Support GitHub MCP Server v1.3.0: PR commits routing, get_file_blame spec, and guard docs

[Copilot]

Gateway-side changes to support GitHub MCP Server v1.3.0. MCPG's internal IFC label assignment is kept independent of any server-side IFC annotations the MCP server may add.

Proxy router: pull_request_read get_commits method

Added route for the new get_commits sub-method introduced in v1.3.0:

GET /repos/{owner}/{repo}/pulls/{pull_number}/commits
→ pull_request_read { method: "get_commits", owner, repo, pullNumber }

PR commits use the same PR-level resource labels as other pull_request_read sub-methods — PR facts lookup (merge status, author association, fork lineage) provides the correct integrity bound.

Guard docs: get_file_blame

get_file_blame was already implemented in tool_rules.rs with identical secrecy/integrity semantics to get_file_contents (including sensitive-path escalation). Added it explicitly to INTEGRITY_TAG_SPEC.md Resource and Response Label Rules tables to close the spec/impl gap.

INTEGRITY_TAG_SPEC.md clarifications

• get_file_blame added to both label rule tables alongside get_file_contents
• Added a notes entry documenting that all pull_request_read sub-methods (get_commits, get_files, get_reviews, get_review_comments, get_check_runs, etc.) fall through to PR-level resource labels rather than per-item response labeling
• Updated response_items.rs comment to explicitly list get_commits among the handled sub-methods

What requires no gateway changes

• Rate limit error pass-through (MCP server v1.3.0 improvement): gateway already forwards these transparently
• Cursor-paginated dependabot alerts: jq middleware handles paginated responses without tool-specific changes

[Copilot]

Pull request overview

This PR updates MCP Gateway’s GitHub proxy routing and guard documentation to support GitHub MCP Server v1.3.0 additions, while keeping gateway-side IFC label assignment independent of any server-side annotations.

Changes:

• Add REST proxy routing for PR commits: GET /repos/{owner}/{repo}/pulls/{pull_number}/commits → pull_request_read { method: "get_commits", ... }.
• Add/extend unit test coverage to ensure the new PR commits route matches and produces the expected guard tool args.
• Close spec/implementation gaps in guard docs by explicitly documenting get_file_blame alongside get_file_contents, and clarifying PR sub-method labeling behavior.

Show a summary per file

File	Description
internal/proxy/router.go	Adds a route mapping for PR commits to pull_request_read with method: get_commits.
internal/proxy/proxy_coverage_test.go	Adds a route-matching test case for /pulls/{n}/commits.
guards/github-guard/rust-guard/src/labels/response_items.rs	Updates comment to include get_commits among PR sub-methods that skip per-item response labeling.
guards/github-guard/docs/INTEGRITY_TAG_SPEC.md	Documents get_file_blame labeling parity with get_file_contents and clarifies PR sub-method labeling behavior in notes.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 0