fix: remove `headers` from OTEL JSON stdin config (spec §4.1.3.7 v1.14.0 breaking change) by Copilot · Pull Request #8500 · github/gh-aw-mcpg · GitHub
Skip to content

fix: remove headers from OTEL JSON stdin config (spec §4.1.3.7 v1.14.0 breaking change)#8500

Merged
lpcox merged 2 commits into
mainfrom
copilot/compliance-fix-otel-headers-schema
Jul 2, 2026
Merged

fix: remove headers from OTEL JSON stdin config (spec §4.1.3.7 v1.14.0 breaking change)#8500
lpcox merged 2 commits into
mainfrom
copilot/compliance-fix-otel-headers-schema

Conversation

Copilot AI commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Spec v1.14.0 removed headers from the opentelemetry JSON stdin config. Authentication headers must now be passed exclusively via OTEL_EXPORTER_OTLP_HEADERS. The field was still accepted and processed — this removes it.

Changes

  • mcp-gateway-config.schema.json — removed headers from opentelemetryConfig; additionalProperties: false now rejects it at validation time
  • config_stdin.go — removed Headers string from StdinOpenTelemetryConfig
  • config_tracing.go — removed Headers: otel.Headers from stdin→TracingConfig converter
  • validation.go — removed Headers: gateway.OpenTelemetry.Headers from the stdin validation path

Test updates

  • TestLoadFromStdin_OpenTelemetryHeaders — flipped from asserting headers passes to asserting it fails schema validation
  • TestStdinConverter_OTelConfig — removed Headers field from struct literal and corresponding assertion

TOML config (TracingConfig.Headers) is unaffected — the breaking change targets JSON stdin only.

Copilot AI changed the title [WIP] Fix OTEL headers field in JSON schema for compliance fix: remove headers from OTEL JSON stdin config (spec §4.1.3.7 v1.14.0 breaking change) Jul 2, 2026
Copilot AI requested a review from lpcox July 2, 2026 22:39
Copilot finished work on behalf of lpcox July 2, 2026 22:39
@lpcox lpcox marked this pull request as ready for review July 2, 2026 22:42
Copilot AI review requested due to automatic review settings July 2, 2026 22:42
GitHub Advanced Security started work on behalf of lpcox July 2, 2026 22:42 View session
GitHub Advanced Security finished work on behalf of lpcox July 2, 2026 22:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the MCP Gateway’s JSON stdin configuration handling to match MCP Gateway Spec v1.14.0 breaking change: gateway.opentelemetry.headers is no longer accepted, and OTLP authentication headers must be provided via the OTEL_EXPORTER_OTLP_HEADERS environment variable instead (TOML tracing headers remain supported).

Changes:

  • Removed headers from the JSON stdin OpenTelemetry config schema and struct model so it’s rejected at schema-validation time.
  • Removed stdin→runtime tracing conversion/validation wiring for the removed field.
  • Updated unit tests to assert gateway.opentelemetry.headers is rejected and removed now-invalid assertions.
Show a summary per file
File Description
internal/config/validation.go Stops copying stdin opentelemetry.headers into TracingConfig during stdin gateway validation.
internal/config/schema/mcp-gateway-config.schema.json Removes headers from opentelemetryConfig and relies on additionalProperties: false to reject it.
internal/config/load_from_stdin_coverage_test.go Updates coverage test to assert schema validation rejects gateway.opentelemetry.headers.
internal/config/config_tracing.go Removes mapping of stdin OpenTelemetry headers into runtime TracingConfig.
internal/config/config_tracing_test.go Updates stdin converter test to no longer set/assert headers.
internal/config/config_stdin.go Removes Headers from StdinOpenTelemetryConfig to match spec-compliant stdin JSON parsing.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 6/6 changed files
  • Comments generated: 0
  • Review effort level: Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[compliance] Compliance Gap: OTEL headers field still accepted in JSON stdin config (Spec §4.1.3.7 v1.14.0 Breaking Change)

3 participants