Merged
Conversation
- Delete 6 stale tracked files: ISSUE_18295_FIX.md, PAYLOAD_THRESHOLD_IMPLEMENTATION.md, SESSION_PERSISTENCE_ANALYSIS.md, docs/DIFC_INTEGRATION_PROPOSAL.md, docs/TOML_MODULE_REVIEW.md, docs/STREAMABLE_HTTP_HANDLER_EXPLAINED.md - Trim README.md from 929 to 333 lines (64% reduction) - Extract detailed config reference to docs/CONFIGURATION.md - Extract environment variables to docs/ENVIRONMENT_VARIABLES.md - Condense logging, auth, architecture, and containerized mode sections - Replace verbose CLI help dump with brief usage examples - Remove stale MCP server test result tables Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR restructures documentation by removing several historical/analysis markdown files, simplifying the README, and introducing dedicated reference docs for configuration and environment variables.
Changes:
- Remove a set of outdated/historical analysis/proposal markdown documents.
- Condense
README.mdby replacing large inline reference sections with links to new docs. - Add new reference docs:
docs/CONFIGURATION.mdanddocs/ENVIRONMENT_VARIABLES.md.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
README.md |
Replaces long inline configuration/env/logging explanations with links to the new reference docs and shorter summaries. |
docs/CONFIGURATION.md |
New field-by-field configuration reference, including guard-policies details and examples. |
docs/ENVIRONMENT_VARIABLES.md |
New consolidated environment variable reference (required vs optional, containerized vs local). |
SESSION_PERSISTENCE_ANALYSIS.md |
Removed (historical analysis). |
PAYLOAD_THRESHOLD_IMPLEMENTATION.md |
Removed (historical implementation summary). |
ISSUE_18295_FIX.md |
Removed (historical issue write-up). |
docs/TOML_MODULE_REVIEW.md |
Removed (historical module review). |
docs/STREAMABLE_HTTP_HANDLER_EXPLAINED.md |
Removed (historical architecture explanation). |
docs/DIFC_INTEGRATION_PROPOSAL.md |
Removed (historical proposal). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+214
to
+224
| Key variables: | ||
|
|
||
| | Variable | Description | Default | | ||
| |----------|-------------|---------| | ||
| | `MCP_GATEWAY_PORT` | Gateway listening port | `8000` | | ||
| | `MCP_GATEWAY_DOMAIN` | Gateway domain | `localhost` | | ||
| | `MCP_GATEWAY_API_KEY` | Informational only — not read directly by the binary; must be referenced in your config via `"${MCP_GATEWAY_API_KEY}"` to enable authentication | (disabled) | | ||
| | `MCP_GATEWAY_LOG_DIR` | Log file directory (sets default for `--log-dir` flag) | `/tmp/gh-aw/mcp-logs` | | ||
| | `MCP_GATEWAY_PAYLOAD_DIR` | Large payload storage directory (sets default for `--payload-dir` flag) | `/tmp/jq-payloads` | | ||
| | `MCP_GATEWAY_PAYLOAD_PATH_PREFIX` | Path prefix for remapping payloadPath returned to clients (sets default for `--payload-path-prefix` flag) | (empty - use actual filesystem path) | | ||
| | `MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD` | Size threshold in bytes for payload storage (sets default for `--payload-size-threshold` flag) | `524288` | | ||
| | `MCP_GATEWAY_WASM_GUARDS_DIR` | Root directory for per-server WASM guards (`<root>/<serverID>/*.wasm`, first match is loaded) | (disabled) | | ||
| | `MCP_GATEWAY_GUARDS_MODE` | Guards enforcement mode: `strict` (deny violations), `filter` (remove denied tools), `propagate` (auto-adjust agent labels) (sets default for `--guards-mode`) | `strict` | | ||
| | `MCP_GATEWAY_GUARDS_SINK_SERVER_IDS` | Comma-separated sink server IDs for JSONL guards tag enrichment (sets default for `--guards-sink-server-ids`) | (disabled) | | ||
| | `DEBUG` | Enable debug logging with pattern matching (e.g., `*`, `server:*,launcher:*`) | (disabled) | | ||
| | `DEBUG_COLORS` | Control colored debug output (0 to disable, auto-disabled when piping) | Auto-detect | | ||
| | `RUNNING_IN_CONTAINER` | Manual override; set to `"true"` to force container detection when `/.dockerenv` and cgroup detection are unavailable | (unset) | | ||
|
|
||
| **Note:** `PORT`, `HOST`, and `MODE` are not read by the `awmg` binary directly. However, `run.sh` does use `HOST` (default: `0.0.0.0`) and `MODE` (default: `--routed`) to set the bind address and routing mode. Use the `--listen` and `--routed`/`--unified` flags when running `awmg` directly. | ||
|
|
||
| ### Containerized Deployment Variables | ||
|
|
||
| When using `run_containerized.sh`, these additional variables are available: | ||
|
|
||
| | Variable | Description | Default | | ||
| |----------|-------------|---------| | ||
| | `MCP_GATEWAY_HOST` | Bind address for the gateway | `0.0.0.0` | | ||
| | `MCP_GATEWAY_MODE` | Routing mode flag passed to `awmg` (e.g., `--routed`, `--unified`) | `--routed` | | ||
|
|
||
| ### Docker Configuration | ||
|
|
||
| | Variable | Description | Default | | ||
| |----------|-------------|---------| | ||
| | `DOCKER_HOST` | Docker daemon socket path | `/var/run/docker.sock` | | ||
| | `DOCKER_API_VERSION` | Docker API version (set by helper scripts, Docker client auto-negotiates) | Set by querying Docker daemon's current API version; falls back to `1.44` if detection fails | | ||
|
|
||
| ### DIFC / Guard Policy Configuration | ||
|
|
||
| These environment variables configure guard policies (e.g., AllowOnly policies for restricting tool access to specific GitHub repositories): | ||
|
|
||
| | Variable | Description | Default | | ||
| |----------|-------------|---------| | ||
| | `MCP_GATEWAY_GUARD_POLICY_JSON` | Guard policy JSON (e.g., `{"allow-only":{"repos":"public","min-integrity":"none"}}`) (sets default for `--guard-policy-json`) | (disabled) | | ||
| | `MCP_GATEWAY_ALLOWONLY_SCOPE_PUBLIC` | Use public AllowOnly scope (sets default for `--allowonly-scope-public`) | `false` | | ||
| | `MCP_GATEWAY_ALLOWONLY_SCOPE_OWNER` | AllowOnly owner scope value (sets default for `--allowonly-scope-owner`) | (disabled) | | ||
| | `MCP_GATEWAY_ALLOWONLY_SCOPE_REPO` | AllowOnly repo name (requires owner) (sets default for `--allowonly-scope-repo`) | (disabled) | | ||
| | `MCP_GATEWAY_ALLOWONLY_MIN_INTEGRITY` | AllowOnly integrity level: `none`, `unapproved`, `approved`, `merged` (sets default for `--allowonly-min-integrity`) | (disabled) | | ||
| | `MCP_GATEWAY_API_KEY` | API key (reference in config via `"${MCP_GATEWAY_API_KEY}"`) | (disabled) | | ||
| | `MCP_GATEWAY_LOG_DIR` | Log file directory | `/tmp/gh-aw/mcp-logs` | | ||
| | `MCP_GATEWAY_PAYLOAD_DIR` | Payload storage directory | `/tmp/jq-payloads` | | ||
| | `MCP_GATEWAY_GUARDS_MODE` | DIFC mode: `strict`/`filter`/`propagate` | `strict` | | ||
| | `MCP_GATEWAY_WASM_GUARDS_DIR` | WASM guard directory | (disabled) | | ||
| | `DEBUG` | Debug logging pattern (e.g., `*`, `server:*`) | (disabled) | |
Comment on lines
+165
to
+166
| - `"public:owner/repo*"` - Matches agent secrecy tag for public repos matching a prefix | ||
| - `"internal:owner/repo*"` - Matches agent secrecy tag for internal repos matching a prefix |
Comment on lines
+21
to
+24
| | `MCP_GATEWAY_PORT` | Gateway listening port | `8000` | | ||
| | `MCP_GATEWAY_DOMAIN` | Gateway domain | `localhost` | | ||
| | `MCP_GATEWAY_API_KEY` | Informational only — not read directly by the binary; must be referenced in your config via `"${MCP_GATEWAY_API_KEY}"` to enable authentication | (disabled) | | ||
| | `MCP_GATEWAY_LOG_DIR` | Log file directory (sets default for `--log-dir` flag) | `/tmp/gh-aw/mcp-logs` | |
This was referenced Mar 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docs/CONFIGURATION.mddocs/ENVIRONMENT_VARIABLES.mdFiles deleted
ISSUE_18295_FIX.md— resolved issue fix descriptionPAYLOAD_THRESHOLD_IMPLEMENTATION.md— implementation summarySESSION_PERSISTENCE_ANALYSIS.md— one-time analysisdocs/DIFC_INTEGRATION_PROPOSAL.md— DIFC now implementeddocs/TOML_MODULE_REVIEW.md— one-time module evaluationdocs/STREAMABLE_HTTP_HANDLER_EXPLAINED.md— historical referenceREADME trimming
--helpdump with brief usage examplesNew docs
docs/CONFIGURATION.md— complete field-by-field config reference (server fields, guard-policies, custom schemas, gateway fields, validation rules)docs/ENVIRONMENT_VARIABLES.md— all environment variable tables (production, optional, containerized, Docker, DIFC)