Skip to content

v0.13.0

Choose a tag to compare

View all tags
@cjellick cjellick released this 07 Nov 23:46
· 89 commits to main since this release
v0.13.0
436977e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

We’re excited to announce the release of Obot MCP Gateway v0.13.0. This update introduces composite MCP servers, fine-grained tool access control, expanded audit capabilities, new admin tools, and a range of improvements across the UI, backend, and deployment experience.

Big Updates

Composite MCP Servers and Fine-Grained Tool Access Control
Admins and owners can now create and manage composite MCP servers, allowing them to combine multiple servers into a single deployment and enable or disable specific tools for each server. This provides both the ability to build complex, multi-server environments and to exercise fine-grained control over tool access for users.

Audit Log Export
Admins and auditors can now export audit logs directly from the UI, making it easier to review and archive system activity.

Server Scheduling and Resource Controls
Admins and owners can now centrally configure global resource requests, limits, scheduling policies, and pod annotations for all MCP servers running on Kubernetes. This can be managed through the UI or the Helm chart, giving you greater control and consistency across your Kubernetes deployments.

Update Notification for Admins and Owners
Admins and owners will now receive notifications in the UI when a new version of Obot is available. This update check can be turned off by setting the environment variable OBOT_SERVER_UPDATE_CHECK_INTERVAL_MINS to 0.

Improved Auth Provider Setup
We’ve simplified the first-time setup process, making it easier and more intuitive to configure and manage authentication and model providers from the start.

Other Notable Improvements

  • Improved handling and display of webhook statuses and error notifications.
  • More robust session management and user role handling.
  • Documentation updates, including new guides for deploying on AWS, Azure, and GCP, and expanded Kubernetes deployment instructions.
  • Security and dependency updates, including CVE fixes and a new SECURITY.md.
  • Numerous bug fixes for table scaling, sorting, project sharing, and more.

Upgrade Notes and Known Issues

  • This release removes certain legacy gptscript tools that were previously deprecated. Most users should be unaffected, but if you've been using Obot since before we converted from GPTScript to MCP and notice issues, please reach out.
  • After updating a composite MCP server, you must manually refresh the page to clear the "Update Required" banner.
  • Edit/update operations for running composite MCP servers may take up to a minute to complete.
  • Project sharing is not available for projects containing composite MCP servers.
  • Tool previews cannot be generated for composite MCP servers in this release.

Getting Started

Try the live demo: chat.obot.ai

Install on Docker:

docker run -d --name obot -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock \
ghcr.io/obot-platform/obot:latest

For more, see our Documentation

Full changelog

  • Fix: list project by last used time by default by @StrongMonkey in #4690
  • Fix: fix multiple user mcp don't get user count by @StrongMonkey in #4692
  • fix: view diff in deployment views fix by @ivyjeong13 in #4701
  • Fix: disable client side sorting as server will return sorted order by @StrongMonkey in #4703
  • chore: make server migrations easier by @thedadams in #4662
  • fix: only allow one auth provider to be configured at once by @g-linville in #4696
  • fix: only can configure one auth provider & disabled style consistency by @ivyjeong13 in #4702
  • fix: disable spell check by @ryu-man in #4710
  • fix: detect deleted session when trying to update by @thedadams in #4713
  • feat: add backend routes for easier auth setup by @g-linville in #4647
  • Fix: Don't show Configuration Needed in chat by @cjellick in #4718
  • fix: stop slicing the container name for files by @thedadams in #4728
  • [Doc] Obot open source registry guide (mcp-catalog) by @tybalex in #4637
  • feat: support pinned threads by @ryu-man in #4711
  • Docs: Drop --enable-authentication flag by @cjellick in #4724
  • docs: fix documentation text issues by @cjellick in #4729
  • fix: add sort in url params & only show selectable options if validate select fn provided by @ivyjeong13 in #4717
  • fix: sign out the temp user after auth completes by @g-linville in #4734
  • enhance: add prefix to mcp server configure form by @ivyjeong13 in #4721
  • chore: write basic outline showing how to deploy obot in gcp/azure/aws by @drpebcak in #4715
  • fix: table columns scaling & scrolling horizontally w/ fixed table header by @ivyjeong13 in #4714
  • enhance: be smarter about timeouts when waiting for deployments by @g-linville in #4530
  • enhance: ui/ux auth provider login flow update by @ivyjeong13 in #4738
  • fix: allow PU/PUPs to update servers created from their workspace catalog entries by @g-linville in #4742
  • fix: save url params when clicking view audit logs from deployments/registries view by @ivyjeong13 in #4740
  • feat: configure k8s affinity, tolerations, and resources by @g-linville in #4709
  • fix: handle URL updates when deleting threads in sidebar by @ryu-man in #4739
  • fix: add docs for aws and azure to sidebar by @drpebcak in #4743
  • feat: support for pod annotations by @nlamirault in #4583
  • enhance: remove auto delete and see logs of mcp failure on setup by @ivyjeong13 in #4611
  • fix: show webhook statuses in the UI by @thedadams in #4747
  • fix: display correct time for docker events by @thedadams in #4748
  • fix: ensure clients are created for tool calls by @thedadams in #4746
  • fix: drop prefix from env vars in mcp catalog configuration by @ivyjeong13 in #4750
  • fix: confirmation restart & delete mcp servers ui & view audit logs for poweruser by @ivyjeong13 in #4749
  • fix: improve thread deletion handling and URL state management by @ryu-man in #4756
  • chore: allow log access for user's MCP servers by @thedadams in #4759
  • fix: setup: redirect owners to admin dashboard by @g-linville in #4762
  • fix: clear splashSeenDialog value if fresh install or new user by @ivyjeong13 in #4761
  • docs: explain MCP deployments in k8s by @g-linville in #4757
  • fix: preserve message line breaks by @ryu-man in #4760
  • fix: display group names rather than IDs when creating new MCP server by @g-linville in #4764
  • fix: ensure enterprise logo is not displayed when not enterprise by @thedadams in #4777
  • fix: show catalog as syncing when refreshing by @thedadams in #4780
  • chore: add identities API for debugging by @thedadams in #4783
  • fix: correct username after user encrypt bug by @thedadams in #4785
  • Revert "chore: add identities API for debugging (#4783)" by @thedadams in #4787
  • fix: update chat link visibility for additional mcp-publisher routes & hide publisher item by @ryu-man in #4758
  • Session fixes by @thedadams in #4791
  • chore: document required permissions for GITHUB_AUTH_TOKEN by @drpebcak in #4775
  • fix: improve owner setup logic for bootstrap users and enhance visibility handling by @ryu-man in #4793
  • fix: delete confirmation and do not allow explicit admin upgrade fix by @ivyjeong13 in #4792
  • Support composite MCP servers by @njhale in #4560
  • fix: fire all webhooks on failure by @thedadams in #4788
  • enhance: add routes to list MCP servers that need k8s settings update by @g-linville in #4794
  • fix: stop waiting 30s for graceful container exit by @thedadams in #4795
  • Document default values for configuration parameters by @Copilot in #4784
  • Fix: Use display name if possible in ACL rules by @StrongMonkey in #4801
  • docs: reorganize navigation by @cloudnautique in #4812
  • feat: multi-user composite support by @njhale in #4804
  • fix: stop including deleted servers in user count by @thedadams in #4806
  • fix: include one webhook status on failure by @thedadams in #4807
  • fix: fire webhooks for composite mcp servers by @njhale in #4805
  • docs: addressed feedback around enabling auth by @cloudnautique in #4820
  • fix: check for owner existance before proceeding with owner setup by @ryu-man in #4811
  • fix: stop counting deleted server instances by @thedadams in #4821
  • enhance: add error notification for failed server syncs in registries tab by @ryu-man in #4813
  • fix: ensure all encryption providers are managing the same resources by @drpebcak in #4799
  • fix: create UserRoleChange for setup owner by @g-linville in #4822
  • fix: create URC with proper roles for existing owners/admins by @g-linville in #4823
  • fix: correct condition for displaying sync error notifications in RegistriesView by @ryu-man in #4825
  • fix: treat owners and admins separately when removing by @thedadams in #4819
  • Feat: add audit log export feature by @StrongMonkey in #4786
  • fix: stop counting component MCP servers is user count by @thedadams in #4829
  • fix: text update for explicit admin added by @ivyjeong13 in #4845
  • fix: prevent composite components from being deleted directly by @njhale in #4843
  • enhance: add upgrade support for composite mcp servers by @njhale in #4818
  • fix: add lazy loading and error handling for user icons in SearchUsers component by @ryu-man in #4832
  • feat: server scheduling admin page by @ivyjeong13 in #4782
  • enhance: ui/ux updates for composite mcp servers by @ivyjeong13 in #4841
  • Chore: Add SECURITY.md by @cjellick in #4864
  • fix: restart composite mcp servers by @njhale in #4876
  • fix: always call configure endpoint when launching composites by @njhale in #4875
  • fix: catalog sync: prune when there are no sync errors by @g-linville in #4858
  • fix: configure tools for existing composite component by @njhale in #4878
  • chore: bump go-git to 5.16.3 for CVE fixes by @thedadams in #4883
  • fix: drop user icon rendering in access rule users dialog by @ryu-man in #4887
  • chore: owner and admin emails: make matching case insensitive by @g-linville in #4884
  • fix: prevent individual deletion of composite component servers by @njhale in #4892
  • fix: address CORS error when redirecting for composite MCP server by @thedadams in #4890
  • chore: allow tools to hit Obot server internally by @thedadams in #4899
  • fix: hide composite component mcp server instances by @njhale in #4903
  • fix: disable project sharing when a composite mcp server is present by @njhale in #4904
  • enhance: server scheduling text & input updates by @ivyjeong13 in #4881
  • fix: empty edit configuration in chat when requiring update by @ivyjeong13 in #4894
  • fix: composite mcp servers related bugfixes by @ivyjeong13 in #4889
  • chore: add X-Content-Type-Options: nosniff header to API responses by @g-linville in #4919
  • Fix: Bump dependencies for cves by @StrongMonkey in #4915
  • fix: handle removed component catalog entries on upgrade by @njhale in #4920
  • fix: show progress bar editing and auto supplying 0 in request/limits in server scheduling by @ivyjeong13 in #4918
  • enhance: add app version upgrade by @ivyjeong13 in #4910
  • Revert "chore: add X-Content-Type-Options: nosniff header to API responses" by @cjellick in #4924
  • fix: handle disabling/enabling multi-user composite components by @njhale in #4925
  • fix: always show config dialog on composite connect by @njhale in #4928
  • fix: correct displayed type for multi-user mcp servers by @njhale in #4930
  • Fix: fix test connection functionalies for audit log export by @StrongMonkey in #4912
  • enhance: detect private docker images locally by @thedadams in #4937
  • feat: add server upgrade check by @thedadams in #4923
  • fix: stop blocking localhost for project MCP servers by @thedadams in #4940
  • fix: calendar dialog cut off, tools dialog overflow & search not resetting in search mcps by @ivyjeong13 in #4941
  • fix: k8s: patch resources correctly by @g-linville in #4945
  • Fix: fix bugs for test connections, make non-sensetive field visible by @StrongMonkey in #4946
  • chore: disable populate tool previews button for composites by @njhale in #4947
  • fix: close dropdown after server restarted | deleted successfully by @ryu-man in #4851
  • docs: add docs for composite mcp servers by @njhale in #4948
  • Fix: Don't validate secret value when existing secret is being set by @StrongMonkey in #4949
  • fix: delete disabled regression & view parent logs by @ivyjeong13 in #4951
  • fix: simplify delete confirmation state handling by @ryu-man in #4953
  • fix: incorrect tooltip & filtering disabled composite descendant UI by @ivyjeong13 in #4952
  • fix/composite disable all by @njhale in #4958
  • Chore: Add OBOT_SERVER_UPDATE_CHECK_INTERVAL_MINS to config docs by @cjellick in #4956
  • Docs: Add export audit log docs by @StrongMonkey in #4844

Full Changelog: v0.12.0...v0.13.0

Thanks to Our Contributors

Thank you to everyone who contributed to this release or tried out Obot!

Contributors

nlamirault, cloudnautique, and 9 other contributors
Assets 9
Loading