Download Latest Version v1.1.0 source code.tar.gz (4.3 MB)
Email in envelope

Get an email when there's a new version of agentgateway

Home / v1.1.0
Name Modified Size InfoDownloads / Week
Parent folder
agentgateway-darwin-arm64 2026-04-09 54.3 MB
0
agentgateway-darwin-arm64.sha256 2026-04-09 100 Bytes
0
agentgateway-linux-amd64 2026-04-09 59.9 MB
0
agentgateway-linux-amd64.sha256 2026-04-09 99 Bytes
0
agentgateway-linux-arm64 2026-04-09 54.3 MB
0
agentgateway-linux-arm64.sha256 2026-04-09 99 Bytes
0
agentgateway-windows-amd64.exe 2026-04-09 64.3 MB
3 3 weekly downloads
agentgateway-windows-amd64.exe.sha256 2026-04-09 105 Bytes
0
README.md 2026-04-09 21.9 kB
0
v1.1.0 source code.tar.gz 2026-04-09 4.3 MB
0
v1.1.0 source code.zip 2026-04-09 5.2 MB
0
Totals: 11 Items   242.3 MB 3

🎉 Welcome to the 1.1.0 release of the agentgateway project!

Artifacts

Docker images are available:

  • cr.agentgateway.dev/agentgateway:v1.1.0
  • cr.agentgateway.dev/controller:v1.1.0

Helm charts are available:

  • cr.agentgateway.dev/charts/agentgateway:v1.1.0
  • cr.agentgateway.dev/charts/agentgateway-crds:v1.1.0

Binaries are available below.

Quick Start

Follow the Kubernetes or Standalone quick start guide to get started!

🔥 Breaking changes

MCP authentication moved to route level

MCP authentication is now configured at the route level. This aligns MCP auth with other route-level policies and allows JWT claims to be reused in authorization, rate limiting, and transformations.

  • Kubernetes: MCP authentication is configured under traffic.jwtAuthentication.mcp of AgentgatewayPolicy instead of backend.mcp.authentication. The previous backend.mcp.authentication field is deprecated but still works for backward compatibility. If both are set on the same route, the backend-level configuration is ignored. For more information, see Set up MCP auth.

  • Standalone: MCP authentication is configured under routes[].policies.mcpAuthentication. No YAML structure changes are required for existing standalone configs, but any automation that treats MCP authentication as a backend-level concept should be updated. For more information, see MCP authentication.

    :::yaml apiVersion: agentgateway.dev/v1alpha1 kind: AgentgatewayPolicy metadata: name: mcp-authn spec: targetRefs:

    • group: gateway.networking.k8s.io kind: HTTPRoute name: mcp traffic: jwtAuthentication: mode: Strict providers:
      • issuer: http://keycloak.example.com/realms/myrealm audiences:
        • http://localhost:8080/mcp jwks: remote: backendRef: name: keycloak kind: Service namespace: keycloak port: 8080 jwksPath: /realms/master/protocol/openid-connect/certs mcp: provider: Keycloak resourceMetadata: resource: http://localhost:8080/mcp scopesSupported:
        • email bearerMethodsSupported:
        • header

Additionally, on AgentgatewayBackend, previously an MCP authentication and MCP authorization policy could be attached to spec.mcp.targets.static.policies.mcp.{authentication,authorization}. These fields were not intended to be able to be set, and had no impact on the behavior of the proxy. These fields are now removed. If you previously set these fields (which, again, had no behavioral impact and was ignored) these will now fail to be applied.

🌟 New features

OIDC browser authentication (Standalone)

A new oidc route policy provides built-in OpenID Connect browser authentication with PKCE support, encrypted session cookies, and automatic redirect handling. The OIDC policy is a native alternative to deploying an external proxy like oauth2-proxy.

:::yaml
policies:
  oidc:
    issuer: http://keycloak.example.com/realms/myrealm
    clientId: agentgateway-browser
    clientSecret: my-secret
    redirectURI: http://localhost:3000/oauth/callback
    scopes:

    - profile
    - email

For more information, see OIDC browser authentication.

Network authorization

A new networkAuthorization policy enables Layer 4 network authorization for non-HTTP traffic based on source IP, port, and mTLS client identity. You can combine it with HTTP authorization for layered L4+L7 controls.

  • Kubernetes: Available under frontend.networkAuthorization. For more information, see Policies.
  • Standalone: Available under frontendPolicies.networkAuthorization. For more information, see Network authorization.

Authorization require rules

Authorization policies now support require rules in addition to allow and deny. All require rules must match for the request to proceed, which provides clearer semantics for expressing mandatory conditions.

MCP improvements

  • Stateless sessions: OpenAPI and SSE upstreams can now use stateless sessions. For Kubernetes docs, see Stateful MCP. For Standalone docs, see OpenAPI connectivity and Backends.
  • Explicit service reference lists: MCP backends can specify targets with explicit service references. For Kubernetes docs, see Static MCP.
  • Tool payloads in CEL context: Tool names and payloads are available in CEL expressions for logging.

LLM gateway enhancements

  • Path prefixes: LLM providers now support custom API base path prefixes. For Standalone docs, see Providers.
  • Azure default authentication: Azure OpenAI providers can use platform-default authentication. For Kubernetes docs, see Azure OpenAI. For Standalone docs, see Azure.
  • Vertex region optional: Vertex AI region configuration is now optional with a global default. For Kubernetes docs, see Vertex AI. For Standalone docs, see Vertex AI.

What's Changed

New Contributors

Full Changelog: https://github.com/agentgateway/agentgateway/compare/v1.0.1...v1.1.0

Source: README.md, updated 2026-04-09