Community
Roadmap
MCP Ambassador follows a transparent, community-driven roadmap. Features are added based on user demand, not arbitrary milestones.
0.8.0-beta.1 — Current Release (February 19, 2026)
The first production release. All features listed are built, tested (327 tests passing), and shipping.
Core gateway
- ✅ MCP proxy — tool calls routed from Ambassador Client to downstream MCPs
- ✅ Dynamic tool discovery — personalized tool catalog per user/client
- ✅ Multi-transport support — stdio, HTTP, SSE downstream MCPs
- ✅ Per-user MCP isolation — separate process per user for
per_userMCPs
Authentication & identity
- ✅ User authentication with local accounts (Argon2id)
- ✅ Preshared key + ephemeral session token model
- ✅ Multi-client support — one user, many devices
- ✅ Login rate limiting (5 attempts/IP/5 minutes)
- ✅ Session fixation prevention
Authorization
- ✅ Group-based RBAC — users to groups, MCPs to groups
- ✅ Per-client tool selection — granular tool-level control
- ✅ Kill switches — tool-level and MCP-level disable
Security
- ✅ AES-256-GCM encrypted credential vault with HKDF key derivation
- ✅ Credentials zeroed from memory after MCP spawn
- ✅ Content Security Policy (strict CSP headers)
- ✅ 0 dependency vulnerabilities (npm audit clean)
User experience
- ✅ MCP marketplace — self-service discovery and subscription
- ✅ React 19 admin portal (users, groups, MCP catalog, audit logs)
- ✅ React 19 user portal (marketplace, clients, subscriptions, profile)
- ✅ Dark mode, responsive design, ARIA accessibility
Operations
- ✅ Single Docker container deployment
- ✅ Auto-generated TLS, migrations, and credential keys on first boot
- ✅ SQLite with WAL mode for concurrent reads
- ✅ JSON structured logging with correlation IDs
- ✅ 38+ pre-configured MCPs in community registry
v1.1 — Planned Q2 2026
Improvements to the Community tier based on 0.8.0-beta.1 user feedback.
| Feature | Notes |
|---|---|
| Client API rate limiting | Per-user and per-tool rate limits |
| User self-registration | Admin controls whether users can register themselves |
| MCP pre-warming | Spawn stdio MCPs at startup to reduce first-call latency (currently 2-3s) |
| Admin API key management UI | Currently requires direct API or database access |
| Audit log streaming | Export to file-based SIEM (Splunk-compatible JSON format) |
| Kill switch SSE push | Real-time client notification when a kill switch fires |
v2.0 — Enterprise tier, Planned Q3 2026
The Pro and Enterprise tier features require significant infrastructure. These are planned for v2.0 and will be unlocked via free registration (Pro) or support agreement (Enterprise).
| Feature | Tier | Notes |
|---|---|---|
| PostgreSQL backend | Pro | Higher concurrency, better analytics |
| OIDC/SSO integration | Pro | Corporate IdP login (Okta, Azure AD, etc.) |
| Multi-node clustering | Pro | Horizontal scaling behind a load balancer |
| JWT-based API auth | Pro | Stateless authentication with token refresh |
| LDAP/AD group sync | Enterprise | Map Active Directory groups to Ambassador groups |
| SAML federation | Enterprise | Enterprise SSO via SAML 2.0 |
| OPA policy engine | Enterprise | Complex policy rules beyond simple RBAC |
| mTLS client auth | Enterprise | Machine-to-machine, zero-trust environments |
| SIEM streaming | Enterprise | Real-time audit export to Splunk, Datadog, Elastic |
| Kubernetes Helm chart | Enterprise | Production-grade K8s deployment |
Backlog
Features tracked for future versions pending community demand:
- Tool usage analytics dashboard (top tools, usage by user, trends)
- MCP dependency management (Docker-in-Docker for isolated process MCPs)
- Temporary elevated access with auto-expiry
- Attribute-Based Access Control (ABAC) policies
- CLI management tool for server administration
- Terraform / Pulumi providers
- Multi-region managed cloud
Contributing
The roadmap is driven by community feedback. To request a feature or report a bug:
- GitHub Issues — feature requests and bug reports
- Discussions — architecture and design conversations
- Community MCPs — add MCPs to the registry