v0.2.30

🌟 Release Highlights

This release strengthens MCP Gateway's reliability and security posture with hardened pagination safety, cleaner DIFC enforcement architecture, and more explicit guard label rules for sensitive GitHub operations.

🔒 Security & DIFC Improvements

• Explicit DIFC label rules for high-impact operations (#4300): Notification writes and repository create/fork operations now have explicit label rules in the Rust guard, eliminating ambiguity around inherited caller-provided DIFC labels via fallback behavior. This ensures high-sensitivity mutating operations are consistently and predictably labeled.

🛡️ Reliability Improvements

• Hardened MCP pagination against cursor cycles (#4302): The MCP pagination engine now fails fast when a backend repeats a cursor, preventing infinite loops caused by misbehaving upstream servers. Go-SDK registration canaries were also added to catch upgrade-sensitive tool registration behavior early.

🧹 Code Quality

• Refactored DIFC pipeline and logger level wrappers (#4301): Duplicated DIFC enforcement logic shared between unified MCP tool calls and proxy REST handling has been extracted into shared helpers, reducing maintenance burden and the risk of behavioral divergence between code paths.

🔧 Internal

• Workflow toolchain upgrade to gh-aw v0.69.2 (#4297): All 31 agentic workflows recompiled against the latest gh-aw compiler release.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.30
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 180.3K

---

What's Changed

• chore: upgrade and recompile all workflows to gh-aw v0.69.2 by @lpcox in #4297
• Harden MCP pagination against cursor cycles and add go-sdk registration canaries by @Copilot in #4302
• Refactor duplicated DIFC pipeline decisions and logger level wrappers by @Copilot in #4301
• Guard DIFC: add explicit label rules for notification writes and repository create/fork operations by @Copilot in #4300

Full Changelog: v0.2.29...v0.2.30

v0.2.29

🐛 Release Highlights

This is a targeted fix release that resolves a guard compilation issue, ensuring the release pipeline proceeds cleanly.

🐛 Bug Fixes

• Guard cleanup — Removed unused org-ownership functions in the GitHub guard that were blocking the release build. No behavioral changes; this is a clean-up fix with no impact on existing guard policies or configurations.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.29
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 178.8K

---

What's Changed

• fix(guard): remove unused org-ownership functions blocking release by @lpcox in #4290

Full Changelog: v0.2.28...v0.2.29

v0.2.28

What's Changed

• Guard: ignore stale maintainer reactions when content is edited after endorsement by @Copilot in #4228
• [log] oidc: add debug logging to provider.go by @github-actions[bot] in #4246
• [test-improver] Improve tests for mcp tool_result package by @github-actions[bot] in #4254
• Harden CLI proxy GraphQL path handling with explicit /api/graphql regression coverage by @Copilot in #4278
• [Repo Assist] refactor(rust-guard): extract is_any_trusted_actor helper and collapse URL fallback loop by @github-actions[bot] in #4260
• [gateway] Correct commit integrity elevation for personal repos on non-default refs by @Copilot in #4283

Full Changelog: v0.2.26...v0.2.28

v0.2.27

What's Changed

• Guard: ignore stale maintainer reactions when content is edited after endorsement by @Copilot in #4228
• [log] oidc: add debug logging to provider.go by @github-actions[bot] in #4246
• [test-improver] Improve tests for mcp tool_result package by @github-actions[bot] in #4254
• Harden CLI proxy GraphQL path handling with explicit /api/graphql regression coverage by @Copilot in #4278
• [Repo Assist] refactor(rust-guard): extract is_any_trusted_actor helper and collapse URL fallback loop by @github-actions[bot] in #4260
• [gateway] Correct commit integrity elevation for personal repos on non-default refs by @Copilot in #4283

Full Changelog: v0.2.26...v0.2.27

v0.2.26

🔧 Maintenance & Quality Release

v0.2.26 focuses on internal quality improvements, enhanced debug logging, performance optimizations, and documentation clarifications. No breaking changes.

✨ What's New

• Improved jq middleware performance (#4211): Optimized scalar handling in the jq schema middleware for more efficient processing of tool responses, with added protection against comment drift in the underlying gojq dependency.
• Enhanced Rust guard response labeling (#4212): Removed static-string allocations in guard outputs and expanded test coverage for response path labeling, improving correctness of DIFC label propagation through the guard layer.
• Structured DIFC logging (#4191): Guard initialization logs now use the structured logger, making DIFC-related events consistently visible in mcp-gateway.log and per-server log files.
• Extended debug logging (#4134, #4173): Debug tracing added to the proxy command and tracing helpers — enable with DEBUG=cmd:* for detailed startup diagnostics.

🐛 Bug Fixes & Improvements

• Guard policy validation consolidation (#4192): Proxy guard policy now uses the shared ParseGuardPolicyJSON helper, eliminating a duplicate validation path that could diverge from the canonical implementation.
• Logger wrapper parity (#4155): Enforced consistent log-level semantics across logger wrappers, preventing silent log-level mismatches between the file logger and structured logger.
• Auth package cleanup (#4144): IsMalformedHeader moved from server to internal/auth, improving package cohesion and reusability.

📚 Documentation

• Variable expansion semantics clarified (#4210): The Configuration Guide now clearly documents the difference between JSON stdin and TOML config formats — JSON uses \$\{VAR_NAME} expansion only for environment variables in env blocks, while TOML expands variables across the full config. Essential reading if you mix both formats.

🔬 Test Coverage

Significant test additions this release: circuit breaker edge cases (#4181), OpenTelemetry config validation (#4141), writeGatewayConfig/loadEnvFile/tracing helpers (#4182), and version package (#4140).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.26
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 153.3K

---

What's Changed

• [test-improver] Improve tests for version package by @github-actions[bot] in #4140
• [log] Add debug logging to cmd/proxy by @github-actions[bot] in #4134
• [test] Add tests for config.validateOpenTelemetryConfig and related validation functions by @github-actions[bot] in #4141
• [Repo Assist] refactor(auth): move IsMalformedHeader from server to auth package by @github-actions[bot] in #4144
• Fix duplicate test functions in config validation tests by @lpcox in #4156
• Deduplicate guard policy JSON roundtrip and enforce logger wrapper level parity by @Copilot in #4155
• [log] Add debug logging to cmd/tracing_helpers.go by @github-actions[bot] in #4173
• [test-improver] Improve tests for server circuit breaker by @github-actions[bot] in #4181
• [Repo Assist] refactor(proxy): replace manual guard policy validation with ParseGuardPolicyJSON by @github-actions[bot] in #4192
• [test] Add tests for writeGatewayConfig, loadEnvFile, and tracing helpers by @github-actions[bot] in #4182
• [Repo Assist] fix(server): migrate guard_init.go DIFC logs to structured logger by @github-actions[bot] in #4191
• Clarify JSON vs TOML variable expansion semantics in configuration docs by @Copilot in #4210
• Optimize jq schema middleware scalar handling and de-risk gojq comment drift by @Copilot in #4211
• [rust-guard] Remove static-string allocations in guard outputs and add response path labeling coverage by @Copilot in #4212
• Refactor tracer fallback + logger helper layout to remove duplication and tighten logging semantics by @Copilot in #4213

Full Changelog: v0.2.25...v0.2.26

v0.2.25

🌟 Release Highlights

This release tightens GitHub guard security coverage, improves debug observability, strengthens the Rust guard implementation, and continues a broad internal code quality effort across the codebase.

🛡️ Security & Guard Improvements

• Expanded set_issue_fields DIFC coverage — The GitHub guard now correctly classifies set_issue_fields as a write operation with appropriate DIFC rule grouping, closing a coverage gap that could allow the tool to bypass integrity enforcement. (#4049, #4104)
• Rust guard reliability — Eliminated an unnecessary scopes.clone() in the label_agent path and introduced a DIFC_MODE constant for clearer mode handling in the Rust guard. (#4085)

✨ What's New

• Debug logging for config core — Configuration loading now emits structured debug output via the logger framework, making it easier to trace config resolution issues in production. (#4074)
• Rust test integration — A new test-rust Makefile target brings Rust guard tests into the standard make agent-finished verification pipeline. (#4086)

🔧 Internal Improvements

• Unified inbound response logging in SendRequestWithServerID to a single code path, reducing logging inconsistencies. (#4054)
• Deduplicated tracing and HTTP server setup across cmd/server packages. (#4048)
• Consolidated marshal/log paths and unified sanitized sys tool response logging. (#4106)
• Moved shared helpers out of specialized files and removed unnecessary micro-packages. (#4117)
• Refined testify assertions across the test suite for clearer failures and lint-aligned patterns. (#4051)
• Improved test coverage for sys/container and cmd.newCompletionCmd. (#4081, #4082)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.25
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 149.7K

---

What's Changed

• Refactor duplicated tracing and HTTP server setup paths in cmd/server packages by @Copilot in #4048
• [guard-coverage] Add set_issue_fields to github-guard write classification and DIFC rules by @Copilot in #4049
• Refine testify assertions in tests for clearer failures and lint-aligned patterns by @Copilot in #4051
• Refactor SendRequestWithServerID to use a single inbound response logging path by @Copilot in #4054
• [test-improver] Improve tests for sys/container package by @github-actions[bot] in #4081
• [Repo Assist] fix(rust-guard): eliminate scopes.clone() in label_agent + add DIFC_MODE constant by @github-actions[bot] in #4085
• [Repo Assist] build: add test-rust Makefile target and include Rust tests in agent-finished by @github-actions[bot] in #4086
• [log] Add debug logging to config_core.go by @github-actions[bot] in #4074
• [test] Add tests for cmd.newCompletionCmd by @github-actions[bot] in #4082
• Close GitHub guard coverage gap for set_issue_fields by aligning DIFC rule grouping by @Copilot in #4104
• Refactor duplicated marshal/log paths and unify sanitized sys tool response logging by @Copilot in #4106
• Refactor utility placement: move shared helpers out of specialized files and remove micro-packages/files by @Copilot in #4117

Full Changelog: v0.2.24...v0.2.25

v0.2.24

🌟 Release Highlights

This release fixes TLS certificate validation failures when using gh and git through the DIFC proxy, and removes a GITHUB_ENV dependency that limited portability.

⚠️ Breaking Changes

TLS CA trust no longer written to GITHUB_ENV — If your workflow relied on GITHUB_ENV being populated with the proxy CA certificate path, that behavior has been removed. CA trust is now configured exclusively via process environment variables set at proxy startup. Update your workflows to rely on the process environment instead of reading from GITHUB_ENV.

🐛 Bug Fixes & Improvements

Fixed git clone and gh repo clone failures through the DIFC TLS proxy (#4042) — Commands that perform HTTPS validation (git, gh, curl, Node.js fetch, Python requests) previously failed with certificate errors when routed through awmg proxy --tls. The proxy now automatically propagates the generated CA certificate to all standard trust environment variables at startup:

Variable	Client
GIT_SSL_CAINFO	git, gh
CURL_CA_BUNDLE	curl
NODE_EXTRA_CA_CERTS	Node.js
REQUESTS_CA_BUNDLE	Python requests
SSL_CERT_FILE	OpenSSL-based tooling

📚 Documentation

docs/PROXY_MODE.md has been updated with CA setup guidance for gh and git workflows that do not use GITHUB_ENV automation.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.24
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 188.5K

---

What's Changed

• Propagate DIFC proxy TLS CA trust to git/gh/curl via process environment by @Copilot in #4042

Full Changelog: v0.2.23...v0.2.24

v0.2.23

🌟 Release Highlights

This release delivers a targeted bug fix for DIFC proxy GraphQL endpoint routing, along with internal quality improvements to tests and debug logging.

🐛 Bug Fixes

• DIFC proxy GraphQL endpoint rewriting: Fixed incorrect endpoint rewriting for the github.com API base URL when using DIFC proxy mode. Requests to GraphQL endpoints are now correctly routed, resolving an edge case that could cause API calls to fail for standard GitHub.com configurations. (#4030)

🔧 Internal Improvements

• Improved debug logging for API key generation to aid in troubleshooting authentication flows (#4002)
• Expanded test coverage for AllowOnlyPolicy configuration parsing and scope normalization (#4012)
• Enhanced test coverage for the mcp/tool_result package (#4011)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.23
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 143.6K

---

What's Changed

• Repo Assist: require explicit noop safe output when no action is taken by @Copilot in #4026
• Fix DIFC proxy GraphQL endpoint rewriting for github.com API base by @Copilot in #4030
• [log] Add debug logging to GenerateRandomAPIKey in auth/apikey.go by @github-actions[bot] in #4002
• [test-improver] Improve tests for mcp/tool_result package by @github-actions[bot] in #4011
• [test] Add tests for config.AllowOnlyPolicy.UnmarshalJSON and NormalizeScopeKind by @github-actions[bot] in #4012

Full Changelog: v0.2.22...v0.2.23

v0.2.22

🌟 Release Highlights

This release focuses on reliability improvements for non-root container deployments and GHES compatibility, along with a documentation accuracy fix for the server tools allowlist feature.

🐛 Bug Fixes & Improvements

• Non-root container support — MCP Gateway can now run as a non-privileged user (e.g., via --user $(id -u):$(id -g) in Docker). Previously, a failure to write /etc/hosts would abort startup; it is now treated as a non-fatal warning, enabling secure, rootless container deployments. (#3985)

• GHES GraphQL routing fixed — GraphQL requests routed through the DIFC proxy to GitHub Enterprise Server instances with an /api/v3 base path were being forwarded to an invalid endpoint. Requests such as /api/graphql from the gh CLI are now correctly rewritten to <host>/api/graphql, ensuring end-to-end query preservation for GHES users. (#3970)

📚 Documentation

• tools field docs corrected — The Configuration Reference previously stated that the server tools field was unenforced. This has been corrected to reflect the actual runtime behavior: tools are filtered from tools/list responses and tools/call requests are denied for any tool not in the allowlist. (#3965)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.22
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 147.8K

---

What's Changed

• Correct tools field documentation to match runtime allowlist enforcement by @Copilot in #3965
• Refactor MCP connection response logging and timeout default handling to remove duplication by @Copilot in #3966
• [rust-guard] Deduplicate granular repo-write tool labeling and avoid repeated path scans in file secrecy checks by @Copilot in #3967
• Refactor URL derivation and helper ownership across envutil/config/mcp by @Copilot in #3968
• Fix GHES GraphQL path handling and end-to-end query preservation in DIFC proxy when upstream is /api/v3 by @Copilot in #3970
• Make /etc/hosts write non-fatal for non-root container execution by @lpcox in #3985

Full Changelog: v0.2.21...v0.2.22

v0.2.21

🌟 Release Highlights

This release focuses on timeout correctness for HTTP backends and MCP connection handling — ensuring gateway-configured execution budgets are respected end-to-end.

🐛 Bug Fixes & Improvements

• HTTP backend timeouts now honor configured budgets (#3911): A hardcoded 120-second transport-level cap was silently overriding any tool execution budget set in the gateway config. HTTP backends now correctly respect the configured timeout, preventing unexpected truncations on long-running tools.

• MCP connect timeout uses consistent default (#3946): The 30-second hardcoded connect timeout was replaced with a named defaultConnectTimeout constant, and an invalid <= 0 guard was fixed. This makes timeout behavior predictable and easier to reason about.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.21
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release · ● 110.3K

---

What's Changed

• Honor gateway tool execution budgets for HTTP backends by removing hardcoded 120s transport cap by @Copilot in #3911
• [test-improver] Improve tests for tracing package by @github-actions[bot] in #3938
• [test] Add tests for oidc.extractJWTExpiry by @github-actions[bot] in #3939
• [Repo Assist] fix(mcp): replace hardcoded 30s with defaultConnectTimeout constant, fix <= 0 guard by @github-actions[bot] in #3946
• Fix gofmt alignment in jwt_expiry_test.go by @lpcox in #3954
• Fix TestFullDIFCConfigFromJSON timeout waiting for backend connections by @lpcox in #3960
• [Repo Assist] test(mcp): add connect-timeout default behaviour tests by @github-actions[bot] in #3947

Full Changelog: v0.2.20...v0.2.21