Release Notes Action Items for mcpg 0.3.12 → 0.3.20
This issue summarizes upstream release notes for the mcpg dependency between the previously pinned version (0.3.12) and the new pinned version (0.3.20), highlighting items that may need follow-up in ado-aw.
The companion version-bump PR is titled chore(deps): update MCPG_VERSION to 0.3.20.
Releases analyzed
Security fixes
- Enforce per-session tool call limits in allow-only guard policies — v0.3.20: Adds per-session tool call limit enforcement. ado-aw may need to verify that its safe-outputs tooling respects or configures these limits.
Notable features for ado-aw to adopt
- Sentry OTLP export support and
sentry.io network allowlist — v0.3.13: mcpg added Sentry OTLP telemetry export. ado-aw maintains its own network allowlist (src/data/ecosystem_domains.json and src/allowed_hosts.rs); if mcpg's Sentry OTLP export is used in production pipelines, ado-aw may need to expose sentry.io as an allowed host.
OTEL_EXPORTER_OTLP_HEADERS env var fallback — v0.3.13: mcpg now reads this standard env var as a fallback for OTLP export headers. If ado-aw passes environment variables through to mcpg, consumers can configure OTLP export via this env var.- OTLP endpoint path fixed to append
/v1/traces — v0.3.15: Per OpenTelemetry spec. Consumers relying on ado-aw-generated pipelines with OTLP tracing should verify their endpoint configuration after this fix.
- gen_ai semantic conventions alignment — v0.3.16: Aligns span attributes with gen_ai semantic conventions. Consumers relying on specific OTel attribute names from mcpg (e.g. for dashboards or alerting) should verify compatibility with this attribute rename.
- WASM guard hardening for oversized responses — v0.3.18: The wazero-based guard runtime now handles large responses more reliably with larger I/O buffers and improved cache reconfiguration locking.
- Fix DIFC proxy handling for top-level array responses — v0.3.20: Fixed handling of comment list endpoints that return top-level arrays.
This issue was opened automatically by the dependency version updater workflow.
Generated by Dependency Version Updater · ● 1.7M · ◷
Release Notes Action Items for
mcpg0.3.12→0.3.20This issue summarizes upstream release notes for the
mcpgdependency between the previously pinned version (0.3.12) and the new pinned version (0.3.20), highlighting items that may need follow-up in ado-aw.The companion version-bump PR is titled
chore(deps): update MCPG_VERSION to 0.3.20.Releases analyzed
Security fixes
Notable features for ado-aw to adopt
sentry.ionetwork allowlist — v0.3.13: mcpg added Sentry OTLP telemetry export. ado-aw maintains its own network allowlist (src/data/ecosystem_domains.jsonandsrc/allowed_hosts.rs); if mcpg's Sentry OTLP export is used in production pipelines, ado-aw may need to exposesentry.ioas an allowed host.OTEL_EXPORTER_OTLP_HEADERSenv var fallback — v0.3.13: mcpg now reads this standard env var as a fallback for OTLP export headers. If ado-aw passes environment variables through to mcpg, consumers can configure OTLP export via this env var./v1/traces— v0.3.15: Per OpenTelemetry spec. Consumers relying on ado-aw-generated pipelines with OTLP tracing should verify their endpoint configuration after this fix.This issue was opened automatically by the dependency version updater workflow.