IBM/mcp-context-forge v0.8.0 on GitHub

v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem & MCP Registry

This release focuses on Advanced OAuth Integration, Plugin Ecosystem & MCP Registry with 50+ issues resolved and 47 PRs merged, bringing significant improvements across authentication, plugin framework, and developer experience. Building on the enterprise multi-tenancy foundation from v0.7.0, this release expands MCP Gateway's capabilities with advanced OAuth flows, a comprehensive plugin ecosystem, and enhanced MCP server discovery.

🏆 Plugin Ecosystem & Advanced Authentication Achievements

Release 0.8.0 delivers a production-ready plugin framework with 15+ built-in plugins, a complete plugin management UI and API, and advanced OAuth 2.0 support including Password Grant Flow, Dynamic Client Registration (DCR), and PKCE. This release transforms MCP Gateway into a highly extensible platform while maintaining enterprise-grade security and multi-tenancy capabilities.

Key Accomplishments

✅ 15+ Production-Ready Plugins - Comprehensive plugin library covering security, content moderation, caching, formatting, and monitoring
✅ Plugin Management UI & API - Complete plugin lifecycle management through Admin Dashboard
✅ Advanced OAuth Integration - Password Grant Flow, DCR with PKCE, token refresh, and multi-tenancy support
✅ MCP Server Registry - Local catalog with improved discovery, search, and registration workflows
✅ Enhanced Multi-Tenancy - Team-level API token scoping and team visibility across all admin tables
✅ OPA Policy Enhancements - Customizable policy paths, multi-arch support, and improved input mapping

✨ Highlights

🔐 Advanced OAuth & Authentication

OAuth Password Grant Flow - Complete implementation for programmatic authentication scenarios
OAuth Dynamic Client Registration (DCR) - Full support with PKCE for enhanced security
Token Refresh Mechanisms - Multi-tenancy aware token handling with automatic refresh
Secure Cookie Warnings - Clear guidance for HTTP development environments
OAuth2 Gateway Editing - Preserve tools/resources/prompts when editing without URL changes

🔌 Plugin Ecosystem Expansion

15+ Built-in Plugins - Production-ready plugins for security, content moderation, caching, and more
Plugin Management UI - Dedicated admin interface for plugin configuration and monitoring
Plugin Framework Specification - Comprehensive documentation for plugin development
External Plugin Support - Load and manage third-party plugins with configuration management

📦 MCP Server Registry & Catalog

Local MCP Server Catalog - Centralized registry for MCP server discovery and management
Enhanced Search Functionality - Improved catalog browsing with advanced search capabilities
Catalog UX Improvements - Streamlined user experience for server registration and discovery
Sample Server Library - 15+ Python sample servers and Go-based high-performance examples

🏢 Multi-Tenancy Enhancements

Team-Level API Token Scoping - Public-only token support with fine-grained team access control
Team Columns in Admin UI - Team visibility across Tools, Gateway Servers, Virtual Servers, Prompts, and Resources
Enhanced Team Workflows - Improved team request handling and membership management

🔒 Policy & Security

Content Moderation Plugin - IBM-supported AI-powered content filtering and moderation
Enhanced OPA Integration - Customizable policy paths, multi-architecture support, improved input mapping
Security Plugins Suite - SQL sanitizer, HTML sanitizer, harmful content detector, secrets detection
Circuit Breaker Plugin - Fault tolerance with automatic circuit breaking for unstable backends

🆕 Added

🔐 Advanced OAuth & Authentication (#1168, #1158)

OAuth Password Grant Flow

Complete implementation of OAuth 2.0 Password Grant Flow for programmatic authentication
Support for client credentials and resource owner password credentials grants
Integration with existing multi-tenancy and RBAC systems

OAuth Dynamic Client Registration (DCR)

Full OAuth DCR implementation with PKCE (Proof Key for Code Exchange)
Dynamic client credential generation and management
Enhanced security for public clients and mobile applications

Token Refresh Support (#1023, #1078)

Multi-tenancy aware token refresh mechanisms
User-specific token handling and automatic refresh
Improved token lifecycle management across team boundaries

Secure Cookie Warnings (#1181, #1048)

Clear warnings for HTTP development environments requiring SECURE_COOKIES=false
Improved developer experience with actionable error messages
Documentation updates for secure cookie configuration

OAuth Token Management (#1097, #1119, #1112)

Fixed OAuth state signatures for enhanced security
Improved tool refresh and server test/ping functionality
Better error handling for OAuth flows

🔌 Plugin Framework & Ecosystem

Plugin Management Infrastructure (#1130, #1147, #1139, #1118)

Plugin Management API & UI (#1129, #1130) - Complete plugin management interface in Admin Dashboard
Plugin Framework Specification (#1118) - Comprehensive specification document for plugin development
Enhanced Plugin Documentation (#1147) - Updated plugin usage guides and built-in plugin documentation
Plugin Design Consolidation (#1139) - Revised and consolidated plugin specification and design docs

Built-in Security Plugins

Content Moderation Plugin (#1114) - IBM-supported content moderation with AI-powered filtering
Safe HTML Sanitizer (#1063) - XSS prevention and HTML sanitization for user-generated content
SQL Sanitizer (#1065) - SQL injection prevention and query sanitization
Harmful Content Detector (#1064) - Detect and filter harmful, toxic, or inappropriate content
Secrets Detection Plugin (#894) - Identify and redact API keys, tokens, and credentials

Built-in Utility Plugins

Circuit Breaker Plugin (#1070, #1150) - Fault tolerance with automatic circuit breaking and half-open state
Response Cache by Prompt (#1071) - Intelligent caching based on prompt patterns for performance
Webhook Notification Plugin (#1113) - Event-driven webhook notifications for gateway events
Watchdog Plugin (#1075) - System monitoring and health checks with alerting

Built-in Content & Formatting Plugins

Citation Validator (#1069) - Validate and track citations in AI-generated responses
Code Formatter (#1068) - Automatic code formatting in responses with language detection
AI Artifacts Normalizer (#1067) - Standardize AI-generated artifacts for consistency
Summarizer Plugin (#1076) - Automatic response summarization with configurable length
Timezone Translator (#1074) - Automatic timezone conversion in responses

Built-in Compliance & Legal Plugins

License Header Injector (#1072) - Automated license header management for generated code
Privacy Notice Injector (#1073) - Privacy notice injection for regulatory compliance
Robots License Guard (#1066) - License compliance enforcement for AI-generated content

Built-in Integration Plugins

ClamAV External Plugin (#1077) - Virus scanning integration with ClamAV antivirus engine

📦 MCP Server Registry & Catalog (#1132, #1170, #295)

Local MCP Server Catalog (#1132)

Centralized local catalog of MCP servers for registry and marketplace functionality
Server metadata management including description, version, and capabilities
Integration with virtual server creation workflows

Catalog Search & Discovery (#1144)

Advanced search functionality for MCP server catalog
Filter by server type, capabilities, tags, and metadata
Improved discovery workflows for server registration

Catalog UX Enhancements (#1153, #1152)

Streamlined user experience for catalog browsing
Enhanced server registration wizard with validation
Improved server detail views with comprehensive metadata

Sample MCP Server Library

Python Sample Servers:

Document Processing: docx-server (#1045), xlsx-server (#1054), libreoffice-server (#1055), csv-pandas-chat-server (#1056), url-to-markdown-server (#1062)
Visualization: plotly-server (#1057), mermaid-server (#1058), graphviz-server (#1059), latex-server (#1060)
Code & Data: python-sandbox-server (#1061), code-splitter-server (#1053), chunker-server (#1052), data-analysis-server (#900)

Go Sample Servers:

High-Performance: pandoc-server (#1043), calculator-server (#920)

🏢 Multi-Tenancy Enhancements (#1177, #1107)

Team-Level API Token Scoping (#1176, #1177)

Public-only token support with team-level access control
Fine-grained permissions for API tokens scoped to specific teams
Enhanced security for multi-team deployments

Team Columns in Admin UI (#1035, #1107)

Team visibility across all admin tables: Tools, Gateway Servers, Virtual Servers, Prompts, Resources
Improved team-based filtering and resource management
Better visibility into cross-team resource sharing

Team Workflow Improvements (#1022)

Fixed "Join Request" button showing no pending requests
Improved team membership request handling
Enhanced team invitation and approval workflows

🔒 Policy & Security Features (#1145, #1102, #1106)

Customizable OPA Policy Path (#1145)

Enable customization of OPA policy file path for flexible deployments
Support for external policy repositories and version control
Improved policy development and testing workflows

OPA Policy Input Mapping (#1102)

Enhanced OPA policy input data mapping support
Better integration with multi-tenancy and RBAC context
Improved policy decision logging and debugging

Multi-arch OPA Support (#1106)

Multi-architecture support for OPA policy server (AMD64, ARM64)
Container images for diverse deployment environments
Enhanced compatibility with edge and IoT deployments

🛠️ Developer Experience (#1162, #1155, #1154, #1165)

Dynamic Environment Variables for STDIO (#1162, #1081, #964)

Dynamic environment variable injection for STDIO MCP servers
Runtime configuration without server restart
Improved development and testing workflows

Configuration Tab (#1155, #1154)

New configuration management tab in Admin UI
Centralized view of gateway configuration and environment settings
Enhanced troubleshooting and debugging capabilities

Scale Documentation (#1165)

Comprehensive scaling and performance documentation
Best practices for high-availability deployments
Performance tuning guidelines for large-scale installations

🐛 Fixed

🔧 Critical Bug Fixes

Gateway & Server Management

Gateway Addition from UI (#1173) - Fixed gateway addition failures from Admin UI
Gateway Update Failures (#1039, #1120) - Fixed gateway update failures and auth value DB constraints
OAuth2 Gateway Editing (#1146, #1025) - Preserve tools/resources/prompts when editing OAuth2 gateways without URL change
Server Tags Propagation (#836) - Fixed server tags not propagated to tools via /tools endpoint

Authentication & Authorization

Role Assignment Failure (#1175) - Fixed role assignment during bootstrap due to foreign key constraint
Login Issues (#1101, #1117, #1048) - Resolved login problems in 0.7.0 with HTTP/HTTPS configurations
OAuth Client Auth (#1096) - Fixed MCP_CLIENT_AUTH_ENABLED not taking effect in v0.7.0
401 Unauthorized in Incognito (#839) - Fixed testing tools returning 401 in incognito mode

A2A (Agent-to-Agent) Integration

A2A Tool Call (#1163) - Fixed A2A agent tool invocation issues
Global Tools for A2A Agents (#1123, #841) - Fixed Global Tools not being listed for A2A Agents
A2A Endpoint Error (#1128, #1125) - Fixed GET /a2a/ returning 500 due to datatype mismatch

Header & Passthrough Handling

Header Propagation (#1134, #1046, #1115, #1104, #1142) - Fixed pass-through headers, X-Upstream-Authorization, and X-Vault-Headers handling
Passthrough Headers Persistence (#867) - Fixed update_gateway not persisting passthrough_headers field

🖥️ UI/UX Fixes

Admin Interface Improvements

Header-Modal Overlap (#1179, #1178) - Fixed header overlapping with modals in UI
Associated Tools Checkboxes (#856) - Fixed checkboxes on Virtual Servers edit not pre-populated due to ID vs name mismatch
Static Assets with APP_ROOT_PATH (#865) - Fixed static assets returning 404 when APP_ROOT_PATH is configured

Resource & Content Management

Resource Filter (#1131) - Fixed resource filtering issues in admin UI
README Updates (#1169, #1159) - Corrected minor quirks in main README.md
Project Name Normalization (#1157) - Normalized project name across documentation

📊 Metrics & Monitoring

Metrics Recording (#1127, #1103, #699)

Added metrics recording for prompts, resources, and servers
Fixed metrics collection and timestamp tracking
Enhanced metrics export with comprehensive data coverage
Improved last-used timestamp accuracy

🔌 Plugin Fixes

Plugin Code Quality

Plugin Linting (#1151) - Fixed lint issues across all plugins
Circuit Breaker Plugin (#1150) - Removed unused variables in circuit breaker plugin
PII Filter Dead Code (#1149) - Removed dead code from PII filter plugin

🔐 Security & Data Handling

Security Improvements

SecretStr Encoding (#1133) - Fixed encode method in SecretStr implementation
Team Member Re-add (#959) - Fixed unique constraint preventing re-adding team members
Test Cases Database Isolation (#810) - Ensured test cases use mock database instead of main DB

Infrastructure & Stability

Tool Limit Removal (#1141) - Temporarily removed limit for tools until pagination is properly implemented
FileLock Health Check (#845) - Fixed "can't start new thread" error in FileLock health check
Helm kubeVersion Handling (#931) - Fixed Helm install issues with vendor-specific kubeVersion suffix

🔄 Changed

📦 Configuration & Validation (#1110)

Pydantic v2 Config Validation (#285, #1110)

Complete migration to Pydantic v2 configuration validation
Enhanced type safety and runtime validation
Improved error messages for configuration issues

Plugin Configuration

Enhanced plugin configuration with enable/disable flags
Better validation for plugin manifests and dependencies
Improved plugin loading and initialization

🔄 Infrastructure Updates

Multi-Arch Support

Expanded multi-architecture support for OPA and other components
Container images for AMD64, ARM64, and other architectures
Improved compatibility with diverse deployment environments

Helm Chart Improvements (#1105)

Fixed "Too many redirects" issue in Helm deployments
Enhanced ingress configuration and TLS support
Better integration with enterprise Kubernetes clusters

🔒 Security Enhancements

Authentication & Authorization

OAuth DCR with PKCE - Enhanced authentication security with dynamic client registration and proof key for code exchange
Token Refresh Security - Multi-tenancy aware token refresh with secure credential storage
Secure Cookie Warnings - Clear guidance for development vs. production cookie security settings

Plugin Security Framework

Content Moderation Plugin - AI-powered threat detection and content filtering
SQL Injection Prevention - SQL sanitizer plugin for query validation
XSS Prevention - HTML sanitizer plugin with comprehensive tag and attribute filtering
Secrets Detection - Automatic detection and redaction of API keys, tokens, and credentials
Harmful Content Detection - Multi-layer content safety with toxicity and profanity filtering

Policy & Access Control

Enhanced OPA Integration - Customizable policy enforcement with improved input mapping
Multi-Layer Security - Circuit breaker and watchdog plugins for system protection
Team-Level Scoping - Fine-grained API token scoping with team-based access control

🏗️ Infrastructure

Plugin Framework

Enhanced plugin framework with management API and UI
Comprehensive plugin specification and development documentation
Support for external plugins with configuration management

MCP Server Ecosystem

Local MCP server catalog for better registry management
Enhanced server discovery and registration workflows
Sample server library with 15+ Python and Go examples

Developer Tools

Dynamic environment variable support for STDIO servers
Configuration management tab for troubleshooting
Improved OAuth2 gateway editing workflows

📚 Documentation

Plugin Development

Comprehensive Plugin Framework Specification - Complete guide for plugin architecture and development
Plugin Usage Guides - Updated documentation for all built-in plugins
External Plugin Integration - Tutorial for loading and managing third-party plugins

OAuth Integration

OAuth Password Grant Flow Tutorial - Step-by-step guide for programmatic authentication
OAuth DCR Documentation - Complete guide for dynamic client registration with PKCE
Token Refresh Workflows - Best practices for token lifecycle management

MCP Server Catalog

Catalog Management Guide - Complete documentation for server registry and discovery
Sample Server Documentation - Usage guides for all Python and Go sample servers
Server Registration Workflows - Best practices for catalog integration

Scale & Performance

Comprehensive Scaling Documentation - Guidelines for high-availability deployments
Performance Tuning Guide - Optimization strategies for large-scale installations
Multi-Architecture Deployment - Best practices for AMD64 and ARM64 environments

📦 Migration Guide

Environment Configuration Updates

OAuth Configuration

# Advanced OAuth Features (new in 0.8.0)
OAUTH_PASSWORD_GRANT_ENABLED=true
OAUTH_DCR_ENABLED=true
OAUTH_PKCE_REQUIRED=true
OAUTH_TOKEN_REFRESH_ENABLED=true

# Secure Cookie Configuration
SECURE_COOKIES=false  # Set to false for HTTP development environments

Plugin Configuration

# Plugin Framework (new in 0.8.0)
PLUGINS_ENABLED=true
PLUGIN_CONFIG_FILE=plugins/config.yaml

OPA Policy Configuration

# Customizable OPA Policy Path (new in 0.8.0)
OPA_POLICY_FILE=/path/to/custom/policy.rego

Database Migration

Database migrations run automatically on startup. No manual intervention required for 0.7.0 → 0.8.0 upgrade:

# Backup your database first (recommended)
cp mcp.db mcp.db.backup.$(date +%Y%m%d_%H%M%S)

# Update .env with new 0.8.0 settings (see above)

# Start the server - migrations run automatically
make dev  # or make serve for production

Plugin Migration

Enable Built-in Plugins:

Copy the example plugin configuration:

cp plugins/config.yaml.example plugins/config.yaml

Enable desired plugins in plugins/config.yaml:

plugins:
  - name: content_moderation
    enabled: true
  - name: sql_sanitizer
    enabled: true
  - name: html_sanitizer
    enabled: true

Restart the gateway to load plugins

🚨 Breaking Changes

No breaking changes in this release. Release 0.8.0 maintains full backward compatibility with 0.7.0 configurations and APIs.

Deprecation Notices

Tool Limits - Temporary removal of tool limits (#1141) until pagination is implemented. Limit enforcement will return in future release with proper pagination support.

📋 Issues Closed

OAuth & Authentication (12 issues)

Closes #1168 - OAuth Password Grant Flow implementation
Closes #1158 - OAuth Dynamic Client Registration (DCR)
Closes #1048 - Login issue with HTTP requiring SECURE_COOKIES=false
Closes #1101 - Login not working with 0.7.0 version
Closes #1117 - Login authentication failures in 0.7.0
Closes #1109 - OAuth2 Integration fails with Keycloak
Closes #1023 - MCP gateway ping fails due to missing refresh token
Closes #1078 - OAuth Token Multi-Tenancy Support
Closes #1096 - MCP_CLIENT_AUTH_ENABLED not effective in v0.7.0
Closes #1097 - OAuth state signature issues
Closes #1119 - OAuth tool refresh improvements
Closes #1112 - OAuth server test/ping functionality

Multi-Tenancy & Teams (4 issues)

Closes #1176 - Team-Level Scoping for API Tokens
Closes #1177 - Public-only token support with team scoping
Closes #1035 - Add "Team" Column to All Admin UI Tables
Closes #1022 - "Join Request" button shows no pending request

A2A (Agent-to-Agent) Integration (5 issues)

Closes #298 - A2A Initial Support - Add A2A Servers as Tools
Closes #243 - A2A compatibility feature request
Closes #841 - Global Tools not listed for A2A Agents
Closes #1125 - GET /a2a/ returns 500 due to datatype mismatch
Closes #1163 - A2A tool invocation issues

Plugins & Framework (32 issues)

Plugin Infrastructure:

Closes #1129 - Plugin Management API and UI to Admin Dashboard
Closes #1130 - Plugin management interface implementation
Closes #1118 - Plugin Framework Specification
Closes #1147 - Enhanced Plugin Documentation
Closes #1139 - Plugin Design Consolidation

Security Plugins:

Closes #1114 - Content Moderation Plugin
Closes #1063 - Safe HTML Sanitizer Plugin
Closes #1064 - Harmful Content Detector Plugin
Closes #1065 - SQL Sanitizer Plugin
Closes #894 - Secrets Detection Plugin
Closes #893 - JSON Schema Validator Plugin

Utility Plugins:

Closes #1070 - Circuit Breaker Plugin
Closes #1150 - Circuit breaker unused variable cleanup
Closes #1071 - Response Cache by Prompt Plugin
Closes #1113 - Webhook Notification Plugin
Closes #1075 - Watchdog Plugin
Closes #1076 - Summarizer Plugin
Closes #1077 - ClamAV External Plugin

Content & Formatting Plugins:

Closes #1069 - Citation Validator Plugin
Closes #1068 - Code Formatter Plugin
Closes #1067 - AI Artifacts Normalizer Plugin
Closes #1074 - Timezone Translator Plugin

Compliance & Legal Plugins:

Closes #1072 - License Header Injector Plugin
Closes #1073 - Privacy Notice Injector Plugin
Closes #1066 - Robots License Guard Plugin

Additional Plugin Issues:

Closes #895 - Header Injector Plugin
Closes #1005 - VirusTotal Checker Plugin
Closes #1004 - URL Reputation Plugin
Closes #1003 - Schema Guard Plugin
Closes #1002 - Retry with Backoff Plugin
Closes #1001 - Rate Limiter Plugin
Closes #1000 - Output Length Guard Plugin
Closes #999 - Markdown Cleaner Plugin
Closes #998 - JSON Repair Plugin
Closes #997 - HTML to Markdown Plugin
Closes #996 - File Type Allowlist Plugin
Closes #995 - Code Safety Linter Plugin
Closes #994 - Cached Tool Result Plugin

MCP Server Catalog (19 issues)

Catalog Infrastructure:

Closes #295 - Local Catalog of MCP servers
Closes #1132 - MCP Server Catalog implementation
Closes #1170 - MCP Server Catalog improvements
Closes #1143 - Adding any server in MCP Registry fails
Closes #1144 - Catalog search functionality
Closes #1153 - Catalog UX updates
Closes #1152 - Catalog UX enhancements

Python Sample Servers:

Closes #1061 - Python sandbox server
Closes #1062 - URL to markdown server
Closes #1058 - Mermaid server
Closes #1059 - Graphviz server
Closes #1060 - LaTeX server
Closes #1057 - Plotly server
Closes #1056 - CSV pandas chat server
Closes #1055 - LibreOffice server
Closes #1054 - XLSX server
Closes #1053 - Code splitter server
Closes #1052 - Chunker server
Closes #1045 - DOCX server
Closes #900 - Data analysis server

Go Sample Servers:

Closes #1043 - Pandoc MCP server in Go
Closes #920 - Calculator server in Go

Bug Fixes (16 issues)

Gateway & Server Management:

Closes #1173 - Gateway addition from UI failures
Closes #1178 - Header overlaps with modals
Closes #1025 - OAuth2 gateway edit requires tool fetch
Closes #1046 - Pass-through headers not functioning
Closes #1039 - Update Gateway fails
Closes #1104 - X-Upstream-Authorization Header not working
Closes #867 - update_gateway not persisting passthrough_headers

UI/UX:

Closes #1159 - Minor quirks in main README.md
Closes #1157 - Project name normalization
Closes #856 - Associated tools checkboxes not pre-populated
Closes #865 - Static assets return 404 with APP_ROOT_PATH

Metrics & Infrastructure:

Closes #1127 - Metrics recording improvements
Closes #1103 - Fixed metrics collection
Closes #699 - Metrics Enhancement (export, capture, timestamps, UI)
Closes #1105 - Too many redirects in Helm deployment
Closes #931 - Helm install with vendor-specific kubeVersion suffix

Security & Data:

Closes #1133 - SecretStr encoding fix
Closes #1141 - Tool limit removal (temporary)
Closes #959 - Unable to re-add team member due to unique constraint
Closes #810 - Test cases use mock database

Plugin Fixes:

Closes #1151 - Plugin linting issues
Closes #1149 - PII filter dead code removal

Policy & Security (4 issues)

Closes #1145 - Customizable OPA Policy Path
Closes #1102 - OPA Policy Input Mapping
Closes #1106 - Multi-arch OPA Support
Closes #229 - Guardrails - Input/Output Sanitization & PII Masking

Developer Experience (5 issues)

Closes #1162 - Dynamic Environment Variables for STDIO
Closes #1081 - STDIO transport support enhancements
Closes #964 - Dynamic environment variable injection for STDIO servers
Closes #1155 - Configuration Tab in Admin UI
Closes #1154 - Configuration management features
Closes #1165 - Scale Documentation

Infrastructure (3 issues)

Closes #1037 - Fix Mend Configuration File
Closes #285 - Pydantic v2 Configuration Validation
Closes #1110 - Pydantic v2 migration completion

Total: 78 issues closed

🌟 Release Contributors

This release represents a major milestone in MCP Gateway's plugin ecosystem and advanced authentication capabilities. With contributions from developers worldwide, 0.8.0 delivers groundbreaking features including 15+ production-ready plugins, advanced OAuth flows, and a comprehensive MCP server registry.

🏆 Top Contributors in 0.8.0

Mihai Criveti (@crivetimihai) - Release coordination, plugin framework architecture, OAuth integration design, MCP server catalog implementation, comprehensive testing infrastructure, documentation updates, and infrastructure improvements, plugin management UI/API, plugin development (15 plugins)
Manav Gupta (@manavgup) - 5 PRs - OAuth Dynamic Client Registration (DCR) with PKCE, dynamic
environment variable injection for STDIO servers, OAuth2 gateway editing preservation, content moderation
plugin, and webhook notification plugin
Shoumi Mukherjee (@shoummu1) - 7 PRs - Secure cookie warnings for HTTP development, auth value fixes, array input parsing in test tool UI, database migration improvements
Veeresh (@nmveeresh) - 5 PRs - Pydantic v2 configuration validation migration, role assignment bootstrap fix, config validation startup checks
Monshri (@monshri) - 2 PRs - LLMGuard security guardrails plugin, OPA plugin for policy enforcement
Terry (@terylt) - Plugin Framework Specification Document, tool metadata and HTTP headers in plugin hooks
Mohan Lakshmaiah (@MohanLaksh) - Content-Type application/x-www-form-urlencoded support
Nayana R Gowda (@Nayana-R-Gowda) - Metrics collection fixes
Gruia Popa (@popagruia) - ICA Vault plugin, header propagation fixes
Pedro Miguel (@pmig) - Dynamic Client Registration tutorial, JWT audience verification fixes
Satya (@TS0713) - Multi-tenancy UI gaps fixes
Shams (@shams858) - Various bug fixes and improvements

🔗 Resources

Documentation

Main Documentation: https://ibm.github.io/mcp-context-forge/
Plugin Framework Specification: Plugin Development Guide
OAuth Integration Tutorials: OAuth Documentation
MCP Server Catalog: Catalog Documentation
Multi-Tenancy Architecture: Multi-Tenancy Guide
Scale & Performance: Scaling Documentation

Source Code

GitHub Repository: https://github.com/IBM/mcp-context-forge
Release v0.8.0: https://github.com/IBM/mcp-context-forge/releases/tag/v0.8.0
Milestone 0.8.0: https://github.com/IBM/mcp-context-forge/milestone/8
CHANGELOG: https://github.com/IBM/mcp-context-forge/blob/main/CHANGELOG.md

Container Images

GitHub Container Registry: https://ghcr.io/ibm/mcp-context-forge
Image Tags: v0.8.0, 0.8.0, latest
Multi-Architecture: AMD64, ARM64

Community

Issue Tracker: https://github.com/IBM/mcp-context-forge/issues
Discussions: https://github.com/IBM/mcp-context-forge/discussions
Contributing Guide: https://github.com/IBM/mcp-context-forge/blob/main/CONTRIBUTING.md

Quick Start

# Pull the latest 0.8.0 image
docker pull ghcr.io/ibm/mcp-context-forge:0.8.0

# Or build from source
git clone https://github.com/IBM/mcp-context-forge.git
cd mcp-context-forge
git checkout v0.8.0
make venv install-dev
make dev

Next Planned Release: v0.9.0 (November 4, 2025)

IBM/mcp-context-forge v0.8.0 v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem & MCP Registry on GitHub