From a475162b190460b2d51c05750ba6a94f1dd570a8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 29 Mar 2026 17:03:36 +0000 Subject: [PATCH 1/2] Initial plan From b0316c05ffaa1832163a2504da8c40194017a82f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 29 Mar 2026 17:05:26 +0000 Subject: [PATCH 2/2] docs: document trusted-users, trusted-bots flags and PORT fallback Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/1ee1c760-d6e5-47d7-9ad6-c3404096e622 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --- README.md | 5 ++++- docs/CONFIGURATION.md | 6 ++++++ docs/ENVIRONMENT_VARIABLES.md | 2 +- docs/PROXY_MODE.md | 2 ++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 37ef6326..6bb80f75 100644 --- a/README.md +++ b/README.md @@ -88,13 +88,16 @@ Restricts which repositories a guard allows and at what integrity level: **`approval-labels`** *(optional)* — Array of GitHub label names that promote a content item's effective integrity to `approved` when present. Enables human-review gates where a maintainer labels an item to allow it through. Uses `max(base, approved)` so it never lowers integrity. Does not override `blocked-users`. +**`trusted-users`** *(optional)* — Array of GitHub usernames whose content is unconditionally elevated to `approved` integrity. Useful for granting specific external contributors (e.g., trusted open-source maintainers) the same treatment as repository members, without lowering `min-integrity` globally. Uses `max(base, approved)` so it never lowers integrity. Does not override `blocked-users`. + ```json "guard-policies": { "allow-only": { "repos": ["myorg/*"], "min-integrity": "approved", "blocked-users": ["spam-bot", "compromised-user"], - "approval-labels": ["human-reviewed", "safe-for-agent"] + "approval-labels": ["human-reviewed", "safe-for-agent"], + "trusted-users": ["alice", "trusted-contributor"] } } ``` diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 9642392f..bf70b907 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -198,6 +198,12 @@ min-integrity = "unapproved" - `"approved"` - Approved contributor level (includes objects with author_association: OWNER, MEMBER, COLLABORATOR) - `"merged"` - Merged to main branch (any object reachable from the main branch, regardless of authorship) +- **`blocked-users`** *(optional)*: Array of GitHub usernames whose content is unconditionally blocked. Items from these users receive `blocked` integrity (below `none`) and are always denied, even when `min-integrity` is `"none"`. Cannot be overridden by `approval-labels` or `trusted-users`. + +- **`approval-labels`** *(optional)*: Array of GitHub label names that promote a content item's effective integrity to `approved` when present. Uses `max(base, approved)` so it never lowers integrity. Does not override `blocked-users`. + +- **`trusted-users`** *(optional)*: Array of GitHub usernames whose content is unconditionally elevated to `approved` integrity. Useful for granting specific external contributors the same treatment as repository members without lowering `min-integrity` globally. Uses `max(base, approved)` so it never lowers integrity. Does not override `blocked-users`. + - **Meaning**: Restricts the GitHub MCP server to only access specified repositories. Tools like `get_file_contents`, `search_code`, etc. will only work on allowed repositories. Attempts to access other repositories will be denied by the guard policy. ### write-sink (output servers) diff --git a/docs/ENVIRONMENT_VARIABLES.md b/docs/ENVIRONMENT_VARIABLES.md index c99a4bbd..51321530 100644 --- a/docs/ENVIRONMENT_VARIABLES.md +++ b/docs/ENVIRONMENT_VARIABLES.md @@ -32,7 +32,7 @@ When running locally (`run.sh`), these variables are optional (warnings shown if | `DEBUG_COLORS` | Control colored debug output (0 to disable, auto-disabled when piping) | Auto-detect | | `RUNNING_IN_CONTAINER` | Manual override; set to `"true"` to force container detection when `/.dockerenv` and cgroup detection are unavailable | (unset) | -**Note:** `PORT`, `HOST`, and `MODE` are not read by the `awmg` binary directly. However, `run.sh` does use `HOST` (default: `0.0.0.0`) and `MODE` (default: `--routed`) to set the bind address and routing mode. Use the `--listen` and `--routed`/`--unified` flags when running `awmg` directly. +**Note:** `PORT`, `HOST`, and `MODE` are not read by the `awmg` binary directly. However, `run.sh` uses `HOST` (default: `0.0.0.0`), `MODE` (default: `--routed`), and falls back to `PORT` (when `MCP_GATEWAY_PORT` is unset) to set the bind address and routing mode. Use the `--listen` and `--routed`/`--unified` flags when running `awmg` directly. ## Containerized Deployment Variables diff --git a/docs/PROXY_MODE.md b/docs/PROXY_MODE.md index 681dd287..1a56a2fa 100644 --- a/docs/PROXY_MODE.md +++ b/docs/PROXY_MODE.md @@ -71,6 +71,8 @@ Write operations (PUT, POST, DELETE, PATCH) pass through unmodified. | `--github-api-url` | `https://api.github.com` | Upstream GitHub API URL | | `--tls` | `false` | Enable HTTPS with auto-generated self-signed certificates | | `--tls-dir` | `/proxy-tls` | Directory for generated TLS certificate files | +| `--trusted-bots` | *(disabled)* | Additional trusted bot usernames (comma-separated, extends built-in list) | +| `--trusted-users` | *(disabled)* | User logins that receive approved integrity (comma-separated) | ## DIFC Pipeline