Skip to content

v0.3.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 24 Apr 01:05
· 11 commits to main since this release
v0.3.0
8c906c9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

MCP Gateway v0.3.0 brings a significant DIFC security change, improved HTTP MCP server support, and better agent observability.

πŸ”’ Security & DIFC

  • author_association: NONE now maps to unapproved integrity (#4430): GitHub's NONE association means "no association with the repo" β€” it does not imply the user is established. Previously mapped to the lowest none level (same as brand-new accounts), NONE now correctly maps to unapproved alongside CONTRIBUTOR and FIRST_TIME_CONTRIBUTOR. Only FIRST_TIMER (never committed to GitHub) remains at none. Documentation updated with rationale and links to GitHub API definitions.

  • DIFC filtering metadata for agents (#4427): Tool responses now include metadata that lets agents distinguish between "no results found" and "results were filtered by DIFC policy", improving agent decision-making when operating under security constraints.

πŸ› Bug Fixes

  • Fix HTTP MCP server startup failures (#4428): Disabled standalone SSE stream in the streamable HTTP transport, resolving startup failures when connecting to HTTP-based MCP backend servers.

  • Fix flag completion registration (#4413): Shell completions for --config, --log-dir, --payload-dir, and --env flags now work correctly (switched from MarkFlagFilename to RegisterFlagCompletionFunc).

✨ Improvements

  • Cobra CLI UX improvements (#4395, #4414): Added NoArgs enforcement, Example fields, AddGroup for organized help output, and improved command comments.

  • Rust guard performance (#4394): Eliminated ctx.clone() overhead and switched to &'static str in NormalizedPolicy for reduced allocations.

  • Deduplicated MCP text envelope construction (#4352): Shared helper eliminates duplicate raw MCP response envelope building.

  • Extracted LogAndWrapCollaboratorPermission helper (#4412): Removes duplicated parse/log/wrap logic for collaborator permission handling in the Rust guard.

  • Removed write-only owner-type cache (#4339): Simplified get_issue_author_association by removing unused cache code.

πŸ“š Documentation & Testing

  • Updated CONTRIBUTING.md to reflect actual make test-all behavior (#4346)
  • Added debug logging to HTTP utility functions (#4324)
  • New tests for proxy.initGuardPolicy (#4333), logger/rpc_formatter (#4332), httputil (#4383), JSONLLogger.logEntry (#4384)
  • Schema URL updated to v0.69.3 (#4387)

πŸ”§ Infrastructure

  • Upgraded all 31 workflows to gh-aw v0.71.0 (#4443): Migrated features.cli-proxy β†’ tools.github.mode: gh-proxy, bumped action versions.
  • Release immutability support (#4410): Release workflow now includes a make-immutable job.

Full Changelog: v0.2.30...v0.3.0

Assets 8
Loading