🌟 Release Highlights

This release focuses on security hardening with expanded DIFC label coverage, GitHub Actions OIDC authentication for HTTP MCP servers, and improved integrity filtering based on collaborator permissions.

✨ What's New

• GitHub Actions OIDC Authentication (#2878): Custom HTTP MCP servers can now authenticate using GitHub Actions OIDC tokens — enabling more secure, credential-free authentication in CI/CD workflows. See the Proxy Mode docs for configuration details.

• Collaborator Permission–Based Integrity Filtering (#2863): Integrity filtering now uses collaborator permission levels for more accurate and meaningful access control decisions, ensuring the right level of trust is applied based on actual repository permissions.

• Expanded DIFC Labels for Write Tools (#2873): DIFC security labels now cover 30 additional write tools, closing gaps in information flow control coverage and reducing the attack surface for sensitive write operations. See the Guard Response Labeling docs.

• DIFC Proxy Feature Enabled on All Guarded Workflows (#2885): The difc-proxy feature flag is now active across all guarded workflows, providing consistent DIFC enforcement throughout the request pipeline.

• MCP Gateway Spec v1.9.0 (#2850): Updated to MCP Gateway specification version 1.9.0. See the Configuration docs for compatibility details.

🐛 Bug Fixes & Improvements

• Broader Guard Coverage for gh repo Operations (#2806): All modifying gh repo operations are now blocked by the guard, preventing unintended repository mutations.

• Repo-Assist Min-Integrity Adjustment (#2890): The repo-assist minimum integrity level has been lowered to unapproved, allowing it to function correctly in more workflow scenarios.

• Code Deduplication in Server & Guard Packages (#2852): Eliminated three duplicate-code patterns across server and guard packages, improving maintainability and reducing the risk of inconsistent behavior.

📚 Documentation

• Proxy Mode Auth Token Docs (#2821): The Proxy Mode guide now documents GITHUB_PERSONAL_ACCESS_TOKEN as an authentication option, clarifying supported token types for proxy mode configurations.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.10
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• Guard coverage: block all modifying gh repo operations by @Copilot in #2806
• docs: add GITHUB_PERSONAL_ACCESS_TOKEN to proxy mode auth token docs by @Copilot in #2821
• [log] Add debug logging to config/docker_helpers.go by @github-actions[bot] in #2824
• [test-improver] Improve tests for version package by @github-actions[bot] in #2833
• [test] Add tests for proxy.replaceNodesArray by @github-actions[bot] in #2834
• 🔄 chore: update schema URL to v0.64.4 by @github-actions[bot] in #2836
• bump MCPGatewaySpecVersion to 1.9.0 by @Copilot in #2850
• rust-guard: remove dead permissions.rs and deduplicate username lookup by @Copilot in #2851
• fix: eliminate three duplicate-code patterns across server and guard packages by @Copilot in #2852
• feat: use collaborator permission level for integrity filtering by @lpcox in #2863
• chore: upgrade gh-aw to v0.64.5 and recompile all workflows by @lpcox in #2871
• feat(guard): add DIFC labels for 30 write tools and clean up stale entries by @lpcox in #2873
• fix(guard): resolve all Rust clippy warnings by @lpcox in #2874
• feat: GitHub Actions OIDC token authentication for custom HTTP MCP servers by @Copilot in #2878
• feat: enable difc-proxy feature flag on all guarded workflows by @lpcox in #2885
• fix: lower repo-assist min-integrity to unapproved by @lpcox in #2890

Full Changelog: v0.2.9...v0.2.10