ViperJuice/mcp-gateway

Added

• Downstream MCP initialization now prefers protocol version 2025-11-25,
  records negotiated protocol versions and server capabilities, and preserves
  compatibility with older supported protocol versions.
• Tool, resource, and prompt indexing now preserves modern MCP metadata
  additively, including titles, icons, output schemas, annotations,
  execution/task support hints, unknown raw metadata, and JSON Schema dialects.
• gateway.invoke can request downstream MCP task-augmented execution for
  task-capable tools, and required-task tools are routed through task metadata
  automatically.
• Added gateway.tasks_list, gateway.tasks_get, gateway.tasks_result, and
  gateway.tasks_cancel for gateway-safe downstream MCP task brokering.
• Added structured downstream auth state reporting for missing auth,
  insufficient scope, policy denial, and URL-mode elicitation, with safe
  authorization metadata discovery hints.
• Added additive gateway observability models for trace context, bounded
  structured audit events, and gateway transport diagnostics.
• gateway.health can now include safe gateway_diagnostics and recent
  redacted audit_events; pmcp status --verbose renders those diagnostics
  when a live gateway reports them.
• Streamable HTTP now reports safe /health transport diagnostics and tolerates
  MCP-Protocol-Version, Mcp-Method, Mcp-Name, and trace context headers.
• Added CONFIG administration: gateway.config_status,
  gateway.get_startup_policy, and gateway.set_startup_policy expose
  source-attributed startup policy/status, preview-only default autoStart
  edits, explicit atomic apply, and non-secret stale/conflict diagnostics.
• pmcp setup now supports named profiles: local-stdio,
  shared-local-http, authenticated-shared-http, and ci.
• Registry and manifest discovery metadata can carry read-only package,
  server-card, capability, and diagnostic hints without changing provisioning
  semantics.

Changed

• gateway.catalog_search, gateway.describe, gateway.health, and
  pmcp status can surface negotiated protocol and richer metadata without
  requiring older servers or clients to provide the new optional fields.
• Refresh, disconnect, and restart now account for active MCP tasks separately
  from PMCP pending requests and refuse active work by default.
• gateway.auth_connect, pmcp status, pmcp doctor, and HTTP 401 responses
  now share stricter redaction for bearer tokens, API keys, auth codes, URL
  userinfo, and sensitive query parameters.
• Tool/resource/prompt/server snapshots, pending requests, task lists, MCP
  server-facing lists, and catalog tie-breakers now use stable public ordering.

Release Verification

• CONFORM release-gate coverage now exercises old-protocol fake payloads and
  current-protocol fake payloads across 2024-11-05, 2025-03-26,
  2025-06-18, and 2025-11-25 protocol responses.
• Local conformance tests cover modern tool/resource/prompt metadata
  preservation, task brokering, required-task capability refusal, structured
  auth and URL-mode elicitation states, trace context, audit events,
  startup-policy preview/apply behavior, and deterministic gateway/server
  ordering.
• Streamable HTTP smoke verifies /mcp, unauthenticated /health and
  /metrics, bearer auth, draft header tolerance, trace headers, rate-limit
  diagnostics, and existing rmcp/Codex compatibility paths with local
  Starlette/TestClient utilities only.
• Full release evidence for this gate passed locally: targeted conformance
  tests, whole phase regression, broader shared-service regression, full
  pytest, ruff check, ruff format --check, mypy, uv build, and local
  pmcp status, pmcp doctor, and pmcp setup --profile ... smoke commands.