Skip to content

docs: fix 4 documentation discrepancies from nightly reconciliation#1959

Merged
lpcox merged 2 commits intomainfrom
copilot/fix-documentation-discrepancies
Mar 15, 2026
Merged

docs: fix 4 documentation discrepancies from nightly reconciliation#1959
lpcox merged 2 commits intomainfrom
copilot/fix-documentation-discrepancies

Conversation

Copy link
Contributor

Copilot AI commented Mar 15, 2026

Fixes all 4 discrepancies identified in the 2026-03-15 nightly documentation reconciliation report.

Changes

🔴 Critical: MCP_GATEWAY_API_KEY authentication clarification

The documentation falsely implied that setting MCP_GATEWAY_API_KEY enables authentication in the awmg binary. The binary never reads this env var directly — it only reads the API key from config ([gateway] api_key in TOML, or "gateway": {"apiKey": "..."} in JSON stdin).

Updated:

  • README.md: env vars tables, Authentication configuration section, quick-start example (added gateway.apiKey with variable expansion)
  • CONTRIBUTING.md: container run description and required env vars list

Users must now reference the env var in their JSON config:

{
  "gateway": {
    "apiKey": "${MCP_GATEWAY_API_KEY}"
  }
}

🟡 Important: config.toml ARM64 DOCKER_API_VERSION comment

Fixed incorrect comment stating ARM64 uses 1.43. Both architectures fall back to 1.44, consistent with the README and shell scripts (run.sh, run_containerized.sh).

🟡 Important: CONTRIBUTING.md guard directory description

Updated outdated "NoopGuard active" comment to accurately list all three implementations: NoopGuard, WasmGuard, WriteSink.

🔵 Minor: working_directory TOML-only qualifier

Added "TOML format only" qualifier to the working_directory field description in README.md, since StdinServerConfig has no corresponding field.

Copilot AI and others added 2 commits March 15, 2026 05:55
Initial plan
1576ebc
@lpcox
docs: fix 4 documentation discrepancies from nightly reconciliation
89be7f0 
- Clarify MCP_GATEWAY_API_KEY must be referenced in JSON config via
  variable expansion for auth to be active (not read directly by binary)
- Fix config.toml ARM64 DOCKER_API_VERSION fallback comment (1.43→1.44)
- Update CONTRIBUTING.md guard/ description to include WasmGuard and WriteSink
- Add 'TOML format only' qualifier to working_directory field in README

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI linked an issue Mar 15, 2026 that may be closed by this pull request
📚 Documentation Reconciliation Report - 2026-03-15 #1954
Closed
Copilot AI requested a review from lpcox March 15, 2026 06:00
@lpcox lpcox marked this pull request as ready for review March 15, 2026 06:00
Copilot AI review requested due to automatic review settings March 15, 2026 06:00
@lpcox lpcox merged commit 9a44e38 into main Mar 15, 2026
3 checks passed
@lpcox lpcox deleted the copilot/fix-documentation-discrepancies branch March 15, 2026 06:01
Copilot AI reviewed Mar 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates repository documentation/config samples to resolve discrepancies found in the nightly documentation reconciliation, primarily clarifying how API-key authentication is actually configured in awmg.

Changes:

  • Clarifies that API key auth is configured via gateway config (gateway.apiKey in JSON stdin / gateway.api_key in TOML), and updates examples/env-var tables accordingly.
  • Fixes DOCKER_API_VERSION notes to reflect daemon-version detection with 1.44 fallback.
  • Updates CONTRIBUTING guard directory description and adds “TOML-only” qualifier for working_directory.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
config.toml Updates comment about how DOCKER_API_VERSION is determined/fallback behavior.
README.md Clarifies API key auth configuration source; updates quick-start and env-var tables; annotates working_directory as TOML-only.
CONTRIBUTING.md Updates guard directory description and clarifies container env-var requirements / auth configuration.
Comments suppressed due to low confidence (3)

README.md:554

  • This line claims MCP_GATEWAY_API_KEY is “not read directly by the binary”, but the awmg CLI can read it when --validate-env is enabled (ValidateExecutionEnvironment checks required env vars). Also, authentication can be enabled by setting gateway.apiKey directly, so referencing ${MCP_GATEWAY_API_KEY} isn’t strictly required. Suggest tightening the wording to “not used for authentication unless referenced in config” and optionally mention the --validate-env behavior.
| `MCP_GATEWAY_API_KEY` | Informational only — not read directly by the binary; must be referenced in your config via `"${MCP_GATEWAY_API_KEY}"` to enable authentication | (disabled) |

README.md:612

  • These comments say the config “must reference” MCP_GATEWAY_API_KEY for authentication, but auth can be enabled by setting gateway.apiKey directly in config; referencing the env var is only needed if you want the key sourced from the environment. Consider rewording to avoid implying a hard requirement.
# Note: MCP_GATEWAY_API_KEY is checked by run_containerized.sh as a deployment gate.
# For authentication to be active, your config.json must reference it via variable expansion:
#   "gateway": { "apiKey": "${MCP_GATEWAY_API_KEY}" }

CONTRIBUTING.md:505

  • Same issue as above: this implies referencing MCP_GATEWAY_API_KEY via ${…} is required to enable authentication, but setting gateway.apiKey directly in the JSON config also enables auth. Consider rewording to “to configure the API key via env var …”.
- `MCP_GATEWAY_API_KEY` - Checked by `run_containerized.sh` as a deployment gate; must be referenced in your JSON config via `"gateway": {"apiKey": "${MCP_GATEWAY_API_KEY}"}` to enable authentication

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

README.md
| `MCP_GATEWAY_PORT` | The port the gateway listens on (used for `--listen` address) | `8080` |
| `MCP_GATEWAY_DOMAIN` | The domain name for the gateway | `localhost` |
| `MCP_GATEWAY_API_KEY` | API key for authentication | `your-secret-key` |
| `MCP_GATEWAY_API_KEY` | API key checked by `run_containerized.sh` as a deployment gate; must be referenced in your JSON config via `"${MCP_GATEWAY_API_KEY}"` to enable authentication | `your-secret-key` |
CONTRIBUTING.md
The container uses `run_containerized.sh` as the entrypoint, which:
- Requires the `-i` flag for JSON configuration via stdin
- Requires `MCP_GATEWAY_PORT`, `MCP_GATEWAY_DOMAIN`, `MCP_GATEWAY_API_KEY` env vars
- Requires `MCP_GATEWAY_PORT`, `MCP_GATEWAY_DOMAIN`, `MCP_GATEWAY_API_KEY` env vars (the API key is a deployment gate; reference it in your JSON config via `"gateway": {"apiKey": "${MCP_GATEWAY_API_KEY}"}` to enable authentication)
config.toml
Comment on lines +29 to +30
# Note: DOCKER_API_VERSION is automatically set by querying the Docker daemon's
# current API version; falls back to 1.44 for all architectures if detection fails.
This was referenced Mar 15, 2026
Closed
Closed
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

📚 Documentation Reconciliation Report - 2026-03-15

3 participants

@lpcox