🌟 Release Highlights

This release resolves a critical DIFC compatibility issue that prevented output servers (such as safeoutputs) from working correctly when the GitHub guard is active.

✨ What's New

Write-Sink Guard for DIFC-Compatible Output Servers (#1760)

When the GitHub guard is active, agents accumulate integrity tags (e.g., unapproved:github/gh-aw*, approved:github/gh-aw*). Output servers using noop guards returned empty labels, causing DIFC read evaluation to fail — the resource integrity was lower than the agent's integrity.

The new WriteSinkGuard fixes this by:

• Mirroring agent secrecy tags onto the resource, preventing secrecy violations for private repositories
• Returning OperationWrite instead of OperationReadWrite, bypassing the failing read integrity check
• Auto-upgrading noop guards to write-sink guards after DIFC detection — no manual configuration needed

See docs/GUARD_RESPONSE_LABELING.md for more on DIFC guard behavior.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.14
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• updated to v0.1.13 by @lpcox in #1757
• feat: write-sink guard for DIFC-compatible output servers by @lpcox in #1760

Full Changelog: v0.1.13...v0.1.14

🌟 Release Highlights

This release focuses on correctness and reliability improvements — two important bug fixes ensure guards and gateway URL routing behave as expected in production deployments.

🐛 Bug Fixes & Improvements

• Guard policy fallback corrected (#1741): When a server has explicit guard policies configured, non-noop guards are now correctly preserved rather than being discarded during fallback resolution. This ensures security policies are consistently enforced when mixing per-server and global guard configurations.

• Gateway output URLs use localhost (#1753): Gateway-advertised URLs (consumed by host-side connectivity checks) now correctly resolve to 127.0.0.1 instead of the configured Gateway.Domain. The domain mapping for container access is handled downstream, so using the domain in output URLs caused connectivity check failures.

🔧 Reliability

• Integration tests are more stable with polling-based stderr wait, eliminating intermittent failures in CI (#1746).
• A daily smoke test workflow for AllowOnly guard policies provides continuous validation of guard enforcement (#1729).
• CI workflows now use the standard GHCR image directly, removing redundant local build steps (#1731, #1736).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.13
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• Add daily AllowOnly guard smoke test workflow by @lpcox in #1729
• Remove local build steps, use standard GHCR image by @lpcox in #1731
• Remove local container build from smoke-copilot workflow by @lpcox in #1736
• move mcpg to v0.1.12 by @lpcox in #1737
• Fix guard fallback to preserve non-noop guards when server guard policies exist by @claude in #1741
• Fix flaky integration tests with polling-based stderr wait by @lpcox in #1746
• fix: don't use Gateway.Domain in gateway output URLs by @lpcox in #1753

Full Changelog: v0.1.12...v0.1.13

🌟 Release Highlights

This release simplifies DIFC (Data Information Flow Control) configuration by removing explicit guard CLI flags — guards now activate automatically when policies are configured.

⚠️ Breaking Changes

The following CLI flags and environment variables have been removed. If you are using them, update your configuration accordingly:

✨ What's New

• Zero-config DIFC activation: Configure guard-policies with an allow-only rule and the gateway automatically enables DIFC guards — no additional flags required. This reduces configuration surface and eliminates a common source of misconfiguration.
• Schema validation with extension field stripping: Config validation now correctly handles extension fields (e.g., guard-policies) by stripping them before schema validation, enabling full spec compliance without rejecting valid configurations.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.12
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• cleanup: remove guard CLI flags, auto-detect DIFC from policies by @lpcox in #1723

Full Changelog: v0.1.11...v0.1.12

🔧 Maintenance Release

This release delivers targeted infrastructure fixes and schema updates to keep MCP Gateway running reliably.

🐛 Bug Fixes

• Release workflow WASM build fixed (#1715): Corrected a typo (targets: → target:) in the setup-rust-toolchain action input. The incorrect key was silently ignored, causing the wasm32-wasip1 target to not be installed and breaking WASM guard compilation during releases.

🔧 Internal

• Schema validation updated to v0.57.0 (#1713): MCP Gateway now validates configurations against schema v0.57.0, ensuring compatibility with the latest MCP specification.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.11
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• fix: use 'target' (singular) for setup-rust-toolchain action input by @lpcox in #1715
• 🔄 chore: update schema URL to v0.57.0 by @github-actions[bot] in #1713

Full Changelog: v0.1.10...v0.1.11

What's Changed

• 🔄 chore: pin schema URL to gh-aw v0.55.0 by @github-actions[bot] in #1658
• [test] Add tests for config.ExpandRawJSONVariables, expandVariablesCore, and validateMounts by @github-actions[bot] in #1666
• fix: 📚 Documentation Reconciliation Report - 2026-03-07 by @roberthallers in #1665
• Update GitHub Guard Terminology by @claude in #1669
• feat: Add GitHub DIFC enforcement with WASM guards, guard policies, and LabelAgent integration by @lpcox in #1674
• fix: routed URL host advertisement and allow-only key normalization by @lpcox in #1683
• github-guard: bake WASM into gateway image, align test/release workflows, and rename user-facing flags to "guards" by @lpcox in #1693
• Switch release workflow Rust setup to actions-rust-lang/setup-rust-toolchain by @Copilot in #1703
• Update copilot test expectations with proper behavior definitions and standardized report templates by @lpcox in #1702
• Upgrade agentic workflows by @lpcox in #1707

New Contributors

• @roberthallers made their first contribution in #1665

Full Changelog: v0.1.9...v0.1.10

🔧 Maintenance & Quality Release

v0.1.9 focuses on dependency upgrades, protocol compliance, code quality improvements, and documentation enhancements. No breaking changes for end users.

✨ What's New

• MCP Protocol 2025-11-25: MCP Gateway now negotiates using the latest protocol version (2025-11-25), improving compatibility with up-to-date MCP clients and servers (#1619)
• go-sdk v1.4.0: Upgraded the MCP Go SDK to v1.4.0, consolidating protocol constants and removing the deprecated HTTPTransport in favour of the current transport layer (#1598)
• Config Schema v0.53.6: Gateway configuration is validated against the latest spec schema (v0.53.6), picking up all recent schema improvements (#1592, #1610, #1640)
• customSchemas Documentation: New docs clarify how to configure custom schema URLs and the uppercase domain constraint — see the README for details (#1606)

🐛 Bug Fixes & Improvements

• Fixed a duplicate test function (TestWithResponseLogging) that caused lint failures during CI (#1599)
• Corrected the GitHub MCP test session fixture to keep integration tests reliable (#1630)

🔧 Internal

Significant code-health work this cycle: duplicate constants (DefaultLogDir, DefaultPayloadDir, DefaultPayloadSizeThreshold) centralized in the config package, repeated RPCMessageInfo construction eliminated, Docker helpers extracted into a dedicated file, and several micro-files consolidated — making the codebase easier to navigate and maintain (#1567, #1585, #1620, #1641).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.9
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• 🔄 chore: update schema URL to v0.53.2 by @github-actions[bot] in #1592
• refactor: eliminate three duplicate code patterns in launcher, config, and server packages by @Copilot in #1585
• fix: remove duplicate TestWithResponseLogging causing lint failure on merge by @Copilot in #1599
• go-sdk v1.4.0 upgrade + protocol constant consolidation + HTTPTransport removal by @Copilot in #1598
• 🔄 chore: update schema URL to v0.53.4 by @github-actions[bot] in #1610
• Resolve isHTTPConnectionError TODO and update MCPProtocolVersion to 2025-11-25 by @Copilot in #1619
• Eliminate duplicate constants: centralize DefaultLogDir, DefaultPayloadDir, DefaultPayloadSizeThreshold in config package by @Copilot in #1620
• docs: add customSchemas documentation and clarify domain uppercase constraint by @Copilot in #1606
• Fix test GitHub mcp session by @lpcox in #1630
• refactor: eliminate duplicate RPCMessageInfo construction and document flag-default pattern by @Copilot in #1567
• 🔄 chore: update schema URL to v0.53.6 by @github-actions[bot] in #1640
• Refactor: Consolidate micro-files and extract Docker helpers by @claude in #1641

Full Changelog: v0.1.8...v0.1.9

🌟 Release Highlights

This release delivers an important session handling fix for HTTP backend servers, along with internal quality improvements including expanded test coverage and enhanced debug logging.

🐛 Bug Fixes & Improvements

• HTTP backend session ID correctness — MCP Gateway now correctly uses the server-issued session ID when making tools/list calls to HTTP backends, rather than a client-generated ID. This resolves a subtle protocol compliance issue that could cause tool discovery to fail with HTTP-mode MCP servers. (#1559)

🔧 Internal

• Improved test coverage for server.setupSessionCallback, server.withResponseLogging, and the config/validation_env package (#1534, #1524)
• Added debug logging to writeGatewayConfig for easier gateway startup diagnostics (#1533, #1545)
• Added GHCR download tracking workflow for release monitoring (#1560, #1566)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.8
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• [log] Add debug logging to dockerutil/env.go by @github-actions[bot] in #1522
• fix: use server-issued session ID for HTTP backend tools/list by @lpcox in #1559
• Add daily GHCR download tracker workflow by @Copilot in #1560
• added downloads script by @lpcox in #1566
• [test-improver] Improve tests for config/validation_env package by @github-actions[bot] in #1524
• [log] Add debug logging to writeGatewayConfig in cmd/root.go by @github-actions[bot] in #1533
• [test] Add tests for server.setupSessionCallback and server.withResponseLogging by @github-actions[bot] in #1534
• Fix lint failure: remove duplicate TestWithResponseLogging by @Copilot in #1569
• [log] Add debug logging to writeGatewayConfig in cmd/root.go by @github-actions[bot] in #1545

Full Changelog: v0.1.7...v0.1.8

🌟 Release Highlights

This release introduces guard-policies for fine-grained access control on MCP backend servers, alongside reliability improvements to the /close endpoint and automated schema validation maintenance.

✨ What's New

• Guard-Policies Support (#1465): MCP Gateway now supports server-specific access control policies via guard_policies in config. GitHub guard policies let you restrict which repositories a server can access, including support for repos patterns ("all", "public", or arrays like ["owner/repo", "owner/*"]) and min-integrity levels (none, reader, writer, merged). See config.example.toml for usage examples.

• Always-Current Schema Validation (#1473, #1487): Config validation now uses the latest published MCP Gateway config schema from docs/public/schemas, with an automated nightly workflow that keeps the pinned schema URL in sync with each new gh-aw release. This ensures validation stays accurate as the spec evolves.

🐛 Bug Fixes & Improvements

• /close Endpoint Reliability (#1493): Fixed in-flight request draining on graceful shutdown via the /close endpoint. Also corrected the default gatewayVersion to use a semver-compatible value (0.0.0-dev) instead of the bare string "dev", preventing downstream version parsing failures.

• README Accuracy (#1514): Corrected three inaccuracies in the README documentation identified by automated reconciliation.

🔧 Internal

• Expanded debug logging coverage in config_stdin, difc/agent, and dockerutil/env packages.
• Improved test coverage for config validation helpers, strutil, and CLI command packages.
• Updated github.com/modelcontextprotocol/go-sdk from v1.3.0 → v1.3.1.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.7
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• Add guard-policies support to MCP gateway config by @claude in #1465
• Add nightly agentic workflow to keep schema validation URL pinned to latest gh-aw release by @Copilot in #1487
• Use latest MCP gateway config schema (docs/public/schemas) by @Copilot in #1473
• Bump github.com/modelcontextprotocol/go-sdk from 1.3.0 to 1.3.1 in the go_modules group across 1 directory by @dependabot[bot] in #1485
• [log] Add debug logger to config/config_stdin.go by @github-actions[bot] in #1433
• [log] log: add debug logging to difc/agent.go by @github-actions[bot] in #1461
• [test] Add tests for config.formatErrorContext, formatValidationErrorRecursive, formatSchemaError by @github-actions[bot] in #1435
• [test-improver] Improve tests for strutil package by @github-actions[bot] in #1438
• fix: correct schema URL path in nightly-schema-updater workflow prompt by @Copilot in #1496
• fix: gofmt formatting in validation_schema_error_format_test.go by @Copilot in #1497
• [test] Add tests for config.buildStdioServerConfig and helper functions by @github-actions[bot] in #1462
• 🔄 chore: pin schema URL to gh-aw v0.50.7 by @github-actions[bot] in #1499
• Remove dead IsStdoutTerminal() and simplify containsAny test helper by @Copilot in #1494
• fix: /close endpoint in-flight drain and gatewayVersion semver default by @Copilot in #1493
• [test-improver] Improve tests for cmd package by @github-actions[bot] in #1463
• updated testing by @lpcox in #1515
• docs: fix three README inaccuracies found by nightly reconciliation by @Copilot in #1514
• 🔄 chore: update schema URL to v0.51.6 by @github-actions[bot] in #1549

New Contributors

• @dependabot[bot] made their first contribution in #1485

Full Changelog: v0.1.6...v0.1.7

🌟 Release Highlights

v0.1.6 delivers an important agent reliability fix, MCP spec compliance improvements, and developer experience enhancements that make MCP Gateway more robust and easier to work with.

🐛 Critical Fix: Agent Infinite Loop Resolved

• Payload threshold increased to 512KB (#1441): Agents were entering infinite retry loops when attempting to read payload files that weren't accessible inside their containers. The payload size threshold now defaults to 512KB (up from a lower value), significantly reducing unnecessary payload file references.
• Payload path prefix configuration: A new --payload-path-prefix flag (and MCP_GATEWAY_PAYLOAD_PATH_PREFIX env var) allows remapping filesystem paths to client-accessible paths — enabling agents in containers to correctly resolve payload locations.

✨ What's New

• Custom server schema validation (#1312, #1400): MCP Gateway now validates custom server configurations against schemas per [MCP Spec §4.1.4]((spec.modelcontextprotocol.io/redacted), including strict HTTPS-only enforcement for custom schema URLs. Misconfigured servers are rejected at startup with clear error messages.
• Dev container support (#1434): A .devcontainer configuration is now included, making it easy to spin up a fully configured development environment in VS Code or GitHub Codespaces with a single click.

📚 Documentation

• Clarified the absolute path requirement for Docker volume mounts and documented the DOCKER_API_VERSION auto-detection behavior (with fallback to 1.44) (#1313).

🔧 Internal Improvements

• Expanded test coverage across launcher session management, DIFC labels, custom schema validation, sanitization, and Docker utilities.
• Added debug logging to MCP connection SDK wrappers and DIFC labels for improved observability (DEBUG=mcp:* or DEBUG=difc:*).
• Multiple code quality refactors: middleware deduplication, MCP connection file split by concern, and utility package consolidation.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.6
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• Fix smoke-copilot: call Serena tools directly instead of inferring availability from mcp-inspect by @Copilot in #1249
• Copilot/remove serena activate project by @lpcox in #1259
• Copilot/debug language support tester workflow by @lpcox in #1264
• Copilot/compile language support tester smoke workflows by @lpcox in #1265
• [test] Add tests for launcher.GetOrLaunchForSession by @github-actions[bot] in #1291
• Update documentation for mount absolute path requirement and DOCKER_API_VERSION behavior by @claude in #1313
• Refactor: Extract wrapWithMiddleware helper to eliminate duplicate middleware chaining code by @claude in #1311
• Implement custom server schema validation (MCP Spec 4.1.4 compliance) by @claude in #1312
• Recompile language-support-tester workflow with latest compiler by @claude in #1314
• [test] Add tests for config.validateAgainstCustomSchema by @github-actions[bot] in #1334
• [test-improver] Improve tests for server tool_name package by @github-actions[bot] in #1335
• Eliminate duplicate sys tool metadata in registerSysTools() by @claude in #1349
• Refactor: Consolidate function clustering — Docker utilities, stdlib reimplementation, and string truncation by @claude in #1350
• [log] Add debug logging to difc/labels.go by @github-actions[bot] in #1369
• [test] Add tests for difc.labels (CheckFlow, ViolationError, Clone, Union) by @github-actions[bot] in #1370
• [test-improver] Improve tests for dockerutil package by @github-actions[bot] in #1371
• Refactor: split mcp/connection.go by concern, relocate misplaced server helpers by @Copilot in #1373
• [log] Add debug logging to MCP connection SDK method wrappers by @github-actions[bot] in #1394
• [test] Add tests for sanitize.SanitizeJSON by @github-actions[bot] in #1395
• Upgraded aws by @lpcox in #1399
• Enforce HTTPS-only for custom schema URLs (spec §4.1.4) by @Copilot in #1400
• refactor: eliminate duplicate StreamableHTTP session callback and SDK list method wrappers by @Copilot in #1403
• [test-improver] Improve tests for schema normalization package by @github-actions[bot] in #1406
• Fix Serena MCP language support tools unavailable in language-support-tester, smoke-copilot, and smoke-codex by @Copilot in #1401
• Add dev container configuration by @lpcox in #1434
• Fix agent infinite loop by increasing payload threshold to 512KB and adding path prefix configuration by @claude in #1441

Full Changelog: v0.1.5...v0.1.6

🌟 Release Highlights

This release focuses on compliance enforcement, reliability improvements, and MCP spec v1.8.0 alignment — tightening configuration validation, improving observability through integrated SDK logging, and eliminating numerous duplicate code patterns across the codebase.

⚠️ Breaking Changes

The following configuration validation changes may require updates to existing configs:

• Docker required for TOML stdio servers (#1029): TOML-configured stdio servers must now use command = "docker". Direct command execution without containerization is rejected at startup. See the Configuration Reference for the container field syntax.
• Explicit mount mode required (#1231): Volume mount entries in server configs must now include an explicit mode field ("ro" or "rw"). Mounts without a declared mode are rejected.
• mounts field rejected for HTTP servers (#1122): HTTP-type server configurations that include a mounts field now fail validation with a clear error message.

✨ What's New

• MCP Spec v1.8.0 compliance (#1065): MCP Gateway now targets spec version 1.8.0, keeping pace with the evolving Model Context Protocol standard.
• Integrated MCP SDK logging (#1067): The project's debug logger is now wired into ClientOptions and ServerOptions for the MCP SDK, giving full visibility into SDK-level activity via the DEBUG=* flag.
• Timeout enforcement for jq middleware (#961): The gojq processing middleware now enforces execution timeouts, preventing runaway jq expressions from stalling request pipelines.
• Centralized payload preview size (#1066): The PayloadPreviewSize constant is now configurable from a single location, making it easier to tune large-payload handling behavior.
• Nightly workflow auto-upgrader (#986): A new nightly workflow automatically upgrades agentic workflow tooling to the latest gh-aw releases, keeping CI tooling current without manual intervention.

🐛 Bug Fixes & Improvements

• SSE JSON-RPC parsing on HTTP error paths (#1085): Fixed a parsing failure where error responses from HTTP backends weren't correctly decoded when using SSE transport.
• Tool logging format (#1243): Updated tool invocation log format for improved readability in operational logs.
• Consolidated variable expansion logic (#1014): Duplicate \$\{VAR_NAME} expansion implementations have been unified, ensuring consistent behavior across TOML and JSON config paths.

📚 Documentation

• Fixed payloadSizeThreshold configuration docs to accurately reflect all three configuration methods: --payload-size-threshold flag, MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD env var, and payload_size_threshold in [gateway] TOML section (#1233).
• Fixed 5 documentation discrepancies surfaced by the nightly docs reconciliation workflow (#1123).
• Documented session persistence implementation for stdio backends (#1042).
• Documented BurntSushi/toml v1.6.0 usage and TOML 1.1 implementation (#982).

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.1.5
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release

What's Changed

• [log] Add debug logging to main.go by @github-actions[bot] in #914
• [test] Add comprehensive tests for launcher.LogHelpers by @github-actions[bot] in #918
• [WIP] Fix incorrect payload size threshold documentation by @claude in #936
• Debug test-coverage-improver workflow failure (run 21994653857) by @claude in #935
• Add Python language server to Serena MCP container by @claude in #920
• Refactor HTTP request initialization to eliminate duplicate code pattern by @claude in #937
• Refactor: Extract marshalToResponse helper to eliminate duplicate JSON marshal pattern by @claude in #938
• [test-improver] Improve tests for sys package by @github-actions[bot] in #950
• [log] Add debug logging to config validation rules by @github-actions[bot] in #958
• Add timeout enforcement and comprehensive tests for gojq middleware by @claude in #961
• fix: correct log helper test expectations by @lpcox in #979
• Addressing PR comments by @claude in #977
• Refactor: Extract duplicate MCP session validation into requireSession() helper by @claude in #978
• Configure CI to trigger smoke-copilot, large-payload-tester, and language-support-tester workflows by @claude in #980
• Refactor: Extract parameter marshaling helper and fix silent error ignoring by @claude in #981
• Document BurntSushi/toml v1.6.0 usage and TOML 1.1 implementation by @claude in #982
• Add nightly workflow to upgrade workflows to latest gh-aw releases by @Copilot in #986
• Fix release workflow trigger: use workflow_dispatch instead of tag push by @claude in #993
• Fix test-coverage-improver workflow sparse checkout by @Copilot in #1013
• Consolidate duplicate variable expansion logic by @Copilot in #1014
• Upgrade go-sdk to v1.3.0 and adopt ClientOptions pattern by @Copilot in #1018
• Install Go 1.25.0 before language support testing by @Copilot in #1026
• Eliminate duplicate code patterns in JSON-RPC parsing and config initialization by @Copilot in #1022
• Enforce Docker containerization requirement for TOML stdio servers by @Copilot in #1029
• Add sandbox configuration to enable Docker for language support testing by @Copilot in #1036
• Document existing session persistence implementation for stdio backends by @Copilot in #1042
• [test] Add comprehensive tests for parseJSONRPCResponseWithSSE by @github-actions[bot] in #1047
• Pre-pull Serena MCP container to prevent initialization timeouts by @claude in #1049
• [test] Add tests for config.convertStdinServerConfig by @github-actions[bot] in #1062
• Update MCPGatewaySpecVersion to 1.8.0 by @Copilot in #1065
• Centralize jq payload preview size configuration by @Copilot in #1066
• Integrate project logger with MCP SDK ClientOptions and ServerOptions by @Copilot in #1067
• Refactor: Code organization improvements from semantic clustering analysis by @Copilot in #1068
• Upgrade agentic workflows to v0.46.1 by @Copilot in #1079
• Fix SSE JSON-RPC parsing for HTTP error paths by @lpcox in #1085
• Use locally built MCP gateway in smoke-copilot workflow and trigger on Go PRs by @Copilot in #1080
• Add MCP Gateway build steps to language-support-tester workflow by @Copilot in #1089
• Fix workflow failures: use registry image name for local container builds by @Copilot in #1097
• Reject mounts field for HTTP servers (T-CFG-019) by @Copilot in #1122
• docs: fix 5 discrepancies from nightly documentation reconciliation by @Copilot in #1123
• Eliminate three duplicate code patterns in logger and config packages by @Copilot in #1120
• Use ghcr.io/github/gh-aw-mcpg:latest across all agentic workflows by @Copilot in #1132
• [test] Add tests for difc.Capabilities by @github-actions[bot] in #1135
• [test-improver] Improve tests for config/rules package by @github-actions[bot] in #1136
• Fix smoke-copilot workflow container tag mismatch by @claude in #1144
• [log] Add debug logging to difc/capabilities.go by @github-actions[bot] in #1168
• [test] Add tests for difc.resource types by @github-actions[bot] in #1169
• [test-improver] Improve tests for cmd flags and mcp schema packages by @github-actions[bot] in #1170
• Fix documentation discrepancies in CONTRIBUTING.md and README.md by @claude in #1175
• Upgrade workflows to gh-aw v0.47.1 by @claude in #1174
• Addressing PR comments by @claude in #1176
• Addressing PR comments by @claude in #1173
• Eliminate duplicat...