Skip to main content

Release Notes

These release notes summarize user-visible changes to the AISIX gateway, control plane, dashboard, and deployment packages. Releases are listed newest first.

Release artifacts include the gateway image at docker.io/api7/aisix, control-plane images under docker.io/api7/aisix-cp-*, the aisix-cp Helm chart, and an offline installation package.

0.3.1

Release date: July 9, 2026

This maintenance release adds SCIM directory sync and improves observability, accounting, self-hosted playground access, and control-plane reliability.

New Features

  • SCIM 2.0 directory sync can provision and deprovision organization members from any SCIM 2.0 identity provider, including Okta and Microsoft Entra ID, through the new /scim/v2 endpoints.

Improvements

  • Gateway builds now report their release version in the Server response header, the output of aisix --version, and the data-plane version shown in the dashboard, rather than reporting a static build version.
  • The per-client token metric now includes a cache-inclusive total series. See Metrics for the current metric catalog.
  • Deployment cooldown metrics are emitted when health state changes.
  • The guardrail management API is now included in the AISIX Cloud Admin API contract.

Fixes

  • Every proxied response now includes an x-aisix-request-id header for correlation with logs and usage events.
  • Anthropic prompt-cache tokens now count toward token rate limits on the native /v1/messages and /v1/responses endpoints.
  • One malformed telemetry event no longer prevents the remaining events in the usage batch from being delivered.
  • The self-hosted dashboard playground can now reach private or internal LLM endpoints when AISIX_PLAYGROUND_ALLOW_PRIVATE_IPS is enabled.
  • Sign-in now accepts the deployment's own origin and corresponding loopback origin, and returns clearer messages for rate-limited or untrusted-origin attempts.
  • Member list pagination no longer returns to the first page shortly after the view loads.
  • Control-plane restarts no longer produce harmless duplicate-constraint error logs.

0.3.0

Release date: July 9, 2026

This release introduces the MCP Gateway and Agent Gateway, expands the proxy API and guardrail catalog, and adds metric-based routing.

New Features

MCP Gateway

  • The new aggregating /mcp endpoint fronts multiple upstream MCP servers behind one AISIX caller API key.
  • Upstream MCP servers are first-class resources with registration and full CRUD in the control plane and dashboard, along with enable and disable controls and a configurable upstream timeout.
  • Tool access control limits each caller API key to specific MCP tools.
  • Upstream authentication supports API keys and OAuth 2.0 client credentials.
  • MCP tool calls use the same rate limits, budgets, and input and output guardrails as model traffic. Calls also emit usage events and access logs.

Agent Gateway

  • The new Agent Gateway fronts organization-scoped Agent-to-Agent (A2A) agents managed through the control plane and dashboard.
  • The allowed_agents field limits each caller API key to specific agents.

APIs

Guardrails

Routing

  • Multi-target models support least-cost, least-latency, and least-busy target selection.
  • Conditional routing can select targets by tags or metadata, and wildcard aliases can route model names such as provider/*.
  • Sticky weighted routing supports A/B testing and canary releases.

Traffic Controls and API Keys

  • Caller API key lifecycle controls can set an expiration, disable a key, or rotate it in one operation.
  • Cluster rate limiting can use shared Redis storage and adds per-second (rps) and per-hour (rph) request limits to the existing per-minute (rpm) and per-day (rpd) limits.

Observability

  • Request and response content capture now covers embeddings, rerank, images, and audio.

Dashboard

  • MCP servers can be managed from the dashboard, with MCP governance available in the rate-limit, budget, and guardrail views.
  • Usage-log retention can be configured by organization.

Improvements

  • The container image runs as a non-root user and can bind ports 80 and 443 through the CAP_NET_BIND_SERVICE file capability.
  • The dashboard provides a unified, filterable models view and a single model-kind picker when creating a model.
  • Routing targets can be reordered by dragging, and least-cost targets display per-target cost badges.
  • Member and team lists are paginated.

Fixes

  • Cache and rate-limit keys are scoped by environment so shared Redis storage cannot mix state between environments.
  • Passthrough endpoints now emit usage events for successful and failed requests, with caller API key attribution.
API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation