Skip to content

v0.2.18

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Apr 20:46
v0.2.18
9e91827
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on security hardening, improved observability, and code quality improvements β€” with a notable new DIFC integrity feature, more flexible tool filtering, and tighter spec compliance across the gateway.

✨ What's New

  • Maintainer reaction endorsement for integrity promotion/demotion (#3666): Maintainers can now explicitly endorse or demote content integrity via reactions, giving fine-grained control over DIFC labeling decisions. See the Guard Response Labeling docs for details.

  • Wildcard ["*"] support in allowed-tools filtering (#3445): Configure allowed-tools: ["*"] to permit all tools from a server without enumerating them individually β€” simplifying configs for permissive backends.

  • OIDC fail-fast validation for TOML configs (#3538): OIDC misconfiguration is now caught at startup for TOML-configured servers, preventing silent failures at request time.

  • DIFC labeling for create_pull_request_with_copilot (#3651): The Copilot PR creation tool now receives correct DIFC integrity labels, ensuring policy enforcement applies consistently.

  • Expanded guard coverage for CLI write operations (#3609): Three previously uncovered CLI write operations are now pre-emptively included in WRITE_OPERATIONS, closing potential gaps in write-op integrity classification.

πŸ› Bug Fixes & Improvements

  • Gateway timeout defaults aligned with spec Β§4.1.3 (#3592): Startup and tool timeout defaults now match spec-mandated values; example config and docs corrected to match (#3652).

  • HTTP connection errors now visible to operators (#3514): HTTP-level connection errors are logged to stderr, making network issues easier to diagnose in production.

  • WriteJSONResponse trailing newline eliminated (#3466): JSON responses now use json.Marshal instead of the encoder, removing an extraneous trailing newline that could affect downstream parsers.

  • gojq module security & compatibility fixes (#3451): Permissions, import collision, and module naming issues in the gojq dependency resolved, plus version upgrade.

  • go-sdk upgraded to v1.5.0 (#3610): Brings latest MCP SDK improvements and addresses items from go-fan review.

πŸ“š Documentation

  • keepalive_interval and opentelemetry config fields documented (#3457): Both fields are now covered in the Configuration docs with correct defaults and usage guidance.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.18
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release Β· ● 161.5K

What's Changed

  • πŸ”„ chore: update schema URL to v0.67.3 by @github-actions[bot] in #3430
  • [Repo Assist] refactor(proxy): use httputil.WriteJSONResponse for filtered/empty JSON writes by @github-actions[bot] in #3437
  • [Repo Assist] refactor(logger): add InitGatewayLoggers and InitProxyLoggers helpers by @github-actions[bot] in #3438
  • ci: add Rust guard unit tests to CI pipeline by @Copilot in #3396
  • chore: increase daily-compliance-checker timeout to 45 minutes by @lpcox in #3453
  • chore: increase nightly-docs-reconciler timeout to 45 minutes by @lpcox in #3456
  • docs: document keepalive_interval and opentelemetry config fields by @lpcox in #3457
  • Support wildcard ["*"] in allowed-tools filtering by @Copilot in #3445
  • Deduplicate auth scheme parsing and random hex generation by @Copilot in #3450
  • fix: gojq module review β€” permissions, collision, rename, upgrade by @Copilot in #3451
  • fix: use json.Marshal in WriteJSONResponse to avoid trailing newline by @lpcox in #3466
  • fix: restore method-style log prefix in listMCPItems by @Copilot in #3471
  • refactor: extract generic listMCPItems helper for list* MCP operations by @lpcox in #3470
  • chore: upgrade all workflows from v0.67.0 to v0.68.0 by @lpcox in #3504
  • Deduplicate error CallToolResult construction, GitHub token and API URL lookups by @Copilot in #3507
  • Fix: log HTTP connection errors to stderr for operator visibility by @Copilot in #3514
  • Consolidate dual logging in server package to internal logger by @Copilot in #3510
  • Fix integration tests broken by logging consolidation by @lpcox in #3516
  • Deduplicate startup logging in cmd/root.go via logger helpers by @Copilot in #3515
  • Consolidate duplicate container detection into sys.DetectContainerID by @Copilot in #3522
  • Deduplicate OIDC missing env-var error message into shared helper by @Copilot in #3526
  • go-sdk review: schema bypass canary test, ServerInfo logging, doc comments by @Copilot in #3531
  • Fix rust-guard-test: remove unused is_update_operation and is_create_operation by @Copilot in #3536
  • Reduce duplication in write-op integrity classification and MinIntegrity conversion by @Copilot in #3534
  • Add OIDC fail-fast validation to TOML config path by @Copilot in #3538
  • πŸ”„ Update schema URL to v0.68.1 by @github-actions[bot] in #3570
  • Disable threat-detection in all workflows by @lpcox in #3583
  • [Repo Assist] refactor: add strutil.TruncateRunes and remove lookupEnrichmentToken alias by @github-actions[bot] in #3574
  • Fix lint: update test for removed lookupEnrichmentToken by @lpcox in #3586
  • Rename TestLookupEnrichmentToken β†’ TestLookupGitHubToken and wire to envutil by @Copilot in #3587
  • fix: align gateway timeout defaults with spec Β§4.1.3 by @Copilot in #3592
  • [log] config: migrate logConfig from legacy log.New to project debug logger by @github-actions[bot] in #3372
  • [test-improver] Improve tests for config/validation_schema package by @github-actions[bot] in #3380
  • [test] Add tests for logger.SlogHandler.Handle and related functions by @github-actions[bot] in #3381
  • [log] Add debug logging to unified server utility functions by @github-actions[bot] in #3418
  • [test] Add tests for logger.ToolsLogger.writeToFile and LogToolsForServer by @github-actions[bot] in #3427
  • [test] Add tests for config.isDynamicTOMLPath and proxy.truncateForLog by @github-actions[bot] in #3500
  • [test-improver] Improve tests for envutil package by @github-actions[bot] in #3566
  • [test] Add tests for HTTPKeepaliveInterval, EnsureGatewayDefaults, SetDebug, and logger init functions by @github-actions[bot] in #3567
  • Add pre-emptive guard entries for 3 CLI write operations missing from WRITE_OPERATIONS by @Copilot in #3609
  • chore: upgrade go-sdk to v1.5.0 and address go-fan review items by @Copilot in #3610
  • [Repo Assist] fix: remove redundant log.Printf calls from connection.go by @github-actions[bot] in #3640
  • Fix incorrect default values in docs and example config for startup/tool timeouts and domain by @Copilot in #3652
  • fix(rust-guard): remove redundant match arm in author_association_floor_from_str by @Copilot in #3654
  • Add DIFC labeling rule for create_pull_request_with_copilot by @Copilot in #3651
  • refactor: deduplicate reconnect telemetry and SSE deprecation logging in connection.go by @Copilot in #3660
  • feat: Maintainer reaction endorsement for integrity promotion/demotion by @Copilot in #3666

Full Changelog: v0.2.17...v0.2.18

Contributors

lpcox
Assets 8
Loading