[ca] CLI Version Update: MCP Gateway v0.1.20→v0.1.22, APM v0.8.2→v0.8.3

[github-actions]

Summary

Two CLI/tool updates detected and applied to pkg/constants/constants.go. Workflows recompiled (177/177 files updated).

Tool	Previous	New	Change
MCP Gateway (gh-aw-mcpg)	v0.1.20	v0.1.22	+2 releases
APM (microsoft/APM)	v0.8.2	v0.8.3	+1 release

---

Update MCP Gateway v0.1.20 → v0.1.22

Released 2026-03-21 (two releases within the same day).

Breaking Changes

None

Key Features

v0.1.21 — TLS support, blocked-users/approval-labels, expanded test coverage:

• Proxy mode TLS support and container-native entrypoint (feat: proxy mode TLS support and container-native entrypoint gh-aw-mcpg#2231)
• Implement blocked-users and approval-labels in GitHub guard (feat: implement blocked-users and approval-labels in GitHub guard gh-aw-mcpg#2241)
• Guard tool coverage for 22 missing GitHub MCP server tools (feat: add guard tool coverage for 22 missing GitHub MCP server tools gh-aw-mcpg#2280)
• Fixed baseline_scope for scoped integrity labels and discussion tool integrity (fix: correct baseline_scope for scoped integrity labels and discussion tool integrity gh-aw-mcpg#2281)
• Added daily GitHub guard coverage checker workflow (Add daily GitHub guard coverage checker workflow (MCP + CLI) gh-aw-mcpg#2279)
• Improved debug logging across MCP tool result, config, server, and proxy packages

v0.1.22 — Comprehensive guard tool coverage and proxy router expansion:

• 22 GitHub MCP read tools now have explicit integrity/secrecy labels (previously falling through to default catch-all):
  • Actions: get_job_logs (marked secret — logs may contain leaked tokens)
  • User Context: get_me, get_teams, get_team_members
  • Discussions: list_discussions, get_discussion, get_discussion_comments, list_discussion_categories
  • Gists: list_gists, get_gist
  • Git: get_repository_tree
  • Labels: list_label
  • Notifications: list_notifications, get_notification_details
  • Projects: projects_list, projects_get
  • Security Advisories: 4 advisory tools
  • Search: search_orgs
  • Repos: list_starred_repositories
• 22 new REST routes + 5 GraphQL patterns added to proxy router (feat: guard tool coverage for GitHub MCP server + proxy router expansion gh-aw-mcpg#2291)
• 37 new unit tests for newly labeled tools

View Full Changelog

v0.1.21 What's Changed

• fix: address proxy TLS review feedback — permissions, wildcard address, shell arg parsing, test compile (fix: address proxy TLS review feedback — permissions, wildcard address, shell arg parsing, test compile gh-aw-mcpg#2233)
• feat: proxy mode TLS support and container-native entrypoint (feat: proxy mode TLS support and container-native entrypoint gh-aw-mcpg#2231)
• feat: implement blocked-users and approval-labels in GitHub guard (feat: implement blocked-users and approval-labels in GitHub guard gh-aw-mcpg#2241)
• fix: resolve duplicate test functions, nil panic, and missing Makefile target (fix: resolve duplicate test functions, nil panic, and missing Makefile target gh-aw-mcpg#2267)
• fix: correct baseline_scope for scoped integrity labels and discussion tool integrity (fix: correct baseline_scope for scoped integrity labels and discussion tool integrity gh-aw-mcpg#2281)
• feat: add guard tool coverage for 22 missing GitHub MCP server tools (feat: add guard tool coverage for 22 missing GitHub MCP server tools gh-aw-mcpg#2280)
• Add daily GitHub guard coverage checker workflow (Add daily GitHub guard coverage checker workflow (MCP + CLI) gh-aw-mcpg#2279)
• Multiple debug logging improvements and test coverage additions

v0.1.22 What's Changed

• feat: guard tool coverage for GitHub MCP server + proxy router expansion (feat: guard tool coverage for GitHub MCP server + proxy router expansion gh-aw-mcpg#2291)

Full Changelog v0.1.20→v0.1.21: github/gh-aw-mcpg@v0.1.20...v0.1.21
Full Changelog v0.1.21→v0.1.22: github/gh-aw-mcpg@v0.1.21...v0.1.22

Impact Assessment

• Risk: Medium — security labeling improvements and new proxy routes affect guard policy enforcement behavior
• Affects: MCP Gateway sandbox container, guard tool coverage, proxy mode TLS
• Docker Image: ghcr.io/github/gh-aw-mcpg:v0.1.22

Package Links

• Repository: https://github.com/github/gh-aw-mcpg
• Release v0.1.21: https://github.com/github/gh-aw-mcpg/releases/tag/v0.1.21
• Release v0.1.22: https://github.com/github/gh-aw-mcpg/releases/tag/v0.1.22

---

Update APM v0.8.2 → v0.8.3

Released 2026-03-20.

Breaking Changes

None

Key Features

• Plugin coexistence — apm pack --format plugin, apm init --plugin, devDependencies support (feat: Plugin coexistence — apm pack --format plugin, apm init --plugin, devDependencies microsoft/apm#379)
• Improved VS Code runtime detection with .vscode/ directory fallback (feat: improve VS Code runtime detection with .vscode/ directory fallback microsoft/apm#359)
• Security fix: preserve leading BOM in strip_dangerous (fix(security): preserve leading BOM in strip_dangerous microsoft/apm#372)
• Updated install scripts using aka.ms/apm-unix and aka.ms/apm-windows short URLs (Use aka.ms/apm-unix and aka.ms/apm-windows short URLs for install scripts microsoft/apm#384)
• Fix: preserve DependencyReference through download pipeline (fix: preserve DependencyReference through download pipeline (#382) microsoft/apm#383)

View Full Changelog

What's Changed

• feat: improve VS Code runtime detection with .vscode/ directory fallback (feat: improve VS Code runtime detection with .vscode/ directory fallback microsoft/apm#359)
• Align CLI docs with current compile, audit, and planned drift behavior (Align CLI docs with current compile, audit, and planned drift behavior microsoft/apm#373)
• fix: Refactor command and model modules for readability and maintainability (fix: Refactor command and model modules for readability and maintainability (#231) microsoft/apm#232)
• fix(security): preserve leading BOM in strip_dangerous (fix(security): preserve leading BOM in strip_dangerous microsoft/apm#372)
• Use aka.ms/apm-unix and aka.ms/apm-windows short URLs for install scripts (Use aka.ms/apm-unix and aka.ms/apm-windows short URLs for install scripts microsoft/apm#384)
• feat: Plugin coexistence — apm pack --format plugin, apm init --plugin, devDependencies (feat: Plugin coexistence — apm pack --format plugin, apm init --plugin, devDependencies microsoft/apm#379)
• fix: preserve DependencyReference through download pipeline (fix: preserve DependencyReference through download pipeline (#382) microsoft/apm#383)

Full Changelog: microsoft/apm@v0.8.2...v0.8.3

Impact Assessment

• Risk: Low — features addition, security fix for BOM handling
• Affects: APM (Agent Package Manager) CLI used in microsoft/apm-action steps

Package Links

• Repository: https://github.com/microsoft/APM
• Release v0.8.3: https://github.com/microsoft/apm/releases/tag/v0.8.3

---

No Changes

The following tools had no version changes:

• Claude Code: latest (2.1.81 on NPM)
• Copilot CLI: latest (1.0.10 on NPM)
• Codex: latest (0.116.0 on NPM)
• GitHub MCP Server: v0.32.0 (unchanged)
• Playwright MCP: 0.0.68 (unchanged)
• Playwright Browser: v1.58.2 (unchanged)

References:

• §23400486506

Generated by CLI Version Checker · ◷

• expires on Mar 24, 2026, 9:55 AM UTC