Skip to content

v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem & MCP Registry

Latest
Latest

Choose a tag to compare

View all tags
@crivetimihai crivetimihai released this 08 Oct 00:34
· 107 commits to main since this release
v0.8.0
67ad07e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem & MCP Registry

This release focuses on Advanced OAuth Integration, Plugin Ecosystem & MCP Registry with 50+ issues resolved and 47 PRs merged, bringing significant improvements across authentication, plugin framework, and developer experience. Building on the enterprise multi-tenancy foundation from v0.7.0, this release expands MCP Gateway's capabilities with advanced OAuth flows, a comprehensive plugin ecosystem, and enhanced MCP server discovery.

🏆 Plugin Ecosystem & Advanced Authentication Achievements

Release 0.8.0 delivers a production-ready plugin framework with 15+ built-in plugins, a complete plugin management UI and API, and advanced OAuth 2.0 support including Password Grant Flow, Dynamic Client Registration (DCR), and PKCE. This release transforms MCP Gateway into a highly extensible platform while maintaining enterprise-grade security and multi-tenancy capabilities.

Key Accomplishments

15+ Production-Ready Plugins - Comprehensive plugin library covering security, content moderation, caching, formatting, and monitoring
Plugin Management UI & API - Complete plugin lifecycle management through Admin Dashboard
Advanced OAuth Integration - Password Grant Flow, DCR with PKCE, token refresh, and multi-tenancy support
MCP Server Registry - Local catalog with improved discovery, search, and registration workflows
Enhanced Multi-Tenancy - Team-level API token scoping and team visibility across all admin tables
OPA Policy Enhancements - Customizable policy paths, multi-arch support, and improved input mapping

✨ Highlights

🔐 Advanced OAuth & Authentication

  • OAuth Password Grant Flow - Complete implementation for programmatic authentication scenarios
  • OAuth Dynamic Client Registration (DCR) - Full support with PKCE for enhanced security
  • Token Refresh Mechanisms - Multi-tenancy aware token handling with automatic refresh
  • Secure Cookie Warnings - Clear guidance for HTTP development environments
  • OAuth2 Gateway Editing - Preserve tools/resources/prompts when editing without URL changes

🔌 Plugin Ecosystem Expansion

  • 15+ Built-in Plugins - Production-ready plugins for security, content moderation, caching, and more
  • Plugin Management UI - Dedicated admin interface for plugin configuration and monitoring
  • Plugin Framework Specification - Comprehensive documentation for plugin development
  • External Plugin Support - Load and manage third-party plugins with configuration management

📦 MCP Server Registry & Catalog

  • Local MCP Server Catalog - Centralized registry for MCP server discovery and management
  • Enhanced Search Functionality - Improved catalog browsing with advanced search capabilities
  • Catalog UX Improvements - Streamlined user experience for server registration and discovery
  • Sample Server Library - 15+ Python sample servers and Go-based high-performance examples

🏢 Multi-Tenancy Enhancements

  • Team-Level API Token Scoping - Public-only token support with fine-grained team access control
  • Team Columns in Admin UI - Team visibility across Tools, Gateway Servers, Virtual Servers, Prompts, and Resources
  • Enhanced Team Workflows - Improved team request handling and membership management

🔒 Policy & Security

  • Content Moderation Plugin - IBM-supported AI-powered content filtering and moderation
  • Enhanced OPA Integration - Customizable policy paths, multi-architecture support, improved input mapping
  • Security Plugins Suite - SQL sanitizer, HTML sanitizer, harmful content detector, secrets detection
  • Circuit Breaker Plugin - Fault tolerance with automatic circuit breaking for unstable backends

🆕 Added

🔐 Advanced OAuth & Authentication (#1168, #1158)

OAuth Password Grant Flow

  • Complete implementation of OAuth 2.0 Password Grant Flow for programmatic authentication
  • Support for client credentials and resource owner password credentials grants
  • Integration with existing multi-tenancy and RBAC systems

OAuth Dynamic Client Registration (DCR)

  • Full OAuth DCR implementation with PKCE (Proof Key for Code Exchange)
  • Dynamic client credential generation and management
  • Enhanced security for public clients and mobile applications

Token Refresh Support (#1023, #1078)

  • Multi-tenancy aware token refresh mechanisms
  • User-specific token handling and automatic refresh
  • Improved token lifecycle management across team boundaries

Secure Cookie Warnings (#1181, #1048)

  • Clear warnings for HTTP development environments requiring SECURE_COOKIES=false
  • Improved developer experience with actionable error messages
  • Documentation updates for secure cookie configuration

OAuth Token Management (#1097, #1119, #1112)

  • Fixed OAuth state signatures for enhanced security
  • Improved tool refresh and server test/ping functionality
  • Better error handling for OAuth flows

🔌 Plugin Framework & Ecosystem

Plugin Management Infrastructure (#1130, #1147, #1139, #1118)

  • Plugin Management API & UI (#1129, #1130) - Complete plugin management interface in Admin Dashboard
  • Plugin Framework Specification (#1118) - Comprehensive specification document for plugin development
  • Enhanced Plugin Documentation (#1147) - Updated plugin usage guides and built-in plugin documentation
  • Plugin Design Consolidation (#1139) - Revised and consolidated plugin specification and design docs

Built-in Security Plugins

  • Content Moderation Plugin (#1114) - IBM-supported content moderation with AI-powered filtering
  • Safe HTML Sanitizer (#1063) - XSS prevention and HTML sanitization for user-generated content
  • SQL Sanitizer (#1065) - SQL injection prevention and query sanitization
  • Harmful Content Detector (#1064) - Detect and filter harmful, toxic, or inappropriate content
  • Secrets Detection Plugin (#894) - Identify and redact API keys, tokens, and credentials

Built-in Utility Plugins

  • Circuit Breaker Plugin (#1070, #1150) - Fault tolerance with automatic circuit breaking and half-open state
  • Response Cache by Prompt (#1071) - Intelligent caching based on prompt patterns for performance
  • Webhook Notification Plugin (#1113) - Event-driven webhook notifications for gateway events
  • Watchdog Plugin (#1075) - System monitoring and health checks with alerting

Built-in Content & Formatting Plugins

  • Citation Validator (#1069) - Validate and track citations in AI-generated responses
  • Code Formatter (#1068) - Automatic code formatting in responses with language detection
  • AI Artifacts Normalizer (#1067) - Standardize AI-generated artifacts for consistency
  • Summarizer Plugin (#1076) - Automatic response summarization with configurable length
  • Timezone Translator (#1074) - Automatic timezone conversion in responses

Built-in Compliance & Legal Plugins

  • License Header Injector (#1072) - Automated license header management for generated code
  • Privacy Notice Injector (#1073) - Privacy notice injection for regulatory compliance
  • Robots License Guard (#1066) - License compliance enforcement for AI-generated content

Built-in Integration Plugins

  • ClamAV External Plugin (#1077) - Virus scanning integration with ClamAV antivirus engine

📦 MCP Server Registry & Catalog (#1132, #1170, #295)

Local MCP Server Catalog (#1132)

  • Centralized local catalog of MCP servers for registry and marketplace functionality
  • Server metadata management including description, version, and capabilities
  • Integration with virtual server creation workflows

Catalog Search & Discovery (#1144)

  • Advanced search functionality for MCP server catalog
  • Filter by server type, capabilities, tags, and metadata
  • Improved discovery workflows for server registration

Catalog UX Enhancements (#1153, #1152)

  • Streamlined user experience for catalog browsing
  • Enhanced server registration wizard with validation
  • Improved server detail views with comprehensive metadata

Sample MCP Server Library

Python Sample Servers:

  • Document Processing: docx-server (#1045), xlsx-server (#1054), libreoffice-server (#1055), csv-pandas-chat-server (#1056), url-to-markdown-server (#1062)
  • Visualization: plotly-server (#1057), mermaid-server (#1058), graphviz-server (#1059), latex-server (#1060)
  • Code & Data: python-sandbox-server (#1061), code-splitter-server (#1053), chunker-server (#1052), data-analysis-server (#900)

Go Sample Servers:

  • High-Performance: pandoc-server (#1043), calculator-server (#920)

🏢 Multi-Tenancy Enhancements (#1177, #1107)

Team-Level API Token Scoping (#1176, #1177)

  • Public-only token support with team-level access control
  • Fine-grained permissions for API tokens scoped to specific teams
  • Enhanced security for multi-team deployments

Team Columns in Admin UI (#1035, #1107)

  • Team visibility across all admin tables: Tools, Gateway Servers, Virtual Servers, Prompts, Resources
  • Improved team-based filtering and resource management
  • Better visibility into cross-team resource sharing

Team Workflow Improvements (#1022)

  • Fixed "Join Request" button showing no pending requests
  • Improved team membership request handling
  • Enhanced team invitation and approval workflows

🔒 Policy & Security Features (#1145, #1102, #1106)

Customizable OPA Policy Path (#1145)

  • Enable customization of OPA policy file path for flexible deployments
  • Support for external policy repositories and version control
  • Improved policy development and testing workflows

OPA Policy Input Mapping (#1102)

  • Enhanced OPA policy input data mapping support
  • Better integration with multi-tenancy and RBAC context
  • Improved policy decision logging and debugging

Multi-arch OPA Support (#1106)

  • Multi-architecture support for OPA policy server (AMD64, ARM64)
  • Container images for diverse deployment environments
  • Enhanced compatibility with edge and IoT deployments

🛠️ Developer Experience (#1162, #1155, #1154, #1165)

Dynamic Environment Variables for STDIO (#1162, #1081, #964)

  • Dynamic environment variable injection for STDIO MCP servers
  • Runtime configuration without server restart
  • Improved development and testing workflows

Configuration Tab (#1155, #1154)

  • New configuration management tab in Admin UI
  • Centralized view of gateway configuration and environment settings
  • Enhanced troubleshooting and debugging capabilities

Scale Documentation (#1165)

  • Comprehensive scaling and performance documentation
  • Best practices for high-availability deployments
  • Performance tuning guidelines for large-scale installations

🐛 Fixed

🔧 Critical Bug Fixes

Gateway & Server Management

  • Gateway Addition from UI (#1173) - Fixed gateway addition failures from Admin UI
  • Gateway Update Failures (#1039, #1120) - Fixed gateway update failures and auth value DB constraints
  • OAuth2 Gateway Editing (#1146, #1025) - Preserve tools/resources/prompts when editing OAuth2 gateways without URL change
  • Server Tags Propagation (#836) - Fixed server tags not propagated to tools via /tools endpoint

Authentication & Authorization

  • Role Assignment Failure (#1175) - Fixed role assignment during bootstrap due to foreign key constraint
  • Login Issues (#1101, #1117, #1048) - Resolved login problems in 0.7.0 with HTTP/HTTPS configurations
  • OAuth Client Auth (#1096) - Fixed MCP_CLIENT_AUTH_ENABLED not taking effect in v0.7.0
  • 401 Unauthorized in Incognito (#839) - Fixed testing tools returning 401 in incognito mode

A2A (Agent-to-Agent) Integration

  • A2A Tool Call (#1163) - Fixed A2A agent tool invocation issues
  • Global Tools for A2A Agents (#1123, #841) - Fixed Global Tools not being listed for A2A Agents
  • A2A Endpoint Error (#1128, #1125) - Fixed GET /a2a/ returning 500 due to datatype mismatch

Header & Passthrough Handling

  • Header Propagation (#1134, #1046, #1115, #1104, #1142) - Fixed pass-through headers, X-Upstream-Authorization, and X-Vault-Headers handling
  • Passthrough Headers Persistence (#867) - Fixed update_gateway not persisting passthrough_headers field

🖥️ UI/UX Fixes

Admin Interface Improvements

  • Header-Modal Overlap (#1179, #1178) - Fixed header overlapping with modals in UI
  • Associated Tools Checkboxes (#856) - Fixed checkboxes on Virtual Servers edit not pre-populated due to ID vs name mismatch
  • Static Assets with APP_ROOT_PATH (#865) - Fixed static assets returning 404 when APP_ROOT_PATH is configured

Resource & Content Management

  • Resource Filter (#1131) - Fixed resource filtering issues in admin UI
  • README Updates (#1169, #1159) - Corrected minor quirks in main README.md
  • Project Name Normalization (#1157) - Normalized project name across documentation

📊 Metrics & Monitoring

Metrics Recording (#1127, #1103, #699)

  • Added metrics recording for prompts, resources, and servers
  • Fixed metrics collection and timestamp tracking
  • Enhanced metrics export with comprehensive data coverage
  • Improved last-used timestamp accuracy

🔌 Plugin Fixes

Plugin Code Quality

  • Plugin Linting (#1151) - Fixed lint issues across all plugins
  • Circuit Breaker Plugin (#1150) - Removed unused variables in circuit breaker plugin
  • PII Filter Dead Code (#1149) - Removed dead code from PII filter plugin

🔐 Security & Data Handling

Security Improvements

  • SecretStr Encoding (#1133) - Fixed encode method in SecretStr implementation
  • Team Member Re-add (#959) - Fixed unique constraint preventing re-adding team members
  • Test Cases Database Isolation (#810) - Ensured test cases use mock database instead of main DB

Infrastructure & Stability

  • Tool Limit Removal (#1141) - Temporarily removed limit for tools until pagination is properly implemented
  • FileLock Health Check (#845) - Fixed "can't start new thread" error in FileLock health check
  • Helm kubeVersion Handling (#931) - Fixed Helm install issues with vendor-specific kubeVersion suffix

🔄 Changed

📦 Configuration & Validation (#1110)

Pydantic v2 Config Validation (#285, #1110)

  • Complete migration to Pydantic v2 configuration validation
  • Enhanced type safety and runtime validation
  • Improved error messages for configuration issues

Plugin Configuration

  • Enhanced plugin configuration with enable/disable flags
  • Better validation for plugin manifests and dependencies
  • Improved plugin loading and initialization

🔄 Infrastructure Updates

Multi-Arch Support

  • Expanded multi-architecture support for OPA and other components
  • Container images for AMD64, ARM64, and other architectures
  • Improved compatibility with diverse deployment environments

Helm Chart Improvements (#1105)

  • Fixed "Too many redirects" issue in Helm deployments
  • Enhanced ingress configuration and TLS support
  • Better integration with enterprise Kubernetes clusters

🔒 Security Enhancements

Authentication & Authorization

  • OAuth DCR with PKCE - Enhanced authentication security with dynamic client registration and proof key for code exchange
  • Token Refresh Security - Multi-tenancy aware token refresh with secure credential storage
  • Secure Cookie Warnings - Clear guidance for development vs. production cookie security settings

Plugin Security Framework

  • Content Moderation Plugin - AI-powered threat detection and content filtering
  • SQL Injection Prevention - SQL sanitizer plugin for query validation
  • XSS Prevention - HTML sanitizer plugin with comprehensive tag and attribute filtering
  • Secrets Detection - Automatic detection and redaction of API keys, tokens, and credentials
  • Harmful Content Detection - Multi-layer content safety with toxicity and profanity filtering

Policy & Access Control

  • Enhanced OPA Integration - Customizable policy enforcement with improved input mapping
  • Multi-Layer Security - Circuit breaker and watchdog plugins for system protection
  • Team-Level Scoping - Fine-grained API token scoping with team-based access control

🏗️ Infrastructure

Plugin Framework

  • Enhanced plugin framework with management API and UI
  • Comprehensive plugin specification and development documentation
  • Support for external plugins with configuration management

MCP Server Ecosystem

  • Local MCP server catalog for better registry management
  • Enhanced server discovery and registration workflows
  • Sample server library with 15+ Python and Go examples

Developer Tools

  • Dynamic environment variable support for STDIO servers
  • Configuration management tab for troubleshooting
  • Improved OAuth2 gateway editing workflows

📚 Documentation

Plugin Development

  • Comprehensive Plugin Framework Specification - Complete guide for plugin architecture and development
  • Plugin Usage Guides - Updated documentation for all built-in plugins
  • External Plugin Integration - Tutorial for loading and managing third-party plugins

OAuth Integration

  • OAuth Password Grant Flow Tutorial - Step-by-step guide for programmatic authentication
  • OAuth DCR Documentation - Complete guide for dynamic client registration with PKCE
  • Token Refresh Workflows - Best practices for token lifecycle management

MCP Server Catalog

  • Catalog Management Guide - Complete documentation for server registry and discovery
  • Sample Server Documentation - Usage guides for all Python and Go sample servers
  • Server Registration Workflows - Best practices for catalog integration

Scale & Performance

  • Comprehensive Scaling Documentation - Guidelines for high-availability deployments
  • Performance Tuning Guide - Optimization strategies for large-scale installations
  • Multi-Architecture Deployment - Best practices for AMD64 and ARM64 environments

📦 Migration Guide

Environment Configuration Updates

OAuth Configuration

# Advanced OAuth Features (new in 0.8.0)
OAUTH_PASSWORD_GRANT_ENABLED=true
OAUTH_DCR_ENABLED=true
OAUTH_PKCE_REQUIRED=true
OAUTH_TOKEN_REFRESH_ENABLED=true

# Secure Cookie Configuration
SECURE_COOKIES=false  # Set to false for HTTP development environments

Plugin Configuration

# Plugin Framework (new in 0.8.0)
PLUGINS_ENABLED=true
PLUGIN_CONFIG_FILE=plugins/config.yaml

OPA Policy Configuration

# Customizable OPA Policy Path (new in 0.8.0)
OPA_POLICY_FILE=/path/to/custom/policy.rego

Database Migration

Database migrations run automatically on startup. No manual intervention required for 0.7.0 → 0.8.0 upgrade:

# Backup your database first (recommended)
cp mcp.db mcp.db.backup.$(date +%Y%m%d_%H%M%S)

# Update .env with new 0.8.0 settings (see above)

# Start the server - migrations run automatically
make dev  # or make serve for production

Plugin Migration

Enable Built-in Plugins:

  1. Copy the example plugin configuration:

    cp plugins/config.yaml.example plugins/config.yaml

  2. Enable desired plugins in plugins/config.yaml:

    plugins:
  - name: content_moderation
    enabled: true
  - name: sql_sanitizer
    enabled: true
  - name: html_sanitizer
    enabled: true

  3. Restart the gateway to load plugins

🚨 Breaking Changes

No breaking changes in this release. Release 0.8.0 maintains full backward compatibility with 0.7.0 configurations and APIs.

Deprecation Notices

  • Tool Limits - Temporary removal of tool limits (#1141) until pagination is implemented. Limit enforcement will return in future release with proper pagination support.

📋 Issues Closed

OAuth & Authentication (12 issues)

  • Closes #1168 - OAuth Password Grant Flow implementation
  • Closes #1158 - OAuth Dynamic Client Registration (DCR)
  • Closes #1048 - Login issue with HTTP requiring SECURE_COOKIES=false
  • Closes #1101 - Login not working with 0.7.0 version
  • Closes #1117 - Login authentication failures in 0.7.0
  • Closes #1109 - OAuth2 Integration fails with Keycloak
  • Closes #1023 - MCP gateway ping fails due to missing refresh token
  • Closes #1078 - OAuth Token Multi-Tenancy Support
  • Closes #1096 - MCP_CLIENT_AUTH_ENABLED not effective in v0.7.0
  • Closes #1097 - OAuth state signature issues
  • Closes #1119 - OAuth tool refresh improvements
  • Closes #1112 - OAuth server test/ping functionality

Multi-Tenancy & Teams (4 issues)

  • Closes #1176 - Team-Level Scoping for API Tokens
  • Closes #1177 - Public-only token support with team scoping
  • Closes #1035 - Add "Team" Column to All Admin UI Tables
  • Closes #1022 - "Join Request" button shows no pending request

A2A (Agent-to-Agent) Integration (5 issues)

  • Closes #298 - A2A Initial Support - Add A2A Servers as Tools
  • Closes #243 - A2A compatibility feature request
  • Closes #841 - Global Tools not listed for A2A Agents
  • Closes #1125 - GET /a2a/ returns 500 due to datatype mismatch
  • Closes #1163 - A2A tool invocation issues

Plugins & Framework (32 issues)

Plugin Infrastructure:

  • Closes #1129 - Plugin Management API and UI to Admin Dashboard
  • Closes #1130 - Plugin management interface implementation
  • Closes #1118 - Plugin Framework Specification
  • Closes #1147 - Enhanced Plugin Documentation
  • Closes #1139 - Plugin Design Consolidation

Security Plugins:

  • Closes #1114 - Content Moderation Plugin
  • Closes #1063 - Safe HTML Sanitizer Plugin
  • Closes #1064 - Harmful Content Detector Plugin
  • Closes #1065 - SQL Sanitizer Plugin
  • Closes #894 - Secrets Detection Plugin
  • Closes #893 - JSON Schema Validator Plugin

Utility Plugins:

  • Closes #1070 - Circuit Breaker Plugin
  • Closes #1150 - Circuit breaker unused variable cleanup
  • Closes #1071 - Response Cache by Prompt Plugin
  • Closes #1113 - Webhook Notification Plugin
  • Closes #1075 - Watchdog Plugin
  • Closes #1076 - Summarizer Plugin
  • Closes #1077 - ClamAV External Plugin

Content & Formatting Plugins:

  • Closes #1069 - Citation Validator Plugin
  • Closes #1068 - Code Formatter Plugin
  • Closes #1067 - AI Artifacts Normalizer Plugin
  • Closes #1074 - Timezone Translator Plugin

Compliance & Legal Plugins:

  • Closes #1072 - License Header Injector Plugin
  • Closes #1073 - Privacy Notice Injector Plugin
  • Closes #1066 - Robots License Guard Plugin

Additional Plugin Issues:

  • Closes #895 - Header Injector Plugin
  • Closes #1005 - VirusTotal Checker Plugin
  • Closes #1004 - URL Reputation Plugin
  • Closes #1003 - Schema Guard Plugin
  • Closes #1002 - Retry with Backoff Plugin
  • Closes #1001 - Rate Limiter Plugin
  • Closes #1000 - Output Length Guard Plugin
  • Closes #999 - Markdown Cleaner Plugin
  • Closes #998 - JSON Repair Plugin
  • Closes #997 - HTML to Markdown Plugin
  • Closes #996 - File Type Allowlist Plugin
  • Closes #995 - Code Safety Linter Plugin
  • Closes #994 - Cached Tool Result Plugin

MCP Server Catalog (19 issues)

Catalog Infrastructure:

  • Closes #295 - Local Catalog of MCP servers
  • Closes #1132 - MCP Server Catalog implementation
  • Closes #1170 - MCP Server Catalog improvements
  • Closes #1143 - Adding any server in MCP Registry fails
  • Closes #1144 - Catalog search functionality
  • Closes #1153 - Catalog UX updates
  • Closes #1152 - Catalog UX enhancements

Python Sample Servers:

  • Closes #1061 - Python sandbox server
  • Closes #1062 - URL to markdown server
  • Closes #1058 - Mermaid server
  • Closes #1059 - Graphviz server
  • Closes #1060 - LaTeX server
  • Closes #1057 - Plotly server
  • Closes #1056 - CSV pandas chat server
  • Closes #1055 - LibreOffice server
  • Closes #1054 - XLSX server
  • Closes #1053 - Code splitter server
  • Closes #1052 - Chunker server
  • Closes #1045 - DOCX server
  • Closes #900 - Data analysis server

Go Sample Servers:

  • Closes #1043 - Pandoc MCP server in Go
  • Closes #920 - Calculator server in Go

Bug Fixes (16 issues)

Gateway & Server Management:

  • Closes #1173 - Gateway addition from UI failures
  • Closes #1178 - Header overlaps with modals
  • Closes #1025 - OAuth2 gateway edit requires tool fetch
  • Closes #1046 - Pass-through headers not functioning
  • Closes #1039 - Update Gateway fails
  • Closes #1104 - X-Upstream-Authorization Header not working
  • Closes #867 - update_gateway not persisting passthrough_headers

UI/UX:

  • Closes #1159 - Minor quirks in main README.md
  • Closes #1157 - Project name normalization
  • Closes #856 - Associated tools checkboxes not pre-populated
  • Closes #865 - Static assets return 404 with APP_ROOT_PATH

Metrics & Infrastructure:

  • Closes #1127 - Metrics recording improvements
  • Closes #1103 - Fixed metrics collection
  • Closes #699 - Metrics Enhancement (export, capture, timestamps, UI)
  • Closes #1105 - Too many redirects in Helm deployment
  • Closes #931 - Helm install with vendor-specific kubeVersion suffix

Security & Data:

  • Closes #1133 - SecretStr encoding fix
  • Closes #1141 - Tool limit removal (temporary)
  • Closes #959 - Unable to re-add team member due to unique constraint
  • Closes #810 - Test cases use mock database

Plugin Fixes:

  • Closes #1151 - Plugin linting issues
  • Closes #1149 - PII filter dead code removal

Policy & Security (4 issues)

  • Closes #1145 - Customizable OPA Policy Path
  • Closes #1102 - OPA Policy Input Mapping
  • Closes #1106 - Multi-arch OPA Support
  • Closes #229 - Guardrails - Input/Output Sanitization & PII Masking

Developer Experience (5 issues)

  • Closes #1162 - Dynamic Environment Variables for STDIO
  • Closes #1081 - STDIO transport support enhancements
  • Closes #964 - Dynamic environment variable injection for STDIO servers
  • Closes #1155 - Configuration Tab in Admin UI
  • Closes #1154 - Configuration management features
  • Closes #1165 - Scale Documentation

Infrastructure (3 issues)

  • Closes #1037 - Fix Mend Configuration File
  • Closes #285 - Pydantic v2 Configuration Validation
  • Closes #1110 - Pydantic v2 migration completion

Total: 78 issues closed

🌟 Release Contributors

This release represents a major milestone in MCP Gateway's plugin ecosystem and advanced authentication capabilities. With contributions from developers worldwide, 0.8.0 delivers groundbreaking features including 15+ production-ready plugins, advanced OAuth flows, and a comprehensive MCP server registry.

🏆 Top Contributors in 0.8.0

  • Mihai Criveti (@crivetimihai) - Release coordination, plugin framework architecture, OAuth integration design, MCP server catalog implementation, comprehensive testing infrastructure, documentation updates, and infrastructure improvements, plugin management UI/API, plugin development (15 plugins)
  • Manav Gupta (@manavgup) - 5 PRs - OAuth Dynamic Client Registration (DCR) with PKCE, dynamic
    environment variable injection for STDIO servers, OAuth2 gateway editing preservation, content moderation
    plugin, and webhook notification plugin
  • Shoumi Mukherjee (@shoummu1) - 7 PRs - Secure cookie warnings for HTTP development, auth value fixes, array input parsing in test tool UI, database migration improvements
  • Veeresh (@nmveeresh) - 5 PRs - Pydantic v2 configuration validation migration, role assignment bootstrap fix, config validation startup checks
  • Monshri (@monshri) - 2 PRs - LLMGuard security guardrails plugin, OPA plugin for policy enforcement
  • Terry (@terylt) - Plugin Framework Specification Document, tool metadata and HTTP headers in plugin hooks
  • Mohan Lakshmaiah (@MohanLaksh) - Content-Type application/x-www-form-urlencoded support
  • Nayana R Gowda (@Nayana-R-Gowda) - Metrics collection fixes
  • Gruia Popa (@popagruia) - ICA Vault plugin, header propagation fixes
  • Pedro Miguel (@pmig) - Dynamic Client Registration tutorial, JWT audience verification fixes
  • Satya (@TS0713) - Multi-tenancy UI gaps fixes
  • Shams (@shams858) - Various bug fixes and improvements

🔗 Resources

Documentation

Source Code

Container Images

Community

Quick Start

# Pull the latest 0.8.0 image
docker pull ghcr.io/ibm/mcp-context-forge:0.8.0

# Or build from source
git clone https://github.com/IBM/mcp-context-forge.git
cd mcp-context-forge
git checkout v0.8.0
make venv install-dev
make dev

Next Planned Release: v0.9.0 (November 4, 2025)

Contributors

shams858, pmig, and 10 other contributors
Assets 2
Loading
0 Join discussion