🌟 Release Highlights
This release simplifies DIFC (Data Information Flow Control) configuration by removing explicit guard CLI flags — guards now activate automatically when policies are configured.
⚠️ Breaking Changes
The following CLI flags and environment variables have been removed. If you are using them, update your configuration accordingly:
| Removed Flag | Removed Env Var | Migration |
|---|---|---|
--enable-guards
| MCP_GATEWAY_ENABLE_GUARDS
| Guards are now auto-enabled when an allow-only policy is present
|
--enable-config-extensions
| MCP_GATEWAY_CONFIG_EXTENSIONS
| Extension fields are always accepted; no flag needed |
--session-secrecy
| MCP_GATEWAY_SESSION_SECRECY
| Session labels are now set automatically by guards |
--session-integrity
| MCP_GATEWAY_SESSION_INTEGRITY
| Session labels are now set automatically by guards |
✨ What's New
- Zero-config DIFC activation: Configure
guard-policieswith anallow-onlyrule and the gateway automatically enables DIFC guards — no additional flags required. This reduces configuration surface and eliminates a common source of misconfiguration. - Schema validation with extension field stripping: Config validation now correctly handles extension fields (e.g.,
guard-policies) by stripping them before schema validation, enabling full spec compliance without rejecting valid configurations.
🐳 Docker Image
The Docker image for this release is available at:
docker pull ghcr.io/github/gh-aw-mcpg:v0.1.12
# or
docker pull ghcr.io/github/gh-aw-mcpg:latestSupported platforms: linux/amd64, linux/arm64
For complete details, see the full release notes.
Generated by Release
What's Changed
Full Changelog: v0.1.11...v0.1.12