Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

Release notes

Review the release notes for agentgateway.

ℹī¸
For more details, review the GitHub release notes in the agentgateway repository

đŸ”Ĩ Breaking changes

MCP authentication moved to route level

MCP authentication is configured at the traffic (route) level using traffic.jwtAuthentication with the mcp extension field, instead of the previous backend.mcp.authentication field. The route-level placement aligns MCP auth with standard JWT authentication and allows JWT claims to be used in other traffic policies such as authorization, rate limiting, and transformations.

  • Before: MCP authentication was configured under backend.mcp.authentication, targeting an AgentgatewayBackend. This previous backend.mcp.authentication field is deprecated but continues to work for backward compatibility. If both are set on the same route, the backend-level configuration is ignored.
  • After: MCP authentication is configured under traffic.jwtAuthentication with an mcp field, targeting an HTTPRoute, such as in the following example. For more information, see Set up MCP auth.
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayPolicy
metadata:
  name: mcp-authn
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: mcp
  traffic:
    jwtAuthentication:
      mode: Strict
      providers:
      - issuer: http://keycloak.example.com/realms/myrealm
        audiences:
        - http://localhost:8080/mcp
        jwks:
          remote:
            backendRef:
              name: keycloak
              kind: Service
              namespace: keycloak
              port: 8080
            jwksPath: /realms/master/protocol/openid-connect/certs
      mcp:
        provider: Keycloak
        resourceMetadata:
          resource: http://localhost:8080/mcp
          scopesSupported:
          - email
          bearerMethodsSupported:
          - header

🌟 New features

Network authorization

A new networkAuthorization field in the frontend policy section enables Layer 4 network authorization based on source IP, port, and mTLS client identity. You can enforce policies for non-HTTP traffic and layer L4+L7 controls. For more information, see Policies.

Authorization require rules

Authorization policies now support Require as an action in addition to Allow and Deny. All Require rules must match for the request to proceed, providing clearer semantics than double-negative deny rules. For more information, see Policies.

MCP improvements

  • Stateless sessions: OpenAPI and SSE upstreams can now use stateless sessions. For more information, see Stateful MCP.
  • Explicit service reference lists: MCP backends can specify targets with explicit service references. For more information, see Static MCP.
  • Tool payloads in CEL context: Tool names and payloads are available in logging CEL expressions.

LLM gateway enhancements

  • Path prefixes: LLM providers now support path prefixes for custom API base paths.
  • Azure default authentication: Azure OpenAI providers can use platform-default authentication. For more information, see Azure OpenAI.
  • Vertex region optional: Vertex AI region configuration is now optional with a global default. For more information, see Vertex AI.

Gateway and routing improvements

  • Automatic protocol detection: A new auto bind protocol auto-detects TLS vs HTTP connections.
  • Service SANs for upstream TLS: Upstream TLS now respects Subject Alternative Names from Kubernetes Services. For more information, see BackendTLS.
  • TLSRoute v1 status: Status is now written using the TLSRoute v1 API version.
  • CEL hash functions: New sha1.encode, sha256.encode, and md5.encode functions are available in CEL expressions.

🗑ī¸ Deprecated or removed features

MCP authentication on backend AgentgatewayPolicy

As described in the breaking changes section, MCP authentication is now configured at the route level using traffic.jwtAuthentication with the mcp extension field, instead of the previous backend.mcp.authentication field.

The backend.mcp.authentication field on the AgentgatewayPolicy resource is deprecated and will be removed in a future release.

MCP policy on AgentgatewayBackend

Previously, AgentgatewayBackend resources had fields for spec.mcp.targets.static.policies.mcp.{authentication,authorization}.

These fields were not intended to be set, and had no impact on the behavior of the proxy.

As such, these fields are now removed.

If you previously set these fields which had no behavioral impact and were ignored, the configuration now fails to be applied.

Instead, use the jwtAuthentication.mcp field on the AgentgatewayPolicy resource, which ensures authentication runs before other policies such as transformation and rate limiting.

CEL expressionsVersion support
Agentgateway assistant

Ask me anything about agentgateway configuration, features, or usage.

Note: AI-generated content might contain errors; please verify and test all returned information.

Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.

Switching topics? Starting a new conversation improves accuracy.
↑↓ navigate â†ĩ select esc dismiss

What could be improved?

Your feedback helps us improve assistant answers and identify docs gaps we should fix.

Need more help? Join us on Discord: https://discord.gg/y9efgEmppm

Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here: https://search.solo.io/.