v0.1.22

🌟 Release Highlights

This release significantly expands MCP Gateway's security coverage, closing labeling gaps across 22 previously uncovered GitHub MCP tools and expanding the proxy router with 27 new routes and GraphQL patterns.

✨ What's New

🔐 Comprehensive Guard Tool Coverage (#2291)

22 GitHub MCP read tools that previously fell through to the default catch-all case (inheriting empty labels) now have explicit integrity and secrecy labels. This means tools that were previously invisible to min-integrity filtering — or could silently leak private data — are now fully governed:

Category	Tools Covered
Actions	get_job_logs (marked secret — logs may contain leaked tokens)
User Context	get_me, get_teams, get_team_members (private user/org data)
Discussions	list_discussions, get_discussion, get_discussion_comments, list_discussion_categories
Gists	list_gists, get_gist (private user content)
Git	get_repository_tree
Labels	list_label
Notifications	list_notifications, get_notification_details
Projects	projects_list, projects_get (new canonical tool names)
Security Advisories	list_global_security_advisories, get_global_security_advisory, list_repository_security_advisories, list_org_repository_security_advisories
Search	search_orgs
Repos	list_starred_repositories

See the Guard Response Labeling docs for labeling semantics.

🛣️ Proxy Router Expansion (#2291)

22 new REST routes and 5 GraphQL patterns bring the proxy router up to parity with the expanded guard coverage. Newly routed endpoints include:

• Actions: workflow/run/job details, attempt logs, artifacts, caches, secrets, variables, environment config
• Discussions: list, single, and comment endpoints (REST + GraphQL)
• User: /user, SSH/GPG keys, viewer {} GraphQL query
• Notifications: /notifications
• Check runs: /commits/{sha}/check-runs and check-suites
• Org-scoped: /orgs/{org}/actions/secrets|variables
• Organization: organization() GraphQL pattern

See the Proxy Mode docs for routing details.

🧪 Test Coverage

37 new unit tests cover every newly labeled tool's label_resource and label_response paths, ensuring correctness of integrity and secrecy assignments.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.22
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• feat: guard tool coverage for GitHub MCP server + proxy router expansion by @lpcox in #2291

Full Changelog: v0.1.21...v0.1.22

v0.1.21

What's Changed

• fix: address proxy TLS review feedback — permissions, wildcard address, shell arg parsing, test compile by @Copilot in #2233
• feat: proxy mode TLS support and container-native entrypoint by @lpcox in #2231
• feat: implement blocked-users and approval-labels in GitHub guard by @Copilot in #2241
• docs: add test-container-proxy to make help output by @lpcox in #2249
• docs: add integrity filtering reference and blocked-users/approval-labels to README by @lpcox in #2250
• [test] Add tests for server.ensureGuardInitialized and normalizeScopeKind by @github-actions[bot] in #2037
• [test-improver] Improve tests for config/rules package by @github-actions[bot] in #2042
• Fix stale assertions in TestPlaywrightMCPServer/ToolsRegistered integration test by @Copilot in #2262
• [log] Add debug logging to mcp/tool_result.go by @Copilot in #2061
• [test] Add tests for server.resolveGuardPolicy and normalizeScopeKind by @github-actions[bot] in #2092
• [test-improver] Improve tests for server requireGuardPolicyIfGuardEnabled by @github-actions[bot] in #2096
• fix: resolve duplicate test functions, nil panic, and missing Makefile target by @lpcox in #2267
• [log] feat(config): add debug logging to guard policy validation and parsing by @github-actions[bot] in #2168
• [test] Add tests for cmd.resolveGuardPolicyOverride by @github-actions[bot] in #2171
• [log] log: add debug logging to server/difc_log by @github-actions[bot] in #2228
• [test] Add tests for proxy.MatchRoute and proxy.MatchGraphQL by @github-actions[bot] in #2229
• [test-improver] Improve tests for proxy package by @github-actions[bot] in #2230
• [log] Add debug logging to proxy server initialization by @github-actions[bot] in #2271
• [test] Add tests for server.registerGuard and createGuardFromConfig by @github-actions[bot] in #2272
• fix: register guard test uses non-noop guard for policy validation by @lpcox in #2273
• fix: correct baseline_scope for scoped integrity labels and discussion tool integrity by @Copilot in #2281
• feat: add guard tool coverage for 22 missing GitHub MCP server tools by @lpcox in #2280
• Add daily GitHub guard coverage checker workflow (MCP + CLI) by @Copilot in #2279

Full Changelog: v0.1.20...v0.1.21

v0.1.20

🌟 Release Highlights

This release introduces a new proxy mode for GitHub API DIFC filtering and a configurable trusted bots system, alongside significant hardening of DIFC enforcement throughout the pipeline and improved developer-facing error messages.

✨ What's New

• GitHub API Proxy Mode — MCP Gateway now supports a dedicated proxy mode that applies DIFC filtering to GitHub API requests, enabling fine-grained information flow control for API traffic. See the Proxy Mode docs for configuration details.

• Configurable Trusted Bots List — You can now define a custom list of trusted bots that receive elevated approved integrity levels, giving operators precise control over which automated actors are trusted within the DIFC framework. Conforms to spec §4.1.3.4. See Configuration Guide for the trusted_bots field.

• DIFC-Filtered Items Noticed in Tool Responses — When DIFC filtering removes items from a tool response (e.g., low-integrity issues filtered out of a list_issues call), the gateway now appends a brief notice to the response telling the agent how many items were withheld and why (e.g., [DIFC] 3 item(s) removed by integrity policy: issue:org/repo#14 (integrity too low)). The notice contains only resource identifiers and denial reasons — never the actual content of filtered items. This prevents agents from incorrectly concluding a result set is empty when items exist but are inaccessible under the current policy.

🐛 Bug Fixes & Improvements

• Hardened DIFC Proxy Enforcement — The proxy now fails closed throughout the entire pipeline, ensuring no information leaks on DIFC enforcement errors rather than silently passing through.

• Human-Readable DIFC Error Messages — Write-denial reasons now include human-readable secrecy level names (e.g., private:owner/repo) instead of raw internal identifiers, and the issue:#0 sentinel placeholder has been replaced with meaningful context.

• Nil Params Handling — Fixed a crash when ParseToolArguments received a nil Params value, improving gateway stability for edge-case tool calls.

• Trusted Bots Validation at Load Time — Empty or invalid trusted_bots entries are now caught at config load time (both TOML and stdin JSON paths), providing fast-fail feedback rather than silent runtime errors.

• Rust Guard Improvements — Removed dead parameters from issue_integrity and fixed a heap-allocating string comparison in the GitHub guard for improved efficiency.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.20
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.4.0 to 1.4.1 in the go_modules group across 1 directory by @dependabot[bot] in #2149
• rust-guard: remove dead params from issue_integrity + fix heap-allocating string comparison by @Copilot in #2152
• chore: add guard filtering summary to repo-assist monthly activity issue by @lpcox in #2158
• [Repo Assist] test: add unit tests for ConvertToCallToolResult, ParseToolArguments, and sink server IDs by @github-actions[bot] in #2160
• chore: upgrade gh-aw agent config and recompile workflows to v0.62.0 by @lpcox in #2163
• fix: handle nil Params in ParseToolArguments by @lpcox in #2172
• Surface DIFC-filtered items in tool responses to prevent targeted dispatch drift by @Copilot in #2175
• fix: harden proxy DIFC enforcement — fail closed throughout pipeline by @Copilot in #2188
• Fix golangci-lint CI failures in internal/proxy/handler.go by @Copilot in #2189
• feat: add proxy mode for GitHub API DIFC filtering by @lpcox in #2176
• feat: add configurable trusted bots list with approved integrity elevation by @Copilot in #2204
• fix(difc): use human-readable secrecy level in write-denial reason by @Copilot in #2205
• fix: improve DIFC error messages and replace issue:#0 sentinel by @lpcox in #2202
• 🔄 chore: update schema URL to gh-aw v0.62.2 by @github-actions[bot] in #2193
• fix: trusted bot config conformance with spec §4.1.3.4 by @lpcox in #2213
• [WIP] Fix failing GitHub Actions workflow lint by @Copilot in #2216
• fix: move validateTrustedBots to validation.go and enforce on stdin path by @Copilot in #2217
• fix: validate empty trusted_bots at config load time by @lpcox in #2215

Full Changelog: v0.1.19...v0.1.20

v0.1.19

🌟 Release Highlights

This release focuses on guard and security improvements, agentic workflow tooling, and reliability fixes — including a notable resource leak fix in the routed server.

✨ What's New

• Trusted bot integrity elevation — First-party bots (dependabot[bot], github-actions[bot], github-merge-queue[bot], copilot) now automatically receive approved integrity in DIFC labeling, enabling smoother policy enforcement for automated workflows without manual tagging. (#2144)

• Repo-assist agentic workflow — A new repo-assist agentic workflow with an integrated guard policy has been added, expanding the gateway's out-of-the-box automation capabilities. (#2131, #2134)

🐛 Bug Fixes & Improvements

• Routed server resource leak fixed — A connection/resource leak in the routed server has been resolved, along with hardcoded version string corrections that could cause misleading diagnostics. (#2107)

• TOML configuration documentation corrected — Fixed a broken \$\{PWD} volume mount example, clarified the \$\{VAR} expansion note, and documented previously undocumented tools field behaviour in the TOML config. (#2121) See the Configuration Guide.

🔧 Internal

Code quality improvements including DIFC struct consolidation, DeduplicateStrings helper extraction, Rust guard cleanup, and schema/workflow toolchain upgrades to v0.61.2.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.19
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• 🔄 chore(schema): update schema URL to v0.61.1 by @github-actions[bot] in #2101
• Remove dead contributor-verification scaffolding and fix redundant MCP unwrapping in rust-guard by @Copilot in #2105
• refactor: extract checkBoolFailure helper in parseLabelAgentResponse by @Copilot in #2106
• fix: routed server resource leak and hardcoded version strings by @Copilot in #2107
• refactor: consolidate duplicate DIFC filtered-item struct and tagsToStrings by @Copilot in #2111
• fix: suppress dead_code warning on is_forked_pull_request_with_callback by @lpcox in #2118
• chore: upgrade gh-aw agent config and recompile workflows to v0.61.2 by @lpcox in #2128
• Fix broken ${PWD} volume mount, misleading ${VAR} note, and undocumented tools field behaviour in TOML config by @Copilot in #2121
• refactor: extract DeduplicateStrings helper to eliminate duplicated dedup logic by @Copilot in #2123
• Add agentic workflow repo-assist by @lpcox in #2131
• chore: add guard policy to repo-assist workflow by @lpcox in #2134
• feat(guard): elevate trusted first-party bot integrity to approved by @lpcox in #2144

Full Changelog: v0.1.18...v0.1.19

v0.1.18

🌟 Release Highlights

This release extends MCP Gateway's DIFC (Decentralized Information Flow Control) security coverage to GitHub Projects tools, ensuring consistent data labeling across more of the GitHub MCP server surface area.

✨ What's New

• DIFC labeling for GitHub Projects tools — GitHub Projects tool responses are now properly labeled with secrecy and integrity tags, aligning Projects data with the same security guarantees already applied to other GitHub MCP tools. This matters for deployments using guard policies that rely on DIFC labels to enforce data flow rules. See the Guard Response Labeling docs for details. (#2095)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.18
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• feat(guard): add DIFC labeling for GitHub Projects tools by @Copilot in #2095

Full Changelog: v0.1.17...v0.1.18

v0.1.17

🌟 Release Highlights

This release improves observability for DIFC (Decentralized Information Flow Control) filtering by co-locating filter events with RPC traffic in the JSONL log, along with build and lint fixes to stabilize the codebase.

⚡ Improvements

• DIFC filter events now appear in rpc-messages.jsonl — Filter events triggered during tool calls are written to the same JSONL stream as RPC request/response traffic (#2077). This makes it significantly easier to correlate which tool call triggered a DIFC filter event when analyzing logs, without needing a separate log file.

🐛 Bug Fixes

• Build fix: type mismatch in LogDifcFilteredItem — Resolved a compile error where *JSONLFilteredItem was incorrectly passed to LogMessage, which only accepts *JSONLRPCMessage (#2080).
• Lint fix: missing FilteredItemLogEntry type — Added the FilteredItemLogEntry struct and buildFilteredItemLogEntry function referenced by tests but absent from production code (#2078).
• Rust guard fix: restored #[allow(dead_code)] on is_bot helper — The attribute was accidentally removed in a prior cleanup, causing a warning for a function used only in test code (#2074).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.17
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• fix: restore #[allow(dead_code)] on is_bot helper by @lpcox in #2074
• fix: add FilteredItemLogEntry type and buildFilteredItemLogEntry to fix lint failure by @Copilot in #2078
• fix: type mismatch in LogDifcFilteredItem causes build failure by @Copilot in #2080
• refactor: move DIFC filter events into JSONL log by @lpcox in #2077

Full Changelog: v0.1.16...v0.1.17

v0.1.16

What's Changed

• 🔄 chore: update schema URL to v0.58.2 by @github-actions[bot] in #1892
• [log] difc: add debug logging to path_labels.go by @github-actions[bot] in #1888
• [test] Add tests for mcp.callSDKMethod and related dispatch functions by @github-actions[bot] in #1889
• [test-improver] Improve tests for config/rules package by @github-actions[bot] in #1890
• fix: suppress staticcheck SA1012 for intentional nil context test by @lpcox in #1895
• chore: upgrade gh-aw v0.56.2 → v0.58.2 with recompiled workflows by @lpcox in #1898
• Fix SA1012 staticcheck lint failure in sdk_method_dispatch_test.go by @Copilot in #1897
• Fix documentation discrepancies from nightly audit by @Copilot in #1896
• chore: scope all workflows to github/gh-aw-mcpg with min-integrity unapproved by @lpcox in #1906
• fix: remove unavailable tools from smoke-copilot workflow by @lpcox in #1911
• fix: eliminate duplicate sys tool delegation block via callSysServer helper by @Copilot in #1910
• refactor: eliminate duplicate code patterns in internal/difc package by @Copilot in #1916
• chore: disable issue-monster scheduled runs by @lpcox in #1917
• docs: fix documentation discrepancies from reconciliation report 2026-03-13 by @Copilot in #1919
• feat: add Rust Guard Improver daily workflow by @lpcox in #1920
• refactor: deduplicate code across logger, validation, and launcher packages by @lpcox in #1926
• fix(config): remove dead *toml.ParseError pointer assertion and use %w error wrapping by @Copilot in #1929
• tty: add IsStdoutTerminal, StderrTerminalWidth, and IsInteractiveTerminal by @Copilot in #1931
• refactor: semantic function clustering — absorb dockerutil, reduce duplication, move outlier free functions by @Copilot in #1933
• feat: add Guard Status Tracker workflow for issue #1711 by @lpcox in #1938
• refactor: eliminate duplicate dispatch, config resolution, and label flow patterns by @Copilot in #1953
• docs: fix 4 documentation discrepancies from nightly reconciliation by @Copilot in #1959
• [log] difc/agent: add debug logging to bulk label operations by @github-actions[bot] in #1965
• fix: correct write-sink accept patterns in README examples by @lpcox in #1969
• chore: cleanup stale docs and trim README by @lpcox in #1976
• chore: restructure README around quickstart and guard policies by @lpcox in #1979
• refactor: Move guard-policy parsing, AllowOnly factory, and DIFC sink state to proper packages by @Copilot in #1987
• fix: gofmt formatting in connection_pool_test.go by @Copilot in #1993
• [test] Add tests for config.fetchAndFixSchema transformations and launcher.cleanupIdleConnections closed state by @github-actions[bot] in #1973
• [test-improver] Improve tests for logger package by @github-actions[bot] in #1974
• refactor: eliminate duplicate code in DIFC labels and RPC logger by @Copilot in #2006
• rust-guard: deduplicate MCP unwrapping and remove dead code in permissions.rs by @Copilot in #2013
• fix: suppress dead_code warnings in github-guard by @lpcox in #2014
• Corrected DIFC terminology by @lpcox in #2022
• docs: add missing env vars to AGENTS.md by @Copilot in #2029
• rust-guard: Extract duplicated repo_visibility_* helpers and clean up stale #[allow(dead_code)] in constants by @Copilot in #2030
• fix: remove unused cleared variable causing lint failure by @Copilot in #2038
• [log] Add debug logging to difc/sink_server_ids by @github-actions[bot] in #2034
• 🔄 chore: update schema URL to v0.59.0 by @github-actions[bot] in #2044
• docs: fix /health endpoint description and expand CONTRIBUTING.md core features by @Copilot in #2059
• docs: fix FIRST_TIME_CONTRIBUTOR integrity level classification by @Copilot in #2062
• [rust-guard] Remove dead helpers + extract repeated private-repo integrity expression by @Copilot in #2060
• Fix failing integration test: update playwright tool count and naming format by @Copilot in #2067
• [WIP] [67489714827] Fix the failing GitHub Actions workflow lint by @Copilot in #2069
• feat(difc): structured logging for every filtered item by @lpcox in #2066

Full Changelog: v0.1.15...v0.1.16

v0.1.15

🌟 Release Highlights

This release focuses on write-sink guard capabilities, expanding how MCP Gateway controls data flow to backend servers — with simplified wildcard configuration, comprehensive scope-type support, and a notable RFC 6901 path-matching fix.

✨ What's New

• Write-Sink Guard (#1772, #1773): A new write-sink guard type lets you control which tools can write data to backend MCP servers, enforcing data flow policies at the gateway level.
• Wildcard Accept for Write-Sink (#1868): Configure write-sink guards with accept = ["*"] to allow all repositories — simplifying permissive policies without enumerating every repo.
• Full Scope-Type Coverage for Write-Sink (#1828): Write-sink accept rules now support all repository scope types (owner-wildcard, owner/repo, and bare owner), with complete documentation and tests.

🐛 Bug Fixes & Improvements

• RFC 6901 Path Matching Fix (#1863): extractIndexFromPath now correctly handles JSON Pointer (/-prefixed) paths per RFC 6901, preventing silent mismatches in DIFC path label resolution.
• WASM Guard Reliability (#1849): Corrected a malformed WASM binary and stale test expectation in guard tests, ensuring WASM-based guards compile and behave correctly.
• Schema Updated to v0.57.2 (#1755): Configuration validation now targets the latest schema version.

📚 Documentation

• DIFC Flags & Environment Variables (#1790): README now documents all DIFC-related CLI flags and environment variables, making it easier to configure data flow control.
• README Consistency (#1803): Resolved inconsistencies across documentation files and the README for a more reliable reference.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.15
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• added write sink by @lpcox in #1772
• added write sink by @lpcox in #1773
• test: add server-level tests for write-sink and allow-only guard policies by @lpcox in #1783
• docs: add missing DIFC flags and environment variables to README by @claude in #1790
• Refactor duplicate code patterns in logger and DIFC packages by @claude in #1791
• Refactor duplicate code patterns in DIFC package by @claude in #1792
• [log] Add debug logging to difc/path_labels.go by @github-actions[bot] in #1727
• [test] Add tests for config.NormalizeGuardPolicy and guard policy helpers by @github-actions[bot] in #1728
• [test-improver] Improve tests for tty package by @github-actions[bot] in #1742
• 🔄 chore: update schema URL to v0.57.2 by @github-actions[bot] in #1755
• [test] Add tests for mcp HTTP transport pure functions by @github-actions[bot] in #1788
• [test-improver] Improve tests for logger/rpc_logger package by @github-actions[bot] in #1789
• fix: remove duplicate test functions in internal/mcp by @lpcox in #1801
• docs: Fix inconsistent documentation files and update README by @claude in #1803
• feat: document and test write-sink accept rules for all repos scope types by @lpcox in #1828
• [log] Add debug logging to guard_policy.go by @github-actions[bot] in #1817
• [test] Add tests for guard.parseLabelAgentResponse by @github-actions[bot] in #1818
• [test-improver] Improve tests for guard package: cover pure parser functions by @github-actions[bot] in #1819
• Completing task by @claude in #1843
• Fix context-in-struct anti-pattern and add wazero best practices by @claude in #1834
• Refactor: extract isValidTokenString helper to eliminate duplicate validation logic by @claude in #1833
• Remove duplicate integrity constant declarations in guard_policy.go by @claude in #1832
• fix: correct malformed WASM binary and stale test expectation in guard tests by @lpcox in #1849
• refactor: extract duplicate code patterns into helpers by @claude in #1855
• [log] cmd/flags_difc: add debug logging for DIFC policy and mode resolution by @github-actions[bot] in #1856
• Fix extractIndexFromPath RFC 6901 prefix matching and clean up test comments by @Copilot in #1863
• [test] Add tests for difc package: getItems, AddIntegrityTags, Intersect, checkFlowHelper by @github-actions[bot] in #1860
• feat: add wildcard accept ["*"] for write-sink guards by @lpcox in #1868
• [test-improver] Improve tests for mcp schema package by @github-actions[bot] in #1867
• fix: remove duplicate TestNormalizeInputSchema_NilSchema by @lpcox in #1873

Full Changelog: v0.1.14...v0.1.15

v0.1.14

🌟 Release Highlights

This release resolves a critical DIFC compatibility issue that prevented output servers (such as safeoutputs) from working correctly when the GitHub guard is active.

✨ What's New

Write-Sink Guard for DIFC-Compatible Output Servers (#1760)

When the GitHub guard is active, agents accumulate integrity tags (e.g., unapproved:github/gh-aw*, approved:github/gh-aw*). Output servers using noop guards returned empty labels, causing DIFC read evaluation to fail — the resource integrity was lower than the agent's integrity.

The new WriteSinkGuard fixes this by:

• Mirroring agent secrecy tags onto the resource, preventing secrecy violations for private repositories
• Returning OperationWrite instead of OperationReadWrite, bypassing the failing read integrity check
• Auto-upgrading noop guards to write-sink guards after DIFC detection — no manual configuration needed

Check	Before (Noop Guard)	After (Write-Sink Guard)
Read integrity	❌ fails — empty < agent tags	✅ skipped (OperationWrite)
Write integrity	✅ no requirements	✅ no requirements
Write secrecy	❌ agent tags ⊄ empty	✅ resource mirrors agent tags

See docs/GUARD_RESPONSE_LABELING.md for more on DIFC guard behavior.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.14
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• updated to v0.1.13 by @lpcox in #1757
• feat: write-sink guard for DIFC-compatible output servers by @lpcox in #1760

Full Changelog: v0.1.13...v0.1.14

v0.1.13

🌟 Release Highlights

This release focuses on correctness and reliability improvements — two important bug fixes ensure guards and gateway URL routing behave as expected in production deployments.

🐛 Bug Fixes & Improvements

• Guard policy fallback corrected (#1741): When a server has explicit guard policies configured, non-noop guards are now correctly preserved rather than being discarded during fallback resolution. This ensures security policies are consistently enforced when mixing per-server and global guard configurations.

• Gateway output URLs use localhost (#1753): Gateway-advertised URLs (consumed by host-side connectivity checks) now correctly resolve to 127.0.0.1 instead of the configured Gateway.Domain. The domain mapping for container access is handled downstream, so using the domain in output URLs caused connectivity check failures.

🔧 Reliability

• Integration tests are more stable with polling-based stderr wait, eliminating intermittent failures in CI (#1746).
• A daily smoke test workflow for AllowOnly guard policies provides continuous validation of guard enforcement (#1729).
• CI workflows now use the standard GHCR image directly, removing redundant local build steps (#1731, #1736).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.13
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

For complete details, see the full release notes.

Generated by Release

---

What's Changed

• Add daily AllowOnly guard smoke test workflow by @lpcox in #1729
• Remove local build steps, use standard GHCR image by @lpcox in #1731
• Remove local container build from smoke-copilot workflow by @lpcox in #1736
• move mcpg to v0.1.12 by @lpcox in #1737
• Fix guard fallback to preserve non-noop guards when server guard policies exist by @claude in #1741
• Fix flaky integration tests with polling-based stderr wait by @lpcox in #1746
• fix: don't use Gateway.Domain in gateway output URLs by @lpcox in #1753

Full Changelog: v0.1.12...v0.1.13