fix: widen gateway.domain validation to accept RFC-1123 topology hostnames#8044
Merged
Conversation
…names
The `gateway.domain` validator rejected any resolved value that wasn't
exactly `localhost`, `host.docker.internal`, or a `${VAR}` expression.
This blocked the network-isolation topology mode (gh-aw v0.81.2+) where
`MCP_GATEWAY_DOMAIN` is set to the container hostname `awmg-mcpg`.
Changes:
- Add `domainHostnamePattern` regex for RFC-1123 single-label hostnames
(e.g. `awmg-mcpg`, `my-service`) to `validation_schema.go`
- Update `validateStringPatterns` to also accept RFC-1123 single-label
hostnames after env-var expansion
- Update error message to mention topology hostname as a valid form
- Switch embedded JSON schema `domain.oneOf` → `anyOf` (avoids
`localhost` matching both the enum and new hostname pattern) and add
a third branch for RFC-1123 single-label hostnames
- Update description in the JSON schema to document the new form
- Add `awmg-mcpg` topology hostname test cases to:
- `validation_schema_test.go` (TestValidateJSONSchema + TestValidateStringPatterns)
- `validation_string_patterns_test.go` (TestValidateStringPatternsComprehensive)
- Update the existing error-message assertion for the `"invalid domain -
other string"` test case to match the new message
Closes #8043
Restore the original ^\\$\\{...\\}$ escaping for the variable expression
branch of gateway.domain in the JSON schema. The escaping was inadvertently
simplified to ^\\${...}$ during Python-based JSON serialization; restoring
it to match the upstream schema form for clarity and ECMA 262 compatibility.
Copilot
AI
changed the title
[WIP] Fix gateway domain validation for network-isolation topology
fix: widen gateway.domain validation to accept RFC-1123 topology hostnames
Jun 24, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes gateway startup failures in network-isolation topology mode by widening gateway.domain validation to allow RFC-1123 single-label container hostnames (e.g., awmg-mcpg) after ${MCP_GATEWAY_DOMAIN} expansion.
Changes:
- Extend Go-side
validateStringPatternsdomain validation to accept RFC-1123 single-label hostnames via a newdomainHostnamePattern. - Update the embedded JSON schema to validate
gateway.domainusinganyOfand a new RFC-1123 single-label hostname pattern branch. - Add regression tests covering
awmg-mcpgat both the schema-validation and Go pattern-validation layers, and update the expected error-message substring.
Show a summary per file
| File | Description |
|---|---|
| internal/config/validation_string_patterns_test.go | Adds comprehensive pattern-validation test cases accepting topology-style single-label hostnames. |
| internal/config/validation_schema.go | Introduces domainHostnamePattern and expands gateway.domain validation/error messaging to allow RFC-1123 single-label hostnames. |
| internal/config/validation_schema_test.go | Adds schema + Go-layer regression tests for domain: "awmg-mcpg" and updates the error message assertion. |
| internal/config/schema/mcp-gateway-config.schema.json | Switches domain from oneOf to anyOf, adds RFC-1123 single-label hostname pattern branch, and updates the field description. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In network-isolation topology mode (gh-aw v0.81.2+),
MCP_GATEWAY_DOMAINis set to a container hostname likeawmg-mcpg. Although${MCP_GATEWAY_DOMAIN}is schema-valid, the validator re-runs post-expansion against the same narrow enum, so the resolved literalawmg-mcpgis rejected and the gateway aborts on startup.Changes
validation_schema.go— AdddomainHostnamePattern(^[a-z0-9]([a-z0-9-]*[a-z0-9])?$) and accept RFC-1123 single-label hostnames invalidateStringPatternsalongside the existinglocalhost/host.docker.internal/${VAR}forms. Updated error message accordingly.schema/mcp-gateway-config.schema.json— Switchdomain.oneOf→anyOf(required becauselocalhostmatches both the enum branch and the new hostname pattern) and add a third branch for RFC-1123 single-label hostnames. Updated field description.validation_schema_test.go/validation_string_patterns_test.go— Add regression cases forawmg-mcpgat both the JSON-schema validation layer and the GovalidateStringPatternslayer; update the existing error-message assertion.After this fix, the following config passes validation where it previously aborted:
{ "gateway": { "port": 8080, "domain": "awmg-mcpg", "agentId": "${MCP_GATEWAY_AGENT_ID}" } }