From 590f5d774fa047d722886e1422a34dbb9eddad17 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 28 Feb 2026 01:52:19 +0000 Subject: [PATCH 1/2] Initial plan From 00ffe0e0bd19f791e9bec76d1d745ed9c6a1071d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 28 Feb 2026 01:57:59 +0000 Subject: [PATCH 2/2] Update schema URL to use latest docs/public/schemas and add guard-policies workaround Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- internal/config/validation_schema.go | 29 +++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/internal/config/validation_schema.go b/internal/config/validation_schema.go index 23a405b9f..f390dc4d1 100644 --- a/internal/config/validation_schema.go +++ b/internal/config/validation_schema.go @@ -30,8 +30,7 @@ var ( // This URL points to the source of truth for the MCP Gateway configuration schema. // // Schema Version Pinning: - // The schema is fetched from the main branch to get the latest version with guard-policies support. - // This ensures the gateway supports the latest configuration features including guard policies. + // The schema is fetched from the main branch to get the latest version. // // To update to a specific pinned version: // 1. Check the latest gh-aw release: https://github.com/github/gh-aw/releases @@ -39,10 +38,10 @@ var ( // 3. Run tests to ensure compatibility: make test // 4. Update this comment with the version number // - // Current schema version: main (latest with guard-policies support) + // Current schema version: main (latest) // // Alternative: Embed the schema using go:embed directive for zero network dependency. - schemaURL = "https://raw.githubusercontent.com/github/gh-aw/main/pkg/workflow/schemas/mcp-gateway-config.schema.json" + schemaURL = "https://raw.githubusercontent.com/github/gh-aw/main/docs/public/schemas/mcp-gateway-config.schema.json" // Schema caching to avoid recompiling the JSON schema on every validation // This improves performance by compiling the schema once and reusing it @@ -156,9 +155,12 @@ func fetchAndFixSchema(url string) ([]byte, error) { } } - // Add registry field to stdioServerConfig and httpServerConfig - // Spec Section 4.1.2 defines registry as a valid optional field for both server types - // Temporary workaround until the upstream schema is updated + // Add registry and guard-policies fields to stdioServerConfig and httpServerConfig. + // These are workarounds for fields supported by this gateway implementation that are + // not present in the upstream schema: + // - registry: Spec Section 4.1.2 defines this as a valid optional field. + // - guard-policies: Actively used in this implementation for server-level access control. + // The upstream schema previously included this field and may add it back in a future version. if definitions, ok := schema["definitions"].(map[string]interface{}); ok { // Define the registry property schema registryProperty := map[string]interface{}{ @@ -166,17 +168,26 @@ func fetchAndFixSchema(url string) ([]byte, error) { "description": "URI to the installation location when MCP is installed from a registry. This is an informational field used for documentation and tooling discovery.", } - // Add registry to stdioServerConfig + // Define the guard-policies property schema + guardPoliciesProperty := map[string]interface{}{ + "type": "object", + "description": "Guard policies for access control at the MCP gateway level. The structure of guard policies is server-specific.", + "additionalProperties": true, + } + + // Add registry and guard-policies to stdioServerConfig if stdioConfig, ok := definitions["stdioServerConfig"].(map[string]interface{}); ok { if props, ok := stdioConfig["properties"].(map[string]interface{}); ok { props["registry"] = registryProperty + props["guard-policies"] = guardPoliciesProperty } } - // Add registry to httpServerConfig + // Add registry and guard-policies to httpServerConfig if httpConfig, ok := definitions["httpServerConfig"].(map[string]interface{}); ok { if props, ok := httpConfig["properties"].(map[string]interface{}); ok { props["registry"] = registryProperty + props["guard-policies"] = guardPoliciesProperty } } }