Support GitHub MCP Server v1.3.0 — new tools, IFC annotations, and guard rules

[lpcox]

Context

Reported in github/gh-aw#39649: gh-aw currently bundles GitHub MCP Server v1.2.1. Version v1.3.0 introduces changes that require gateway-side updates.

What changed in GitHub MCP Server v1.3.0

1. IFC label annotations on read tools (Annotate read tools with ifc labels github-mcp-server#2671) — Read tools now carry information flow control labels. The gateway's Rust guard (tool_rules.rs) needs to recognize these new annotations and integrate them into secrecy/integrity label assignment.

2. New tool: get_file_blame (insiders mode) — Retrieves git blame information. The Rust guard needs a tool rule entry for this tool with appropriate secrecy/integrity labels.

3. New method: get_commits on pull_request_read — The gateway's guard rules may need updating if commit data requires different labeling than existing PR read methods.

4. Dependabot alerts cursor pagination (feat: implement cursor pagination for dependabot alerts github-mcp-server#2651) — The list-dependabot-alerts tool now uses cursor pagination. This may affect response size and the gateway's jq middleware payload handling.

5. Improved rate limit error messages (errors: improve rate limit error messages for AI agents github-mcp-server#2386) — Rate limit errors now surface properly to agents. The gateway should pass these through transparently.

Required gateway changes

Rust guard updates (guards/github-guard/)

• Add get_file_blame to tool_rules.rs with appropriate integrity/secrecy labels (likely read operation, secrecy: repo-contents)
• Add get_commits method handling for pull_request_read tool
• Review IFC label annotations from the MCP server and ensure the guard's label assignment is consistent with server-side annotations
• Update INTEGRITY_TAG_SPEC.md with new tool entries

Integration test updates

• Update container image references from v1.2.1 to v1.3.0 in smoke tests
• Add test coverage for get_file_blame tool routing
• Verify cursor-paginated dependabot alerts work with jq middleware

References

• MCP version used is not the latest v1.3.0 which has a bug fix for list-dependabot-alerts tool gh-aw#39649 (upgrade request)
• GitHub MCP Server v1.3.0 release notes
• Annotate read tools with ifc labels github-mcp-server#2671 (IFC label annotations)
• feat: implement cursor pagination for dependabot alerts github-mcp-server#2651 (dependabot pagination fix)