v0.2.7

🌟 Release Highlights

This release focuses on GitHub Enterprise Cloud (GHEC) tenant support, improved session reliability, and better HTTP backend compatibility — alongside several security guard enhancements and internal quality improvements.

✨ What's New

• GHEC Tenant Support (#2481, #2484): MCP Gateway now correctly handles GitHub Enterprise Cloud tenants in both proxy routing and guard URL parsing, including port-safe GHEC detection in API URL derivation. Configure via GITHUB_SERVER_URL or GITHUB_API_URL for seamless GHEC integration. See Proxy Mode docs for details.

• Trusted Users in AllowOnly Guard (#2584): The allow-only guard policy now supports a trusted-users list, allowing specific users to receive elevated integrity levels — enabling fine-grained control over who can perform sensitive operations. See Guard Response Labeling.

🐛 Bug Fixes & Improvements

• Transparent Session Reconnection (#2597): Expired MCP backend sessions are now reconnected automatically and transparently, with an extended session timeout. No more unexpected disconnections from long-running workflows.

• HTTP Backend Compatibility (#2608): Fixed HTTP 400 errors on tools/list for HTTP backends that use custom authentication headers (e.g., Atlassian MCP). The gateway now correctly forwards auth headers on capability discovery requests.

• Guard Write Classification (#2613): Pre-emptive write classification added for set_variable, upload_release_asset, and sync_fork tools, ensuring these operations are correctly guarded before execution rather than after.

• Schema Fetch Reliability (#2582): Added retry logic with exponential backoff for schema fetches, making the gateway resilient to transient HTTP errors on startup.

• Accurate DIFC Filter Notices (#2518): Filter notices now correctly distinguish between secrecy and integrity violations, giving users clearer information about why a tool response was filtered.

• Trusted Bot Elevation Fix (#2574): Corrected configured trusted-bot elevation in apply_tool_labels so explicitly trusted bots receive the correct integrity levels.

📚 Documentation

• Environment Variables reference now documents all proxy mode environment variables, and the Gateway Compatibility Quick Reference is now linked from the README (#2541).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.7
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• fix: port-safe GHEC detection in deriveAPIFromServerURL by @Copilot in #2484
• feat: GHEC tenant support for proxy and guard URL parsing by @lpcox in #2481
• 🔄 chore: update schema URL to v0.63.1 by @github-actions[bot] in #2503
• refactor: eliminate truncateForLog duplicate, simplify ValidateDIFCMode, split unified.go by @Copilot in #2497
• [rust-guard] Consolidate identical repo-scoped match arms and extract approval-label promotion helper by @Copilot in #2508
• Add DIFC integrity audit tests: detection failure rate, audit trail, safe_outputs blocking by @Copilot in #2514
• fix: distinguish secrecy vs integrity in filtered notice by @Copilot in #2518
• Remove duplicate log calls where global structured logger already covers the event by @Copilot in #2522
• refactor: Extract shared LogConnectionError to eliminate duplicate connection error diagnostics by @Copilot in #2524
• Extract syncutil.GetOrCreate to eliminate double-check locking duplication by @Copilot in #2531
• docs: add proxy mode env vars to ENVIRONMENT_VARIABLES.md and link gateway compatibility reference from README by @Copilot in #2541
• [test-improver] Improve tests for mcp package (ExpandEnvArgs) by @github-actions[bot] in #2499
• [test] Add tests for server.callBackendTool DIFC phases by @github-actions[bot] in #2513
• [log] Add debug logger to internal/server/guard_init.go by @github-actions[bot] in #2528
• fix: update DIFC test assertions to match new notice format by @lpcox in #2552
• refactor: relocate SysServer to server package, IsRunningInContainer to sys package by @Copilot in #2549
• 🔄 chore: update schema URL to v0.64.0 by @github-actions[bot] in #2572
• rust-guard: fix configured trusted bot elevation in apply_tool_labels + deduplicate item collection by @Copilot in #2574
• [Repo Assist] refactor(cmd): add getDefault helpers for all DIFC flag env vars by @github-actions[bot] in #2569
• fix: add retry with exponential backoff to schema fetch for transient HTTP errors by @Copilot in #2582
• feat: add trusted-users list to AllowOnly guard policy for user integrity elevation by @Copilot in #2584
• refactor(difc): reduce boilerplate duplication in agent.go and labels.go by @Copilot in #2591
• fix: reconnect expired MCP backend sessions transparently, extend server session timeout by @Copilot in #2597
• feat: add gateway issue dispatcher workflow by @lpcox in #2603
• Fix HTTP 400 on tools/list for HTTP backends with custom auth headers (Atlassian MCP) by @Copilot in #2608
• fix(guard): pre-emptive write classification for set_variable, upload_release_asset, sync_fork by @Copilot in #2613
• [log] Add debug logging to container detection in sys/container.go by @github-actions[bot] in #2598
• fix: update HTTP backend mock tests for SDK streamable transport by @lpcox in #2619

Full Changelog: v0.2.6...v0.2.7

v0.2.6

🌟 Release Highlights

This release tightens security and correctness in the GitHub MCP guard layer, with improved DIFC labeling accuracy, expanded guard coverage, and developer-experience improvements.

🐛 Bug Fixes & Improvements

• Correct secrecy labeling for Actions data — actions_get and get_job_logs now derive secrecy from repository visibility rather than using an incorrect default, ensuring private repo workflow data is handled with appropriate confidentiality labels. (#2463)
• Five GitHub MCP guard coverage gaps closed — Write-operation classification, DIFC labeling, and future-proofing fixes address gaps where certain tool responses were not correctly classified or labeled by the guard layer, improving overall security posture. (#2461)

🔧 Internal Improvements

• Go module drift detection — A new tidy-check Makefile target and CI step detect go.mod/go.sum drift automatically, preventing dependency inconsistencies from landing in the codebase. (#2456)
• Enhanced debug logging for stdin config — Additional debug logging in config/config_stdin.go makes it easier to diagnose JSON-over-stdin configuration issues. (#2464)
• DIFC format function test coverage — New tests for difc.formatIntegrityLevel and difc.formatSecrecyLevel improve confidence in label formatting correctness. (#2444)
• Rust guard code cleanup — Removed dead code (is_owner), cleaned up stale #[allow(dead_code)] annotations, and extracted resolve_search_scope for clarity. (#2434)

📚 Documentation

• CONTRIBUTING.md accuracy fixes — Corrected discrepancies around port numbers, wazero references, and the test-container-proxy target to match current project reality. (#2471)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.6
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• rust-guard: remove dead is_owner, strip stale #[allow(dead_code)] on get_nested_str, extract resolve_search_scope by @Copilot in #2434
• [test] Add tests for difc.formatIntegrityLevel and difc.formatSecrecyLevel by @github-actions[bot] in #2444
• [WIP] Add tidy-check Makefile target and CI step for go.mod/go.sum drift detection by @Copilot in #2456
• fix: use repo visibility for actions_get and get_job_logs secrecy by @lpcox in #2463
• fix(guard): close 5 GitHub MCP guard coverage gaps — write classification, DIFC labeling, and future-proofing by @Copilot in #2461
• [log] Add debug logging to config/config_stdin.go by @github-actions[bot] in #2464
• docs: fix CONTRIBUTING.md discrepancies (port, wazero, test-container-proxy) by @Copilot in #2471

Full Changelog: v0.2.5...v0.2.6

v0.2.5

🌟 Release Highlights

This release brings a new integrity audit workflow, a performance improvement to payload processing, and continued quality improvements.

✨ What's New

• Daily Integrity Filtering Audit (#2439): A new automated workflow runs daily to audit integrity filtering behavior, improving observability and confidence in the guard/DIFC labeling pipeline.

⚡ Performance

• Reduced Memory Allocation in Payload Preview (#2428): Eliminated a large string allocation when building payload previews, lowering memory pressure when handling large MCP tool responses.

🔧 Internal

• Updated schema URL to v0.63.0 for MCP protocol compatibility (#2431).
• Improved test coverage for the proxy/graphql_rewrite package (#2426).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.5
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• 🔄 chore: update schema URL to v0.63.0 by @github-actions[bot] in #2431
• [Repo Assist] perf: avoid large string allocation when building payload preview by @github-actions[bot] in #2428
• [test-improver] Improve tests for proxy/graphql_rewrite package by @github-actions[bot] in #2426
• feat: add daily integrity filtering audit workflow by @lpcox in #2439

Full Changelog: v0.2.4...v0.2.5

v0.2.4

🌟 Release Highlights

This release improves proxy compatibility with github-script integrations and updates workflows for gh-aw v0.63.0, with a focus on correctness of response envelope handling.

✨ What's New

• Proxy + github-script smoke tests — End-to-end tests now validate the proxy integration with github-script, catching regressions in real-world workflow scenarios. Workflows have been recompiled for compatibility with gh-aw v0.63.0. (#2412)

🐛 Bug Fixes & Improvements

• Proxy response envelope fix — Corrected malformed response envelopes in proxy mode, ensuring downstream github-script consumers receive well-structured JSON-RPC responses. Accompanying smoke tests help prevent regressions. (#2420)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.4
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• feat: add proxy+github-script smoke test, recompile workflows for gh-aw v0.63.0 by @lpcox in #2412
• fix: proxy response envelopes + smoke test for github-script integration by @lpcox in #2420

Full Changelog: v0.2.3...v0.2.4

v0.2.3

🌟 Release Highlights

This release focuses on correctness fixes in the Rust-based security guard layer, CLI robustness improvements, and expanded test coverage for configuration loading.

🐛 Bug Fixes & Improvements

• Guard: search_repositories labeling fixed — The Rust guard now uses the correct JSON pointer key when labeling search_repositories responses, ensuring results are properly integrity-labeled rather than silently skipped. (#2407)

• Guard: GraphQL-format search results & bot-author filtering — The guard now correctly handles both REST (total_count) and GraphQL (totalCount) search response shapes, and bot-author filtering works reliably across formats. (#2403)

• CLI: improved error handling and validation — SilenceErrors prevents duplicate error output, proxy mode is now validated at startup with a clear error message, and CLI flags for DIFC modes include shell completion enums for a better developer experience. (#2384)

• Guard: dead code and stale logger removed — Cleaned up a dead logger in NoopGuard and removed stale #[allow(dead_code)] annotations in the Rust guard backend, reducing noise during builds. (#2382, #2393)

• Build stability — Inline getDefault* helpers and renamed duplicate test functions to resolve build failures introduced by a partial refactor. (#2394)

🧪 Testing

• Added tests for config.LoadFromFile and related helpers, improving confidence in configuration parsing across TOML and JSON formats. (#2381)

🔧 Internal

• Updated MCP schema URL to v0.62.5. (#2345)
• Repo-assist baseline updated to use ghcr.io/github/gh-aw-mcpg:v0.2.2. (#2388)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.3
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• Use published ghcr.io/github/gh-aw-mcpg:v0.2.2 for repo-assist baseli… by @lpcox in #2388
• 🔄 chore: update schema URL to v0.62.5 by @github-actions[bot] in #2345
• [Repo Assist] fix(cmd): SilenceErrors, remove dup log, validate proxy mode, add enum completions by @github-actions[bot] in #2384
• [Repo Assist] refactor(cmd): inline trivial os.Getenv wrappers in flags_difc.go by @github-actions[bot] in #2383
• [Repo Assist] fix(rust-guard): remove stale #[allow(dead_code)] from backend.rs by @github-actions[bot] in #2382
• [test] Add tests for config.LoadFromFile and related helpers by @github-actions[bot] in #2381
• Fix build: inline removed getDefault* helpers, rename duplicate tests by @lpcox in #2394
• Fix NoopGuard dead logger, extract emptyAgentLabelsResult helper, resolve broken references from partial refactor by @Copilot in #2393
• fix(rust-guard): use correct JSON pointer key for search_repositories response by @Copilot in #2407
• fix(rust-guard): handle GraphQL-format search results and bot-author filtering by @lpcox in #2403

Full Changelog: v0.2.2...v0.2.3

v0.2.2

🌟 Release Highlights

A focused patch release delivering a targeted bug fix for search result parsing and an internal workflow update.

🐛 Bug Fixes & Improvements

• More reliable search result extraction: MCP Gateway now falls back to URL-based parsing when extracting issue/PR numbers and repository names from search results. This improves robustness in cases where structured data fields are missing or malformed. (#2379)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.2
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• chore(workflow): use published v0.2.1 container image for repo-assist by @lpcox in #2374
• fix: URL-based fallback for search result number and repo extraction by @lpcox in #2379

Full Changelog: v0.2.1...v0.2.2

v0.2.1

🌟 Release Highlights

This release strengthens MCP Gateway's security guard system with improved trusted-bot detection for the Copilot SWE Agent and broader GraphQL query coverage for commit integrity labeling.

🐛 Bug Fixes

• Copilot SWE Agent now recognized as a trusted first-party bot — The copilot-swe-agent app was previously unrecognized by the DIFC guard, causing its PRs to receive none integrity and be filtered. All login variants (copilot-swe-agent[bot], copilot-swe-agent, app/copilot-swe-agent) are now treated as trusted first-party bots, receiving elevated writer integrity on par with dependabot[bot] and github-actions[bot].

✨ What's New

• Commit query GraphQL field injection — MCP Gateway now injects author{user{login}} fields into commit GraphQL queries (including list_commits), enabling the security guard to perform trusted-bot detection on commit objects. This extends the existing author-injection coverage from Issues and PRs to commits, ensuring consistent integrity labeling across all resource types. See the Guard Response Labeling docs for details.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.1
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• Feat/unified jsonl logs by @lpcox in #2371

Full Changelog: v0.2.0...v0.2.1

v0.2.0

🌟 Release Highlights

v0.2.0 brings improved observability with unified JSONL logging, making it easier to trace and analyze MCP Gateway activity across proxy and gateway components in a single stream.

✨ What's New

• Unified JSONL Log File — The proxy and gateway now write to a single, unified rpc-messages.jsonl log file instead of separate streams. This simplifies log consumption, tooling integration, and post-hoc analysis of MCP request/response flows. See the Configuration Guide for log directory options. (#2350)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.0
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• chore: update repo-assist MCPG container image to v0.1.26 by @lpcox in #2346
• feat: unified JSONL log file between proxy and gateway by @lpcox in #2350

Full Changelog: v0.1.26...v0.2.0

v0.1.26

🌟 Release Highlights

A focused patch release delivering a correctness fix to the guard subsystem's backend enrichment logic.

🐛 Bug Fixes & Improvements

• Guard backend enrichment corrected — Fixed an issue where backend enrichment tool names and arguments were mismatched, which could cause guard evaluation to fail or produce incorrect results for enriched tool calls. (#2340)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.26
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• fix(guard): correct backend enrichment tool names and args by @lpcox in #2340
• chore: update repo-assist to gateway v0.1.25 by @lpcox in #2338
• chore: revert repo-assist to local container build by @lpcox in #2341

Full Changelog: v0.1.25...v0.1.26

v0.1.25

🌟 Release Highlights

This release resolves integrity filtering false positives in the GitHub guard, improving accuracy when processing both GraphQL and REST responses from the GitHub MCP Server.

🐛 Bug Fixes & Improvements

Guard: GraphQL response labeling, backend enrichment, and sub-method skip (#2335)

The GitHub guard now correctly handles the full range of response shapes returned by the GitHub MCP Server, eliminating false positive DIFC-filtered responses:

• GraphQL response support — list_issues and list_pull_requests return GraphQL-shaped responses ({issues: [...]}, {pullRequests: [...]}) that were previously unrecognized. These are now correctly parsed and labeled alongside existing REST array formats.

• Backend enrichment for missing author_association — When author_association is absent (a known upstream gap in GraphQL responses), the guard makes targeted backend calls to fetch it: issue_read for issues, get_pull_request_facts for PRs. This ensures accurate integrity labeling without requiring upstream fixes.

• Sub-method response skip — Sub-methods of pull_request_read and issue_read (e.g., get_check_runs, get_files, get_comments) return non-PR/issue objects. Per-item labeling is now skipped for these; resource-level labels from tool_rules provide correct integrity instead.

• Error response skip — Responses with isError=true no longer get parsed as domain objects (previously producing pr:#unknown with none integrity). Resource-level labels handle error cases correctly.

• Search scope extraction — search_issues and search_pull_requests now extract repo:owner/repo from query strings to apply properly scoped secrecy and integrity labels.

For more on how the guard applies response labels, see the Guard Response Labeling docs.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.25
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• guard: GraphQL response labeling, backend enrichment, and sub-method skip by @lpcox in #2335

Full Changelog: v0.1.24...v0.1.25