Skip to content

[deps-release-notes] mcpg — upstream release action items #1253

Description

@github-actions

Rolling upstream release action items — mcpg

This is the single canonical tracking issue for action items from new mcpg releases. The update-awf-version workflow appends a comment here for each version bump going forward — the most recent activity lives in the comments below. This body consolidates everything filed so far.

Latest pinned version covered: 0.3.32

Consolidated history (earliest → latest)

0.3.120.3.23 (was #882)

  • OTel span attributes aligned with gen_ai semantic conventions (v0.3.16): MCPG now emits OTel spans following the OpenTelemetry gen_ai semconv. ado-aw's audit analyzer (src/audit/analyzers/otel.rs) may need updating if it relies on specific MCPG span field names.
  • Per-session tool call limits in allow-only guard policies (v0.3.20): MCPG enforces per-session limits in allow-only mode; ado-aw could expose as a configurable field (e.g., tools.call-limit:).
  • Timeout fields added to embedded JSON schema (v0.3.23): MCPG config schema now includes timeout fields; ado-aw should review whether to surface in engine: or tools: front-matter.
  • Security: GHE Cloud data residency proxy routing fix (v0.3.23): GraphQL requests were routed to wrong upstream for GHE Cloud data-residency tenants; fixed automatically on version bump.

0.3.230.3.24 (was #903)

  • Breaking: "API key" surface renamed to "Agent ID" (v0.3.24): Deprecated compatibility aliases removed; gateway now uses X-Agent-ID for routing. Audit MCPG config types in src/compile/extensions/mod.rs for any removed alias fields.
  • Unauthenticated /reflect endpoint for live DIFC label snapshots (v0.3.24): New diagnostics endpoint; ado-aw's audit/status commands could use this for richer DIFC diagnostics.

0.3.230.3.25 (was #931)

  • Security: $ENV expansion disabled in tool response filters (v0.3.25): Prevents environment variable leakage/injection through crafted tool responses. Verify any custom filter expressions remain functional.
  • Metadata endpoint allowlisting (v0.3.25): MCPG proxy now allowlists metadata endpoints and passes through unrecognized reads; may resolve prior MCP client liveness/metadata call blocking.

0.3.250.3.26 (was #1059)

  • OTLP multi-endpoint fan-out via GH_AW_OTLP_ENDPOINTS (v0.3.26): MCPG supports sending OTel telemetry to multiple OTLP endpoints; ado-aw could expose in compiled pipeline variables.
  • Deprecation: MCP_GATEWAY_API_KEYMCP_GATEWAY_AGENT_ID (v0.3.26): run.sh now reads MCP_GATEWAY_AGENT_ID with deprecated fallback for MCP_GATEWAY_API_KEY. ado-aw generates pipelines that set MCP_GATEWAY_API_KEY (src/compile/agentic_pipeline.rs, src/compile/common.rs); migrate to MCP_GATEWAY_AGENT_ID before the fallback is removed.

0.3.250.3.27 (was #1119)

  • GitHub MCP Server v1.3.0 support (v0.3.27): MCPG routes PR commits and supports get_file_blame spec; verify GitHub MCP extension config + network allowlists are compatible.
  • refusal-labels guard policy (v0.3.27): New guard policy type for classifying agent refusals; ado-aw could expose in MCPG configuration.
  • MCP_GATEWAY_SHUTDOWN_TIMEOUT env var documented (v0.3.27): ado-aw could expose in generated pipeline teardown steps.

0.3.250.3.28 (was #1169)

  • Security: wazero WASM guard hardening (v0.3.28): Added memory cap and backend call limit to wazero WASM runtime; protects against malicious/malformed WASM guards. Consumers benefit automatically on upgrade.

0.3.250.3.29 (was #1185)

  • Security: DIFC labeling gaps covered (v0.3.28): get_code_quality_finding, ui_get, add_gpg_key, add_ssh_key previously lacked DIFC integrity/secrecy labels; gap now closed. Older MCPG versions did not enforce integrity for these operations.
  • Opt-in observed URL domain audit pipeline (v0.3.29): Records which URL domains appear in MCP tool responses + write sinks; ado-aw could expose opt-in flag and surface data in ado-aw audit reports.

0.3.290.3.31 (was #1242)

  • Gateway domain validation widened to RFC-1123 topology hostnames (v0.3.30): Accepts topology hostnames like my-server.namespace.svc.cluster.local; fixes unexpected validation errors.
  • Prompt passthrough via go-sdk (v0.3.31): Fixes context propagation + adds prompt passthrough through SDK-mediated backend calls.
  • DIFC proxy GHEC data-residency REST API host derivation fix (v0.3.31): Fixes wrong API host calculation for GHEC data-residency deployments.

0.3.290.3.32 (was #1253) — canonical

  • GitHub reaction operations classified as WRITE_OPERATIONS (v0.3.32): Adding/removing emoji reactions now subject to DIFC integrity enforcement. Agents calling GitHub reaction APIs require adequate DIFC integrity clearance. This is a security tightening — confirm DIFC integrity level is configured correctly.

Consolidated by the Deps Release-Notes Consolidator workflow. Superseded per-release issues were closed and point here.

Generated by Deps Release-Notes Consolidator · 319.3 AIC · ⌖ 17.7 AIC · ⊞ 6.6K ·

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions