v0.2.13

🌟 Release Highlights

This release brings observability, configurable session management, and meaningful compliance and security improvements to MCP Gateway.

✨ What's New

OpenTelemetry Tracing (#3178)
MCP Gateway now exports traces via OpenTelemetry OTLP, giving operators end-to-end visibility into request flows through the proxy and backend MCP servers. This makes it significantly easier to diagnose latency and pinpoint failures in production environments.

Configurable Session Timeout (#3068, #3153)
The MCP_GATEWAY_SESSION_TIMEOUT environment variable now controls the session timeout for unified mode (/mcp) stateful sessions (default: 2h). Previously this was hardcoded. See the documentation for configuration details.

🔒 Security & Compliance

• Stricter auth validation (#3097): Malformed Authorization headers now correctly return HTTP 400. Unknown fields in TOML configuration are rejected at startup, and API keys are now randomly generated — closing several compliance gaps.
• Direct API bypass detection (#3134): The integrity audit now detects when agents attempt to call GitHub APIs directly, bypassing the gateway's routing constraint. A reusable MCP routing constraint has been added to enforce correct traffic flow.
• Expanded guard coverage (#3095, #3139): Five workflow run cancel/rerun operations are now guarded pre-emptively, and create_agent_task is correctly classified as a read-write blocked operation.

🐛 Bug Fixes

• Resolved duplicate test declarations in the server package that caused build failures (#3098).

📚 Documentation

• MCP_GATEWAY_SESSION_TIMEOUT is now fully documented, including supported duration formats and behavioral differences between routed and unified modes (#3153).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.13
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• [Repo Assist] feat(envutil): add GetEnvDuration + configurable MCP_GATEWAY_SESSION_TIMEOUT by @github-actions[bot] in #3068
• [Repo Assist] refactor(proxy): extract writeDIFCForbidden helper by @github-actions[bot] in #3067
• [log] refactor(difc): consolidate agent.go logging to use internal debug logger by @github-actions[bot] in #2982
• [test-improver] Improve tests for server session package by @github-actions[bot] in #2989
• [test-improver] Improve tests for logger/markdown_logger package by @github-actions[bot] in #3058
• [test] Add tests for proxy.handleWithDIFC uncovered branches by @github-actions[bot] in #3059
• Add pre-emptive guard coverage for 5 workflow run cancel/rerun operations by @Copilot in #3095
• fix: resolve duplicate test declarations in server package by @lpcox in #3098
• [log] Add debug logging to internal/difc/resource.go by @github-actions[bot] in #3099
• [rust-guard] Move test-only function out of production code; add missing field_names constants by @Copilot in #3096
• fix: compliance gaps — HTTP 400 for malformed auth headers, reject unknown TOML fields, random API key generation by @Copilot in #3097
• 🔄 chore: update schema URL to v0.65.6 by @github-actions[bot] in #3118
• [Repo Assist] refactor(server): move logRuntimeError from auth.go to http_helpers.go by @github-actions[bot] in #3119
• W-1: Detect direct API bypass in integrity audit + add reusable MCP routing constraint by @Copilot in #3134
• Guard coverage: classify create_agent_task as read-write and blocked by @Copilot in #3139
• 🔄 chore: update schema URL to v0.66.1 by @github-actions[bot] in #3162
• feat: OpenTelemetry OTLP trace export from MCP Gateway and proxy by @Copilot in #3178
• [Repo Assist] refactor(auth): move generateRandomAPIKey to internal/auth package by @github-actions[bot] in #3163
• [Repo Assist] build: add test-race Makefile target for race condition detection by @github-actions[bot] in #3164
• docs: document MCP_GATEWAY_SESSION_TIMEOUT environment variable by @Copilot in #3153

Full Changelog: v0.2.12...v0.2.13

v0.2.12

🌟 Release Highlights

This release focuses on reliability and observability — introducing automated health monitoring for backend MCP servers, improved documentation, and several quality-of-life fixes.

✨ What's New

• Periodic Health Monitoring & Auto-Restart (#3022): MCP Gateway now continuously monitors backend MCP servers and automatically restarts them if they become unhealthy (per spec §8). This means fewer manual interventions when a backend server crashes or hangs — the gateway recovers on its own.

🐛 Bug Fixes & Improvements

• Session Expiry During Long-Running Tasks (#3079): Fixed an issue where safeoutputs sessions could expire during extended agent task executions, causing failures near the end of long operations.
• Firewall/API-Proxy Image Alignment (#3012): Corrected a version mismatch where firewall agent and API-proxy container images were pinned to an outdated version (0.25.6), ensuring consistent behavior across all gateway components.
• jq Middleware Improvements (#3026): Internal improvements to the jq payload processing middleware following a module review — improves correctness and maintainability of large payload handling.

📚 Documentation

• OIDC Auth & Advanced CLI Flags (#3017): New documentation covering OIDC authentication for HTTP backend servers and advanced CLI flag usage. See the Configuration Guide and Environment Variables Reference.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.12
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• chore: Upgrade agentic workflows to gh-aw v0.65.3 by @lpcox in #3007
• fix: align firewall agent/api-proxy images to 0.25.6 by @lpcox in #3012
• 🔄 chore: update schema URL to v0.65.2 by @github-actions[bot] in #2991
• [Repo Assist] refactor(server): remove writeJSONResponse passthrough wrapper by @github-actions[bot] in #3001
• docs: document OIDC auth for HTTP servers and advanced CLI flags by @lpcox in #3017
• refactor: deduplicate search scope and author integrity in tool_rules.rs by @lpcox in #3019
• feat: periodic health monitoring and auto-restart for backend servers (spec §8) by @lpcox in #3022
• refactor: jq middleware improvements from gojq module review by @lpcox in #3026
• refactor: remove redundant config default fallbacks in server and launcher by @lpcox in #3032
• fix: prevent safeoutputs session expiry during long-running agent tasks by @Copilot in #3079
• 🔄 chore: update schema URL to v0.65.5 by @github-actions[bot] in #3060

Full Changelog: v0.2.11...v0.2.12

v0.2.11

🌟 Release Highlights

This release focuses on reliability and performance improvements, including accurate health monitoring, faster WASM guard startup, and a self-contained config schema — plus an expanded test suite and numerous internal code quality improvements.

✨ What's New

• Embedded config schema (#2933): The MCP Gateway config JSON schema is now bundled directly into the binary via go:embed, eliminating the dependency on the external schema URL. No internet access needed to validate your configuration.

• Debug logging for HTTP transport (#2906): Added a debug logger to the MCP HTTP transport layer, making it easier to trace request/response flows when troubleshooting backend connectivity issues.

🐛 Bug Fixes & Improvements

• Accurate health endpoint (#2938): The /health endpoint now reports real server status and uptime rather than stale or approximate values — health checks and monitoring tools will reflect the true state of backend MCP servers.

⚡ Performance

• WASM guard startup time reduced (#2956): Added a wazero compilation cache for WASM security guards. Subsequent guard loads reuse compiled artifacts, significantly reducing startup overhead for deployments using WASM-based guards.

📚 Documentation

• Updated CONTRIBUTING.md (#2957): Added missing internal packages (proxy, difc, syncutil) and documented proxy mode to help contributors navigate the codebase.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.11
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• 🔄 chore: update schema URL to v0.65.0 by @github-actions[bot] in #2919
• Bundle MCP gateway config schema in binary via go:embed by @Copilot in #2933
• [Repo Assist] test(server): add direct unit tests for SessionIDFromContext and NewSession by @github-actions[bot] in #2893
• [log] mcp: add debug logger to http_transport.go by @github-actions[bot] in #2906
• [test-improver] Improve tests for logger/jsonl_logger package by @github-actions[bot] in #2915
• [test] Add tests for proxy.ServeHTTP, handleWithDIFC, passthrough, and forwardAndReadBody by @github-actions[bot] in #2916
• [Repo Assist] refactor(logger): eliminate withLock duplication across 4 logger types by @github-actions[bot] in #2920
• fix: track real server status and uptime in health endpoint by @Copilot in #2938
• refactor: deduplicate withLock() across logger types by @Copilot in #2939
• refactor: eliminate duplicate code patterns (logger + server) by @lpcox in #2950
• perf: add wazero compilation cache and wasm guard improvements by @lpcox in #2956
• docs: add missing packages and proxy mode to CONTRIBUTING.md by @lpcox in #2957
• refactor: Deduplicate integrity label builders in Rust guard by @lpcox in #2963
• refactor: Go SDK usage improvements from module review by @lpcox in #2967

Full Changelog: v0.2.10...v0.2.11

v0.2.10

🌟 Release Highlights

This release focuses on security hardening with expanded DIFC label coverage, GitHub Actions OIDC authentication for HTTP MCP servers, and improved integrity filtering based on collaborator permissions.

✨ What's New

• GitHub Actions OIDC Authentication (#2878): Custom HTTP MCP servers can now authenticate using GitHub Actions OIDC tokens — enabling more secure, credential-free authentication in CI/CD workflows. See the Proxy Mode docs for configuration details.

• Collaborator Permission–Based Integrity Filtering (#2863): Integrity filtering now uses collaborator permission levels for more accurate and meaningful access control decisions, ensuring the right level of trust is applied based on actual repository permissions.

• Expanded DIFC Labels for Write Tools (#2873): DIFC security labels now cover 30 additional write tools, closing gaps in information flow control coverage and reducing the attack surface for sensitive write operations. See the Guard Response Labeling docs.

• DIFC Proxy Feature Enabled on All Guarded Workflows (#2885): The difc-proxy feature flag is now active across all guarded workflows, providing consistent DIFC enforcement throughout the request pipeline.

• MCP Gateway Spec v1.9.0 (#2850): Updated to MCP Gateway specification version 1.9.0. See the Configuration docs for compatibility details.

🐛 Bug Fixes & Improvements

• Broader Guard Coverage for gh repo Operations (#2806): All modifying gh repo operations are now blocked by the guard, preventing unintended repository mutations.

• Repo-Assist Min-Integrity Adjustment (#2890): The repo-assist minimum integrity level has been lowered to unapproved, allowing it to function correctly in more workflow scenarios.

• Code Deduplication in Server & Guard Packages (#2852): Eliminated three duplicate-code patterns across server and guard packages, improving maintainability and reducing the risk of inconsistent behavior.

📚 Documentation

• Proxy Mode Auth Token Docs (#2821): The Proxy Mode guide now documents GITHUB_PERSONAL_ACCESS_TOKEN as an authentication option, clarifying supported token types for proxy mode configurations.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.10
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• Guard coverage: block all modifying gh repo operations by @Copilot in #2806
• docs: add GITHUB_PERSONAL_ACCESS_TOKEN to proxy mode auth token docs by @Copilot in #2821
• [log] Add debug logging to config/docker_helpers.go by @github-actions[bot] in #2824
• [test-improver] Improve tests for version package by @github-actions[bot] in #2833
• [test] Add tests for proxy.replaceNodesArray by @github-actions[bot] in #2834
• 🔄 chore: update schema URL to v0.64.4 by @github-actions[bot] in #2836
• bump MCPGatewaySpecVersion to 1.9.0 by @Copilot in #2850
• rust-guard: remove dead permissions.rs and deduplicate username lookup by @Copilot in #2851
• fix: eliminate three duplicate-code patterns across server and guard packages by @Copilot in #2852
• feat: use collaborator permission level for integrity filtering by @lpcox in #2863
• chore: upgrade gh-aw to v0.64.5 and recompile all workflows by @lpcox in #2871
• feat(guard): add DIFC labels for 30 write tools and clean up stale entries by @lpcox in #2873
• fix(guard): resolve all Rust clippy warnings by @lpcox in #2874
• feat: GitHub Actions OIDC token authentication for custom HTTP MCP servers by @Copilot in #2878
• feat: enable difc-proxy feature flag on all guarded workflows by @lpcox in #2885
• fix: lower repo-assist min-integrity to unapproved by @lpcox in #2890

Full Changelog: v0.2.9...v0.2.10

v0.2.9

🌟 Release Highlights

This release focuses on security guard hardening, documentation improvements, and internal code quality — tightening access controls, improving observability docs, and reducing technical debt.

🔐 Security & Guard Improvements

• Expanded write-op guard coverage — pin_issue and unpin_issue are now properly classified as write operations, and transfer_repository is unconditionally blocked to prevent accidental or malicious repository transfers. (#2750)
• Trusted bot recognition — copilot-swe-agent is now recognized as a trusted first-party bot, ensuring correct policy application when it acts as an agent. (#2777)

📚 Documentation

• AWF pipeline environment variable lifecycle — A new reference doc covers how environment variables flow through AWF pipelines, helping operators understand variable scoping and availability. (#2781) — See docs/AWF_PIPELINE_ENVIRONMENT_VARIABLES.md
• Trusted users & bot flags documented — The --trusted-bots and --trusted-users flags, trusted-users config, and PORT fallback behavior are now fully documented. (#2789) — See docs/CONFIGURATION.md

🐛 Bug Fixes

• Logging correctness — Fixed duplicate log entries in session.go and misuse of logUnified, eliminating noisy or misleading log output. (#2788)
• Static analysis fix — Removed redundant io.Writer type annotation flagged by staticcheck (QF1011). (#2780)

🔧 Internal Improvements

• Shared httputil package extracted to eliminate duplicate JSON response helpers across mcp and cmd packages.
• Reduced duplicate code across loggers, validation, and session handling.
• Debug logger added to cmd/proxy.go for improved proxy observability.
• Expanded test coverage for FileLogger, ParsePolicyMap, ParseServerGuardPolicy, BuildAllowOnlyPolicy, and the new httputil package.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.9
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• Guard coverage: add pin_issue/unpin_issue write ops; unconditionally block transfer_repository by @Copilot in #2750
• [log] Add debug logger to cmd/proxy.go by @github-actions[bot] in #2752
• [test-improver] Improve tests for logger/FileLogger by @github-actions[bot] in #2760
• [test] Add tests for config.ParsePolicyMap, ParseServerGuardPolicy, BuildAllowOnlyPolicy by @github-actions[bot] in #2761
• fix(guard): add copilot-swe-agent to trusted first-party bots by @Copilot in #2777
• chore: recompile all workflows with gh-aw v0.64.3 by @lpcox in #2779
• fix: remove redundant io.Writer type annotation (staticcheck QF1011) by @lpcox in #2780
• docs: add AWF pipeline environment variable lifecycle reference by @Copilot in #2781
• Remove duplicate logging in session.go, fix logUnified misuse by @Copilot in #2788
• docs: document trusted-users, --trusted-bots/--trusted-users flags, and PORT fallback by @Copilot in #2789
• refactor: reduce duplicate code in loggers, validation, and session handling by @Copilot in #2790
• refactor: extract shared httputil, remove trivial wrappers in mcp and cmd by @Copilot in #2794
• test: add unit tests for internal/httputil package by @lpcox in #2800

Full Changelog: v0.2.8...v0.2.9

v0.2.8

🌟 Release Highlights

v0.2.8 is a focused security, stability, and correctness release — hardening session handling, improving DIFC label precision, and resolving several race conditions and integration issues.

🔒 Security Improvements

• Session ID truncation in logs (#2731): Session IDs (API keys) are now consistently truncated across all log calls in session.go, preventing accidental plaintext credential exposure in log files and debug output.
• Scoped DIFC labels (#2641): The generic secret secrecy tag has been replaced with scoped private:owner/repo labels, enabling finer-grained information flow control that accurately reflects the owning repository context. See the Guard Response Labeling docs for details.

🐛 Bug Fixes

• Race condition in session pool (#2634): Eliminated a race condition in SessionConnectionPool.Get that could cause intermittent failures under concurrent load.
• GHEC proxy support via GITHUB_SERVER_URL (#2676): Proxy mode now correctly detects and routes requests when GITHUB_SERVER_URL points to a GitHub Enterprise Cloud (GHEC) instance. See the Proxy Mode docs.
• WASM guard panic handling (#2698): WASM guard traps (panics) are now detected, logged with context, and the failed module is marked as such — preventing silent failures from propagating through the guard pipeline.
• go-sdk integration fixes (#2647): Corrected content types, error messages, pagination behavior, and tool annotations in the go-sdk integration layer for more reliable MCP protocol compliance.

📚 Documentation

• gateway.port clarified (#2733): The docs now explicitly note that gateway.port does not affect the server's listen address (use --listen flag for that) and the trustedBots configuration field is now documented. See the Configuration docs.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.8
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• [Repo Assist] fix(launcher): eliminate race condition in SessionConnectionPool.Get by @github-actions[bot] in #2634
• 🔄 chore: update schema URL to v0.64.2 by @github-actions[bot] in #2637
• Replace secret secrecy tag with scoped private:owner/repo labels by @Copilot in #2641
• rust-guard: consolidate github-baseline match arms + add Display for ScopeKind by @Copilot in #2640
• refactor: move ExpandEnvArgs and NormalizeScopeKind to correct packages by @Copilot in #2645
• refactor(proxy): extract writeJSONResponse and forwardAndReadBody helpers in handler.go by @Copilot in #2646
• Fix go-sdk integration: content types, error messages, pagination, tool annotations by @Copilot in #2647
• Remove unused callListMethod function by @lpcox in #2657
• [test-improver] Improve tests for mcp package by @github-actions[bot] in #2567
• [test] Add tests for server.logServerGuardPolicies by @github-actions[bot] in #2577
• [test-improver] Improve tests for mcptest harness by @github-actions[bot] in #2631
• [test] Add tests for server.registerAllTools and related tool_registry functions by @github-actions[bot] in #2656
• fix: update mcp test mocks for SDK streamable transport by @lpcox in #2664
• fix: confirm and surface proxy mode GITHUB_SERVER_URL support for GHEC by @Copilot in #2676
• fix: replace ${PWD} with absolute path placeholder in config.toml serena entry by @Copilot in #2681
• Add comprehensive safe-outputs configuration enforcement smoke tests by @Copilot in #2685
• chore: recompile workflows for gh-aw v0.64.2 and fix safeoutput smoke tests by @lpcox in #2688
• [log] Add debug logging to server/session.go by @github-actions[bot] in #2673
• fix: detect and log WASM guard traps; mark module failed after panic by @Copilot in #2698
• fix(security): truncate session IDs in all log calls in session.go by @Copilot in #2731
• [log] Add debug logging to internal/proxy/graphql_rewrite.go by @github-actions[bot] in #2710
• [test-improver] Improve tests for difc package by @github-actions[bot] in #2716
• [test] Add tests for guard.parseResourceResponse and guard.parseCollectionLabeledData by @github-actions[bot] in #2717
• docs: clarify gateway.port has no effect on listen address; document trustedBots field by @Copilot in #2733
• fix: resolve duplicate test declarations and fix wantOperation defaults by @lpcox in #2737

Full Changelog: v0.2.7...v0.2.8

v0.2.7

🌟 Release Highlights

This release focuses on GitHub Enterprise Cloud (GHEC) tenant support, improved session reliability, and better HTTP backend compatibility — alongside several security guard enhancements and internal quality improvements.

✨ What's New

• GHEC Tenant Support (#2481, #2484): MCP Gateway now correctly handles GitHub Enterprise Cloud tenants in both proxy routing and guard URL parsing, including port-safe GHEC detection in API URL derivation. Configure via GITHUB_SERVER_URL or GITHUB_API_URL for seamless GHEC integration. See Proxy Mode docs for details.

• Trusted Users in AllowOnly Guard (#2584): The allow-only guard policy now supports a trusted-users list, allowing specific users to receive elevated integrity levels — enabling fine-grained control over who can perform sensitive operations. See Guard Response Labeling.

🐛 Bug Fixes & Improvements

• Transparent Session Reconnection (#2597): Expired MCP backend sessions are now reconnected automatically and transparently, with an extended session timeout. No more unexpected disconnections from long-running workflows.

• HTTP Backend Compatibility (#2608): Fixed HTTP 400 errors on tools/list for HTTP backends that use custom authentication headers (e.g., Atlassian MCP). The gateway now correctly forwards auth headers on capability discovery requests.

• Guard Write Classification (#2613): Pre-emptive write classification added for set_variable, upload_release_asset, and sync_fork tools, ensuring these operations are correctly guarded before execution rather than after.

• Schema Fetch Reliability (#2582): Added retry logic with exponential backoff for schema fetches, making the gateway resilient to transient HTTP errors on startup.

• Accurate DIFC Filter Notices (#2518): Filter notices now correctly distinguish between secrecy and integrity violations, giving users clearer information about why a tool response was filtered.

• Trusted Bot Elevation Fix (#2574): Corrected configured trusted-bot elevation in apply_tool_labels so explicitly trusted bots receive the correct integrity levels.

📚 Documentation

• Environment Variables reference now documents all proxy mode environment variables, and the Gateway Compatibility Quick Reference is now linked from the README (#2541).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.7
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• fix: port-safe GHEC detection in deriveAPIFromServerURL by @Copilot in #2484
• feat: GHEC tenant support for proxy and guard URL parsing by @lpcox in #2481
• 🔄 chore: update schema URL to v0.63.1 by @github-actions[bot] in #2503
• refactor: eliminate truncateForLog duplicate, simplify ValidateDIFCMode, split unified.go by @Copilot in #2497
• [rust-guard] Consolidate identical repo-scoped match arms and extract approval-label promotion helper by @Copilot in #2508
• Add DIFC integrity audit tests: detection failure rate, audit trail, safe_outputs blocking by @Copilot in #2514
• fix: distinguish secrecy vs integrity in filtered notice by @Copilot in #2518
• Remove duplicate log calls where global structured logger already covers the event by @Copilot in #2522
• refactor: Extract shared LogConnectionError to eliminate duplicate connection error diagnostics by @Copilot in #2524
• Extract syncutil.GetOrCreate to eliminate double-check locking duplication by @Copilot in #2531
• docs: add proxy mode env vars to ENVIRONMENT_VARIABLES.md and link gateway compatibility reference from README by @Copilot in #2541
• [test-improver] Improve tests for mcp package (ExpandEnvArgs) by @github-actions[bot] in #2499
• [test] Add tests for server.callBackendTool DIFC phases by @github-actions[bot] in #2513
• [log] Add debug logger to internal/server/guard_init.go by @github-actions[bot] in #2528
• fix: update DIFC test assertions to match new notice format by @lpcox in #2552
• refactor: relocate SysServer to server package, IsRunningInContainer to sys package by @Copilot in #2549
• 🔄 chore: update schema URL to v0.64.0 by @github-actions[bot] in #2572
• rust-guard: fix configured trusted bot elevation in apply_tool_labels + deduplicate item collection by @Copilot in #2574
• [Repo Assist] refactor(cmd): add getDefault helpers for all DIFC flag env vars by @github-actions[bot] in #2569
• fix: add retry with exponential backoff to schema fetch for transient HTTP errors by @Copilot in #2582
• feat: add trusted-users list to AllowOnly guard policy for user integrity elevation by @Copilot in #2584
• refactor(difc): reduce boilerplate duplication in agent.go and labels.go by @Copilot in #2591
• fix: reconnect expired MCP backend sessions transparently, extend server session timeout by @Copilot in #2597
• feat: add gateway issue dispatcher workflow by @lpcox in #2603
• Fix HTTP 400 on tools/list for HTTP backends with custom auth headers (Atlassian MCP) by @Copilot in #2608
• fix(guard): pre-emptive write classification for set_variable, upload_release_asset, sync_fork by @Copilot in #2613
• [log] Add debug logging to container detection in sys/container.go by @github-actions[bot] in #2598
• fix: update HTTP backend mock tests for SDK streamable transport by @lpcox in #2619

Full Changelog: v0.2.6...v0.2.7

v0.2.6

🌟 Release Highlights

This release tightens security and correctness in the GitHub MCP guard layer, with improved DIFC labeling accuracy, expanded guard coverage, and developer-experience improvements.

🐛 Bug Fixes & Improvements

• Correct secrecy labeling for Actions data — actions_get and get_job_logs now derive secrecy from repository visibility rather than using an incorrect default, ensuring private repo workflow data is handled with appropriate confidentiality labels. (#2463)
• Five GitHub MCP guard coverage gaps closed — Write-operation classification, DIFC labeling, and future-proofing fixes address gaps where certain tool responses were not correctly classified or labeled by the guard layer, improving overall security posture. (#2461)

🔧 Internal Improvements

• Go module drift detection — A new tidy-check Makefile target and CI step detect go.mod/go.sum drift automatically, preventing dependency inconsistencies from landing in the codebase. (#2456)
• Enhanced debug logging for stdin config — Additional debug logging in config/config_stdin.go makes it easier to diagnose JSON-over-stdin configuration issues. (#2464)
• DIFC format function test coverage — New tests for difc.formatIntegrityLevel and difc.formatSecrecyLevel improve confidence in label formatting correctness. (#2444)
• Rust guard code cleanup — Removed dead code (is_owner), cleaned up stale #[allow(dead_code)] annotations, and extracted resolve_search_scope for clarity. (#2434)

📚 Documentation

• CONTRIBUTING.md accuracy fixes — Corrected discrepancies around port numbers, wazero references, and the test-container-proxy target to match current project reality. (#2471)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.6
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• rust-guard: remove dead is_owner, strip stale #[allow(dead_code)] on get_nested_str, extract resolve_search_scope by @Copilot in #2434
• [test] Add tests for difc.formatIntegrityLevel and difc.formatSecrecyLevel by @github-actions[bot] in #2444
• [WIP] Add tidy-check Makefile target and CI step for go.mod/go.sum drift detection by @Copilot in #2456
• fix: use repo visibility for actions_get and get_job_logs secrecy by @lpcox in #2463
• fix(guard): close 5 GitHub MCP guard coverage gaps — write classification, DIFC labeling, and future-proofing by @Copilot in #2461
• [log] Add debug logging to config/config_stdin.go by @github-actions[bot] in #2464
• docs: fix CONTRIBUTING.md discrepancies (port, wazero, test-container-proxy) by @Copilot in #2471

Full Changelog: v0.2.5...v0.2.6

v0.2.5

🌟 Release Highlights

This release brings a new integrity audit workflow, a performance improvement to payload processing, and continued quality improvements.

✨ What's New

• Daily Integrity Filtering Audit (#2439): A new automated workflow runs daily to audit integrity filtering behavior, improving observability and confidence in the guard/DIFC labeling pipeline.

⚡ Performance

• Reduced Memory Allocation in Payload Preview (#2428): Eliminated a large string allocation when building payload previews, lowering memory pressure when handling large MCP tool responses.

🔧 Internal

• Updated schema URL to v0.63.0 for MCP protocol compatibility (#2431).
• Improved test coverage for the proxy/graphql_rewrite package (#2426).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.5
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• 🔄 chore: update schema URL to v0.63.0 by @github-actions[bot] in #2431
• [Repo Assist] perf: avoid large string allocation when building payload preview by @github-actions[bot] in #2428
• [test-improver] Improve tests for proxy/graphql_rewrite package by @github-actions[bot] in #2426
• feat: add daily integrity filtering audit workflow by @lpcox in #2439

Full Changelog: v0.2.4...v0.2.5

v0.2.4

🌟 Release Highlights

This release improves proxy compatibility with github-script integrations and updates workflows for gh-aw v0.63.0, with a focus on correctness of response envelope handling.

✨ What's New

• Proxy + github-script smoke tests — End-to-end tests now validate the proxy integration with github-script, catching regressions in real-world workflow scenarios. Workflows have been recompiled for compatibility with gh-aw v0.63.0. (#2412)

🐛 Bug Fixes & Improvements

• Proxy response envelope fix — Corrected malformed response envelopes in proxy mode, ensuring downstream github-script consumers receive well-structured JSON-RPC responses. Accompanying smoke tests help prevent regressions. (#2420)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.4
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• feat: add proxy+github-script smoke test, recompile workflows for gh-aw v0.63.0 by @lpcox in #2412
• fix: proxy response envelopes + smoke test for github-script integration by @lpcox in #2420

Full Changelog: v0.2.3...v0.2.4