v0.0.5

What's new

• Meta-tool listing by default (): exposes only , , and — upstream tools stay callable and searchable without flooding the MCP listing.
• ${var:NAME} runtime variable injection: lift per-request values (e.g. caller's Bearer token) from incoming HTTP headers into upstream connection headers via + . Configured once at server and gateway level; injected automatically per call.
• ToolsApiPlugin bypass: REST returns the full upstream catalog even under , via the ContextVar.

v0.0.4

What's new in 0.0.4

Upstream auth without plaintext secrets

• static_headers values support ${env:VAR} / ${file:path} secret references resolved at connect time — the registry and admin API only ever hold the reference
• OAuth2 client_credentials grant (auth=oauth_client_credentials): headless machine-to-machine tokens with in-memory caching and refresh; the client secret must itself be a secret reference (raw secrets are rejected). Importable standalone via client_credentials_hook() — no plugin required in library mode

Human-in-the-loop, programmable

• JSON decision API alongside the browser pages: GET /admin/hil/pending, POST /admin/hil/pending/{id}/approve|deny — Slack bots, custom UIs, and CI can decide
• Pluggable notifier on HumanApprovalPlugin(notifier=...); browser-open is just the default

Fast startup

• The daemon no longer blocks on introspecting every upstream at boot (startup_catalog: "background" default — serves instantly with the last-known catalog); "refresh" and "skip" modes available, create_gateway keeps blocking behavior by default
• POST /admin/servers/{id}/refresh re-introspects a single server without fanning out to the rest

Failure observability

• New observe-only hook seams: tool_error (denials, rejected confirmations, upstream failures) and connect_error (failed introspection) — the audit trail now covers failures, not just successes

Plus

• REST tools API (/admin/tools list / describe / invoke), in-process Gateway.call_tool() / client(), folder-per-plugin layout, agentos tool-poisoning scan + per-group rate limiting, patch re-validation in the store, deps on latest (fastmcp 3.4.2)

Full details in #5. Validated by 355 unit tests and 5 live end-to-end suites (24 checks for the new auth/HIL/startup surfaces alone).

v0.0.3

fast-gateway 0.0.3

Local/self-hosted release: the gateway now ships a full standalone daemon experience on top of the embeddable library.

Highlights

• fast-gateway CLI (cli extra): serve, registry management (add/list/...), and connect helpers for pointing coding agents at the gateway.
• Docker image — multi-arch (linux/amd64, linux/arm64) at niradler/fast-gateway, with docker-compose.yml for a one-command local stack.
• Browser-based HIL — interactive human-in-the-loop approval flow for tool calls (hil/), with auto-open and configurable timeout.
• Upstream OAuth — CLI-only OAuthPlugin for upstreams that require OAuth, with a persistent token store. Non-interactive in daemon mode; OAuth status is surfaced and degraded reloads are reported.

Install

pip install "fast-gateway==0.0.3"          # library
pip install "fast-gateway[cli]==0.0.3"      # + CLI / serve
docker pull niradler/fast-gateway:0.0.3      # or :latest

Note: HTTP/SSE upstreams only — bridge local stdio servers to HTTP first. The /mcp endpoint is unauthenticated by design; protect it with an admin token and a firewall/reverse proxy when exposing the daemon.

Status: alpha — APIs may still change.