Release v1.0.19 - AWS Agent Registry, GitHub Private Repo Auth, Configurable Tab Visibility, Pagination, and Lifecycle Filtering
April 2026
Upgrading from v1.0.18
This section covers everything you need to know to upgrade from v1.0.18 to v1.0.19.
Breaking Changes
Heartbeat telemetry is now opt-out (on by default). In v1.0.18 the daily heartbeat required MCP_TELEMETRY_OPT_IN=1. In v1.0.19 it runs automatically and you opt out with MCP_TELEMETRY_OPT_OUT=1. If you previously set MCP_TELEMETRY_OPT_IN=1, remove it and the heartbeat will continue as before. If you do not want heartbeat telemetry, set MCP_TELEMETRY_OPT_OUT=1.
New Environment Variables
| Variable | Default | Description |
|---|---|---|
SHOW_SERVERS_TAB
| true
| Show MCP Servers tab in UI (AND-ed with REGISTRY_MODE) |
SHOW_VIRTUAL_SERVERS_TAB
| true
| Show Virtual MCP Servers tab in UI (AND-ed with REGISTRY_MODE) |
SHOW_SKILLS_TAB
| true
| Show Skills tab in UI (AND-ed with REGISTRY_MODE) |
SHOW_AGENTS_TAB
| true
| Show Agents tab in UI (AND-ed with REGISTRY_MODE) |
GITHUB_PAT
| - | GitHub Personal Access Token for private repo SKILL.md fetching |
GITHUB_APP_ID
| - | GitHub App ID for private repo auth (enterprise) |
GITHUB_APP_INSTALLATION_ID
| - | GitHub App installation ID |
GITHUB_APP_PRIVATE_KEY
| - | GitHub App private key (PEM format) |
GITHUB_EXTRA_HOSTS
| - | Comma-separated extra GitHub hosts for GHES |
GITHUB_API_BASE_URL
| https://api.github.com
| GitHub API base URL (override for GHES) |
IDP_GROUP_FILTER_PREFIX
| - | Comma-separated prefixes to filter IdP groups |
AWS_REGISTRY_FEDERATION_ENABLED
| false
| Enable AWS Agent Registry (AgentCore) federation |
DISABLE_AI_REGISTRY_TOOLS_SERVER
| false
| Disable built-in AI registry tools server auto-registration |
MCP_TELEMETRY_OPT_OUT
| - | Set to 1 to disable heartbeat telemetry (replaces OPT_IN)
|
MCP_TELEMETRY_HEARTBEAT_INTERVAL_MINUTES
| 1440
| Heartbeat interval in minutes (default 24h) |
Upgrade Instructions
Docker Compose
cd mcp-gateway-registry
git pull origin main
git checkout v1.0.19
# Review new env vars in .env.example and update your .env if needed
# Then rebuild and restart:
./build_and_run.shKubernetes / Helm (EKS)
cd mcp-gateway-registry
git pull origin main
git checkout v1.0.19
# Update values.yaml if needed, then upgrade:
helm upgrade mcp-gateway . -f your-values.yamlTerraform / ECS
cd mcp-gateway-registry
git pull origin main
git checkout v1.0.19
# Update your .tfvars with any new variables
cd terraform/aws-ecs
terraform plan
terraform applyDockerHub Images
Pre-built images are available:
docker pull mcpgateway/registry:v1.0.19
docker pull mcpgateway/auth-server:v1.0.19
docker pull mcpgateway/currenttime-server:v1.0.19
docker pull mcpgateway/realserverfaketools-server:v1.0.19
docker pull mcpgateway/fininfo-server:v1.0.19
docker pull mcpgateway/mcpgw-server:v1.0.19
docker pull mcpgateway/metrics-service:v1.0.19Major Features
GitHub Private Repository Authentication for Agent Skills
The registry now supports authenticated access to SKILL.md files hosted in private GitHub repositories. Two authentication methods are available: Personal Access Tokens (PATs) for simple setups, and GitHub App credentials for enterprise organizations. Key capabilities:
- PAT and GitHub App auth with automatic priority selection
- Token caching with expiry-aware refresh for GitHub App JWT flow
- GitHub Enterprise Server (GHES) support via configurable API base URL and extra hosts
- Auth headers sent only to whitelisted GitHub domains for security
- Full env var propagation across Docker Compose, Terraform/ECS, and Helm charts
Configurable UI Tab Visibility
Operators can now hide individual UI tabs (MCP Servers, Virtual MCP Servers, Skills, Agents) independently of REGISTRY_MODE using SHOW_*_TAB environment variables. Tab visibility follows AND logic: tab_visible = REGISTRY_MODE enables feature AND SHOW_*_TAB. This allows fine-grained control over the user-facing dashboard without affecting backend API availability. Tab visibility settings are also configurable from the System Config page in the UI.
AWS Agent Registry (AgentCore) Federation
Federate agents from Amazon Bedrock AgentCore registries into the MCP Gateway Registry. Agents discovered in AgentCore appear in the External Registries tab alongside Anthropic and Workday federation sources. Requires IAM permissions for bedrock-agentcore:ListRegistries, ListRegistryRecords, and GetRegistryRecord.
API Pagination Support
All three list endpoints now support cursor-based pagination with limit and offset query parameters:
GET /api/agents-- paginated agent listingGET /api/servers-- paginated server listingGET /api/skills-- paginated skills listing
Responses include total, limit, and offset fields for client-side pagination controls.
Lifecycle Status Filtering
Servers, agents, and skills now support lifecycle status values (active, deprecated, retired). The dashboard sidebar includes a filter toggle to show or hide deprecated/retired entries. The deprecated toggle has been moved from the dashboard count line to the sidebar filter list for better UX.
What's New
Authentication and Authorization
- Allow network-trusted auth method to generate JWT tokens (#837)
- Fix Entra group management bugs and add IdP group filtering with
IDP_GROUP_FILTER_PREFIX(#781) - Handle wildcard
*inaccessible_serversfor non-admin server visibility (#829)
API Improvements
- Add
GET /api/servers/{path}endpoint for single server retrieval (#802) - Replace hardcoded 3-per-type search cap with global ranking and soft caps (#804)
- Fix search query stats to use lifetime max per instance instead of sum
- Add deterministic sort order to paginated queries
Frontend Improvements
- Replace cog icon with labeled Connect button on MCP server cards (#797)
- Hide Register button on Virtual MCP Servers and Agent Skills tabs (#794)
- Fix SPA blank page on browser refresh for client-side routes (#786)
- Add lifecycle status badges and sidebar filter toggle (#835)
Infrastructure and Deployment
- Make heartbeat telemetry opt-out with configurable interval (#813)
- Add
DISABLE_AI_REGISTRY_TOOLS_SERVERenv var for production/GitOps deployments (#790) - Add
UV_NATIVE_TLSfor enterprise Macs with custom CA certificates (#789) - Propagate GitHub private repo auth env vars to Docker Compose, Terraform, and Helm (#838)
- Update missing Helm envvars and fix Helm chart update workflow (#783, #785)
- Generate secrets for postgres/keycloak passwords in Helm (#769)
- Automate Helm release bump workflow (#765)
- Fix warnings and add hardening improvements (#798)
Documentation
- Document JWT server management API and auth-protected server registration (#800)
- Add AWS Agent Registry Federation demo video link (#812)
- Add presentation slide deck PDF to docs (#811)
- Migrate monolithic FAQ.md to individual FAQ articles (#771)
- Add QR code image for repository (#757)
- Add GitHub private repo auth configuration guide to docs/configuration.md
- Add tab visibility and deployment mode sections to docs/configuration.md
Bug Fixes
- Fix: allow network-trusted auth method to generate JWT tokens (#837)
- Fix: convert AgentCard to dict before calling
.get()in federation service (#796) - Fix: SPA blank page on browser refresh for client-side routes (#786)
- Fix: hide Register button on Virtual MCP Servers and Agent Skills tabs (#794)
- Fix: Entra group management bugs and IdP group filtering (#781)
- Fix: handle wildcard
*inaccessible_serversfor non-admin server visibility (#829) - Fix: replace hardcoded 3-per-type search cap with global ranking and soft caps (#804)
- Fix: correct search query stats to use lifetime max per instance instead of sum
- Fix: wire agent metadata and capabilities fields through registration pipeline (#770)
- Fix: Okta M2M sync dual-write to
idp_m2m_clientscollection (#759) - Fix: pin cisco-ai-a2a-scanner to commit with flexible dep ranges
- Fix: relax multiple dependency versions to resolve a2a-scanner compatibility conflicts
- Fix: ruff import order and test mock for GitHub auth (#827)
- Fix: add deterministic sort order to paginated query
- Fix: add
--limit/--offsetCLI args and fix skillsinclude_disabledfilter - Quote default values in .env.example to prevent shell errors (#762)
Pull Requests Included
| PR | Title |
|---|---|
| #841 | fix: post-merge improvements for configurable tab visibility |
| #839 | feat: Add configurable UI tab visibility independent of REGISTRY_MODE (#743) |
| #838 | feat: propagate GitHub private repo auth env vars to all deployment surfaces |
| #837 | fix: allow network-trusted auth method to generate JWT tokens |
| #836 | chore(deps): bump langsmith from 0.6.3 to 0.7.31 |
| #835 | feat: lifecycle status filtering for servers, agents, and skills |
| #834 | chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /servers/currenttime |
| #833 | chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /metrics-service |
| #832 | chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /servers/mcpgw |
| #831 | chore(deps): bump python-multipart from 0.0.22 to 0.0.26 |
| #830 | chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /agents/a2a |
| #829 | fix: Handle wildcard * in accessible_servers for non-admin server visibility (#763)
|
| #828 | chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /frontend |
| #827 | fix: ruff import order and test mock for github auth |
| #825 | chore(deps): bump pytest from 9.0.2 to 9.0.3 |
| #823 | chore(deps): bump pytest from 9.0.2 to 9.0.3 in /metrics-service |
| #822 | chore(deps): bump pillow from 12.1.1 to 12.2.0 |
| #819 | feat: add pagination support to GET /api/agents (#774) |
| #815 | Add config propagation check to pr-review skill and update presentation |
| #813 | feat: make heartbeat telemetry opt-out with configurable interval |
| #812 | docs: add AWS Agent Registry Federation demo video link |
| #811 | docs: add presentation slide deck PDF |
| #808 | feat: add AWS Agent Registry (AgentCore) federation support |
| #806 | update helm update script |
| #804 | fix: replace hardcoded 3-per-type search cap with global ranking and soft caps (#803) |
| #802 | feat: add GET /api/servers/{path} endpoint for single server retrieval |
| #800 | docs: document JWT server management API and auth-protected server registration |
| #798 | Hardening |
| #797 | feat: add labeled Connect button to MCP server cards |
| #796 | fix: convert AgentCard to dict in federation peer sync |
| #794 | fix: hide Register button on Virtual MCP Servers and Agent Skills tabs |
| #790 | feat: add DISABLE_AI_REGISTRY_TOOLS_SERVER env var (#764) |
| #789 | fix: add UV_NATIVE_TLS for enterprise Macs with custom CA certificates (#784) |
| #787 | chore(deps): bump axios from 1.13.5 to 1.15.0 in /frontend |
| #786 | fix: SPA blank page on browser refresh for client-side routes |
| #785 | fix helm chart update workflow |
| #783 | update missing helm envvars |
| #782 | feat: Support authenticated GitHub access for SKILL.md fetching (private repos) |
| #781 | fix: Entra group management bugs and IdP group filtering (#780) |
| #778 | chore(deps): bump langchain-core from 1.2.22 to 1.2.28 |
| #777 | chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /servers/mcpgw |
| #776 | chore(deps): bump cryptography from 46.0.5 to 46.0.7 in /servers/currenttime |
| #773 | chore(deps): bump cryptography from 46.0.5 to 46.0.7 in /agents/a2a |
| #772 | chore(deps): bump cryptography from 46.0.5 to 46.0.7 |
| #771 | docs: migrate monolithic FAQ.md to individual FAQ articles |
| #770 | fix: wire agent metadata and capabilities fields through registration pipeline |
| #769 | generate secret for postgres/keycloak passwords |
| #767 | bump stack tag |
| #766 | update helm image tags to 1.0.18 |
| #765 | Automate helm release bump |
| #762 | Quote default values in .env.example to prevent shell errors |
| #761 | feat: add executive summary comparison and timeseries chart to usage report skill |
| #760 | chore(deps): bump transformers from 4.57.3 to 5.0.0rc3 |
| #759 | fix: Okta M2M sync dual-write to idp_m2m_clients collection |
| #757 | docs: add QR code image for repository |
| #716 | feat(charts): add existing secret support to Helm charts |
Security Dependency Updates
| Package | Previous | Updated | Scope |
|---|---|---|---|
| cryptography | 46.0.5 / 46.0.6 | 46.0.7 | registry, agents/a2a, servers/currenttime, servers/mcpgw |
| python-multipart | 0.0.22 | 0.0.26 | registry, agents/a2a, metrics-service, servers/mcpgw, servers/currenttime |
| axios | 1.13.5 | 1.15.0 | frontend |
| follow-redirects | 1.15.11 | 1.16.0 | frontend |
| langchain-core | 1.2.22 | 1.2.28 | registry |
| langsmith | 0.6.3 | 0.7.31 | registry |
| pillow | 12.1.1 | 12.2.0 | registry |
| pytest | 9.0.2 | 9.0.3 | registry, metrics-service |
| transformers | 4.57.3 | 5.0.0rc3 | registry |
Contributors
Thank you to all contributors for this release:
- Amit Arora (@aarora79)
- Vaclav Rut (@VaclavRut)
- Omri Shiv (@omrishiv)
- Abhishek Singh (@abkrsinh)
- Prateek Sinha (@shekharprateek)
- Siim Talts (@siimtalts)
- David Gibbons (@davidgibbons)
Support
Full Changelog: v1.0.18...v1.0.19
What's Changed
- chore(deps): bump cryptography from 46.0.5 to 46.0.7 by @dependabot[bot] in #772
- update missing helm envvars by @omrishiv in #783
- fix helm chart update workflow by @omrishiv in #785
- fix: SPA blank page on browser refresh for client-side routes by @aarora79 in #786
- fix: Entra group management bugs and IdP group filtering (#780) by @aarora79 in #781
- chore(deps): bump axios from 1.13.5 to 1.15.0 in /frontend by @dependabot[bot] in #787
- chore(deps): bump langchain-core from 1.2.22 to 1.2.28 by @dependabot[bot] in #778
- chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /servers/mcpgw by @dependabot[bot] in #777
- feat: add DISABLE_AI_REGISTRY_TOOLS_SERVER env var (#764) by @shekharprateek in #790
- fix: hide Register button on Virtual MCP Servers and Agent Skills tabs by @aarora79 in #794
- fix: convert AgentCard to dict in federation peer sync by @aarora79 in #796
- feat: add labeled Connect button to MCP server cards by @aarora79 in #797
- docs: document JWT server management API and auth-protected server registration by @aarora79 in #800
- fix: add UV_NATIVE_TLS for enterprise Macs with custom CA certificates (#784) by @aarora79 in #789
- feat: add GET /api/servers/{path} endpoint for single server retrieval by @aarora79 in #802
- fix: replace hardcoded 3-per-type search cap with global ranking and soft caps (#803) by @aarora79 in #804
- update helm update script by @omrishiv in #806
- feat: add AWS Agent Registry (AgentCore) federation support by @aarora79 in #808
- docs: add presentation slide deck PDF by @aarora79 in #811
- docs: add AWS Agent Registry Federation demo video link by @aarora79 in #812
- feat: make heartbeat telemetry opt-out with configurable interval by @aarora79 in #813
- Hardening by @omrishiv in #798
- Add config propagation check to pr-review skill and update presentation by @aarora79 in #815
- feat: add pagination support to GET /api/agents (#774) by @shekharprateek in #819
- feat: Support authenticated GitHub access for SKILL.md fetching (private repos) by @VaclavRut in #782
- fix: ruff import order and test mock for github auth by @aarora79 in #827
- chore(deps): bump pillow from 12.1.1 to 12.2.0 by @dependabot[bot] in #822
- chore(deps): bump pytest from 9.0.2 to 9.0.3 by @dependabot[bot] in #825
- chore(deps): bump pytest from 9.0.2 to 9.0.3 in /metrics-service by @dependabot[bot] in #823
- fix: Handle wildcard
*in accessible_servers for non-admin server visibility (#763) by @abkrsinh in #829 - feat: lifecycle status filtering for servers, agents, and skills by @aarora79 in #835
- chore(deps): bump langsmith from 0.6.3 to 0.7.31 by @dependabot[bot] in #836
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /servers/currenttime by @dependabot[bot] in #834
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /servers/mcpgw by @dependabot[bot] in #832
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /agents/a2a by @dependabot[bot] in #830
- chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /frontend by @dependabot[bot] in #828
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 by @dependabot[bot] in #831
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in /metrics-service by @dependabot[bot] in #833
- fix: allow network-trusted auth method to generate JWT tokens by @aarora79 in #837
- feat: propagate GitHub private repo auth env vars to all deployment surfaces by @aarora79 in #838
- feat: Add configurable UI tab visibility independent of REGISTRY_MODE (#743) by @abkrsinh in #839
- fix: post-merge improvements for configurable tab visibility by @aarora79 in #841
New Contributors
- @VaclavRut made their first contribution in #782
Full Changelog: v1.0.18...v1.0.19