Changelog

​

Features

• Per-Gateway Confidence Thresholds: LLM threat detection sensitivity can now be tuned per gateway
• Tuned Threat Detection Model & Harness: Both the model and the inference harness were tuned on representative data for improved accuracy on real-world traffic
• Audit Log Confidence Badges: Audit entries surface both the threat score and the detection method (LLM, whitelist, pattern)
• Threat Score Visibility: Security views display threat confidence in decimal format (e.g. 0.9473) for consistency with model outputs
• Unified MCP Server Request Workflow: The flow for requesting access to new MCP servers is unified across member-facing surfaces

​

Bug Fixes

• Fixed inflated false-positive rates on long messages by applying a correction to chunked LLM threat scores
• Fixed gateway blocking all traffic when the LLM engine is unavailable; now fails open with logging
• Fixed JWKS fetch flakiness with retry logic, stale-cache fallback, and thundering-herd protection
• Fixed transient infrastructure failures firing user-facing notifications

​

⚠ Breaking Changes

• Docker images restructured: The default Docker image (without -gpu suffix) no longer bundles ML models for local threat detection. It now uses the lightweight image containing only the gateway. Users running local threat detection must switch to the -gpu image or configure GOLF_SECURITY_LLM_BACKEND=remote with an external inference endpoint.
• API versioning: Gateway lifecycle endpoints moved from /api/gateways/... to /api/v1/gateways/.... Legacy paths still work with deprecation warnings and will be removed in a future release.

​

Features

​

Golf Local — Local MCP Server Security (Beta)

• Setup: OAuth Device Authorization Grant (RFC 8628) flow with interactive gateway selection
• Add: TUI-based multi-select for AI clients (Cursor, Claude Code, Warp) and MCP servers with environment variable prompts
• Distribution: Published via Homebrew (golf-mcp/tap/golf-local) with cross-platform releases (macOS, Linux, Windows)

​

OAuth Client Credentials & CIDM (Beta)

• Pre-registered OAuth client credentials: Configure a static OAuth client_id and client_secret per MCP server for upstream Authorization Servers that don’t support DCR or CIDM. Secrets are encrypted at rest.
• CIDM (Client ID Metadata Document): Support per draft-ietf-oauth-client-id-metadata-document-00. The gateway can both serve its own CIDM document and consume CIDM-formatted client IDs from connecting MCP clients.
• Client resolution priority: Follows MCP spec (2025-11-25) — pre-registered credentials → CIDM → existing DCR client → dynamic client registration.
• private_key_jwt authentication: For CIDM clients with JWKS-based JWT assertion validation.

​

Remote Threat Detection

• Azure ML support: Auto-detected from endpoint URL with Azure AD token authentication (ClientSecretCredential)
• Generic REST support: For any endpoint returning confidence scores

​

MCP Server for Control Plane

• Six tools: setup (onboarding wizard), list_servers, get_server, generate_client_config, authorize_server, and report_issue
• RBAC-aware: Users only see servers their groups have access to
• OAuth-secured: Uses the Control Plane’s own OAuth Authorization Server
• Issue reporting: Users can report bugs directly to our team through the MCP server

​

Docker Image Changes

• Default image changed: The default image (without -gpu suffix) no longer has threat detection models baked in, and uses a remote inference endpoint by default
• GPU image unchanged: The -gpu image continues to bundle all models and CUDA dependencies for local inference
• CPU inference still available: Image for CPU-based inference with local models can still be built on request, but is no longer the default

​

YAML Declarative Configuration

​

API & Authentication

• API versioning: /api/v1/ prefix with protocol version tracking for version-aware gateway behavior
• Device Authorization Grant (RFC 8628): CLI-based setup with user-facing verification codes and browser-based authentication

​

Bug Fixes

• Fixed invalid memory check causing death spiral on constrained nodes
• Fixed RBAC policy propagation bugs causing divergent access decisions
• Fixed OAuth token caching after CP fetch with 429 handling
• Fixed OAuth popup window handling race conditions

​

Features

• Structured Error Codes: The gateway now returns machine-parseable error codes (AUTH_TOKEN_EXPIRED, UPSTREAM_RBAC_DENIED, CONN_UPSTREAM_TIMEOUT, etc.) in all error responses, organized by connection lifecycle phase. Each error includes a human-readable message and optional diagnostic details, making it easier to programmatically handle failures and troubleshoot issues.

​

Improvements

• Increased default API rate limits and improved monitoring for rate limit events

​

Bug Fixes

• Fixed Redis connection pool exhaustion caused by individual auth status queries firing per MCP server on page navigation
• Fixed WorkOS authentication version compatibility issue
• Improved log severity levels in WorkOS and Platform IDP services

​

Features

• CIDM (Client ID Metadata Document) Support: The gateway now implements the MCP 2025-11-25 authorization specification for Client ID Metadata Documents. The Control Plane detects URL-formatted client_id values, fetches and validates metadata documents with SSRF protection, and caches results in Redis. Organization-level trust policies (domain allowlists, enable/disable) control which CIDM clients are accepted. The gateway also hosts its own CIDM document at /.well-known/golf-gateway/oauth/client-metadata.json for upstream server registration.
• Pre-registered OAuth Client Credentials: Configure a static OAuth client_id and client_secret per MCP server to bypass Dynamic Client Registration with stable, pre-provisioned credentials. Secrets are encrypted at rest and the gateway automatically prefers pre-registered credentials over DCR when configured.
• Kubernetes runtimeClassName Support: Helm charts now support an optional runtimeClassName field for both golf-gateway and golf-gateway-centralized, enabling pod scheduling on specialized runtime classes such as nvidia for GPU workloads.

​

Improvements

• Analytics now excludes MCP protocol overhead methods and notification events, providing more accurate tool usage metrics and call counts

​

Bug Fixes

• Fixed member portal showing an empty server list for non-admin users caused by an overly strict permission check on the gatewayAssignmentsRequired resolver
• Fixed race conditions in inventory navigation that caused premature redirects away from the inventory page
• Fixed OAuth popup state tracking race conditions during authentication flows
• Fixed DCR placeholder being incorrectly treated as authorized upstream connections
• Fixed external_url propagation in the gateway activation flow for gateways running behind a reverse proxy

​

Features

• Threat Whitelist Patterns: Regex-based whitelist to bypass LLM threat detection for known-safe content, configurable at organization, gateway, and server levels
• Gateway Degraded Mode: Gateways automatically cache configuration from the Control Plane and continue operating with cached config during outages, with automatic recovery
• Server Discovery Endpoint: The /.well-known/golf-gateway endpoint now includes upstream MCP server discovery with names, URLs, and descriptions

​

Improvements

• Mobile layout improvements for the dev portal and MCP server pages

​

Bug Fixes

• Fixed internal hostnames being exposed in OAuth metadata when gateway runs behind a reverse proxy
• Fixed path normalization for upstream servers
• Fixed session validation error handling

​

Bug Fixes

• Fixed gateway startup crash on Apple Silicon: Resolved a crash during startup of the Golf Gateway on certain Apple Silicon architectures when running in Docker
• Fixed PII whitelist fields not applied in policies: Whitelist fields configured for PII scrubbing were not being included in organization and gateway policy configurations

​

Features

• Microsoft Sentinel Integration: Full Azure Sentinel support as an audit log exporter with DCR-based ingestion, comprehensive schema mapping, and feature parity with Elasticsearch
• Whitelist Fields for PII Scrubbing: Protect critical operational data (file paths, tool names, cursor tokens) from being inadvertently scrubbed by adding them to a configurable whitelist
• Descope M2M Support: Service-to-service authentication via Descope Machine-to-Machine tokens for automated integrations
• Resource & Prompt Analytics: New pie charts showing resource and prompt usage distribution on the analytics dashboard

​

Security

• Mobile OAuth Improvements: Enabled OAuth flow for mobile devices with CSRF protection and redirect-based authentication

​

Improvements

• Improved PII detection accuracy
• Enhanced capability discovery with fallback tokens and improved RBAC defaults for non-tool capabilities
• Analytics dashboard improvements with better error rate calculations and latency handling
• Simplified identity provider UI with clearer terminology for MCP server authentication
• Claude Code CLI option added to “Add to Client” dropdown for easier gateway configuration

​

Bug Fixes

• Fixed OAuth redirect URI handling in Warp
• Fixed resource leaks and race conditions in Sentinel integration
• Fixed capability discovery concurrent request handling with per-server locks
• Fixed identity provider configuration loops and state management issues
• Fixed organization switching to properly refresh sessions on org change
• Fixed various UI issues in policy editors and button components

​

Features

• WorkOS Platform SSO: Migrated to WorkOS AuthKit for enterprise single sign-on, providing improved authentication reliability and expanded IdP compatibility
• Dynamic Security Mode: Configure security mode (monitor or block) directly from the Control Plane UI with real-time gateway updates—no restarts required
• Per-Gateway Data Exporters: Each gateway can now have its own exporter configuration, enabling flexible data routing to different destinations per environment
• Organization License Tiers: Support for free and licensed organization tiers with tier-specific feature availability
• Centralized Analytics Export: Analytics data is now exported through the Control Plane, providing unified observability across all gateways

​

Security

• Enhanced Redirect URI Validation: Improved validation to block dangerous URI schemes and enforce HTTPS for non-localhost callbacks, aligned with RFC 8252 security recommendations
• Improved OAuth Error Handling: Structured error codes and user-friendly notifications for Dynamic Client Registration (DCR) failures

​

Improvements

• Cursor-based pagination for security incidents page for better performance with large datasets
• Unified console logging format across all components
• Organization-scoped MCP server names allow different organizations to use the same server names

​

Bug Fixes

• Fixed RBAC policy inheritance to correctly apply organization-level access policies at runtime
• Fixed empty allowlist now correctly interpreted as “deny all” instead of “no policy”
• Fixed group intersection logic when multiple RBAC levels are configured
• Fixed monitor mode to allow sessions to continue while logging threats
• Fixed various authentication and invitation flow issues
• Fixed exporter configuration and analytics timing issues

​

Features

• Interactive Onboarding: New guided onboarding experience with step-by-step tour overlay, progress checklist, and replay functionality for new users
• Single Upstream Mode: Simplified configuration option for gateways with a single MCP server, including UI toggle, modals for enabling/disabling, and server swap functionality
• Multi-Architecture Builds: Docker images now support multiple CPU architectures for broader deployment compatibility

​

Security

• Enhanced PII Scrubbing: Fixed conflicts between entity detectors for more accurate PII detection
• API Key Detection: Added standard API key pattern recognition to the privacy scrubber
• Organization Isolation: Fixed cross-organization MCP server access issues and improved security for race conditions

​

Bug Fixes

• Fixed capability-level RBAC configuration propagation in centralized mode
• Fixed capability fetching for API key authenticated servers
• Resolved server name and URL validation issues in the UI
• Fixed bulk server assignment bypassing single upstream mode validation
• Fixed invitation system issues
• Corrected routing and mutation issues in single upstream mode
• Resolved stale cache issues affecting UI performance

​

Improvements

• Optimized session management and data loading for faster UI responsiveness

​

Features

• Microsoft Entra ID Support: Full Azure Active Directory integration for enterprise SSO with group synchronization and automatic role mapping
• Per-Organization Identity Providers: Each organization can now configure its own IdP, enabling true multi-tenant deployments with isolated authentication
• MCP Server Catalog: Browse and add from 20+ pre-configured MCP servers
• User Onboarding Flow: New guided onboarding experience with domain configuration and organization selection for first-time users

​

Security

• Encryption Key Rotation: Gateways now receive automatic key rotation notifications
• Service-to-Service Authentication: Added security key authentication between RBAC-admin and Golf API
• Exporter Access Control: Separate read-only and read-write configurations for audit log exporters
• Fixed Elasticsearch adapter resource leak

​

Bug Fixes

• Fixed organization switching and JIT role fetching issues
• Fixed Control Plane not updating IdPs/exporters correctly
• Fixed critical navigation and state issues in the UI
• Fixed circuit breaker issues when fetching roles
• Fixed user provisioning when logging into new organizations via Platform SSO
• Fixed OAuth resource indicator in single upstream mode

​

Breaking Changes

• Global admin roles removed in favor of organization-scoped administration

​

Features

• Multi-Organization Support: Manage multiple organizations from a single Control Plane with isolated analytics, policies, and configurations
• Cursor Integration: Connect Golf Gateway directly to Cursor IDE
• Simplified Gateway Setup: Streamlined “Add to Client” experience with auto-generated connection instructions

​

Security

• Enhanced credential encryption and token storage
• Improved isolation between organizations

​

Improvements

• Various stability and performance improvements

​

Features

• Mutual TLS: Secure communication between gateways and MCP servers
• Simplified Certificates: Easier deployments with automatic certificate generation

​

Improvements

• Improved API key authentication for third-party servers
• Various stability and deployment improvements

​

Features

• Gateway Visibility: See which gateways are assigned to each MCP server
• Server Capabilities: View MCP server capabilities and annotations directly in the portal
• Multi-Gateway Management: Improved admin experience for managing multiple gateways

​

Improvements

• Better display of gateway URLs across deployment modes
• Various UI polish and stability fixes

​

Initial Release

​

Notes

• GPU-accelerated builds available with -gpu suffix (e.g., v4.3.1-gpu)