Add trustedBots field to MCP Gateway spec, schema, and frontmatter

[Copilot]

No way existed to share an allowlist of additional GitHub bot identities with the MCP Gateway. This adds trustedBots to the gateway configuration as a pure config-passing mechanism: workflow authors declare it in frontmatter, and the compiler translates it into the trustedBots array in the generated gateway config. The field is additive — it extends the gateway's own built-in trusted identity list and cannot remove entries from it.

Schema (gatewayConfig)

New optional trustedBots: array[string] field in both schema files (pkg/workflow/schemas/ and docs/public/schemas/). When present, must be a non-empty array of non-empty strings.

{
  "gateway": {
    "port": 8080,
    "domain": "localhost",
    "apiKey": "${MCP_GATEWAY_API_KEY}",
    "trustedBots": [
      "github-actions[bot]",
      "copilot-swe-agent[bot]"
    ]
  }
}

Frontmatter (workflow authors)

Workflow authors configure trustedBots via sandbox.mcp.trusted-bots in the workflow frontmatter (both kebab-case trusted-bots and camelCase trustedBots keys are accepted):

sandbox:
  mcp:
    trusted-bots:
      - github-actions[bot]
      - copilot-swe-agent[bot]

The compiler extracts this field and includes it in the trustedBots array of the gateway section in the generated MCP config file.

Go code

• tools_types.go — TrustedBots []string added to MCPGatewayRuntimeConfig
• frontmatter_extraction_security.go — extractMCPGatewayConfig extracts trusted-bots/trustedBots
• mcp_gateway_config.go — buildMCPGatewayConfig propagates TrustedBots
• mcp_renderer.go — renders trustedBots as a JSON array in the gateway section

Spec (mcp-gateway.md) — bumped to v1.9.0

• §4.1.3 table — trustedBots row added (additive, cannot remove built-in entries)
• §4.1.3.4 (new) — config-passing behavior, requirements, gateway config example, and frontmatter example
• §7.5 (new) — describes trustedBots as a config-passing mechanism from frontmatter to gateway config
• §10.1.4 — compliance test T-AUTH-006 (trusted bot identity configuration)

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

[lpcox]

@copilot make it clear that this list is additive, i.e., it cannot remove the list of trusted bots that the gateway maintains internally.

[Copilot]

@copilot make it clear that this list is additive, i.e., it cannot remove the list of trusted bots that the gateway maintains internally.

Updated in cc60fe7. The spec (§4.1.3 table, §4.1.3.4, §7.5) and both schema descriptions now explicitly state that trustedBots is additive — it is merged with the gateway's built-in internal trusted identity list and cannot remove entries from it.

[lpcox]

@copilot remove any support for X-GitHub-Actor request header, independent of API key authentication. This is only for sharing a list of trusted bots with the gateway via config. Also make sure that this config param can be set by agentic workflow authors in teh front matter and that the renderer will take frontmatter config and translate it into mcp-gateway config

[Copilot]

@copilot remove any support for X-GitHub-Actor request header, independent of API key authentication. This is only for sharing a list of trusted bots with the gateway via config. Also make sure that ...

Done in 80d9f1e.

• Removed all X-GitHub-Actor HTTP header logic from the spec (§4.1.3.4, §7.5, §10.1.4, changelog) and both schemas. trustedBots is now described purely as a config-passing mechanism.
• Added TrustedBots []string to MCPGatewayRuntimeConfig and wired the full path: sandbox.mcp.trusted-bots in frontmatter → extractMCPGatewayConfig → buildMCPGatewayConfig → gateway JSON trustedBots array in the rendered MCP config file.
• Both camelCase (trustedBots) and kebab-case (trusted-bots) frontmatter keys are accepted.

[lpcox]

@pelikhan let me know if this looks ok to you

[pelikhan]

There is already a top-level bot field in the frontmatter. We could rename it to trustedBots.

[pelikhan]

I will review it and merge it with the existing frontmatter later if you want.

[lpcox]

@pelikhan OK, that's fine. The main thing is that it should be clear that the list is additive. I'd also prefer trusted-bots since it's a bit more descriptive. thanks!