571) - Docker Compose profile for automatic TLS setup
• MCP Client (MCP Inspector) (#2198) - Integrated MCP Inspector in docker-compose for debugging
• Helm Persistence Support (#1308) - Optional PVC persistence for PostgreSQL and Redis in Helm charts
• Rocky Linux Setup Script (#2193) - Setup script variant for Rocky Linux deployments
• Rust Filesystem Server (#266) - Sample MCP server in Rust
• Keycloak SSO for Development (#2875) - Keycloak added to docker-compose with SSO enabled by default for development testing
• Automated License Compliance Checker (#2939) - CI/CD validation with full SBOM scanning across all sub-projects

🎛️ Features

• Session Affinity (#1986) - Sticky sessions for stateful MCP workflows
• Keyboard Handlers (#2167) - Keyboard navigation for interactive UI elements
• Elicitation Support (MCP 2025-06-18) (#234) - Elicitation support per MCP 2025-06-18 specification
• Admin UI Search for Tools (#2076) - Search capabilities for tools in admin UI
• Unified Search Experience (#2109) - Unified search across MCP Gateway admin UI
• Dynamic Tools/Resources (#2171) - Dynamic tools and resources based on user context and server-side signals
• Slow Time Server (#2783) - Configurable-latency MCP server for timeout, resilience, and load testing
• Custom Tool Descriptions (#2893) - Maintain custom and original description for tools
• Team Member Backend API (#2905) - New backend API to add a team member
• Flexible UI Sections (#2075) - Flexible UI sections for embedded contexts

🧪 Testing & Quality

• 80%+ Code Coverage Gate (#2625) - CI/CD enforcement of code coverage thresholds
• 90% Coverage Quality Gate (#261) - Automatic badge and coverage report publication
• REST API Data Population Framework (#2759) - tests/populate framework for seeding test data
• JMeter Performance Baseline (#2541) - JMeter load testing configuration and baselines
• Jest/Vitest Infrastructure (#2788, #2789) - JavaScript test runner setup for frontend tests
• Playwright Resilience (#2632) - Improved E2E test stability and developer experience
• Gateway Namespacing Regression Tests (#2520) - Regression tests for namespace constraints
• Manual Test Plans (#2396, #2404, #2443, #2499) - Security headers, security logger, tags, and documentation site test plans
• RBAC Automated Regression Suite (#2387) - Automated regression tests for visibility, teams, and token scope
• MCP 2025-11-25 Protocol Compliance Test Suite (#2525) - Protocol compliance test suite
• Lightweight Local Load Testing (#2815) - Lightweight local load testing and monitoring setup
• Edge-Case Boundary Testing (#2487) - Boundary conditions, empty states, maximum limits, and null handling test plan
• iFrame Mode Testing (#2492) - iFrame mode (X-Frame-Options) test plan

---

🐛 Fixed

🔐 Authentication & Authorization

• Admin Login Redirect Loop (#2806) - Fixed redirect loop behind reverse proxy without path rewriting
• SECURE_COOKIES Login Loop (#2539) - Fixed login loop when SECURE_COOKIES=true with HTTP access
• Non-Admin Login Blocked (#2590) - Users without admin privileges can now login via UI and API
• Missing Default Role Assignment (#2694, #2741) - Users assigned correct RBAC roles to access Admin UI
• RBAC Token Creation Crash (#2821) - RBAC middleware no longer crashes during token creation
• API Tokens Cannot Manage Tokens (#2870) - Removed overly restrictive interactive session guard
• SSO AttributeError on app_domain (#2873) - Fixed AttributeError crash in SSO redirect validation; also fixed CORS origins producing malformed URLs
• JWT CLI/API Divergence (#2261) - Token creation consistent between CLI and API
• SSO Admin Role Revocation (#2331) - Admin role revoked when user removed from IdP admin group
• SSO Admin Token Bypass (#2386) - SSO admin tokens no longer include teams key that prevented admin bypass
• Proxy Auth Ignored (#1528) - Proxy-based authentication configuration now respected
• Non-Admin Gateway Listing (#2185) - Non-admin users can list public gateways
• Token Scoping (#2192) - Fixed token scoping behavior
• Multi-Team Access Denied (#2189) - Multi-team users no longer denied access to non-primary teams
• Account Lockout Issues (#2628) - Fixed lockout counter persistence, added user notification and admin unlock
• Virtual Server Permission (#2697) - Virtual MCP Server no longer incorrectly requires servers.create permission
• OAuth Protected Resource RFC 9728 (#2706) - Endpoint now RFC 9728 compliant
• Admin Self-Demotion (#2794) - Admin users can no longer remove their own administration privileges
• New Admin Missing Permissions (#2803) - New admin users receive admin.dashboard permission correctly
• Token No Expiration 401 (#2836) - Token created with no expiration no longer returns 401
• Login Page Inside Active Tab (#2874) - Login page no longer appears inside active module tab
• Team Token Creation API (#2882) - Fixed inability to create team token using APIs
• Team Server 403 Error (#2883) - Fixed 403 error when adding MCP server from team
• Platform Admin Gateway Delete (#2891) - Platform admin no longer blocked by RBAC on gateway delete
• Team Default Role (#2908) - Teams can deploy gateways with developer as default role
• RBAC Role DELETE 500 (#2917) - RBAC role DELETE no longer returns 500
• Error Creating API Token (#2725) - Fixed error when creating API token
• OAuth2 Entra v2 Scope Conflict (#2881) - Fixed OAuth2 with Microsoft Entra v2 (AADSTS9010010)
• SSO Bootstrap jwks_uri (#3010) - Fixed SSO provider bootstrap failure due to jwks_uri
• Session Affinity server_id (#2973) - Fixed server ID context being dropped during stateful session processing

👥 Multi-Tenancy & Teams

• list_teams Null DB (#2608) - Fixed current_user_ctx["db"] always being None
• Admin Team Visibility (#2673) - Admins can see all teams again
• JWT Cookie Size (#2757) - JWT cookie no longer exceeds browser 4KB limit
• Team Member Add (#2676) - Add Member button works for user role
• Team Member Role Switch (#2677) - Team owners can switch members between owner and member roles
• New Team Display (#2690) - Newly created teams display immediately
• Teams List Pagination (#2799) - Teams list no longer resets to page 1 after CRUD
• Team Creation Error Handling (#2800) - Removed redundant HX-Retarget headers
• Team Member Updates Require Refresh (#2811) - Team add/remove updates display without page refresh
• Team Manage Members Modal (#2930) - Fixed height auto-expanding modal blocking save changes
• Team Filter Lost During Pagination (#2932) - Team filter no longer lost during pagination

📊 Admin UI

• Virtual Server Save (#2273) - Virtual server configuration saves correctly after edit
• Observability Dark Mode (#2324) - Fixed dark mode for observability pages
• User Update Overwrites (#2658) - Admin user update no longer overwrites fields with None
• User Update via UI (#2545, #2693) - Edit user works correctly, mandatory fields no longer cause full name loss
• User Creation (#2523, #2524) - Can create inactive users and users with password_change_required
• API Token CRUD (#2573) - Token create/update now saves correct data
• User Update Error Display (#2805) - API error messages displayed when updating a user
• Auth Email Endpoint (#2700) - Fixed 422 error on /auth/email/me
• Password Checker (#2702) - Password requirements checker works on user edit
• Prompt ID Visibility (#2656) - prompt_id now visible in UI
• Tool Description Encoding (#2710) - Tool descriptions display correctly
• Button Text Overlap (#2681) - Authorize and Fetch tool texts no longer overlap
• MCP Server Add Parse Error (#2562) - Fixed JSON parse error in admin.js
• iFrame Embedding (#2777) - Admin UI works when embedded in an iframe
• Browser Autocomplete Credentials (#2626) - Browser autocomplete no longer incorrectly fills fields
• API Tokens Pagination (#2764) - API Tokens page now has pagination and correct team filter
• Agents Double Spinner (#2887) - Agents page no longer shows double loading spinner
• Select Team Visibility Default (#2920) - Team visibility selected as default when creating resources
• HTML Tags in Server Listing (#2923) - HTML new line tags no longer appearing in server listing
• Inconsistent Loading Messages (#2946) - Loading messages now consistent across all pages
• Pagination Behind Reverse Proxies (#2845) - Pagination no longer breaks behind reverse proxies
• Raw JSON Error on Deleted User (#2965) - Redirects to login instead of showing raw JSON error
• API Tokens Usage Stats (#2572) - Last Used and Usage Stats now show data correctly

🔧 MCP Protocol & Tools

• Tool Schema Breakage (#1430) - REST API tools with incorrect input schema no longer break GET tools
• Schema Validation Strictness (#2348) - Rejects invalid schemas at registration time
• SSE Transport (#1595) - Fixed incorrect endpoint and data parsing
• OAuth Gateway Tool Loss (#2272) - Virtual servers using OAuth gateways no longer lose tools
• Tag Filter 500 (#2329) - Tag filter on tools list no longer returns 500
• Root Actions (#2346) - Fixed broken root actions
• Pydantic Validation (#2512) - Tool invocation no longer fails with Pydantic validation errors
• Underscore Tool Names (#2528) - Tool names starting with _ can be added to gateway
• Gateway Tags Empty (#2563) - Fixed type mismatch between schema and validation layer
• MCP Error Propagation (#2570) - Error messages now propagated in /mcp endpoint responses
• Backtick Validation (#2576) - Loki query tools no longer rejected due to backtick validation
• stdio LimitOverrunError (#2591) - Fixed LimitOverrunError with translate for stdio servers
• PostgreSQL Tag Queries (#2607) - No longer uses SQLite-specific json_extract on PostgreSQL
• Resource Plugin Ordering (#2648) - RESOURCE_POST_FETCH plugins execute after template resolution
• A2A Agent Test (#2544) - A2A Agent "Test Agent" no longer returns HTTP 500
• MultipleResultsFound on Tool Invoke (#2863) - Fixed name-only lookup in DbTool
• Selective Export AttributeError (#2916) - Selective export no longer crashes on Tool.rate_limit
• Toolkit Import Blocks Retry (#2987) - Failed toolkit imports no longer block subsequent attempts
• MCP Toolkit Invocation Error (#2781) - Fixed MCP toolkit tool invocation error

🗄️ Database & Sessions

• RBAC Session Duration (#2340) - RBAC middleware no longer holds sessions for entire request
• Permission Query Redundancy (#2695) - Eliminated redundant queries in PermissionService.check_permission()
• DCR Expiration (#2378) - Fixed missing expires_at calculation in DCR client registration
• Migration Compatibility (#2955) - Fixed migration compatibility issues

⚡ Stability

• CPU Spin Loop (#2360) - Fixed anyio cancel scope spin loop causing 100% CPU
• Granian CPU Spike (#2357) - Fixed Granian CPU spikes to 800% after load stops
• DB Session Pool Exhaustion (#2518) - DB sessions released during external HTTP calls
• asyncio.CancelledError Re-raise (#2163) - Re-raise asyncio.CancelledError after cleanup

🐳 Deployment & Infrastructure

• SSL Container Stuck (#2526) - Gateway container no longer stuck at "Waiting" with SSL enabled
• TLS Passphrase Support (#2679) - TLS profile supports passphrase-protected certificates
• Playwright Login Credentials (#2136) - Playwright tests updated for admin email/password login
• Gunicorn macOS SIGSEGV (#2837) - Fixed gunicorn workers crashing with SIGSEGV on macOS
• Gunicorn macOS Fork Safety (#2926) - Fixed worker crashes on macOS due to Objective-C fork safety

🔨 Linting & Pre-commit

• Executable Shebangs (#2731, #2732) - Fixed check-executables-have-shebangs and check-shebang-scripts-are-executable
• Private Key Detection (#2733) - detect-private-key hook excludes test fixtures
• Multi-Document YAML (#2734) - check-yaml hook supports multi-document YAML
• Test Name Patterns (#2735) - name-tests-test hook excludes test utility files
• Flaky Tests (#2521) - Fixed TTL expiration and tool listing test flakiness
• Locust False Failures (#2566) - Load tests no longer report false failures for 409 Conflict

---

🔒 Security

• ReDoS in SSTI Validation (#2366) - Fixed ReDoS vulnerability in SSTI validation patterns in validators.py
• ReDoS in Plugin Regex (#2370) - Fixed ReDoS vulnerability in plugin regex patterns
• WebSocket Token Validation (#2375) - Added missing token validation in reverse_proxy WebSocket endpoint
• Encryption and Secrets Test Plan (#2405) - Manual test plan for Argon2, Fernet, and key derivation encryption

---

⚡ Performance

🔌 Plugin Optimization

• Plugin Regex Precompilation (#1834) - Precompiled regex patterns across all plugins
• Response Cache Optimization (#1835) - Algorithmic optimization for response-cache-by-prompt
• Crypto Threadpool Offload (#1836) - CPU-bound Argon2/Fernet operations moved to threadpool
• Cedar Plugin Async (#2082) - Replaced synchronous requests with async in Cedar policy plugin
• LLM Guard Optimization (#1959, #1960) - Fixed critical and high-impact performance issues in llm-guard plugin

🗄️ Database & Infrastructure

• Metrics Rollup Window (#1938) - Admin metrics rollups no longer empty during benchmark window
• PgBouncer File Descriptors (#1999) - Added ulimits to PgBouncer container

---

🔧 Chores

• Helm Chart Build (#222) - Makefile with lint and values.schema.json validation, CODEOWNERS, CHANGELOG.md, .helmignore
• Helm Volume Conflicts (#377) - Fixed PostgreSQL volume name conflicts
• SSO Teams Format (#2233) - Aligned SSO service teams claim format
• GatewayService Init (#2256) - Fixed uninitialized service instances
• EntraID Admin Groups (#2265) - Added sso_entra_admin_groups to validator
• CI/CD Workflow Fix (#2207) - Removed unused workflow_dispatch platforms input
• Dependency Cleanup (#2651) - Removed unused runtime dependencies
• MCP Server Dependencies (#2630) - Updated dependencies across Python, Go, and Rust MCP servers
• Rust CI/CD (#2776) - Fixed Rust Plugins CI/CD workflow
• Verbose Test Output (#2665) - Added verbose pytest output option
• .gitignore Cleanup (#2337) - Cleaned up redundant patterns
• README Rationalization (#2365) - Streamlined project README
• SonarQube Cleanup (#2367, #2371, #2372, #2377, #2382) - Redundant ternary, dead code, deprecated datetime.utcnow(), unused imports
• Alembic Migration CI/CD Validation (#2154) - CI/CD validation for Alembic migration status
• Replace Copier with Cookiecutter (#2361) - Template scaffolding migration
• Dead Code in oauth_manager.py (#2368) - Removed dead code with identical if/else branches
• SonarQube Must-Fix Findings (#2981) - Fixed all must-fix SonarQube findings

---

📝 Documentation

• Password Reset & Recovery Guide (#2543) - Administrator password reset and recovery guide
• CONTRIBUTING.md Link Fix (#2817) - Fixed broken CONTRIBUTING.md link

---

📦 Migration Guide

From v1.0.0-BETA-2 to v1.0.0-RC1

Database migrations run automatically on startup. Backup recommended before upgrading.

1. Review Breaking Changes (Required)

This release changes multiple authentication defaults to secure-by-default values. Read the Breaking Changes section above before upgrading, especially:

• JWT tokens now require JTI and expiration claims
• Basic auth is disabled for API endpoints
• SSRF protection blocks private/internal network URLs
• JSON schema validation is strict by default

2. Update Docker Compose

# Backup database
docker compose exec postgres pg_dump -U postgres mcp > backup.sql

# Pull new image
docker pull ghcr.io/ibm/mcp-context-forge:1.0.0-RC1

# Start - migrations run automatically
docker compose up -d

3. Generate New Tokens (If Needed)

# Existing tokens without JTI or expiration will be rejected
python -m mcpgateway.utils.create_jwt_token \
  --username admin@example.com \
  --exp 10080 \
  --secret $JWT_SECRET_KEY

4. New Environment Variables

# Security defaults (all enabled by default)
REQUIRE_JTI=true
REQUIRE_TOKEN_EXPIRATION=true
PUBLIC_REGISTRATION_ENABLED=false
API_ALLOW_BASIC_AUTH=false
SSRF_PROTECTION_ENABLED=true
PROTECT_ALL_ADMINS=true
JSON_SCHEMA_VALIDATION_STRICT=true

# Account lockout (changed defaults)
MAX_FAILED_LOGIN_ATTEMPTS=10
ACCOUNT_LOCKOUT_DURATION_MINUTES=1

5. Verify RBAC Roles

After upgrade, all existing users will receive default RBAC roles. Review in Admin UI:

• Admin users → platform_admin + team_admin
• Non-admin users → platform_viewer + team_admin

---

🔗 Resources

Documentation

• Main Documentation: https://ibm.github.io/mcp-context-forge/
• Quick Start Guide: https://ibm.github.io/mcp-context-forge/overview/quick_start/
• Container Deployment: https://ibm.github.io/mcp-context-forge/deployment/container/

Source Code

• GitHub Repository: https://github.com/IBM/mcp-context-forge
• Release v1.0.0-RC1: https://github.com/IBM/mcp-context-forge/releases/tag/v1.0.0-RC1
• CHANGELOG: https://github.com/IBM/mcp-context-forge/blob/main/CHANGELOG.md

ContextForge Ecosystem

• ContextForge Desktop: https://github.com/contextforge-org/contextforge-desktop
• ContextForge CLI: https://github.com/contextforge-org/contextforge-cli
• ContextForge Organization: https://github.com/contextforge-org

Container Images

• GitHub Container Registry: https://ghcr.io/ibm/mcp-context-forge
• Image Tags: v1.0.0-RC1, 1.0.0-RC1, latest
• Multi-Architecture: AMD64, ARM64, s390x, ppc64le

Community

• Issue Tracker: https://github.com/IBM/mcp-context-forge/issues
• Discussions: https://github.com/IBM/mcp-context-forge/discussions
• Contributing Guide: https://github.com/IBM/mcp-context-forge/blob/main/CONTRIBUTING.md

Quick Start

# Pull the latest image (auto-selects architecture)
docker pull ghcr.io/ibm/mcp-context-forge:1.0.0-RC1

# Run with minimal configuration
docker run -d --name mcpgateway \
  -p 4444:4444 \
  -e PLATFORM_ADMIN_EMAIL=admin@example.com \
  -e PLATFORM_ADMIN_PASSWORD=changeme \
  ghcr.io/ibm/mcp-context-forge:1.0.0-RC1

# Access Admin UI
open http://localhost:4444/admin

---

Previous Release: v1.0.0-BETA-2 - Performance, Scale & Reliability
Next Planned Release: v1.0.0 RC2 - Release candidate 2, short bugfix release prior to v1.0.0 GA

---

This discussion was created from the release v1.0.0-RC1 - Security Hardening, Enterprise Controls & Quality.