Download Latest Version v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem _ MCP Registry source code.tar.gz (6.6 MB)
Email in envelope

Get an email when there's a new version of ContextForge MCP Gateway

Home / v0.8.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2025-10-08 31.6 kB
0
v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem _ MCP Registry source code.tar.gz 2025-10-08 6.6 MB
0
v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem _ MCP Registry source code.zip 2025-10-08 7.6 MB
6 6 weekly downloads
Totals: 3 Items   14.2 MB 6

v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem & MCP Registry

This release focuses on Advanced OAuth Integration, Plugin Ecosystem & MCP Registry with 50+ issues resolved and 47 PRs merged, bringing significant improvements across authentication, plugin framework, and developer experience. Building on the enterprise multi-tenancy foundation from v0.7.0, this release expands MCP Gateway's capabilities with advanced OAuth flows, a comprehensive plugin ecosystem, and enhanced MCP server discovery.

πŸ† Plugin Ecosystem & Advanced Authentication Achievements

Release 0.8.0 delivers a production-ready plugin framework with 15+ built-in plugins, a complete plugin management UI and API, and advanced OAuth 2.0 support including Password Grant Flow, Dynamic Client Registration (DCR), and PKCE. This release transforms MCP Gateway into a highly extensible platform while maintaining enterprise-grade security and multi-tenancy capabilities.

Key Accomplishments

βœ… 15+ Production-Ready Plugins - Comprehensive plugin library covering security, content moderation, caching, formatting, and monitoring βœ… Plugin Management UI & API - Complete plugin lifecycle management through Admin Dashboard βœ… Advanced OAuth Integration - Password Grant Flow, DCR with PKCE, token refresh, and multi-tenancy support βœ… MCP Server Registry - Local catalog with improved discovery, search, and registration workflows βœ… Enhanced Multi-Tenancy - Team-level API token scoping and team visibility across all admin tables βœ… OPA Policy Enhancements - Customizable policy paths, multi-arch support, and improved input mapping

✨ Highlights

πŸ” Advanced OAuth & Authentication

  • OAuth Password Grant Flow - Complete implementation for programmatic authentication scenarios
  • OAuth Dynamic Client Registration (DCR) - Full support with PKCE for enhanced security
  • Token Refresh Mechanisms - Multi-tenancy aware token handling with automatic refresh
  • Secure Cookie Warnings - Clear guidance for HTTP development environments
  • OAuth2 Gateway Editing - Preserve tools/resources/prompts when editing without URL changes

πŸ”Œ Plugin Ecosystem Expansion

  • 15+ Built-in Plugins - Production-ready plugins for security, content moderation, caching, and more
  • Plugin Management UI - Dedicated admin interface for plugin configuration and monitoring
  • Plugin Framework Specification - Comprehensive documentation for plugin development
  • External Plugin Support - Load and manage third-party plugins with configuration management

πŸ“¦ MCP Server Registry & Catalog

  • Local MCP Server Catalog - Centralized registry for MCP server discovery and management
  • Enhanced Search Functionality - Improved catalog browsing with advanced search capabilities
  • Catalog UX Improvements - Streamlined user experience for server registration and discovery
  • Sample Server Library - 15+ Python sample servers and Go-based high-performance examples

🏒 Multi-Tenancy Enhancements

  • Team-Level API Token Scoping - Public-only token support with fine-grained team access control
  • Team Columns in Admin UI - Team visibility across Tools, Gateway Servers, Virtual Servers, Prompts, and Resources
  • Enhanced Team Workflows - Improved team request handling and membership management

πŸ”’ Policy & Security

  • Content Moderation Plugin - IBM-supported AI-powered content filtering and moderation
  • Enhanced OPA Integration - Customizable policy paths, multi-architecture support, improved input mapping
  • Security Plugins Suite - SQL sanitizer, HTML sanitizer, harmful content detector, secrets detection
  • Circuit Breaker Plugin - Fault tolerance with automatic circuit breaking for unstable backends

πŸ†• Added

πŸ” Advanced OAuth & Authentication (#1168, [#1158])

OAuth Password Grant Flow - Complete implementation of OAuth 2.0 Password Grant Flow for programmatic authentication - Support for client credentials and resource owner password credentials grants - Integration with existing multi-tenancy and RBAC systems

OAuth Dynamic Client Registration (DCR) - Full OAuth DCR implementation with PKCE (Proof Key for Code Exchange) - Dynamic client credential generation and management - Enhanced security for public clients and mobile applications

Token Refresh Support (#1023, [#1078]) - Multi-tenancy aware token refresh mechanisms - User-specific token handling and automatic refresh - Improved token lifecycle management across team boundaries

Secure Cookie Warnings (#1181, [#1048]) - Clear warnings for HTTP development environments requiring SECURE_COOKIES=false - Improved developer experience with actionable error messages - Documentation updates for secure cookie configuration

OAuth Token Management (#1097, [#1119], [#1112]) - Fixed OAuth state signatures for enhanced security - Improved tool refresh and server test/ping functionality - Better error handling for OAuth flows

πŸ”Œ Plugin Framework & Ecosystem

Plugin Management Infrastructure (#1130, [#1147], [#1139], [#1118]) - Plugin Management API & UI (#1129, [#1130]) - Complete plugin management interface in Admin Dashboard - Plugin Framework Specification (#1118) - Comprehensive specification document for plugin development - Enhanced Plugin Documentation (#1147) - Updated plugin usage guides and built-in plugin documentation - Plugin Design Consolidation (#1139) - Revised and consolidated plugin specification and design docs

Built-in Security Plugins - Content Moderation Plugin (#1114) - IBM-supported content moderation with AI-powered filtering - Safe HTML Sanitizer (#1063) - XSS prevention and HTML sanitization for user-generated content - SQL Sanitizer (#1065) - SQL injection prevention and query sanitization - Harmful Content Detector (#1064) - Detect and filter harmful, toxic, or inappropriate content - Secrets Detection Plugin (#894) - Identify and redact API keys, tokens, and credentials

Built-in Utility Plugins - Circuit Breaker Plugin (#1070, [#1150]) - Fault tolerance with automatic circuit breaking and half-open state - Response Cache by Prompt (#1071) - Intelligent caching based on prompt patterns for performance - Webhook Notification Plugin (#1113) - Event-driven webhook notifications for gateway events - Watchdog Plugin (#1075) - System monitoring and health checks with alerting

Built-in Content & Formatting Plugins - Citation Validator (#1069) - Validate and track citations in AI-generated responses - Code Formatter (#1068) - Automatic code formatting in responses with language detection - AI Artifacts Normalizer (#1067) - Standardize AI-generated artifacts for consistency - Summarizer Plugin (#1076) - Automatic response summarization with configurable length - Timezone Translator (#1074) - Automatic timezone conversion in responses

Built-in Compliance & Legal Plugins - License Header Injector (#1072) - Automated license header management for generated code - Privacy Notice Injector (#1073) - Privacy notice injection for regulatory compliance - Robots License Guard (#1066) - License compliance enforcement for AI-generated content

Built-in Integration Plugins - ClamAV External Plugin (#1077) - Virus scanning integration with ClamAV antivirus engine

πŸ“¦ MCP Server Registry & Catalog (#1132, [#1170], [#295])

Local MCP Server Catalog (#1132) - Centralized local catalog of MCP servers for registry and marketplace functionality - Server metadata management including description, version, and capabilities - Integration with virtual server creation workflows

Catalog Search & Discovery (#1144) - Advanced search functionality for MCP server catalog - Filter by server type, capabilities, tags, and metadata - Improved discovery workflows for server registration

Catalog UX Enhancements (#1153, [#1152]) - Streamlined user experience for catalog browsing - Enhanced server registration wizard with validation - Improved server detail views with comprehensive metadata

Sample MCP Server Library

Python Sample Servers: - Document Processing: docx-server (#1045), xlsx-server (#1054), libreoffice-server (#1055), csv-pandas-chat-server (#1056), url-to-markdown-server (#1062) - Visualization: plotly-server (#1057), mermaid-server (#1058), graphviz-server (#1059), latex-server (#1060) - Code & Data: python-sandbox-server (#1061), code-splitter-server (#1053), chunker-server (#1052), data-analysis-server (#900)

Go Sample Servers: - High-Performance: pandoc-server (#1043), calculator-server (#920)

🏒 Multi-Tenancy Enhancements (#1177, [#1107])

Team-Level API Token Scoping (#1176, [#1177]) - Public-only token support with team-level access control - Fine-grained permissions for API tokens scoped to specific teams - Enhanced security for multi-team deployments

Team Columns in Admin UI (#1035, [#1107]) - Team visibility across all admin tables: Tools, Gateway Servers, Virtual Servers, Prompts, Resources - Improved team-based filtering and resource management - Better visibility into cross-team resource sharing

Team Workflow Improvements (#1022) - Fixed "Join Request" button showing no pending requests - Improved team membership request handling - Enhanced team invitation and approval workflows

πŸ”’ Policy & Security Features (#1145, [#1102], [#1106])

Customizable OPA Policy Path (#1145) - Enable customization of OPA policy file path for flexible deployments - Support for external policy repositories and version control - Improved policy development and testing workflows

OPA Policy Input Mapping (#1102) - Enhanced OPA policy input data mapping support - Better integration with multi-tenancy and RBAC context - Improved policy decision logging and debugging

Multi-arch OPA Support (#1106) - Multi-architecture support for OPA policy server (AMD64, ARM64) - Container images for diverse deployment environments - Enhanced compatibility with edge and IoT deployments

πŸ› οΈ Developer Experience (#1162, [#1155], [#1154], [#1165])

Dynamic Environment Variables for STDIO (#1162, [#1081], [#964]) - Dynamic environment variable injection for STDIO MCP servers - Runtime configuration without server restart - Improved development and testing workflows

Configuration Tab (#1155, [#1154]) - New configuration management tab in Admin UI - Centralized view of gateway configuration and environment settings - Enhanced troubleshooting and debugging capabilities

Scale Documentation (#1165) - Comprehensive scaling and performance documentation - Best practices for high-availability deployments - Performance tuning guidelines for large-scale installations

πŸ› Fixed

πŸ”§ Critical Bug Fixes

Gateway & Server Management - Gateway Addition from UI (#1173) - Fixed gateway addition failures from Admin UI - Gateway Update Failures (#1039, [#1120]) - Fixed gateway update failures and auth value DB constraints - OAuth2 Gateway Editing (#1146, [#1025]) - Preserve tools/resources/prompts when editing OAuth2 gateways without URL change - Server Tags Propagation (#836) - Fixed server tags not propagated to tools via /tools endpoint

Authentication & Authorization - Role Assignment Failure (#1175) - Fixed role assignment during bootstrap due to foreign key constraint - Login Issues (#1101, [#1117], [#1048]) - Resolved login problems in 0.7.0 with HTTP/HTTPS configurations - OAuth Client Auth (#1096) - Fixed MCP_CLIENT_AUTH_ENABLED not taking effect in v0.7.0 - 401 Unauthorized in Incognito (#839) - Fixed testing tools returning 401 in incognito mode

A2A (Agent-to-Agent) Integration - A2A Tool Call (#1163) - Fixed A2A agent tool invocation issues - Global Tools for A2A Agents (#1123, [#841]) - Fixed Global Tools not being listed for A2A Agents - A2A Endpoint Error (#1128, [#1125]) - Fixed GET /a2a/ returning 500 due to datatype mismatch

Header & Passthrough Handling - Header Propagation (#1134, [#1046], [#1115], [#1104], [#1142]) - Fixed pass-through headers, X-Upstream-Authorization, and X-Vault-Headers handling - Passthrough Headers Persistence (#867) - Fixed update_gateway not persisting passthrough_headers field

πŸ–₯️ UI/UX Fixes

Admin Interface Improvements - Header-Modal Overlap (#1179, [#1178]) - Fixed header overlapping with modals in UI - Associated Tools Checkboxes (#856) - Fixed checkboxes on Virtual Servers edit not pre-populated due to ID vs name mismatch - Static Assets with APP_ROOT_PATH (#865) - Fixed static assets returning 404 when APP_ROOT_PATH is configured

Resource & Content Management - Resource Filter (#1131) - Fixed resource filtering issues in admin UI - README Updates (#1169, [#1159]) - Corrected minor quirks in main README.md - Project Name Normalization (#1157) - Normalized project name across documentation

πŸ“Š Metrics & Monitoring

Metrics Recording (#1127, [#1103], [#699]) - Added metrics recording for prompts, resources, and servers - Fixed metrics collection and timestamp tracking - Enhanced metrics export with comprehensive data coverage - Improved last-used timestamp accuracy

πŸ”Œ Plugin Fixes

Plugin Code Quality - Plugin Linting (#1151) - Fixed lint issues across all plugins - Circuit Breaker Plugin (#1150) - Removed unused variables in circuit breaker plugin - PII Filter Dead Code (#1149) - Removed dead code from PII filter plugin

πŸ” Security & Data Handling

Security Improvements - SecretStr Encoding (#1133) - Fixed encode method in SecretStr implementation - Team Member Re-add (#959) - Fixed unique constraint preventing re-adding team members - Test Cases Database Isolation (#810) - Ensured test cases use mock database instead of main DB

Infrastructure & Stability - Tool Limit Removal (#1141) - Temporarily removed limit for tools until pagination is properly implemented - FileLock Health Check (#845) - Fixed "can't start new thread" error in FileLock health check - Helm kubeVersion Handling (#931) - Fixed Helm install issues with vendor-specific kubeVersion suffix

πŸ”„ Changed

πŸ“¦ Configuration & Validation (#1110)

Pydantic v2 Config Validation (#285, [#1110]) - Complete migration to Pydantic v2 configuration validation - Enhanced type safety and runtime validation - Improved error messages for configuration issues

Plugin Configuration - Enhanced plugin configuration with enable/disable flags - Better validation for plugin manifests and dependencies - Improved plugin loading and initialization

πŸ”„ Infrastructure Updates

Multi-Arch Support - Expanded multi-architecture support for OPA and other components - Container images for AMD64, ARM64, and other architectures - Improved compatibility with diverse deployment environments

Helm Chart Improvements (#1105) - Fixed "Too many redirects" issue in Helm deployments - Enhanced ingress configuration and TLS support - Better integration with enterprise Kubernetes clusters

πŸ”’ Security Enhancements

Authentication & Authorization

  • OAuth DCR with PKCE - Enhanced authentication security with dynamic client registration and proof key for code exchange
  • Token Refresh Security - Multi-tenancy aware token refresh with secure credential storage
  • Secure Cookie Warnings - Clear guidance for development vs. production cookie security settings

Plugin Security Framework

  • Content Moderation Plugin - AI-powered threat detection and content filtering
  • SQL Injection Prevention - SQL sanitizer plugin for query validation
  • XSS Prevention - HTML sanitizer plugin with comprehensive tag and attribute filtering
  • Secrets Detection - Automatic detection and redaction of API keys, tokens, and credentials
  • Harmful Content Detection - Multi-layer content safety with toxicity and profanity filtering

Policy & Access Control

  • Enhanced OPA Integration - Customizable policy enforcement with improved input mapping
  • Multi-Layer Security - Circuit breaker and watchdog plugins for system protection
  • Team-Level Scoping - Fine-grained API token scoping with team-based access control

πŸ—οΈ Infrastructure

Plugin Framework

  • Enhanced plugin framework with management API and UI
  • Comprehensive plugin specification and development documentation
  • Support for external plugins with configuration management

MCP Server Ecosystem

  • Local MCP server catalog for better registry management
  • Enhanced server discovery and registration workflows
  • Sample server library with 15+ Python and Go examples

Developer Tools

  • Dynamic environment variable support for STDIO servers
  • Configuration management tab for troubleshooting
  • Improved OAuth2 gateway editing workflows

πŸ“š Documentation

Plugin Development

  • Comprehensive Plugin Framework Specification - Complete guide for plugin architecture and development
  • Plugin Usage Guides - Updated documentation for all built-in plugins
  • External Plugin Integration - Tutorial for loading and managing third-party plugins

OAuth Integration

  • OAuth Password Grant Flow Tutorial - Step-by-step guide for programmatic authentication
  • OAuth DCR Documentation - Complete guide for dynamic client registration with PKCE
  • Token Refresh Workflows - Best practices for token lifecycle management

MCP Server Catalog

  • Catalog Management Guide - Complete documentation for server registry and discovery
  • Sample Server Documentation - Usage guides for all Python and Go sample servers
  • Server Registration Workflows - Best practices for catalog integration

Scale & Performance

  • Comprehensive Scaling Documentation - Guidelines for high-availability deployments
  • Performance Tuning Guide - Optimization strategies for large-scale installations
  • Multi-Architecture Deployment - Best practices for AMD64 and ARM64 environments

πŸ“¦ Migration Guide

Environment Configuration Updates

OAuth Configuration

:::bash
# Advanced OAuth Features (new in 0.8.0)
OAUTH_PASSWORD_GRANT_ENABLED=true
OAUTH_DCR_ENABLED=true
OAUTH_PKCE_REQUIRED=true
OAUTH_TOKEN_REFRESH_ENABLED=true

# Secure Cookie Configuration
SECURE_COOKIES=false  # Set to false for HTTP development environments

Plugin Configuration

:::bash
# Plugin Framework (new in 0.8.0)
PLUGINS_ENABLED=true
PLUGIN_CONFIG_FILE=plugins/config.yaml

OPA Policy Configuration

:::bash
# Customizable OPA Policy Path (new in 0.8.0)
OPA_POLICY_FILE=/path/to/custom/policy.rego

Database Migration

Database migrations run automatically on startup. No manual intervention required for 0.7.0 β†’ 0.8.0 upgrade:

:::bash
# Backup your database first (recommended)
cp mcp.db mcp.db.backup.$(date +%Y%m%d_%H%M%S)

# Update .env with new 0.8.0 settings (see above)

# Start the server - migrations run automatically
make dev  # or make serve for production

Plugin Migration

Enable Built-in Plugins:

  1. Copy the example plugin configuration: bash cp plugins/config.yaml.example plugins/config.yaml

  2. Enable desired plugins in plugins/config.yaml: ```yaml plugins:

    • name: content_moderation enabled: true
    • name: sql_sanitizer enabled: true
    • name: html_sanitizer enabled: true ```

  3. Restart the gateway to load plugins

🚨 Breaking Changes

No breaking changes in this release. Release 0.8.0 maintains full backward compatibility with 0.7.0 configurations and APIs.

Deprecation Notices

  • Tool Limits - Temporary removal of tool limits (#1141) until pagination is implemented. Limit enforcement will return in future release with proper pagination support.

πŸ“‹ Issues Closed

OAuth & Authentication (12 issues)

  • Closes [#1168] - OAuth Password Grant Flow implementation
  • Closes [#1158] - OAuth Dynamic Client Registration (DCR)
  • Closes [#1048] - Login issue with HTTP requiring SECURE_COOKIES=false
  • Closes [#1101] - Login not working with 0.7.0 version
  • Closes [#1117] - Login authentication failures in 0.7.0
  • Closes [#1109] - OAuth2 Integration fails with Keycloak
  • Closes [#1023] - MCP gateway ping fails due to missing refresh token
  • Closes [#1078] - OAuth Token Multi-Tenancy Support
  • Closes [#1096] - MCP_CLIENT_AUTH_ENABLED not effective in v0.7.0
  • Closes [#1097] - OAuth state signature issues
  • Closes [#1119] - OAuth tool refresh improvements
  • Closes [#1112] - OAuth server test/ping functionality

Multi-Tenancy & Teams (4 issues)

  • Closes [#1176] - Team-Level Scoping for API Tokens
  • Closes [#1177] - Public-only token support with team scoping
  • Closes [#1035] - Add "Team" Column to All Admin UI Tables
  • Closes [#1022] - "Join Request" button shows no pending request

A2A (Agent-to-Agent) Integration (5 issues)

  • Closes [#298] - A2A Initial Support - Add A2A Servers as Tools
  • Closes [#243] - A2A compatibility feature request
  • Closes [#841] - Global Tools not listed for A2A Agents
  • Closes [#1125] - GET /a2a/ returns 500 due to datatype mismatch
  • Closes [#1163] - A2A tool invocation issues

Plugins & Framework (32 issues)

Plugin Infrastructure: - Closes [#1129] - Plugin Management API and UI to Admin Dashboard - Closes [#1130] - Plugin management interface implementation - Closes [#1118] - Plugin Framework Specification - Closes [#1147] - Enhanced Plugin Documentation - Closes [#1139] - Plugin Design Consolidation

Security Plugins: - Closes [#1114] - Content Moderation Plugin - Closes [#1063] - Safe HTML Sanitizer Plugin - Closes [#1064] - Harmful Content Detector Plugin - Closes [#1065] - SQL Sanitizer Plugin - Closes [#894] - Secrets Detection Plugin - Closes [#893] - JSON Schema Validator Plugin

Utility Plugins: - Closes [#1070] - Circuit Breaker Plugin - Closes [#1150] - Circuit breaker unused variable cleanup - Closes [#1071] - Response Cache by Prompt Plugin - Closes [#1113] - Webhook Notification Plugin - Closes [#1075] - Watchdog Plugin - Closes [#1076] - Summarizer Plugin - Closes [#1077] - ClamAV External Plugin

Content & Formatting Plugins: - Closes [#1069] - Citation Validator Plugin - Closes [#1068] - Code Formatter Plugin - Closes [#1067] - AI Artifacts Normalizer Plugin - Closes [#1074] - Timezone Translator Plugin

Compliance & Legal Plugins: - Closes [#1072] - License Header Injector Plugin - Closes [#1073] - Privacy Notice Injector Plugin - Closes [#1066] - Robots License Guard Plugin

Additional Plugin Issues: - Closes [#895] - Header Injector Plugin - Closes [#1005] - VirusTotal Checker Plugin - Closes [#1004] - URL Reputation Plugin - Closes [#1003] - Schema Guard Plugin - Closes [#1002] - Retry with Backoff Plugin - Closes [#1001] - Rate Limiter Plugin - Closes [#1000] - Output Length Guard Plugin - Closes [#999] - Markdown Cleaner Plugin - Closes [#998] - JSON Repair Plugin - Closes [#997] - HTML to Markdown Plugin - Closes [#996] - File Type Allowlist Plugin - Closes [#995] - Code Safety Linter Plugin - Closes [#994] - Cached Tool Result Plugin

MCP Server Catalog (19 issues)

Catalog Infrastructure: - Closes [#295] - Local Catalog of MCP servers - Closes [#1132] - MCP Server Catalog implementation - Closes [#1170] - MCP Server Catalog improvements - Closes [#1143] - Adding any server in MCP Registry fails - Closes [#1144] - Catalog search functionality - Closes [#1153] - Catalog UX updates - Closes [#1152] - Catalog UX enhancements

Python Sample Servers: - Closes [#1061] - Python sandbox server - Closes [#1062] - URL to markdown server - Closes [#1058] - Mermaid server - Closes [#1059] - Graphviz server - Closes [#1060] - LaTeX server - Closes [#1057] - Plotly server - Closes [#1056] - CSV pandas chat server - Closes [#1055] - LibreOffice server - Closes [#1054] - XLSX server - Closes [#1053] - Code splitter server - Closes [#1052] - Chunker server - Closes [#1045] - DOCX server - Closes [#900] - Data analysis server

Go Sample Servers: - Closes [#1043] - Pandoc MCP server in Go - Closes [#920] - Calculator server in Go

Bug Fixes (16 issues)

Gateway & Server Management: - Closes [#1173] - Gateway addition from UI failures - Closes [#1178] - Header overlaps with modals - Closes [#1025] - OAuth2 gateway edit requires tool fetch - Closes [#1046] - Pass-through headers not functioning - Closes [#1039] - Update Gateway fails - Closes [#1104] - X-Upstream-Authorization Header not working - Closes [#867] - update_gateway not persisting passthrough_headers

UI/UX: - Closes [#1159] - Minor quirks in main README.md - Closes [#1157] - Project name normalization - Closes [#856] - Associated tools checkboxes not pre-populated - Closes [#865] - Static assets return 404 with APP_ROOT_PATH

Metrics & Infrastructure: - Closes [#1127] - Metrics recording improvements - Closes [#1103] - Fixed metrics collection - Closes [#699] - Metrics Enhancement (export, capture, timestamps, UI) - Closes [#1105] - Too many redirects in Helm deployment - Closes [#931] - Helm install with vendor-specific kubeVersion suffix

Security & Data: - Closes [#1133] - SecretStr encoding fix - Closes [#1141] - Tool limit removal (temporary) - Closes [#959] - Unable to re-add team member due to unique constraint - Closes [#810] - Test cases use mock database

Plugin Fixes: - Closes [#1151] - Plugin linting issues - Closes [#1149] - PII filter dead code removal

Policy & Security (4 issues)

  • Closes [#1145] - Customizable OPA Policy Path
  • Closes [#1102] - OPA Policy Input Mapping
  • Closes [#1106] - Multi-arch OPA Support
  • Closes [#229] - Guardrails - Input/Output Sanitization & PII Masking

Developer Experience (5 issues)

  • Closes [#1162] - Dynamic Environment Variables for STDIO
  • Closes [#1081] - STDIO transport support enhancements
  • Closes [#964] - Dynamic environment variable injection for STDIO servers
  • Closes [#1155] - Configuration Tab in Admin UI
  • Closes [#1154] - Configuration management features
  • Closes [#1165] - Scale Documentation

Infrastructure (3 issues)

  • Closes [#1037] - Fix Mend Configuration File
  • Closes [#285] - Pydantic v2 Configuration Validation
  • Closes [#1110] - Pydantic v2 migration completion

Total: 78 issues closed

🌟 Release Contributors

This release represents a major milestone in MCP Gateway's plugin ecosystem and advanced authentication capabilities. With contributions from developers worldwide, 0.8.0 delivers groundbreaking features including 15+ production-ready plugins, advanced OAuth flows, and a comprehensive MCP server registry.

πŸ† Top Contributors in 0.8.0

  • Mihai Criveti (@crivetimihai) - Release coordination, plugin framework architecture, OAuth integration design, MCP server catalog implementation, comprehensive testing infrastructure, documentation updates, and infrastructure improvements, plugin management UI/API, plugin development (15 plugins)
  • Manav Gupta (@manavgup) - 5 PRs - OAuth Dynamic Client Registration (DCR) with PKCE, dynamic environment variable injection for STDIO servers, OAuth2 gateway editing preservation, content moderation plugin, and webhook notification plugin
  • Shoumi Mukherjee (@shoummu1) - 7 PRs - Secure cookie warnings for HTTP development, auth value fixes, array input parsing in test tool UI, database migration improvements
  • Veeresh (@nmveeresh) - 5 PRs - Pydantic v2 configuration validation migration, role assignment bootstrap fix, config validation startup checks
  • Monshri (@monshri) - 2 PRs - LLMGuard security guardrails plugin, OPA plugin for policy enforcement
  • Terry (@terylt) - Plugin Framework Specification Document, tool metadata and HTTP headers in plugin hooks
  • Mohan Lakshmaiah (@MohanLaksh) - Content-Type application/x-www-form-urlencoded support
  • Nayana R Gowda (@Nayana-R-Gowda) - Metrics collection fixes
  • Gruia Popa (@popagruia) - ICA Vault plugin, header propagation fixes
  • Pedro Miguel (@pmig) - Dynamic Client Registration tutorial, JWT audience verification fixes
  • Satya (@TS0713) - Multi-tenancy UI gaps fixes
  • Shams (@shams858) - Various bug fixes and improvements

πŸ”— Resources

Documentation

Source Code

Container Images

Community

Quick Start

:::bash
# Pull the latest 0.8.0 image
docker pull ghcr.io/ibm/mcp-context-forge:0.8.0

# Or build from source
git clone https://github.com/IBM/mcp-context-forge.git
cd mcp-context-forge
git checkout v0.8.0
make venv install-dev
make dev

Next Planned Release: v0.9.0 (November 4, 2025)

Source: README.md, updated 2025-10-08