Merge branch 'main' into dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.4.1

Signed-off-by: Rizwan <azrizwanm@gmail.com>

Author: ruhdevops

.circleci/config.yml

@@ -0,0 +1,31 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/reference/configuration-reference
+version: 2.1
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/guides/orchestrate/jobs-steps/#jobs-overview & https://circleci.com/docs/reference/configuration-reference/#jobs
+jobs:
+  say-hello:
+    # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/guides/execution-managed/executor-intro/ & https://circleci.com/docs/reference/configuration-reference/#executor-job
+    docker:
+      # Specify the version you desire here
+      # See: https://circleci.com/developer/images/image/cimg/base
+      - image: cimg/base:current
+
+    # Add steps to the job
+    # See: https://circleci.com/docs/guides/orchestrate/jobs-steps/#steps-overview & https://circleci.com/docs/reference/configuration-reference/#steps
+    steps:
+      # Checkout the code as the first step.
+      - checkout
+      - run:
+          name: "Say hello"
+          command: "echo Hello, World!"
+
+# Orchestrate jobs using workflows
+# See: https://circleci.com/docs/guides/orchestrate/workflows/ & https://circleci.com/docs/reference/configuration-reference/#workflows
+workflows:
+  say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow.
+    # Inside the workflow, you define the jobs you want to run.
+    jobs:
+      - say-hello

.github/prompts/bug-report-review.prompt.yml

@@ -5,26 +5,38 @@ messages:
 
       Your job is to analyze bug reports and assess their completeness.
 
+      **CRITICAL: Detect unfilled templates**
+      - Flag issues containing unmodified template text like "A clear and concise description of what the bug is"
+      - Flag placeholder values like "Type this '...'" or "View the output '....'" that haven't been replaced
+      - Flag generic/meaningless titles (e.g., random words, test content)
+      - These are ALWAYS "Missing Details" even if the template structure is present
+
       Analyze the issue for these key elements:
-      1. Clear description of the problem
+      1. Clear description of the problem (not template text)
       2. Affected version (from running `docker run -i --rm ghcr.io/github/github-mcp-server ./github-mcp-server --version`)
-      3. Steps to reproduce the behavior
-      4. Expected vs actual behavior
+      3. Steps to reproduce the behavior (actual steps, not placeholders)
+      4. Expected vs actual behavior (real descriptions, not template text)
       5. Relevant logs (if applicable)
 
       Provide ONE of these assessments:
 
       ### AI Assessment: Ready for Review
-      Use when the bug report has most required information and can be triaged by a maintainer.
+      Use when the bug report has actual information in required fields and can be triaged by a maintainer.
 
       ### AI Assessment: Missing Details
-      Use when critical information is missing (no reproduction steps, no version info, unclear problem description).
+      Use when:
+      - Template text has not been replaced with actual content
+      - Critical information is missing (no reproduction steps, no version info, unclear problem description)
+      - The title is meaningless or spam-like
+      - Placeholder text remains in any section
+      
+      When marking as Missing Details, recommend adding the "waiting-for-reply" label.
 
       ### AI Assessment: Unsure
       Use when you cannot determine the completeness of the report.
 
       After your assessment header, provide a brief explanation of your rating.
-      If details are missing, note which specific sections need more information.
+      If details are missing, be specific about which sections contain template text or need actual information.
   - role: user
     content: "{{input}}"
 model: openai/gpt-4o-mini

.github/prompts/default-issue-review.prompt.yml

@@ -5,24 +5,47 @@ messages:
 
       Your job is to analyze new issues and help categorize them.
 
+      **CRITICAL: Detect invalid or incomplete submissions**
+      - Flag issues with unmodified template text (e.g., "A clear and concise description...")
+      - Flag placeholder values that haven't been replaced (e.g., "Type this '...'", "....", "XXX")
+      - Flag meaningless, spam-like, or test titles (e.g., random words, nonsensical content)
+      - Flag empty or nearly empty issues
+      - These are ALWAYS "Missing Details" or "Invalid" depending on severity
+
       Analyze the issue to determine:
-      1. Is this a bug report, feature request, question, or something else?
-      2. Is the issue clear and well-described?
+      1. Is this a bug report, feature request, question, documentation issue, or something else?
+      2. Is the issue clear and well-described with actual content (not template text)?
       3. Does it contain enough information for maintainers to act on?
+      4. Is this potentially spam, a test issue, or completely invalid?
 
       Provide ONE of these assessments:
 
       ### AI Assessment: Ready for Review
-      Use when the issue is clear, well-described, and contains enough context for maintainers to understand and act on it.
+      Use when the issue is clear, well-described with actual content, and contains enough context for maintainers to understand and act on it.
 
       ### AI Assessment: Missing Details
-      Use when the issue is unclear, lacks context, or needs more information to be actionable.
+      Use when:
+      - Template text has not been replaced with actual content
+      - The issue is unclear or lacks context
+      - Critical information is missing to make it actionable
+      - The title is vague but the issue seems legitimate
+      
+      When marking as Missing Details, recommend adding the "waiting-for-reply" label.
+
+      ### AI Assessment: Invalid
+      Use when:
+      - The issue appears to be spam or test content
+      - The title is completely meaningless and body has no useful information
+      - This doesn't relate to the GitHub MCP Server project at all
+      
+      When marking as Invalid, recommend adding the "invalid" label and consider closing.
 
       ### AI Assessment: Unsure
       Use when you cannot determine the nature or completeness of the issue.
 
       After your assessment header, provide a brief explanation including:
-      - What type of issue this appears to be (bug, feature request, question, etc.)
+      - What type of issue this appears to be (bug, feature request, question, invalid, etc.)
+      - Which specific sections contain template text or need actual information
       - What additional information might be helpful if any
   - role: user
     content: "{{input}}"

.github/workflows/code-scanning.yml

@@ -35,6 +35,10 @@ jobs:
             category: /language:go
             build-mode: autobuild
             runner: '["ubuntu-22.04"]'
+          - language: javascript
+            category: /language:javascript
+            build-mode: none
+            runner: '["ubuntu-22.04"]'
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
@@ -74,6 +78,18 @@ jobs:
           go-version: ${{ fromJSON(steps.resolve-environment.outputs.environment).configuration.go.version }}
           cache: false
 
+      - name: Set up Node.js
+        if: matrix.language == 'go' || matrix.language == 'javascript'
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: ui/package-lock.json
+
+      - name: Build UI
+        if: matrix.language == 'go'
+        run: script/build-ui
+
       - name: Autobuild
         uses: github/codeql-action/autobuild@v4
 

.github/workflows/docker-publish.yml

@@ -46,7 +46,7 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0
+        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 #v4.1.0
         with:
           cosign-release: "v2.2.4"
 
@@ -70,7 +70,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -93,9 +93,15 @@ jobs:
           key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
 
       - name: Inject go-build-cache
+        uses: reproducible-containers/buildkit-cache-dance@5b81f4d29dc8397a7d341dba3aeecc7ec54d6361 # v3.3.0
         uses: reproducible-containers/buildkit-cache-dance@1b8ab18fbda5ad3646e3fcc9ed9dd41ce2f297b4 # v3.3.2
         with:
-          cache-source: go-build-cache
+          cache-map: |
+            {
+              "go-build-cache/apk": "/var/cache/apk",
+              "go-build-cache/pkg": "/go/pkg/mod",
+              "go-build-cache/build": "/root/.cache/go-build"
+            }
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action

.github/workflows/docs-check.yml

@@ -16,6 +16,16 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v6
 
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: "20"
+        cache: "npm"
+        cache-dependency-path: ui/package-lock.json
+
+    - name: Build UI
+      run: script/build-ui
+
     - name: Set up Go
       uses: actions/setup-go@v6
       with:

.github/workflows/go.yml

@@ -25,6 +25,17 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v6
 
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: ui/package-lock.json
+
+      - name: Build UI
+        shell: bash
+        run: script/build-ui
+
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
@@ -34,6 +45,7 @@ jobs:
         run: go mod tidy -diff
 
       - name: Run unit tests
+        shell: bash
         run: script/test
 
       - name: Build

.github/workflows/goreleaser.yml

@@ -16,6 +16,16 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v6
 
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: ui/package-lock.json
+
+      - name: Build UI
+        run: script/build-ui
+
       - name: Set up Go
         uses: actions/setup-go@v6
         with:

.github/workflows/license-check.yml

@@ -32,6 +32,16 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         run: gh pr checkout ${{ github.event.pull_request.number }}
 
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: ui/package-lock.json
+
+      - name: Build UI
+        run: script/build-ui
+
       - name: Set up Go
         uses: actions/setup-go@v6
         with:

.github/workflows/lint.yml

@@ -14,10 +14,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: ui/package-lock.json
+      - name: Build UI
+        run: script/build-ui
       - uses: actions/setup-go@v6
         with:
-          go-version: stable
+          go-version: '1.25'
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v9
         with:
-          version: v2.5
+          # sync with script/lint
+          version: v2.9