Changelog

🐛 Fixes

• Fix-released notifications no longer silently miss when a commit forgets the Closes #N trailer.
• Triage of incoming bug reports now correctly handles verdict synonyms.
• Self-healing agent runs now terminate early when they stop making progress.
• Auto-detection of production errors now survives container restarts.
• Branded subsystem errors with an uppercase-symbol payload are now classified as a distinct error class.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.637

✨ Features

• Bug / feature reports auto-attach the submitting gateway's version.
• Auto-detected pagination cursors in raw API responses.

🐛 Fixes

• Setup-Wizard credentials take effect without a container restart.
• Action-required validation accepts MCP-sanitized parameter names.
• /health and /metrics access-log probes demoted to DEBUG.
• Transifex api_post now forwards JSON:API bodies verbatim.
• Quality monitoring no longer misclassifies error responses as empty results.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.633

🐛 Fixes

• MCP tool schemas now stay compatible with Claude's stricter property-key rules.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.631

🐛 Fixes

• Microsoft 365 OAuth callback now stores tokens reliably.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.630

✨ Features

• Reporters can now comment on their own previously-filed external bug reports.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.629

🐛 Fixes

• Microsoft 365 connect flow no longer redirects to a literal ${MICROSOFT_TENANT_ID:common} placeholder.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.628

✨ Features

• /admin Diagnostics → Admin sources panel now links the OIDC user management UI.
• ADMIN_USERS is the single source of admin authority on the gateway.

🐛 Fixes

• Admins added via the setup wizard's team step can now sign into OIDC-bootstrap gateways without being separately promoted in the OIDC user UI.
• Maintainer Slack ping fires for every new bug issue, not only those with a reporter email.
• Admin-access denial message no longer claims Google OAuth is the only auth method.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.627

✨ Features

• /admin exposes a collapsible Diagnostics panel.

🐛 Fixes

• The "Registered users" counter on /admin now reflects every SSO sign-in instead of only users with stored OAuth credentials.
• Setup wizard's team step shows the real admin list, not a stale per-admin cache.
• Service cards for gateway-managed services no longer trigger a disconnect on click.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.623

🐛 Fixes

• Admins added at runtime can sign in without a container restart.
• Setup wizard's "How should reports be handled?" choice now actually persists.
• Setup wizard's team step shows every configured admin, not only the logged-in one.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.622

✨ Features

• Support sessions can now be closed from the maintainer side.
• Support dashboard fills the viewport like a proper chat app.
• Tighter activation surface.
• Audit transcript link renders in the gateway brand colour.
• DAU / WAU / MAU gauges now survive container restarts on the operator dashboards.
• Admin dashboard links the Support page.
• The support-session dashboard is now available on every gateway out of the box.
• Support sessions can now be exported as a single JSON file for compliance handoff.
• Chat messages now reach the dashboard even if the support backend push misses.
• Adds a minimal admin-only Support dashboard at /support/dashboard.
• Support sessions now auto-transition past expiry without manual cleanup.
• Inbound staff chat messages now correlate with their backend message id.
• Active support sessions now extend themselves on conversation.
• Four support-session diagnostic tools now return real gateway-internal data instead of phase-4 placeholders.
• Adds an opt-in remote-support channel for self-host gateways.
• Scope-mismatch detection now recognises three additional provider-specific phrasings.

🐛 Fixes

• Support dashboard tab keeps its favicon across gateway restarts.
• Support dashboard now has a visible bottom margin.
• Support dashboard state badge no longer contradicts the expiry line.
• get_logs honours the documented default limit of 50.
• Admin auth for the support dashboard now succeeds again.

🛠 Behind the scenes

• Rotates the V1 support-channel key.
• Ships the V1 support-channel public key under config/support_keys/v1.pem.
• src/support/ subpackage
• New cross-subsystem contract-test suite (tests/contracts/) pins behaviour at five boundaries
• regression pytest marker
• Self-healing branch cleanup CI job
• Quality-offensive findings and refactor roadmap
• Self-healing branches whose MR has been closed for more than 14 days are now removed automatically.
• Issues whose self-healing attempts have been rejected twice are now auto-promoted to manual review.
• Weekly hotspot regeneration now filters out paths that no longer exist in the repository.
• AGENTS.md hotspot table refreshed.
• Renovate now batches non-critical Python patch and minor dependency updates into a single weekly grouped MR with auto-mergeFull details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.620

✨ Features

• parse_spec_to_actions accepts an endpoint_prefix parameter
• Outbound OAuth and API calls now carry an explicit User-Agent (default mcpgate/<version> (+https://mcpgate.de), override via GATEWAY_USER_AGENT).
• YAML OAuth flows log requested vs. granted scopes on every token exchange.

🐛 Fixes

• Google Drive and Calendar list/get/create endpoints now reach the right host instead of returning HTTP 404.
• Slack API calls no longer return not_authed after a successful OAuth connect.
• Unknown HTTP Authorization schemes now fall back to Bearer with a warning instead of being forwarded verbatim.
• Authorization header now sends the canonical Bearer scheme regardless of provider casing.
• Transifex setup wizard now spells out the user-role and scope rules end users must satisfy before authorizing.
• list_projects action description points at the production workaround.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.598

🐛 Fixes

• Implements Notion's grant_type=refresh_token exchange so stored refresh tokens can actually be redeemed.
• Notion capability-rejection 401s no longer masquerade as expired tokens.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.593

🐛 Fixes

• /auth/disconnect/{service} and /auth/verify/{service} register correctly under every supported launch method.
• Unauthenticated POST /auth/verify/{service} probes now return 401 instead of 500.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.591

🐛 Fixes

• Disconnect now drops the Jira and Confluence cloud_id caches.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.589

🐛 Fixes

• Distinguishes insufficient-scope responses from expired tokens.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.588

✨ Features

• Miro and Amplitude are bundled in the public Docker image.
• DEMO_MODE instances now showcase every supported service on /connections.

🐛 Fixes

• DCR registration derives its redirect URI from the gateway's BASE_URL when the YAML doesn't pin one.
• Hides the kebab-menu "Verify Connection" item on demo instances.

🛠 Behind the scenes

• Stops the duplicate MR pipeline that ran on every branch push.
• Public release notes now consolidate every version since the last Docker Hub push.
• Public releases now mirror to the GitHub Releases page too.Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.587

✨ Features

• Imported MCP services with static auth are setup-complete on apply.
• MCP-server import accepts non-OAuth YAML.
• MCP-server import supports a per-tool allowlist.
• The MCP proxy now honours the auth.type chosen at import.
• OpenAPI import probes the spec's OAuth host for Dynamic Client Registration.
• MCP-server import surfaces an auth-method dropdown.
• MCP-server import gracefully falls back to manual auth.
• DCR-protected MCP services are visible in the dashboard out of the box.
• /setup/complete adopts the wizard's standard button layout.
• Hook Builder now supports a session_hint phase.
• MCP-server-backed services are fully YAML-driven.
• Admin UI: Import MCP server tab.
• Best-effort MCP-icon discovery
• End-to-end coverage for the Miro and Amplitude MCP integrations

🔧 Improvements

• Every version header in CHANGELOG.md is now a real in-document link.
• The version pill in the dashboard, login, and setup footers now links to the /changelog page.
• Per-service session_hint blocks are prefixed with a markdown header.
• Persona instructions substitute {BASE_URL} at runtime.
• Persona instructions describe gateway capabilities and the discovery action.
• Hook Builder hides the dot-path field for instruct and notify steps.

🐛 Fixes

• Restores the /changelog page so it actually shows the recent releases.
• MCP initialize now honors a Bearer token if present.
• CI: skip-check is now a Python script.
• CI: restore the test job on main.
• Miro Connect routes against the correct stateless MCP endpoint.
• Miro Connect uses Dynamic Client Registration.
• Tool errors from MCP servers propagate to the caller.
• Connections page recovers from a duplicate OAuth code.
• Disconnect handles the canonical-id vs. provider-name split

🛠 Behind the scenes

• Each version tag now publishes a curated Release on the public distribution repo.
• Audit-coverage e2e tests skip when no audit-relevant files changed.
• CI: suppress the redundant branch-pipeline when an MR is already open.
• CI: skip the test job on main when the merged tree-hash already passed in a recent green pipeline.
• YAML-driven OAuth.
• YAML-driven MCP verify.
• Admin extensions list is alphabetically sorted by service id.
• Repo hygiene:Full details: CHANGELOG.md inside the image.

Docker: docker pull mcpgate/mcpgate:2.0.582