v0.3.19

What's Changed

• [test] Add tests for proxy response_transform uncovered branches by @github-actions[bot] in #6318
• [log] Add debug logging to WASM compilation cache lifecycle by @github-actions[bot] in #6321
• [test-improver] Improve tests for cmd package: applyFlagOrEnv coverage by @github-actions[bot] in #6322
• [Repo Assist] fix(cmd): apply OTEL_SERVICE_NAME env var override to tracing config by @github-actions[bot] in #6344
• docs: refresh release highlights for v0.3.18 by @Copilot in #6358
• [test] Add tests for guard.callWasmFunction buffer retry logic by @github-actions[bot] in #6359
• [test-improver] Improve tests for config package by @github-actions[bot] in #6371
• [log] Add debug logging to httputil GitHub HTTP helpers by @github-actions[bot] in #6370
• [Repo Assist] refactor(guard): extract decodeWasmCallResult and unmarshalWasmResponse helpers by @github-actions[bot] in #6397
• [test] Add tests for config.validateToolResponseFilters and config.validateServerAuth by @github-actions[bot] in #6405
• [log] Add debug logger to mcp/collaborator_permission.go by @github-actions[bot] in #6419
• [test-improver] Improve tests for httputil package by @github-actions[bot] in #6420
• docs: make root config examples discoverable from Quick Start and config reference by @Copilot in #6431
• Reconcile guard-policy tags with docs and clarify stdin config behavior in Quick Start by @Copilot in #6434
• Refactor collaborator-permission tool helpers into internal/httputil by @Copilot in #6433
• Close GitHub guard DIFC gaps for search_commits and FF list_issues variant by @Copilot in #6432
• testify: fix assertion anti-patterns, promote require.NoError, expand JSONEq by @Copilot in #6471
• rust-guard: replace magic integrity strings with constants; add security-tool label tests by @Copilot in #6470
• [Repo Assist] refactor(rust-guard): use policy_integrity constants and add security-tool label tests by @github-actions[bot] in #6466
• Standardize gateway JSONL records with event/_schema and millisecond timestamps by @Copilot in #6485
• [test] Add tests for sys.DetectContainerID and refactor for testability by @github-actions[bot] in #6486
• chore: upgrade gh-aw workflows to v0.75.4 by @lpcox in #6493

Full Changelog: v0.3.18...v0.3.19

v0.3.18

🌟 Release Highlights

This release focuses on hardening the WASM guard subsystem, improving code quality through targeted refactoring, and expanding test coverage for the Rust guard and collaborator permission packages.

✨ What's New

• WASM guard robustness (#6290, #6296): The wazero-based guard runtime now handles oversized call_backend responses via a size-hint protocol, uses larger I/O buffers, improves cache reconfiguration locking, and adds fallback-path coverage — making guard execution more reliable under high-load and edge-case conditions.

• DIFC flags module (#6243): Guard policy override logic has been refactored into a dedicated DIFC flags module, improving maintainability and consistency of security policy enforcement.

🐛 Bug Fixes & Improvements

• Config map expansion (#6289): Stdin config map expansion no longer duplicates environment/header logic, reducing the risk of subtle configuration drift.
• Flag/env override helper (#6288): A shared applyFlagOrEnv helper eliminates duplicated flag-override patterns across CLI commands.

🔬 Testing & Reliability

• Expanded Rust guard test coverage for GraphQL node paths and GitHub URL repo extraction (#6284, #6291).
• Improved unit tests for the MCP collaborator permission package (#6249).
• Added debug logging to proxy/graphql_rewrite.go for easier diagnostics (#6248).

🐳 Docker Image

docker pull ghcr.io/github/gh-aw-mcpg:v0.3.18
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

---

What's Changed

• Refactor guard policy override helper into DIFC flags module by @Copilot in #6243
• [test-improver] Improve tests for mcp collaborator permission package by @github-actions[bot] in #6249
• [log] Add debug logging to proxy/graphql_rewrite.go by @github-actions[bot] in #6248
• [Repo Assist] test(rust-guard): add GraphQL path and URL-parsing tests for helpers.rs by @github-actions[bot] in #6284
• refactor: extract applyFlagOrEnv helper to eliminate duplicate flag-override logic by @Copilot in #6288
• Harden wazero guard I/O defaults, cache reconfiguration locking, and fallback-path coverage by @Copilot in #6290
• Refactor stdin config map expansion to remove duplicated env/header logic by @Copilot in #6289
• Add rust-guard helper test coverage for GraphQL node paths and GitHub URL repo extraction by @Copilot in #6291
• fix(go-fan): remove edit tool, embed module summary in issue body by @Copilot in #6292
• Handle oversized WASM call_backend responses via size-hint protocol + larger guard buffers by @Copilot in #6296

Full Changelog: v0.3.17...v0.3.18

v0.3.17

What's Changed

• 🔄 chore: update schema URL to v0.74.8 by @github-actions[bot] in #6186
• rust-guard: hoist invariant response-path labels and dedupe PR number extraction by @Copilot in #6211
• [Repo Assist] perf(rust-guard): hoist invariant label calls and dedup PR number extraction by @github-actions[bot] in #6201
• Deduplicate get_collaborator_permission REST fetch logic across unified server and proxy by @Copilot in #6208
• gojq: dual-error timeout diagnostics, disable $ENV in schema filter, document WithVariables pattern by @Copilot in #6210
• refactor: extract DoGitHubGET helper to eliminate duplicated GitHub HTTP request construction by @Copilot in #6209
• docs: add OTel/Sentry tracing documentation by @lpcox in #6227
• [test] Add tests for proxy.restBackendCaller.CallTool uncovered tool cases by @github-actions[bot] in #6236

Full Changelog: v0.3.16...v0.3.17

v0.3.16

What's Changed

• fix: bump smoke-otel-tracing mcpg to v0.3.14 by @lpcox in #6136
• feat(tracing): align span attributes with gen_ai semantic conventions by @lpcox in #6153
• [log] guard: add debug logging to parsePathLabeledResponse and parseCollectionLabeledData by @github-actions[bot] in #6154
• refactor: move outlier functions to semantically correct files by @Copilot in #6152
• [test-improver] Improve tests for proxy TLS package by @github-actions[bot] in #6160

Full Changelog: v0.3.15...v0.3.16

v0.3.15

What's Changed

• [test] Add tests for strutil.RandomHex error path and fix SanitizeArgs dead code by @github-actions[bot] in #6112
• fix(tracing): append /v1/traces to OTLP endpoint per spec by @lpcox in #6137
• fix(tracing): use URL parsing for /v1/traces path append by @lpcox in #6141

Full Changelog: v0.3.14...v0.3.15

v0.3.14

What's Changed

• chore: bump smoke-otel-tracing mcpg to v0.3.13 by @lpcox in #6114
• Extract BaseResponseWriter to httputil to eliminate duplicate status-capture code by @Copilot in #6106
• Refactor duplicated OTEL tracer-holder logic in unified and proxy handlers by @Copilot in #6107
• fix: flush tracing spans on /close endpoint shutdown by @lpcox in #6115
• ci: pin container.yml GitHub Actions to immutable SHAs by @Copilot in #6109
• cobra: enable traverse hooks, drop completion no-op override, add proxy GroupID by @Copilot in #6108

Full Changelog: v0.3.13...v0.3.14

v0.3.13

What's Changed

• [test-improver] Improve tests for cmd stdout_config by @github-actions[bot] in #5911
• Raise PR enrichment buffer to 64 KB in Rust guard by @Copilot in #5938
• Cache compiled custom JSON schemas for repeated custom server validation by @Copilot in #5940
• Rust guard: remove redundant rate-limit branch and make reset parsing allocation-free by @Copilot in #5941
• Reconcile docs with implemented CLI, linting, and test override behavior by @Copilot in #5926
• chore: recompile smoke-otel-tracing lock file by @lpcox in #5962
• [test] Add tests for server.nonceCache.evictExpired by @github-actions[bot] in #5965
• [test-improver] Improve tests for middleware package by @github-actions[bot] in #5972
• 🔄 chore: update schema URL to v0.74.4 by @github-actions[bot] in #5985
• [log] Add debug logging to LoadGatewayTLS by @github-actions[bot] in #5971
• [Repo Assist] perf(rust-guard): hoist invariant integrity/secrecy calls outside per-item loops by @github-actions[bot] in #6005
• Reconcile AGENTS/CONTRIBUTING docs with current config and auth behavior by @Copilot in #6018
• ci: pin actions/github-script to immutable SHA and upgrade to v9.0.0 by @Copilot in #6016
• [test] Add tests for server.parseRateLimitResetFromText edge cases by @github-actions[bot] in #6021
• Upgrade go-sdk to v1.6.0 and consolidate session-missing detection by @Copilot in #6017
• Refactor env int parsing and clarify logger sink intent by @Copilot in #6019
• Refactor Docker -e passthrough handling into shared envutil walker by @Copilot in #6034
• Reconcile docs with MCP_GATEWAY_PORT runtime behavior and Rust guard test guidance by @Copilot in #6039
• [log] Add debug logging to GitHub API URL derivation by @github-actions[bot] in #6043
• feat: enable Sentry OTLP export in smoke-otel-tracing by @lpcox in #6064
• fix: add sentry.io to network allowlist for OTLP export by @lpcox in #6073
• fix: use array format with x-sentry-auth header for Sentry OTLP by @lpcox in #6079
• [test-improver] Improve tests for config package: fix flaky network error test by @github-actions[bot] in #6050
• [Repo Assist] test(rust-guard): add list_commits tests for default-branch vs feature-branch integrity by @github-actions[bot] in #6095
• fix: use x-sentry-token header for Sentry OTLP auth by @lpcox in #6082

Full Changelog: v0.3.12...v0.3.13

v0.3.12

What's Changed

• Support gh CLI /meta probe in DIFC proxy by @Copilot in #5924

Full Changelog: v0.3.11...v0.3.12

v0.3.11

What's Changed

• [test-improver] Improve tests for mcp/tool_result by @github-actions[bot] in #5788
• [log] Add debug logging to circuit breaker key events by @github-actions[bot] in #5786
• [test] Add tests for config.StdinServerConfig.UnmarshalJSON by @github-actions[bot] in #5825
• proxy: replace http.Error with httputil.WriteErrorResponse for consistent JSON error shape by @Copilot in #5819
• fix(guard): classify discussion_comment_write; add list_repository_collaborators DIFC rules by @Copilot in #5818
• refactor: rename guard/init.go, relocate expandTracingVariables, consolidate collaborator_permission helpers by @Copilot in #5844
• Align list_repository_collaborators DIFC integrity to reader-level by @Copilot in #5843
• [log] Add debug logging to listTools, listResources, listPrompts in connection_methods.go by @github-actions[bot] in #5852
• [Repo Assist] refactor(server): add legacyPolicySource constant in guard_init.go by @github-actions[bot] in #5880
• feat: read OTEL_EXPORTER_OTLP_HEADERS env var as fallback for OTLP export headers by @lpcox in #5849
• Reconcile contributor and runtime docs with current verification and startup defaults by @Copilot in #5884
• [test-improver] Improve tests for cmd package (flags_tracing) by @github-actions[bot] in #5853
• Refactor guard initialization to centralize noop fallback construction by @Copilot in #5885
• Refactor legacy guard policy fallback source handling by @Copilot in #5886
• [test] Add tests for server.WithOTELTracing by @github-actions[bot] in #5892

Full Changelog: v0.3.10...v0.3.11

v0.3.10

What's Changed

• feat: use latest mcpg container image in smoke-copilot by @lpcox in #5705
• smoke-copilot: add artifact readability test by @lpcox in #5711
• [log] Add debug logging to ResolveGuardPolicyOverride in guard_policy_parse.go by @github-actions[bot] in #5714
• [test-improver] Improve tests for server/system_tools package by @github-actions[bot] in #5715
• [Repo Assist] refactor(config): add envutil.HasEnvVar and hasMapKeyVariants helpers by @github-actions[bot] in #5750
• rust-guard: remove hot-path scope/integrity allocations via Cow<str> and zero-alloc rank matching by @Copilot in #5754
• [test] Add tests for config.stripExtensionFieldsForValidation and assignLegacyIntAlias by @github-actions[bot] in #5762
• Refactor WASM guard detection placement and inline config validation log wrappers by @Copilot in #5774
• fix: fall back to stderr (not stdout) when log-dir is unwritable by @Copilot in #5773
• Reconcile docs with runtime behavior for env vars, launch flags, and config semantics by @Copilot in #5779

Full Changelog: v0.3.9...v0.3.10