Agent Stack version 0.6.1

This release brings centralized authentication via Keycloak, support for unmanaged A2A agents, connector management in the SDK and CLI, statically configurable model providers, and numerous UI and deployment improvements.

Major Changes

Keycloak as Central OIDC Provider

Authentication has been completely rearchitected around Keycloak as the single OpenID Connect provider. User identity and role management now lives in Keycloak rather than the application's internal database. The deployment includes automated Keycloak provisioning with pre-configured realms, clients, and roles. A custom branded Keycloak theme with dark mode support ships out of the box, along with an SSO-only variant for environments using exclusively external identity providers.
For organizations with existing identity infrastructure, external OIDC providers (Auth0, Okta, etc.) can be configured as an alternative to the bundled Keycloak, with flexible role claim mapping.

Unmanaged A2A Agents

You can now register A2A agents that are already running and managed externally. Instead of providing a Docker image, you can point Agent Stack to a running agent's URL. The agentstack add CLI command now accepts both Docker image references and direct agent URLs. For Docker-based agents without the expected metadata label, Agent Stack will automatically deploy a temporary probe to retrieve the agent card from the running container.

Connector Management (SDK & CLI)

Full connector lifecycle management is now available in both the Python SDK and CLI. New connector CLI commands (create, remove, list, list-presets, get, connect, disconnect) and corresponding Python SDK methods let you manage integrations with external services. The SDK includes advanced features like wait_for_state, wait_for_deletion, and mcp_proxy for streaming requests.

Statically Configurable Model Providers (Helm)

Model providers can now be defined directly in the Helm chart at deployment time. Providers report online/offline state, backed by a new caching layer (in-memory or Redis). Automated background jobs keep the provider registry synchronized and status up to date.

Configurable CORS

The server now supports fully configurable CORS settings, exposed via Helm values. This is essential for integrators building custom GUIs on top of Agent Stack.

Other Improvements

User feedback as Phoenix annotations: Feedback ratings and comments are now sent to Phoenix as human annotations linked to traces, closing the loop between user sentiment and observability data.
CLI --image-pull-mode: Replaces the previous --import and --pull-on-host flags with a single option supporting guest, host, and hybrid strategies.
UI form field validation: Required fields now consistently enforce validation with clear error messages, preventing invalid submissions.
Markdown syntax highlighting: Code blocks in the UI now properly highlight markdown content.
Partial fulfillments: Fulfillments in the UI are now rendered incrementally.
TypeScript SDK: New getAgentCardPath utility centralizes agent card path construction.
A2A security schemes: Agent cards now properly declare authentication security schemes via a new SdkAuthenticationBackend interface.
Non-streaming agent fix: Agents that don't stream responses are now correctly handled.
Examples subproject: New examples directory with scaffolding script and initial multi-turn conversation history examples with e2e tests.
Switched to pyrefly for Python type checking.

Bug Fixes

Chat now works correctly in Safari
Dark/light mode preference propagated to Keycloak login
Fixed CLI login flow when refresh token expires
Fixed Keycloak Helm configuration issues
Fixed JWT keys in Helm when auth is disabled
Better error message when Docker is missing
Fixed keyboard text selection in canvas
Fixed model-not-responding error handling

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.6.1

Choose a tag to compare

Sorry, something went wrong.