[7.0.0] - 2026-06-06

This cycle centres on first-class LLM / AI-agent mocking and a major platform modernisation, alongside broader resilience-testing and dashboard improvements. Highlights (see the per-item entries below for detail):

• HTTP/3 streaming responses — SSE, chunked proxy forwarding, and LLM streaming are now fully supported over HTTP/3 (QUIC). Each body chunk is sent as an HTTP/3 DATA frame with backpressure via StreamingBody.requestMore(); the QUIC stream is cleanly shut down on completion or error. Bundled native QUIC removes the need for a separately downloaded BoringSSL library.
• TPROXY (IP_TRANSPARENT) transparent proxy — a new default-off transparentProxyTproxy configuration property enables IP_TRANSPARENT socket binding so that with iptables TPROXY rules the kernel preserves the original destination as the listening socket's local address, which MockServer reads via channel.localAddress() — avoiding the conntrack SO_ORIGINAL_DST lookup used with REDIRECT rules. Requires Linux, epoll transport, and CAP_NET_ADMIN. Verified end-to-end with a real Docker NET_ADMIN integration test.
• Testcontainers 1.21.4 — upgrades from 1.20.6, fixing DockerClientFactory.isDockerAvailable() returning false on Docker Desktop 4.67 / Engine API 1.54 (docker-java 3.4.2 probe fix).
• Clustered MockServer state (opt-in) — a new mockserver-state-infinispan module provides an embedded Infinispan StateBackend that can replicate expectations and scenario state across a JGroups cluster. Single-node behaviour is completely unchanged (the in-memory StateBackend remains the default). New configuration properties: stateBackend, clusterEnabled, clusterName, clusterTransportConfig, blobStoreType.
• LLM / AI-agent mocking suite — provider-correct mock completions and streaming for seven providers (Anthropic, OpenAI, OpenAI Responses, Azure OpenAI, Gemini, Bedrock, Ollama), with embeddings for OpenAI and Azure OpenAI; multi-turn scripted conversations with per-session isolation and deterministic prompt normalisation; and a runtime-LLM client SPI (off unless configured, fails closed) that powers the opt-in features. A broad MCP toolset drives it from an agent: mock_llm_completion, create_llm_conversation, verify_tool_call, explain_agent_run (with a correlated call graph), verify_structured_output, verify_cost_budget, detect_llm_drift, mock_adversarial_llm_response, and run_mcp_contract_test.
• Agent resilience & correctness testing — structured-output (JSON-Schema) validation on both the response path (outputSchema, fail-soft) and the verification path (verify_structured_output); a deterministic CI cost-budget gate (verify_cost_budget) over a built-in pricing table; declarative LLM fault/chaos profiles (probabilistic provider errors, mid-stream truncation, malformed SSE) plus a stateful request-quota rate limit; VCR record/replay with strict mode and body/header redaction; a prompt-injection / adversarial-response harness; and OpenTelemetry GenAI span + metrics export. The dashboard surfaces all of it (conversation wizard, sessions & call-graph, metrics view, export).
• HTTP chaos/fault injection — a general HttpChaosProfile (probabilistic error status + latency) attachable to any mocked or forwarded response, making MockServer usable as a chaos proxy for unreliable upstreams.
• Platform modernisation (breaking) — minimum runtime raised to Java 17; full Jakarta EE 10 / Servlet 6 migration (Spring 7 / Boot 4, Tomcat 11, Jetty 12, Jersey 4, Netty 4.2); json-schema-validator 3.x; a bundled DataFaker template helper; and ZGC tuning guidance.

Security

• Released Docker images are now cosign-signed by digest (Docker Hub and ECR Public), using the same signing key infrastructure as the Helm OCI chart. Consumers can verify image provenance with cosign verify. Signing is non-fatal in the pipeline if the key is unavailable, so it never blocks a release.
• Website security hardening — the documentation site (mock-server.com) now sends Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy response headers via CloudFront, and the domain publishes CAA records pinning certificate issuance to Amazon.
• Build/release infrastructure hardening (internal) — least-privilege scoping of CI secrets per Buildkite agent queue, removal of release-only permissions (ECR push) from the PR-build queue, secrets passed to release containers via 0600 files instead of docker -e environment variables, robust git-push-token cleanup, scoped cross-account AssumeRole (ExternalId) and tfstate IAM, full VPC flow logging, GuardDuty→SNS alerting, CloudTrail data-events on secrets/state, and SSE-KMS on the state and AWS Config buckets. See docs/infrastructure/aws-infrastructure.md, docs/infrastructure/ci-cd.md, and docs/operations/website.md.

Added

• Added a daily performance-regression pipeline (notify-only) that guards response latency, throughput, and CPU/memory against drift across releases. It runs on a dedicated, pinned, on-demand, scale-to-zero Buildkite perf queue and fires once per day only when master moved since the last run. Each run measures four behaviours (mock match, forward/proxy, Velocity template, large-body) over HTTP and HTTPS/HTTP-2 (k6/regression.js), a sustained resource-growth run that surfaces "increases over time" regressions such as the issue #2329 O(n) log-eviction CPU climb (k6/growth.js, CPU/heap/latency slope ratios), and the JMH MatchingBenchmark allocation backstop. Results are persisted to S3 and each run is compared against a rolling median+MAD baseline of recent runs, posting a Buildkite annotation table when a metric regresses. See docs/operations/performance-tuning.md.

LLM & AI-agent mocking

• Added a dedicated retrieve_logs MCP tool so an AI assistant debugging a failing test can pull MockServer's recorded log messages (request matching, mismatches, actions and errors) directly. It is a thin, discoverable wrapper over the existing LOGS retrieval path (shared with raw_retrieve), with an optional correlationId filter (trace one request's full lifecycle) and a limit (most-recent N, default 100, max 500). This fills the gap left by its sibling tools retrieve_recorded_requests / retrieve_request_responses, which already existed. See the AI/MCP tools page.
• Added a runtime-LLM client SPI (org.mockserver.llm.client) that lets MockServer call a real LLM you already run, as the foundation for opt-in features such as drift detection and exploratory semantic matching. Mirrors the existing codec registry: an LlmClient per provider (Ollama, OpenAI, OpenAI Responses, Azure OpenAI, Anthropic, Gemini, Bedrock) registered in LlmClientRegistry, an immutable LlmBackend config (with the API key redacted in logs), and a three-layer LlmBackendResolver (provider env vars → mockserver.llmProvider/llmApiKey/llmModel/llmBaseUrl → named-backends JSON via mockserver.llmBackendsConfig). All runtime-LLM use goes through LlmCompletionService, which is off unless a backend is configured, fails closed on any timeout/error/non-2xx (never flipping a deterministic result), and caches per normalised prompt for reproducibility. Ollama is the reference backend (no key, local); Bedrock builds the Anthropic-on-Bedrock request and relies on the headers escape hatch pending automatic SigV4 signing. See the configuration properties page and docs/code/llm-mocking.md.
• LLM conversation mocks can now opt into deterministic prompt normalisation before the latestMessageContains / latestMessageMatches predicates are evaluated, so a match is not blocked by cosmetic differences in dynamically-assembled agent prompts. A new normalization block on conversationPredicates (also exposed per-turn in the create_llm_conversation MCP tool and the dashboard conversation wizard) supports collapsing whitespace, lowercasing, sorting JSON object keys, dropping built-in volatile values (ISO-8601 timestamps, UUIDs, req_/msg_/call_ ids), and dropping named JSON fields. Normalisation is pure and idempotent — it never makes a test flaky — and has no effect unless a text predicate is set. See the AI/MCP tools page and docs/code/llm-mocking.md.
• Added two MCP tools for agent-run analysis and tool-call assertions, both backed by a new deterministic org.mockserver.llm.analysis.AgentRunAnalyzer that reconstructs an agent run by decoding the LLM requests MockServer recorded. verify_tool_call asserts that an agent called a named tool a given number of times (atLeast/atMost, with an optional regex over the tool-call arguments); explain_agent_run summarises the run's structure (message and assistant-turn counts, the ordered tool-call sequence, tool results, and the latest message role). Read-only and offline — no LLM call. See the AI/MCP tools page and docs/code/llm-mocking.md.
• Added a correlated agent-run call graph. AgentRunAnalyzer.buildCallGraph reconstructs a recorded run as a graph — a node per message and per assistant tool call, with NEXT (sequence), INVOKES (turn→tool call), and RESULT (tool call→its result, correlated by tool-call id) edges — exposed in the explain_agent_run MCP result as a callGraph field. The dashboard Sessions view renders it per session (a "Call graph" button loads it via explain_agent_run): each step shows the message role and the tool calls it made, with a result indicator, plus a copyable Mermaid flowchart source. Deterministic and read-only. See docs/code/llm-mocking.md.
• Added opt-in, exploratory semantic prompt matching for LLM conversations: a semanticMatch turn predicate (the intent the latest message should express) judged by a runtime LLM via the client SPI. It is **off by default an...

Release 6.1.0

Release 6.0.0