Smartflow 1.3 Release

MCP SSE Transport

Area: MCP Gateway

MCP servers that push events over a persistent connection (Server-Sent Events) are now fully supported. The proxy opens and maintains the SSE stream, parses incoming events, and routes responses back to the caller transparently.

Unlocks

Any MCP server using streaming push notifications — real-time data feeds, live monitoring tools, event-driven integrations — can now be registered and used through Smartflow.

MCP STDIO Transport

Area: MCP Gateway

Local tools running as child processes can now be registered as MCP servers. Smartflow spawns the process, communicates over stdin/stdout using JSON-RPC 2.0, and manages the process lifecycle automatically.

Unlocks

The entire catalogue of standard community MCP servers — GitHub CLI, filesystem access, local databases, shell tools — all of which run as STDIO processes. This was the largest gap in MCP transport coverage.

Per-Request Cache Controls

Area: Caching

Callers can now control caching behaviour on individual requests without changing server configuration. Supported directives: no-cache (bypass read), no-store (bypass write), custom ttl, and namespace for scoping entries.

Unlocks

Applications mixing cacheable and non-cacheable calls — deterministic queries alongside real-time lookups that must never be served stale — can handle both in the same integration without separate configurations.

Cache Key in Response Header

Area: Caching

Every response served from cache now includes an x-smartflow-cache-key header containing the resolved cache key.

Unlocks

Clients can implement their own cache invalidation, debug cache behaviour, or correlate requests to cached entries for cost attribution and auditing.

MCP Server Aliases

Area: MCP Gateway

MCP servers can be assigned short, stable aliases independent of their URL or internal server ID. All routing, access control, and header forwarding resolves via the alias.

Unlocks

Server URLs and configurations can change without breaking integrations. Teams use human-readable names (github, internal-search) rather than raw server IDs throughout their tooling.

OAuth Client Credentials for MCP

Area: MCP Auth

MCP servers secured with OAuth 2.0 client credentials flow are now fully supported. Smartflow automatically obtains, caches, and refreshes tokens on behalf of the caller — with no token management required in the client application.

Unlocks

Enterprise MCP servers protected by an identity provider (Azure AD, Okta, Auth0) can be registered and used without callers managing OAuth tokens themselves.

Per-Server Auth Header Forwarding

Area: MCP Auth

Callers can pass server-specific credentials on individual requests using x-mcp-{alias}-{header-name} headers. Smartflow extracts and forwards them only to the intended server, and strips them before the request reaches the end LLM.

Unlocks

User-specific or request-specific credentials (session tokens, scoped API keys) forwarded to MCP servers without central storage. Credentials are scoped strictly by alias — no leakage between servers.

Virtual Key Budget Enforcement

Area: Key Management

Smartflow-issued virtual keys (sk-sf-...) now carry hard spend limits. Budgets are checked before every request — if the limit is reached the request returns 429 with X-Smartflow-Budget-Remaining before any cost is incurred. Spend is recorded after each response using actual token cost. Budget periods reset automatically.

Unlocks

Per-user, per-team, or per-application spend caps with automatic enforcement. Budget periods (daily, weekly, monthly, lifetime) reset automatically. Issue keys to internal users or external partners with full cost control and no surprise invoices.

Endpoints

• POST /api/enterprise/vkeys

• GET /api/enterprise/vkeys/{id}/budget

• POST /api/enterprise/vkeys/{id}/reset

• POST /api/enterprise/vkeys/{id}/revoke

Load Balancing with Fallback & Retry Chains

Area: Routing

Named fallback chains define an ordered list of provider targets. When a target fails, the proxy retries with exponential backoff for retryable errors (429, 5xx) and moves immediately to the next target for non-retryable errors (4xx). Chains are stored in Redis and manageable via API at any time.

Unlocks

High-availability LLM routing with no single point of failure. Automatic handling of rate limits and provider outages. Multi-provider redundancy configurable per model or use case without any application-level changes.

Endpoints

• GET /api/routing/fallback-chains

• POST /api/routing/fallback-chains

• GET /api/routing/fallback-chains/{id}

• DELETE /api/routing/fallback-chains/{id}

Semantic Tool Search

Area: MCP Gateway

Every tool across every registered MCP server is indexed with an embedding of its name, description, and parameter names. A natural-language query returns a ranked list of matching tools and the servers that host them — no need to know the tool name or which server provides it.

Unlocks

Dynamic tool discovery for agents and orchestrators. Finding capabilities by intent rather than hard-coded names. Useful for inspecting large MCP deployments and building intent-driven routing logic.

Endpoints

• GET /api/mcp/tools/search?q=read+a+file&k=5

• POST /api/mcp/tools/reindex

• GET /api/mcp/tools/index

A2A Agent Gateway

Area: Agent Orchestration

Smartflow now implements the Google A2A open protocol, making it interoperable with any A2A-compatible agent runtime. Agents are registered as named profiles in Redis, each with a model, system prompt, and optional MCP tool access. Each agent exposes a machine-readable Agent Card, accepts tasks over JSON-RPC 2.0, and streams status updates via SSE.

Unlocks

External agent systems (LangGraph, Vertex AI, Azure AI Foundry, Bedrock AgentCore, Pydantic AI) can connect to Smartflow-hosted agents without custom integration code. Cross-agent tracing via X-A2A-Trace-Id links task chains across services. Task history persisted in Redis for replay and audit.

Endpoints

• GET /.well-known/agent.json — gateway Agent Card

• GET /a2a/{id}/.well-known/agent.json — per-agent card

• POST /a2a/{id} — tasks/send, tasks/sendSubscribe, tasks/get, tasks/cancel

• GET/POST /api/a2a/agents — agent management

• GET /api/a2a/tasks/{id} — task inspection

OAuth PKCE Browser Consent for MCP

Area: MCP Auth

MCP servers that require individual user consent rather than shared service credentials are now supported via the OAuth 2.0 PKCE flow (RFC 7636). A user is redirected to the provider's consent screen; after authorisation, Smartflow exchanges the code and stores a user-scoped token in Redis.

Unlocks

Connecting personal SaaS accounts to MCP tools — GitHub, Google Workspace, Slack, and any OAuth provider — where each user authorises with their own identity. Tokens are scoped per user and server, expire independently, and are never shared.

Endpoints

• GET /api/mcp/auth/initiate?server_id=...&user_id=...

• GET /api/mcp/auth/callback (OAuth redirect target)

• GET /api/mcp/auth/tokens

Claude Code / Cursor Passthrough

Area: IDE Routing

Cursor IDE and Claude Code can point directly at Smartflow without any client-side changes. Requests arriving at /cursor/* are treated as OpenAI-compatible calls; requests at /anthropic/* are forwarded natively to Anthropic. Provider detection is automatic from the model name — claude-* routes to Anthropic, gemini-* to Google. The [1m] extended-context suffix Claude Code injects into model names is stripped automatically.

Unlocks

Route every developer's Cursor or Claude Code session through Smartflow for centralised logging, budget enforcement, virtual key management, and policy application — with zero changes on the client side. Set ANTHROPIC_BASE_URL=https://mcp.langsmart.app/anthropic and you're done.

Paths

• ANY /cursor/* → OpenAI-compatible forward

• ANY /anthropic/* → Anthropic native forward

• Response header: X-Smartflow-Passthrough: {provider}

MCP Server Aliases (duplicate listing consolidated)

Area: MCP Gateway

MCP servers can be assigned short, stable aliases independent of their URL or internal server ID. All routing, access control, and header forwarding resolves via the alias.

Unlocks

Server URLs and configurations can change without breaking integrations. Teams use human-readable names (github, internal-search) rather than raw server IDs throughout their tooling.

Microsoft Entra ID SSO Group Sync

Area: Enterprise IAM

On every SSO sign-in, Smartflow decodes the OIDC id_token, extracts the user's Entra group memberships and App Role claims, and automatically creates or updates corresponding Smartflow teams in Redis. Users are added to teams they belong to and removed from teams they have left. App Role values map to internal roles: proxy_admin, org_admin, proxy_admin_viewer, internal_user.

Unlocks

Zero-touch team provisioning from Entra ID — no manual group-to-team mapping. Access controls, budgets, and guardrail policies attached to teams take effect immediately when group membership changes in Entra. Works with any OIDC-compatible IdP that includes groups and roles claims.

Endpoints

• POST /api/auth/sso/config — set tenant, client ID, default team params

• POST /api/auth/sso/signin — trigger sync from id_token

• GET /api/auth/sso/teams — list all auto-provisioned teams

• GET /api/auth/sso/users/{id}/teams — user's teams & resolved role

Guardrail Policy Groups with Inheritance

Area: Policy & Compliance

Named guardrails (pii, toxicity, prompt_injection, compliance, custom) are grouped into named policies. Policies inherit from a parent and can add or remove individual guardrails, creating a clean override hierarchy without duplication. Policies are attached to scopes — team, virtual-key alias, model pattern, or tag wildcard (e.g. health-*) — and evaluated on every proxied request. Matched policies are merged into the Maestro pre/post validation pipeline. Results are surfaced in response headers.

Unlocks

Org-wide compliance baselines with team- or product-level overrides. Apply the right guardrail set to the right requests automatically, without code changes. Tag-based scoping means attaching a policy to all hipaa-* keys takes a single API call. The resolve endpoint lets you preview exactly which guardrails would fire for any given request context before deploying.

Endpoints & Response Headers

• POST/GET /api/guardrails — guardrail definitions

• POST/GET /api/policies — policy groups

• POST /api/policies/attachments — attach policy to scope

• POST /api/policies/resolve — preview for a request context

• POST /api/policies/attachments/estimate — impact before attaching

• → x-smartflow-applied-policies (response)

• → x-smartflow-applied-guardrails (response)

• → x-smartflow-policy-sources (response)