IBM
diff --git a/‎.bumpversion.cfg
Lines changed: 1 addition & 1 deletion b/‎.bumpversion.cfg
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/tools/cleanup-ghcr-versions.sh
Lines changed: 1 addition & 1 deletion b/‎.github/tools/cleanup-ghcr-versions.sh
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docker-release.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/docker-release.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/release-chart.yml.inactive
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-chart.yml.inactive
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGELOG.md
Lines changed: 173 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 173 additions & 0 deletions
diff --git a/‎Containerfile
Lines changed: 1 addition & 1 deletion b/‎Containerfile
Lines changed: 1 addition & 1 deletion
diff --git a/‎Containerfile.lite
Lines changed: 1 addition & 1 deletion b/‎Containerfile.lite
Lines changed: 1 addition & 1 deletion
diff --git a/‎Makefile
Lines changed: 2 additions & 2 deletions b/‎Makefile
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 12 additions & 12 deletions b/‎README.md
Lines changed: 12 additions & 12 deletions
diff --git a/‎SECURITY.md
Lines changed: 1 addition & 1 deletion b/‎SECURITY.md
Lines changed: 1 addition & 1 deletion
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.4.0
+current_version = 0.5.0
 commit = False
 tag = False
 sign-tags = True
 
@@ -92,7 +92,7 @@ fi
 ##############################################################################
 ORG="ibm"
 PKG="mcp-context-forge"
-KEEP_TAGS=( "0.1.0" "v0.1.0" "0.1.1" "v0.1.1" "0.2.0" "v0.2.0" "0.3.0" "v0.3.0" "0.4.0" "v0.4.0" "latest" )
+KEEP_TAGS=( "0.1.0" "v0.1.0" "0.1.1" "v0.1.1" "0.2.0" "v0.2.0" "0.3.0" "v0.3.0" "0.4.0" "v0.4.0" "0.5.0" "v0.5.0" "latest" )
 PER_PAGE=100
 
 DRY_RUN=${DRY_RUN:-true}          # default safe
 
@@ -4,12 +4,12 @@
 #
 # This workflow re-tags a Docker image (built by a previous workflow)
 # when a GitHub Release is published, giving it a semantic version tag
-# like `v0.4.0`. It assumes the CI build has already pushed an image
+# like `v0.5.0`. It assumes the CI build has already pushed an image
 # tagged with the commit SHA, and that all checks on that commit passed.
 #
 # ➤ Trigger: Release published (e.g. from GitHub UI or `gh release` CLI)
 # ➤ Assumes: Existing image tagged with the commit SHA is available
-# ➤ Result: Image re-tagged as `ghcr.io/OWNER/REPO:v0.4.0`
+# ➤ Result: Image re-tagged as `ghcr.io/OWNER/REPO:v0.5.0`
 #
 # ======================================================================
 
@@ -25,7 +25,7 @@ on:
   workflow_dispatch:
     inputs:
       tag:
-        description: 'Release tag (e.g., v0.4.0)'
+        description: 'Release tag (e.g., v0.5.0)'
         required: true
         type: string
 
 
@@ -2,7 +2,7 @@
 name: Release Helm Chart
 on:
   release:
-    types: [published]            # tag repo, ex: v0.4.0 to trigger
+    types: [published]            # tag repo, ex: v0.5.0 to trigger
 permissions:
   contents: read
   packages: write
 
@@ -6,6 +6,179 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
 
 ---
 
+## [0.5.0] - 2025-08-06 - Enterprise Operability, Auth, Configuration & Observability
+
+### Overview
+
+This release focuses on enterprise-grade operability with **42 issues resolved**, bringing major improvements to authentication, configuration management, error handling, and developer experience. Key achievements include:
+
+- **Enhanced JWT token security** with mandatory expiration when configured
+- **Improved UI/UX** with better error messages, validation, and test tool enhancements
+- **Stronger input validation** across all endpoints with XSS prevention
+- **Developer productivity** improvements including file-specific linting and enhanced Makefile
+- **Better observability** with masked sensitive data and improved status reporting
+
+### Added
+
+#### **Security & Authentication**
+* **JWT Token Expiration Enforcement** (#425) - Made JWT token expiration mandatory when `REQUIRE_TOKEN_EXPIRATION=true`
+* **Masked Authentication Values** (#601, #602) - Auth credentials now properly masked in API responses for gateways
+* **API Docs Basic Auth Support** (#663) - Added basic authentication support for API documentation endpoints with `DOCS_BASIC_AUTH_ENABLED` flag
+* **Enhanced XSS Prevention** (#576) - Added validation for RPC methods to prevent XSS attacks
+* **SPDX License Headers** (#315, #317, #656) - Added script to verify and fix file headers with SPDX compliance
+
+#### **Developer Experience**
+* **File-Specific Linting** (#410, #660) - Added `make lint filename|dirname` target for targeted linting
+* **MCP Server Name Column** (#506, #624) - New "MCP Server Name" column in Global tools/resources for better visibility
+* **Export Connection Strings** (#154) - Enhanced connection string export for various clients from UI and API
+* **Time Server Integration** (#403, #637) - Added time server to docker-compose.yaml for testing
+* **Enhanced Makefile** (#365, #397, #507, #597, #608, #611, #612) - Major Makefile improvements:
+  - Fixed database migration commands
+  - Added comprehensive file-specific linting support
+  - Improved formatting and readability
+  - Consolidated run-gunicorn scripts
+  - Added `.PHONY` declarations where missing
+  - Fixed multiple server startup prevention (#430)
+
+#### **UI/UX Improvements**
+* **Test Tool Enhancements**:
+  - Display default values from input_schema (#623, #644)
+  - Fixed boolean inputs passing as on/off instead of true/false (#622)
+  - Fixed array inputs being passed as strings (#620, #641)
+  - Support for multiline text input (#650)
+  - Improved parameter type conversion logic (#628)
+* **Checkbox Selection** (#392, #619) - Added checkbox selection for servers, tools, and resources in UI
+* **Improved Error Messages** (#357, #363, #569, #607, #629, #633, #648) - Comprehensive error message improvements:
+  - More user-friendly error messages throughout
+  - Better validation feedback for gateways, tools, prompts
+  - Fixed "Unexpected error when registering gateway with same name" (#603)
+  - Enhanced error handling for add/edit operations
+
+#### **Code Quality & Testing**
+* **Security Scanners**:
+  - Added Snyk security scanning (#638, #639)
+  - Integrated DevSkim static analysis tool (#590, #592)
+  - Added nodejsscan for JavaScript security (#499)
+* **Web Linting** (#390, #614) - Added lint-web to CI/CD with additional linters (jshint, jscpd, markuplint)
+* **Package Linters** (#615, #616) - Added pypi package linters: check-manifest and pyroma
+
+### Fixed
+
+#### **Critical Bugs**
+* **Gateway Issues**:
+  - Fixed gateway ID returned as null by Create API (#521)
+  - Fixed duplicate gateway registration bypassing uniqueness check (#603, #649)
+  - Gateway update no longer fails silently in UI (#630)
+  - Fixed validation for invalid gateway URLs (#578)
+  - Improved STREAMABLEHTTP transport validation (#662)
+  - Fixed unexpected error when registering gateway with same name (#603)
+* **Tool & Resource Handling**:
+  - Fixed edit tool update failures with integration_type="REST" (#579)
+  - Fixed inconsistent acceptable length of tool names (#631, #651)
+  - Fixed long input names being reflected in error messages (#598)
+  - Fixed edit tool sending invalid "STREAMABLE" value (#610)
+  - Fixed GitHub MCP Server registration flow (#584)
+* **Authentication & Security**:
+  - Fixed auth_username and auth_password not being set correctly (#472)
+  - Fixed _populate_auth functionality (#471)
+  - Properly masked auth values in gateway APIs (#601)
+
+#### **UI/UX Fixes**
+* **Edit Functionality**:
+  - Fixed edit prompt failing when template field is empty (#591)
+  - Fixed edit screens for servers and resources (#633, #648)
+  - Improved consistency in displaying error messages (#357)
+* **Version Panel & Status**:
+  - Clarified difference between "Reachable" and "Available" status (#373, #621)
+  - Fixed service status display in version panel
+* **Input Validation**:
+  - Fixed array input parsing in test tool UI (#620, #641)
+  - Fixed boolean input handling (#622)
+  - Added support for multiline text input (#650)
+
+#### **Infrastructure & Build**
+* **Docker & Deployment**:
+  - Fixed database migration commands in Makefile (#365)
+  - Resolved Docker container issues (#560)
+  - Fixed internal server errors during CRUD operations (#85)
+* **Documentation & API**:
+  - Fixed OpenAPI title from "MCP_Gateway" to "MCP Gateway" (#522)
+  - Added mcp-cli documentation (#46)
+  - Fixed invalid HTTP request logs (#434)
+* **Code Quality**:
+  - Fixed redundant conditional expressions (#423, #653)
+  - Fixed lint-web issues in admin.js (#613)
+  - Updated default .env examples to enable UI (#498)
+
+### Changed
+
+#### **Configuration & Defaults**
+* **UI Enabled by Default** - Updated .env.example to set `MCPGATEWAY_UI_ENABLED=true` and `MCPGATEWAY_ADMIN_API_ENABLED=true`
+* **Enhanced Validation** - Stricter validation rules for gateway URLs, tool names, and input parameters
+* **Improved Error Handling** - More descriptive and actionable error messages across all operations
+
+#### **Performance & Reliability**
+* **Connection Handling** - Better retry mechanisms and timeout configurations
+* **Session Management** - Improved stateful session handling for Streamable HTTP
+* **Resource Management** - Enhanced cleanup and resource disposal
+
+#### **Developer Workflow**
+* **Simplified Scripts** - Consolidated run-gunicorn scripts into single improved version
+* **Better Testing** - Enhanced test coverage with additional security and validation tests
+* **Improved Tooling** - Comprehensive linting and security scanning integration
+
+### Security
+
+* Mandatory JWT token expiration when configured
+* Masked sensitive authentication data in API responses
+* Enhanced XSS prevention in RPC methods
+* Comprehensive security scanning with Snyk, DevSkim, and nodejsscan
+* SPDX-compliant file headers for license compliance
+
+### Infrastructure
+
+* Improved Makefile with better target organization and documentation
+* Enhanced Docker compose with integrated time server
+* Better CI/CD with comprehensive linting and security checks
+* Simplified deployment with consolidated scripts
+
+---
+
+### 🌟 Release Contributors
+
+This release represents a major step forward in enterprise readiness with contributions from developers worldwide focusing on security, usability, and operational excellence.
+
+#### 🏆 Top Contributors in 0.5.0
+- **Mihai Criveti** (@crivetimihai) - Release coordinator, infrastructure improvements, security enhancements
+- **Madhav Kandukuri** (@madhav165) - XSS prevention, validation improvements, security fixes
+- **Keval Mahajan** (@kevalmahajan) - UI enhancements, test tool improvements, checkbox implementation
+- **Manav Gupta** - File-specific linting support and Makefile improvements
+- **Rakhi Dutta** (@rakdutta) - Comprehensive error message improvements across add/edit operations
+- **Shoumi Mukherjee** (@shoummu1) - Array input parsing, tool creation fixes, UI improvements
+
+#### 🎉 New Contributors
+Welcome to our first-time contributors who joined us in 0.5.0:
+
+- **JimmyLiao** (@jimmyliao) - Fixed STREAMABLEHTTP transport validation
+- **Arnav Bhattacharya** (@arnav264) - Added file header verification script
+- **Guoqiang Ding** (@dgq8211) - Fixed tool parameter type conversion and API docs auth
+- **Pascal Roessner** (@roessner) - Added MCP Gateway Name to tools overview
+- **Kumar Tiger** (@kumar-tiger) - Fixed duplicate gateway name registration
+- **Shamsul Arefin** (@shams) - Improved JavaScript validation patterns and UUID support
+- **Emmanuel Ferdman** (@emmanuelferdman) - Fixed prompt service test cases
+- **Tomas Pilar** (@thomas7pilar) - Fixed missing ID in gateway response and auth flag issues
+
+#### 💪 Returning Contributors
+Thank you to our dedicated contributors who continue to strengthen MCP Gateway:
+
+- **Nayana R Gowda** - Fixed redundant conditional expressions and Makefile formatting
+- **Mohan Lakshmaiah** - Improved tool name consistency validation
+- **Abdul Samad** - Continued UI polish and improvements
+- **Satya** (@TS0713) - Gateway URL validation improvements
+- **ChrisPC-39** - Updated default .env to enable UI and added tool search functionality
+
+---
+
 ## [0.4.0] - 2025-07-22 - Security, Bugfixes, Resilience & Code Quality
 
 ### Security Notice
 
@@ -1,7 +1,7 @@
 FROM registry.access.redhat.com/ubi9-minimal:9.6-1754000177
 LABEL maintainer="Mihai Criveti" \
       name="mcp/mcpgateway" \
-      version="0.4.0" \
+      version="0.5.0" \
       description="MCP Gateway: An enterprise-ready Model Context Protocol Gateway"
 
 ARG PYTHON_VERSION=3.11
 
@@ -216,7 +216,7 @@ LABEL maintainer="Mihai Criveti" \
       org.opencontainers.image.title="mcp/mcpgateway" \
       org.opencontainers.image.description="MCP Gateway: An enterprise-ready Model Context Protocol Gateway" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.version="0.4.0"
+      org.opencontainers.image.version="0.5.0"
 
 # ----------------------------------------------------------------------------
 # Copy the entire prepared root filesystem from the builder stage
 
@@ -2589,7 +2589,7 @@ MINIKUBE_ADDONS  ?= ingress ingress-dns metrics-server dashboard registry regist
 # OCI image tag to preload into the cluster.
 # - By default we point to the *local* image built via `make docker-prod`, e.g.
 #   mcpgateway/mcpgateway:latest.  Override with IMAGE=<repo:tag> to use a
-#   remote registry (e.g. ghcr.io/ibm/mcp-context-forge:v0.4.0).
+#   remote registry (e.g. ghcr.io/ibm/mcp-context-forge:v0.5.0).
 TAG              ?= latest         # override with TAG=<ver>
 IMAGE            ?= $(IMG):$(TAG)  # or IMAGE=ghcr.io/ibm/mcp-context-forge:$(TAG)
 
@@ -3224,7 +3224,7 @@ devpi-unconfigure-pip:
 
 # ─────────────────────────────────────────────────────────────────────────────
 # 📦  Version helper (defaults to the version in pyproject.toml)
-#      override on the CLI:  make VER=0.4.0 devpi-delete
+#      override on the CLI:  make VER=0.5.0 devpi-delete
 # ─────────────────────────────────────────────────────────────────────────────
 VER ?= $(shell python3 -c "import tomllib, pathlib; \
 print(tomllib.loads(pathlib.Path('pyproject.toml').read_text())['project']['version'])" \
 
@@ -120,7 +120,7 @@ ContextForge MCP Gateway is a feature-rich gateway, proxy and MCP Registry that
 
 **ContextForge MCP Gateway** is a gateway, registry, and proxy that sits in front of any [Model Context Protocol](https://modelcontextprotocol.io) (MCP) server or REST API-exposing a unified endpoint for all your AI clients.
 
-**⚠️ Caution**: The current release (0.4.0) is considered alpha / early beta. It is not production-ready and should only be used for local development, testing, or experimentation. Features, APIs, and behaviors are subject to change without notice. **Do not** deploy in production environments without thorough security review, validation and additional security mechanisms.  Many of the features required for secure, large-scale, or multi-tenant production deployments are still on the [project roadmap](https://ibm.github.io/mcp-context-forge/architecture/roadmap/) - which is itself evolving.
+**⚠️ Caution**: The current release (0.5.0) is considered alpha / early beta. It is not production-ready and should only be used for local development, testing, or experimentation. Features, APIs, and behaviors are subject to change without notice. **Do not** deploy in production environments without thorough security review, validation and additional security mechanisms.  Many of the features required for secure, large-scale, or multi-tenant production deployments are still on the [project roadmap](https://ibm.github.io/mcp-context-forge/architecture/roadmap/) - which is itself evolving.
 
 It currently supports:
 
@@ -386,13 +386,13 @@ docker run -d --name mcpgateway \
   -e BASIC_AUTH_PASSWORD=changeme \
   -e AUTH_REQUIRED=true \
   -e DATABASE_URL=sqlite:///./mcp.db \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 
 # Tail logs (Ctrl+C to quit)
 docker logs -f mcpgateway
 
 # Generating an API key
-docker run --rm -it ghcr.io/ibm/mcp-context-forge:0.4.0 \
+docker run --rm -it ghcr.io/ibm/mcp-context-forge:0.5.0 \
   python3 -m mcpgateway.utils.create_jwt_token --username admin --exp 0 --secret my-test-key
 ```
 
@@ -420,7 +420,7 @@ docker run -d --name mcpgateway \
   -e JWT_SECRET_KEY=my-test-key \
   -e BASIC_AUTH_USER=admin \
   -e BASIC_AUTH_PASSWORD=changeme \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 ```
 
 SQLite now lives on the host at `./data/mcp.db`.
@@ -444,7 +444,7 @@ docker run -d --name mcpgateway \
   -e PORT=4444 \
   -e DATABASE_URL=sqlite:////data/mcp.db \
   -v $(pwd)/data:/data \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 ```
 
 Using `--network=host` allows Docker to access the local network, allowing you to add MCP servers running on your host. See [Docker Host network driver documentation](https://docs.docker.com/engine/network/drivers/host/) for more details.
@@ -460,7 +460,7 @@ podman run -d --name mcpgateway \
   -p 4444:4444 \
   -e HOST=0.0.0.0 \
   -e DATABASE_URL=sqlite:///./mcp.db \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 ```
 
 #### 2 - Persist SQLite
@@ -479,7 +479,7 @@ podman run -d --name mcpgateway \
   -p 4444:4444 \
   -v $(pwd)/data:/data \
   -e DATABASE_URL=sqlite:////data/mcp.db \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 ```
 
 #### 3 - Host networking (rootless)
@@ -497,7 +497,7 @@ podman run -d --name mcpgateway \
   --network=host \
   -v $(pwd)/data:/data \
   -e DATABASE_URL=sqlite:////data/mcp.db \
-  ghcr.io/ibm/mcp-context-forge:0.4.0
+  ghcr.io/ibm/mcp-context-forge:0.5.0
 ```
 
 ---
@@ -506,7 +506,7 @@ podman run -d --name mcpgateway \
 <summary><strong>✏️ Docker/Podman tips</strong></summary>
 
 * **.env files** - Put all the `-e FOO=` lines into a file and replace them with `--env-file .env`. See the provided [.env.example](.env.example) for reference.
-* **Pinned tags** - Use an explicit version (e.g. `v0.4.0`) instead of `latest` for reproducible builds.
+* **Pinned tags** - Use an explicit version (e.g. `v0.5.0`) instead of `latest` for reproducible builds.
 * **JWT tokens** - Generate one in the running container:
 
   ```bash
@@ -552,7 +552,7 @@ docker run --rm -i \
   -e MCP_SERVER_CATALOG_URLS=http://host.docker.internal:4444/servers/UUID_OF_SERVER_1 \
   -e MCP_TOOL_CALL_TIMEOUT=120 \
   -e MCP_WRAPPER_LOG_LEVEL=DEBUG \
-  ghcr.io/ibm/mcp-context-forge:0.4.0 \
+  ghcr.io/ibm/mcp-context-forge:0.5.0 \
   python3 -m mcpgateway.wrapper
 ```
 
@@ -600,7 +600,7 @@ python3 -m mcpgateway.wrapper
 <summary><strong>Expected responses from mcpgateway.wrapper</strong></summary>
 
 ```json
-{"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2025-03-26","capabilities":{"experimental":{},"prompts":{"listChanged":false},"resources":{"subscribe":false,"listChanged":false},"tools":{"listChanged":false}},"serverInfo":{"name":"mcpgateway-wrapper","version":"0.4.0"}}}
+{"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2025-03-26","capabilities":{"experimental":{},"prompts":{"listChanged":false},"resources":{"subscribe":false,"listChanged":false},"tools":{"listChanged":false}},"serverInfo":{"name":"mcpgateway-wrapper","version":"0.5.0"}}}
 
 # When there's no tools
 {"jsonrpc":"2.0","id":2,"result":{"tools":[]}}
@@ -632,7 +632,7 @@ docker run -i --rm \
   -e MCP_SERVER_CATALOG_URLS=http://localhost:4444/servers/UUID_OF_SERVER_1 \
   -e MCP_AUTH_TOKEN=${MCPGATEWAY_BEARER_TOKEN} \
   -e MCP_TOOL_CALL_TIMEOUT=120 \
-  ghcr.io/ibm/mcp-context-forge:0.4.0 \
+  ghcr.io/ibm/mcp-context-forge:0.5.0 \
   python3 -m mcpgateway.wrapper
 ```
 
 
@@ -6,7 +6,7 @@
 
 ## ⚠️ Early Beta Software Notice
 
-**Current Version: 0.4.0 (Beta)**
+**Current Version: 0.5.0 (Beta)**
 
 MCP Gateway is currently in early beta and should be treated as such until the 1.0 release. While we implement comprehensive security measures and follow best practices, important limitations exist: