Skip to content

v0.1.22

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Mar 23:03
v0.1.22
68537a8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release significantly expands MCP Gateway's security coverage, closing labeling gaps across 22 previously uncovered GitHub MCP tools and expanding the proxy router with 27 new routes and GraphQL patterns.

✨ What's New

πŸ” Comprehensive Guard Tool Coverage (#2291)

22 GitHub MCP read tools that previously fell through to the default catch-all case (inheriting empty labels) now have explicit integrity and secrecy labels. This means tools that were previously invisible to min-integrity filtering β€” or could silently leak private data β€” are now fully governed:

Category Tools Covered
Actions get_job_logs (marked secret β€” logs may contain leaked tokens)
User Context get_me, get_teams, get_team_members (private user/org data)
Discussions list_discussions, get_discussion, get_discussion_comments, list_discussion_categories
Gists list_gists, get_gist (private user content)
Git get_repository_tree
Labels list_label
Notifications list_notifications, get_notification_details
Projects projects_list, projects_get (new canonical tool names)
Security Advisories list_global_security_advisories, get_global_security_advisory, list_repository_security_advisories, list_org_repository_security_advisories
Search search_orgs
Repos list_starred_repositories

See the Guard Response Labeling docs for labeling semantics.

πŸ›£οΈ Proxy Router Expansion (#2291)

22 new REST routes and 5 GraphQL patterns bring the proxy router up to parity with the expanded guard coverage. Newly routed endpoints include:

  • Actions: workflow/run/job details, attempt logs, artifacts, caches, secrets, variables, environment config
  • Discussions: list, single, and comment endpoints (REST + GraphQL)
  • User: /user, SSH/GPG keys, viewer {} GraphQL query
  • Notifications: /notifications
  • Check runs: /commits/{sha}/check-runs and check-suites
  • Org-scoped: /orgs/{org}/actions/secrets|variables
  • Organization: organization() GraphQL pattern

See the Proxy Mode docs for routing details.

πŸ§ͺ Test Coverage

37 new unit tests cover every newly labeled tool's label_resource and label_response paths, ensuring correctness of integrity and secrecy assignments.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.22
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

  • feat: guard tool coverage for GitHub MCP server + proxy router expansion by @lpcox in #2291

Full Changelog: v0.1.21...v0.1.22

Contributors

lpcox
Assets 8
Loading