Skip to content

fix(spec+compiler): update MCP gateway OTLP headers to string-only (v1.13.0)#25135

Merged
lpcox merged 13 commits intomainfrom
copilot/update-mcp-gateway-specification
Apr 8, 2026
Merged

fix(spec+compiler): update MCP gateway OTLP headers to string-only (v1.13.0)#25135
lpcox merged 13 commits intomainfrom
copilot/update-mcp-gateway-specification

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 7, 2026
edited
Loading

Summary

Updates the MCP Gateway Specification, JSON schemas, and compiler so that the headers field in the opentelemetry configuration is exclusively a string, removing the previously supported object form. The compiler passes the headers string through as-is via ${OTEL_EXPORTER_OTLP_HEADERS}. The MCP Gateway version remains at v0.2.16 (the latest available release); this PR is ready to merge once gh-aw-mcpg publishes a release that accepts string headers.

Changes

Specification (docs/src/content/docs/reference/mcp-gateway.md)

  • Bumped version: 1.12.01.13.0
  • Section 4.1.3.6: Changed headers type from object | string to string; updated description to clarify the value is passed through as-is
  • Removed dual-form configuration examples; replaced with a single string-form example
  • Removed Section 4.1.3.6.1 (Headers String Format) — no parsing rules needed since the string is passed through unchanged
  • Updated requirements: added headers MUST be a string when provided; removed string-parsing requirement
  • Updated compliance test range: T-OTEL-001 through T-OTEL-012T-OTEL-001 through T-OTEL-010
  • Updated T-OTEL-006: changed from "object form headers sent" to "string headers passed through as-is"
  • Removed T-OTEL-011 and T-OTEL-012 (string-form parsing tests)
  • Updated Appendix A.6 and A.7: replaced object-form headers with string form
  • Added change log entry for v1.13.0

JSON Schemas

  • pkg/workflow/schemas/mcp-gateway-config.schema.json
  • docs/public/schemas/mcp-gateway-config.schema.json

Both: changed opentelemetryConfig.headers from oneOf [object, string] to plain string type with updated description.

Compiler (pkg/workflow/mcp_renderer.go)

  • Removed the Node.js bash preamble that converted OTEL_EXPORTER_OTLP_HEADERS from key=value,... format into a JSON object (_GH_AW_OTLP_HEADERS_JSON)
  • Gateway config now emits "headers": "${OTEL_EXPORTER_OTLP_HEADERS}" — the raw string value passed through as-is — instead of the previously injected JSON object

Tests (pkg/workflow/mcp_renderer_test.go)

  • Added TestRenderJSONMCPConfig_OTLPGateway covering three scenarios: endpoint+headers (verifies raw env var passthrough and no conversion preamble), endpoint only (no headers field), and no OTLP config (no opentelemetry section)

Gateway Version (pkg/constants/version_constants.go)

  • DefaultMCPGatewayVersion remains at v0.2.16 (latest available release of gh-aw-mcpg)
  • A future gateway release will need to update the bundled schema to accept string headers before this PR's compiler output passes gateway startup validation

Workflow Lock Files

  • All 187 workflow lock files recompiled to reflect the updated compiler output

Changeset

  • Type: minor
  • Description: Updated MCP gateway OpenTelemetry headers to string-only and removed object-form support in spec, schema, and compiler output. Headers are passed through as-is.

Generated by Changeset Generator for issue #25135 ·

Copilot AI requested a review from pelikhan April 7, 2026 17:33
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@lpcox FYI

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@copilot update compiler to emit string with headers value and NOT try to parse them to a JSON object.

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 7, 2026
edited
Loading

@copilot update compiler to emit string with headers value and NOT try to parse them to a JSON object.

Done in commit 58c4131. The compiler (mcp_renderer.go) no longer converts the headers string to a JSON object. The bash preamble with the Node.js JSON.stringify conversion has been removed, and the gateway config now emits "headers": "${OTEL_EXPORTER_OTLP_HEADERS}" — a plain JSON string that bash expands at runtime from the job-level env var. All 182 workflow lock files have been recompiled to reflect the change.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ml /tmp/go-build3535407545/b063/embedcfg -pack (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw a4yFhz_HlCMc (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title fix(spec): update MCP gateway OTLP headers to string-only (v1.13.0) fix(spec+compiler): update MCP gateway OTLP headers to string-only (v1.13.0) Apr 7, 2026
@lpcox lpcox mentioned this pull request Apr 7, 2026
Closed
Copilot AI mentioned this pull request Apr 7, 2026
Merged
@github-actions github-actions bot mentioned this pull request Apr 7, 2026
Closed
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@copilot merge main and recompile

Merge remote-tracking branch 'origin/main' into copilot/update-mcp-ga…
c537fa3 
…teway-specification

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 7, 2026
edited
Loading

@copilot merge main and recompile

Done in commit c537fa3. Merged main and recompiled all 182 workflows.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -embedcfg /tmp/go-build862647983/b343/embedcfg -pack (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan added the smoke label Apr 7, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026
edited
Loading

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026
edited
Loading

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions github-actions bot removed the smoke label Apr 7, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026
edited
Loading

❌ Tool validation failed! Agent Container Smoke Test detected missing tools: failed

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 7, 2026

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 8, 2026
edited
Loading

@copilot review comments

Both review comments addressed in commit 0a519ca:

  1. JSON safety (mcp_renderer.go:199-203): Added a bash preamble before the heredoc that JSON-escapes OTEL_EXPORTER_OTLP_HEADERS into _GH_AW_OTLP_HEADERS_ESC (escapes backslashes then double quotes using bash parameter substitution). The heredoc now references ${_GH_AW_OTLP_HEADERS_ESC} instead of the raw env var.

  2. Missing test (mcp_renderer.go:191-203): Added TestRenderJSONMCPConfig_OTLPGateway with three cases: endpoint+headers, endpoint only, and no OTLP config. Asserts the preamble and ${_GH_AW_OTLP_HEADERS_ESC} reference appear when headers are configured, the old _GH_AW_OTLP_HEADERS_JSON variable is never present, and the endpoint value is emitted correctly.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw b/gh-aw/pkg/agenenv GOMODCACHE go env dIb7/kYdXb1bbJu-GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 5681965/b387/impGO111MODULE (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha gJ4l/xSWsXgQ5zegGOINSECURE GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE 5681965/b416/impGOPROXY -c k/gh-aw/gh-aw/pkGOSUMDB k/gh-aw/gh-aw/pkGOWORK 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/xGO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha H8pU/eNnoa-rIndzGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 5681965/b424/impGOPROXY /hom�� k/gh-aw/gh-aw/pkGOSUMDB k/gh-aw/gh-aw/pkGOWORK 64/bin/go **/*.json --ignore-path ../../../.pretti/home/REDACTED/work/gh-aw/gh-aw/.github/workflows /opt/hostedtoolcconfig (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha ./cmd/... ./pkg/... 64/bin/go tierignore scripts/**/*.js 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 8, 2026

@copilot remove JSON escaping, pass header as is

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 8, 2026

@copilot merge main and recompile

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 8, 2026
edited
Loading

@copilot remove JSON escaping, pass header as is

Done in commit 5eb4433. Removed the JSON-escaping preamble; the gateway config now emits "headers": "${OTEL_EXPORTER_OTLP_HEADERS}" directly. Updated the unit test to assert no escaping preamble is present and that the raw env var reference is used.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw olden (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw rd/go-difflib/dishow (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility get --local repository(owne-f gpg.program (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI and others added 2 commits April 8, 2026 20:12
@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/update-mcp-ga…
5ca3676 
…teway-specification

# Conflicts:
#	.github/workflows/approach-validator.lock.yml
#	.github/workflows/architecture-guardian.lock.yml
#	.github/workflows/daily-firewall-report.lock.yml
#	.github/workflows/daily-performance-summary.lock.yml
#	.github/workflows/deep-report.lock.yml
#	.github/workflows/design-decision-gate.lock.yml
#	.github/workflows/refactoring-cadence.lock.yml
#	.github/workflows/smoke-copilot.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
chore: merge main and recompile 187 workflows
0b27aa2 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/44263e6e-8484-45e7-b298-361f0e891412

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 8, 2026
edited
Loading

@copilot merge main and recompile

Done in commit 0b27aa2. Merged main and recompiled all 187 workflows.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan added the smoke label Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026
edited
Loading

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026
edited
Loading

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026
edited
Loading

❌ Tool validation failed! Agent Container Smoke Test detected missing tools: failed

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions github-actions bot removed the smoke label Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 8, 2026

@copilot check the latest https://github.com/github/gh-aw-mcpg/releases .17 does not exist

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 8, 2026
edited
Loading

@copilot check the latest https://github.com/github/gh-aw-mcpg/releases .17 does not exist

Confirmed — the latest release of gh-aw-mcpg is v0.2.16. Reverted DefaultMCPGatewayVersion back to v0.2.16 and recompiled all 187 workflows in commit 3fb7173.

Note: this means the PR currently emits string-form headers ("headers": "${OTEL_EXPORTER_OTLP_HEADERS}"), but the bundled schema in v0.2.16 expects an object. This PR is ready to merge once gh-aw-mcpg publishes a release that accepts string headers.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha data/action_pins.json...&#34; (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 8, 2026

@lpcox I'll let you finish this one

@github-actions github-actions bot added the lgtm label Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

Hey @Copilot 👋 — great work on this MCP gateway OTLP headers simplification! Removing the dual object/string form and standardising on a plain string passthrough via \$\{OTEL_EXPORTER_OTLP_HEADERS} is a clean, well-scoped change.

The PR looks great — it includes a detailed description, tests covering all three key scenarios in pkg/workflow/mcp_renderer_test.go, a proper changeset entry with a codemod guide, and the expected mass-recompile of workflow lock files. Everything lines up with the project's contribution guidelines and process.

This PR looks ready for maintainer review.

Generated by Contribution Check · ● 1.8M ·

@lpcox lpcox merged commit 5dcb56c into main Apr 8, 2026
84 of 85 checks passed
@lpcox lpcox deleted the copilot/update-mcp-gateway-specification branch April 8, 2026 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pelikhan @lpcox