Skip to content

v0.2.9

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Mar 18:40
v0.2.9
e17005a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on security guard hardening, documentation improvements, and internal code quality β€” tightening access controls, improving observability docs, and reducing technical debt.

πŸ” Security & Guard Improvements

  • Expanded write-op guard coverage β€” pin_issue and unpin_issue are now properly classified as write operations, and transfer_repository is unconditionally blocked to prevent accidental or malicious repository transfers. (#2750)
  • Trusted bot recognition β€” copilot-swe-agent is now recognized as a trusted first-party bot, ensuring correct policy application when it acts as an agent. (#2777)

πŸ“š Documentation

  • AWF pipeline environment variable lifecycle β€” A new reference doc covers how environment variables flow through AWF pipelines, helping operators understand variable scoping and availability. (#2781) β€” See docs/AWF_PIPELINE_ENVIRONMENT_VARIABLES.md
  • Trusted users & bot flags documented β€” The --trusted-bots and --trusted-users flags, trusted-users config, and PORT fallback behavior are now fully documented. (#2789) β€” See docs/CONFIGURATION.md

πŸ› Bug Fixes

  • Logging correctness β€” Fixed duplicate log entries in session.go and misuse of logUnified, eliminating noisy or misleading log output. (#2788)
  • Static analysis fix β€” Removed redundant io.Writer type annotation flagged by staticcheck (QF1011). (#2780)

πŸ”§ Internal Improvements

  • Shared httputil package extracted to eliminate duplicate JSON response helpers across mcp and cmd packages.
  • Reduced duplicate code across loggers, validation, and session handling.
  • Debug logger added to cmd/proxy.go for improved proxy observability.
  • Expanded test coverage for FileLogger, ParsePolicyMap, ParseServerGuardPolicy, BuildAllowOnlyPolicy, and the new httputil package.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.9
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

  • Guard coverage: add pin_issue/unpin_issue write ops; unconditionally block transfer_repository by @Copilot in #2750
  • [log] Add debug logger to cmd/proxy.go by @github-actions[bot] in #2752
  • [test-improver] Improve tests for logger/FileLogger by @github-actions[bot] in #2760
  • [test] Add tests for config.ParsePolicyMap, ParseServerGuardPolicy, BuildAllowOnlyPolicy by @github-actions[bot] in #2761
  • fix(guard): add copilot-swe-agent to trusted first-party bots by @Copilot in #2777
  • chore: recompile all workflows with gh-aw v0.64.3 by @lpcox in #2779
  • fix: remove redundant io.Writer type annotation (staticcheck QF1011) by @lpcox in #2780
  • docs: add AWF pipeline environment variable lifecycle reference by @Copilot in #2781
  • Remove duplicate logging in session.go, fix logUnified misuse by @Copilot in #2788
  • docs: document trusted-users, --trusted-bots/--trusted-users flags, and PORT fallback by @Copilot in #2789
  • refactor: reduce duplicate code in loggers, validation, and session handling by @Copilot in #2790
  • refactor: extract shared httputil, remove trivial wrappers in mcp and cmd by @Copilot in #2794
  • test: add unit tests for internal/httputil package by @lpcox in #2800

Full Changelog: v0.2.8...v0.2.9

Contributors

lpcox
Assets 8
Loading