February 2026
Major Features
Federated Registry
Connect multiple MCP Gateway registries together with bi-directional synchronization:
- Peer Registry Management: Add, configure, and manage peer registries through the UI or CLI
- Automatic Sync: Servers and agents sync between registries with configurable filters (whitelist, tag-based)
- Chain Prevention: Prevents A->B->C sync loops for clean federation topology
- Orphan Detection: Identifies and manages orphaned items when peer registries are removed
- Security Scan Sync: Security scan results propagate across federated registries
- Visibility Control: Configure which servers/agents are exported to peers (public, internal, private)
PR #422 | Federation Guide
Agent Skills Registry
Register, discover, and manage agent skills with health monitoring and ratings:
- Skill Registration: Register individual agent skills with metadata and SKILL.md documentation
- Health Checks: Automatic health monitoring for registered skills
- Skill Ratings: Community-driven 5-star rating system for skills
- Semantic Search: Skills are indexed for semantic search alongside servers and agents
- UI Integration: Browse, rate, and view skill documentation from the registry UI
PR #451 | Multiple skill-related commits
Audit Logging & Compliance
Comprehensive audit logging for API and MCP access tracking:
- MongoDB Storage: All audit events stored in MongoDB for scalability
- API & MCP Logging: Track both REST API calls and MCP tool invocations
- Admin UI: View, filter, and sort audit logs from the Settings menu
- Compliance Ready: Designed for enterprise compliance requirements
MCP Server Version Routing
Route requests to specific server versions using HTTP headers:
- Header-Based Routing: Use
X-MCP-Server-Versionheader to target specific versions - Version Management: Register multiple versions of the same server
- Seamless Upgrades: Test new versions without affecting production traffic
What's New
Federation & Sync
- Federated Registry with peer management and bi-directional sync (#422)
- Federation export API with visibility controls (#422)
- Sync metadata for tracking federated items (#422)
- Chain prevention for multi-hop federation scenarios (#422)
- Orphan detection and cleanup when peers are deleted (#422)
- Security scan sync across federated registries (#422)
Agent Skills
- Agent Skills registry entity with backend implementation
- Skill health checks and monitoring
- Skill ratings with 5-star widget
- Skills included in semantic search
- SKILL.md viewer in UI
Audit & Compliance
- Audit logging with MongoDB storage (#449)
- API and MCP access tracking
- Admin-only Audit Logs viewer in Settings
- Clickable sort toggles for log filtering
Security Improvements
- SSRF protection for redirect validation (CWE-918) (#453)
- SQL injection prevention in metrics-service retention subsystem (#451)
- Information exposure fix for exceptions (#453)
- Static token auth for Registry API (#420)
Authentication & Authorization
- Microsoft Entra ID support in Helm charts (#458)
- Bearer token support for /api/auth/me endpoint (#454, #431)
- Check mcp-registry-admin in both groups and scopes (#456)
- Registry client implementation for skill API (#455)
Infrastructure
- Docker build workflows with release tagging (#464, #432)
- High availability Pod scaling in Kubernetes (#437)
- Lexical fallback search when embedding model unavailable (#415)
- Docker Hardened Images (DHI) support as optional overlay (#414)
- Lightweight Dockerfile improvements
UI/UX Improvements
- Federated registry UI with collapsible sections
- Delete functionality for servers and agents in UI (#439)
- Settings navigation improvements (#444)
- Ratings popup fix for card cutoff (#422)
- Dashboard UX improvements
Configuration Changes
Federation Environment Variables
New environment variables for federation support:
FEDERATION_ENABLED=true
FEDERATION_SYNC_INTERVAL_SECONDS=300
FEDERATION_TOKEN_ENCRYPTION_KEY=your-32-byte-keyAudit Logging
Enable audit logging with:
AUDIT_LOGGING_ENABLED=true
AUDIT_LOG_RETENTION_DAYS=90Upgrade Instructions
For Docker Compose Deployments
- Pull the latest changes:
cd mcp-gateway-registry
git pull origin main
git checkout v1.0.13- Rebuild and restart:
./build_and_run.shFor Kubernetes/Helm Deployments
- Update chart values for Entra ID and federation if needed
- Apply changes:
helm upgrade mcp-gateway ./charts/mcp-gateway -f your-values.yamlBug Fixes
- Fix MongoDB replica set initialization race condition (#440)
- Fix token masking behavior in tests (#444)
- Fix MCP URL format in tests (#449)
- Fix security group rules limit in AWS ECS
- Fix ratings popup cutoff in server/agent cards
- Fix hybrid search scoring and HNSW recall (#415)
- Fix auth server returning 500 instead of 401 (#423)
Pull Requests Included
| PR | Title |
|---|---|
| #464 | Add release image workflow and tagging |
| #463 | feat: Improve test-mcp-client.sh with verbose mode and required parameters |
| #458 | Add Entra ID group mapping support in Helm charts |
| #456 | fix: Check mcp-registry-admin in both groups and scopes |
| #455 | fix: Add registry client implementation for skill API |
| #454 | fix: Add nginx location blocks for /api/auth/me Bearer token support |
| #453 | Potential fix for code scanning alerts (SSRF, exception exposure) |
| #451 | fix: Prevent SQL injection in metrics-service retention subsystem |
| #450 | Switch scopes to JSON configuration |
| #449 | feat: Add audit compliance logging with API/MCP access tracking |
| #448 | Update Docker builds |
| #444 | feat: Add Settings navigation and improve Dashboard UX |
| #442 | Add demo video to Federation Operational Guide |
| #440 | Fix MongoDB replica set initialization race condition |
| #439 | Add delete functionality for servers and agents in UI |
| #437 | Add scaling and high availability section to charts |
| #432 | Add Docker build workflows |
| #431 | fix: Use nginx_proxied_auth for /api/auth/me |
| #425 | Add inbound CIDR restrictions |
| #423 | fix: Return correct 4xx status codes from auth server |
| #422 | feat: Federated Registry with peer management and sync |
| #421 | feat: Unified deploy script and CodeQL fix |
| #420 | feat: Add static token auth for Registry API |
| #417 | Dynamically generate shared secretKey in charts |
| #415 | Improve hybrid search scoring and lexical fallback |
| #414 | Add Docker Hardened Images (DHI) support |
| #407 | feat: MCP server version routing |
Contributors
Thank you to our amazing contributors for this release:
- Amit Arora (@aarora79)
- Omri Shiv (@omrishiv)
- Dheeraj Oruganty (@dheerajoruganty)
- Bren Whyte (@brenwhyte)
- Andreas Feldmann (@ndrsfel)
- Abhishek Singh
- Gaurav Rele
- kanghengliu
Resources
Documentation
- Federation Guide - Federated registry setup and operations
- Audit Logging - Compliance and audit trail documentation
- Agent Skills - Skills registry documentation
- Server Versioning - MCP server version routing
Support
Full Changelog: v1.0.12...v1.0.13
What's Changed
- Update charts to use v1.0.12 images by @omrishiv in #388
- use apt for kubectl by @omrishiv in #396
- feat: centralize endpoint URL resolution utilities for custom MCP endpoints by @ndrsfel in #382
- feat: expose mcp_endpoint in API response and React frontend by @aarora79 in #400
- chore(deps): bump lodash from 4.17.21 to 4.17.23 in /frontend by @dependabot[bot] in #397
- feat: custom metadata field for servers and agents by @aarora79 in #406
- feat: MCP server version routing (#370) by @aarora79 in #407
- chore(deps): bump filelock from 3.20.1 to 3.20.3 by @dependabot[bot] in #401
- chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 by @dependabot[bot] in #402
- chore(deps): bump python-multipart from 0.0.21 to 0.0.22 by @dependabot[bot] in #403
- chore(deps): bump aiohttp from 3.13.2 to 3.13.3 by @dependabot[bot] in #404
- chore(deps): bump urllib3 from 2.6.2 to 2.6.3 by @dependabot[bot] in #405
- chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 in /agents/a2a by @dependabot[bot] in #377
- chore(deps): bump python-multipart from 0.0.20 to 0.0.22 in /agents/a2a by @dependabot[bot] in #409
- chore(deps): bump aiohttp from 3.13.2 to 3.13.3 in /agents/a2a by @dependabot[bot] in #411
- chore(deps): bump langchain-core from 1.2.4 to 1.2.5 by @dependabot[bot] in #410
- Fix: Terraform - Immediate Secret Deletion recovery_window_in_days = 0 on all Secrets Manager secrets by @brenwhyte in #385
- Fix: Terraform - Add missing security group rule for MCPGW → Registry communication by @brenwhyte in #393
- Fix: Terraform - Module-level depends_on - causes cascading resource recreation by @brenwhyte in #394
- chore(deps): bump mcp from 1.21.0 to 1.23.0 in /agents/a2a by @dependabot[bot] in #412
- support subdomain and path based routing to services by @omrishiv in #395
- Add Docker Hardened Images (DHI) support as optional overlay by @aarora79 in #414
- Add lexical fallback search when embedding model is unavailable by @aarora79 in #415
- dynamically generate shared secretKey by @omrishiv in #417
- feat: Static token auth for Registry API (#357) by @aarora79 in #420
- Unified deploy script and fix CodeQL sensitive logging alert by @aarora79 in #421
- fix: Return correct 4xx status codes from auth server /validate endpoint by @aarora79 in #423
- Cleanup ingress annotations, add allowed inboud cidr range by @omrishiv in #425
- Add docker build/push workflows by @omrishiv in #432
- High availability deployment and readme updates by @omrishiv in #437
- Federated Registry: Peer-to-peer synchronization support by @dheerajoruganty in #422
- chore(deps): bump fast-xml-parser and @aws-sdk/client-bedrock-runtime in /cli by @dependabot[bot] in #436
- chore(deps): bump urllib3 from 2.5.0 to 2.6.3 in /agents/a2a by @dependabot[bot] in #435
- chore(deps): bump python-multipart from 0.0.21 to 0.0.22 in /metrics-service by @dependabot[bot] in #433
- chore(deps): bump protobuf from 6.33.2 to 6.33.5 in /metrics-service by @dependabot[bot] in #434
- feat: Add delete functionality for servers and agents with federated protection by @aarora79 in #439
- Fix MongoDB replica set initialization race condition by @aarora79 in #440
- chore(deps): bump protobuf from 6.33.0 to 6.33.5 in /agents/a2a by @dependabot[bot] in #441
- Add Settings navigation and improve Dashboard UX by @aarora79 in #444
- chore(deps): bump jsonpath from 1.1.1 to 1.2.0 in /frontend by @dependabot[bot] in #442
- feat: Add audit compliance logging with API/MCP access tracking by @aarora79 in #449
- update docker builds by @omrishiv in #448
- chore(deps): bump webpack from 5.99.9 to 5.105.0 in /frontend by @dependabot[bot] in #447
- chore(deps): bump urllib3 from 2.6.2 to 2.6.3 in /metrics-service by @dependabot[bot] in #446
- Switch scopes to json by @omrishiv in #450
- fix: Prevent SQL injection in metrics-service retention subsystem by @aarora79 in #451
- feat: Agent Skills semantic search and health status persistence by @aarora79 in #453
- fix: Use nginx_proxied_auth for /api/auth/me to support Bearer tokens by @ndrsfel in #431
- fix: Add nginx config for /api/auth/me Bearer token support by @aarora79 in #454
- fix: Add registry client implementation for skill API by @aarora79 in #455
- fix: Check mcp-registry-admin in both groups and scopes for modify permission by @aarora79 in #456
- Support entraid in charts by @omrishiv in #458
- chore(deps): bump langsmith from 0.5.0 to 0.6.3 by @dependabot[bot] in #457
- feat: Improve test-mcp-client.sh with verbose mode and required parameters by @aarora79 in #463
- add release image workflow by @omrishiv in #464
- V1.0.13 charts by @omrishiv in #465
New Contributors
- @brenwhyte made their first contribution in #385
Full Changelog: v1.0.12...v1.0.13