You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added opt-in support for the modern MCP protocol version 2026-07-28, including modern HTTP routing, protocol-version negotiation, OAuth-protected resource metadata, and validation for modern JSON-RPC request/response behavior.
Added dual-era downstream compatibility so the gateway can route to both legacy SDK transports and modern stateless HTTP MCP servers while preserving existing legacy behavior by default.
Improved OAuth client compatibility for URL-based MCP clients with stricter client metadata validation, safer metadata fetching, issuer handling documentation, redirect URI checks, and default MCP scopes for URL-registered clients.
Fixes and Improvements
Hardened modern MCP post-merge behavior around app rewrites, global request routing, subscription bus handling, server discovery, and grant enforcement.
Added support for fake-IP DNS environments when fetching OAuth client metadata, with deployment and security documentation updates.
Preserved browser tab behavior during desk OAuth authorization flows.
Added a dual-era MCP compatibility smoke harness with legacy HTTP, legacy stdio, and modern HTTP fixtures to exercise gateway behavior across protocol eras.
Operational Notes
Modern MCP support remains controlled by environment configuration, including MCP_2026_ENABLED, downstream enablement, supported protocol versions, and optional allow lists for client and tenant IDs.
This release includes a Prisma migration adding OAuth client metadata fields for modern MCP compatibility. Run the normal deployment migration flow before serving the new build.
