We're excited to announce the v0.21.0 release of the Obot MCP Platform. This release introduces MCP server egress control with an Aviatrix integration and improves the admin dashboard experience.
Big Updates
Aviatrix Integration for MCP Server Egress Control
Obot now supports MCP server egress control for Kubernetes-hosted MCP servers, with Aviatrix as the first supported network policy provider.
Administrators can configure domain allowlists for individual npx, uvx, and containerized MCP servers. When egress control is enabled, Obot creates MCPNetworkPolicy resources that describe the allowed domains, target pod selector, and deny-all behavior for each MCP server. The Aviatrix provider watches those policies and translates them into Aviatrix FirewallPolicy resources enforced by Aviatrix Distributed Cloud Firewall.
This gives teams a way to run third-party MCP server code with tighter outbound network controls, allowing access only to the external services each server is expected to call.
You can read more about this feature in the docs.
Improved Admin Dashboard
The admin dashboard has been updated to make platform activity easier to understand at a glance.
For Kubernetes deployments, the Server Activity view now breaks down deployed MCP servers by deployment status, including available, progressing, unavailable, needs attention, shutdown, and unknown states. The dashboard also includes an improved donut graph for server activity, clearer server breakdowns, and better navigation from dashboard cards into MCP server detail views.
These changes make the dashboard more useful as an operational starting point for administrators monitoring MCP server usage and deployment health.
Upgrade Notes
There are no major breaking changes in this release.
What's Changed
- chore: release v0.20.0 docs by @thedadams in #6460
- fix: ensure debug endpoints go through authz by @thedadams in #6463
- docs: document MCP connection URL stability behavior by @cjellick in #6464
- chore: bump mcp phat image to v0.20.3 by @cloudnautique in #6467
- feat: add storage service accounts by @g-linville in #6437
- fix: dashboard related fixes by @ivyjeong13 in #6456
- chore: rename phat image to stdio-wrapper by @thedadams in #6478
- chore: bump nanobot image to v0.0.77 by @calvinmclean in #6480
- feat: deploy network policy providers via helm by @g-linville in #6452
- fix: filters ui with basic auditors role by @njhale in #6481
- Allow GITHUB_AUTH_TOKEN with other catalogs by @calvinmclean in #6492
- fix: configure multi-user MCP secrets after create by @thedadams in #6483
- Update docs for GITHUB_AUTH_TOKEN clone catalogs by @calvinmclean in #6495
- docs: add egress control by @g-linville in #6496
- fix: chart: fail installation of network policy provider chart repo is provided but not chart name by @g-linville in #6497
- fix: ui: squash some egress domain bugs by @g-linville in #6505
- fix: retry on conflict for MCP server trigger-update by @g-linville in #6500
- Fix group-based message policies for Azure/Bedrock by @calvinmclean in #6485
- fix: ui: show guidance for entering egress domains by @g-linville in #6510
- fix: chart: validate mcp network policy provider params more by @g-linville in #6512
- chore: ui: change help text for egress domains by @g-linville in #6514
- fix: existing mcp server configuration form & consistent save behavior by @ivyjeong13 in #6498
- docs: cut v0.21.0 by @g-linville in #6513
- fix: basic user mcp servers detail view comparison check fix by @ivyjeong13 in #6515
Full Changelog: v0.20.0...v0.21.0