* carry over from #1863

* remove unused inv

* update toolsnap

---------

Co-authored-by: Sam Morrow <info@sam-morrow.com>

* remove claude web

* Change list workflow runs to allow empty resource id to list all runs in repo (#1682)

* change list workflow runs to allow empty resource id to list all runs in repo

* update docs

* build(deps): bump actions/github-script from 7 to 8

Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update README.md to hyperlink Open AI Codex installation guide

This guide was already added as part of #1340. Update README.md to point to this

* docs: add Docker image name to Prerequisites section

Add explicit Docker image URL (ghcr.io/github/github-mcp-server) to the
Prerequisites section for better discoverability.

Fixes #1505

Signed-off-by: majiayu000 <1835304752@qq.com>

* fix: use gh pr checkout to handle fork PRs in license-check workflow

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* refactor: use consistent snake_case for issue_number parameter

Change the parameter name in assign_copilot_to_issue tool from
'issueNumber' (camelCase) to 'issue_number' (snake_case) to match
the naming convention used by all other tools in the issues toolset.

This improves API consistency and makes the tool parameters more
predictable for users and AI models.

Fixes #1239

Signed-off-by: majiayu000 <1835304752@qq.com>

* docs: regenerate README after parameter rename

Update auto-generated documentation to reflect the issueNumber -> issue_number
parameter rename in assign_copilot_to_issue tool.

* Add API Error annotations to GitHub issue errors (#1566)

* Add API Error annotations to GitHub issue errors

* Return an error back.

---------

Co-authored-by: Matt Holloway <mattdholloway@github.com>

* add docs for Rovo Dev CLI installation

* fix: filterToolsByName returns all matching tools for feature flag filtering

When multiple tools share the same name but have different feature flags
(like GetJobLogs and ActionsGetJobLogs both named "get_job_logs"),
filterToolsByName was only returning the first match. This caused the
remote server to fail with "unknown tool" error when the first matching
tool was disabled by feature flags, even though another variant was enabled.

The fix modifies filterToolsByName to return ALL tools with matching names,
allowing the feature flag filtering in AvailableTools to select the correct
variant based on the enabled flags.

Fixes #1714

Signed-off-by: majiayu000 <1835304752@qq.com>

* exclude tools requiring ff from docs

* refactor docs toolset gen

* Update cmd/github-mcp-server/generate_docs.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update cmd/github-mcp-server/generate_docs.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Improvements to push_files tool (#1676)

* Fallback to default branch in get_file_contents when main doesn't exist

* Addressing review comments

* Improvements to push_files tool

* Fixed copilot comments

* Addressing review comments

* Remove debug statement

* Add scopes package and update ServerTool struct with scope fields

- Created pkg/scopes package with OAuth scope constants
- Added RequiredScopes and AcceptedScopes fields to ServerTool
- Added NewToolWithScopes helpers in dependencies.go
- Updated context tools (get_me, get_teams, get_team_members) with scopes

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Update most tools with OAuth scope information

- Updated 60+ tools with required and accepted OAuth scopes
- Added scopes to: gists, git, notifications, projects, code scanning,
  dependabot, secret scanning, security advisories, actions, discussions,
  issues (partial), labels, pull requests (partial), repositories (partial), search (partial)
- Remaining: ~20 tools in issues, pullrequests, repositories, and search files

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Complete OAuth scope implementation for all tools

- Updated all remaining tools with OAuth scope information
- Added scope documentation generation to generate-docs command
- Documentation now shows Required and Accepted OAuth scopes for each tool
- All 100+ tools now have scope information defined
- Tests pass, linter passes, documentation generated successfully

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Simplify scope implementation per feedback

- Replace NewToolWithScopes with updated NewTool that includes scope parameters
- All tools now use the same constructor with explicit scope requirements
- Documentation only shows accepted scopes when they differ from required
- Removed NewToolWithScopes and NewToolFromHandlerWithScopes helper functions

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* refresh readme after rebase

* Add scope hierarchy and auto-derive accepted scopes

- Add ScopeHierarchy map defining parent-child scope relationships
- Add ExpandScopes() function to derive accepted scopes from required scopes
- Update NewTool/NewToolFromHandler to take []scopes.Scope and auto-derive AcceptedScopes
- Add new scope constants: NoScope, User, ReadUser, UserEmail, ReadPackages, WritePackages
- Update all tool files to use new signature with typed scopes
- Add comprehensive tests for ExpandScopes

The scope hierarchy allows automatic derivation of accepted scopes:
- repo → public_repo, security_events
- admin:org → write:org → read:org
- project → read:project
- write:packages → read:packages
- user → read:user, user:email

This enables the remote server to consume scope info directly from OSS tools.

* refres readme after update

* Use repo scope for star/unstar tools instead of public_repo

public_repo is implicit - the GitHub API handles the distinction between
public and private repos. Using repo as the required scope is more
consistent with our enforcement model:
- PATs: tools visible if token has repo scope
- OAuth: scope challenge requests repo scope

* Fix conflict and regenerate docs after rebase

* Sort scope slices for deterministic output

Map iteration in Go is non-deterministic, which causes doc generation
to produce different output on each run. Sort the scope slices in:
- ScopeSet.ToSlice()
- ScopeSet.ToStringSlice()
- ExpandScopes()

* Add PAT scope filtering for stdio server

Add the ability to filter tools based on token scopes for PAT users.
This uses an HTTP HEAD request to GitHub's API to discover token scopes.

New components:
- pkg/scopes/filter.go: HasRequiredScopes checks if scopes satisfy tool requirements
- pkg/scopes/fetcher.go: FetchTokenScopes gets scopes via HTTP HEAD to GitHub API
- pkg/github/scope_filter.go: CreateScopeFilter creates inventory.ToolFilter

Integration:
- Add --filter-by-scope flag to stdio command (disabled by default)
- When enabled, fetches token scopes on startup
- Tools requiring unavailable scopes are hidden from tool list
- Gracefully continues without filtering if scope fetch fails (logs warning)

This allows the OSS server to have similar scope-based tool visibility
as the remote server, and the filter logic can be reused by remote server.

* Enable scope filtering by default

* Make scope filtering always enabled (remove flag)

Scope filtering is now a built-in feature rather than a configurable option.
The server automatically fetches token scopes at startup and filters tools
accordingly. If scope detection fails, it logs a warning and continues with
all tools available.

* Only check scopes for classic PATs (ghp_ prefix)

- Scope filtering only applies to classic PATs which return X-OAuth-Scopes
- Fine-grained PATs and other token types skip filtering (all tools shown)
- Updated docs to clarify PAT filtering vs OAuth scope challenges

* Remove manual scope-to-tools table from docs

The README already has auto-generated tool documentation with scopes.
Keep only the scope hierarchy explanation which is structural.

* Update pkg/scopes/filter.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Document that GitHub App and server-to-server tokens are not filtered

* Add tip about editing PAT scopes in GitHub UI

* Remove empty filter.go and document OAuth scope challenges

* Fix server-configuration.md scope filtering description

* Mention OAuth scope challenges in server-configuration.md

* Don't filter read-only repo tools (work on public repos without scope)

* Document public repo access quirk for read-only tools

* Replace go-github-mock with stretchr/testify for actions/issues/projects tests (#1737)

* Initial plan

* migrate tests from go-github-mock to internal testify-based mock

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* address feedback in testmock helper

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* tweak testmock path matching edge case

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* refine testmock options and path matching

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* simplify matchPath and document delete endpoint

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* Replace go-github-mock usage in tests with shared HTTP mock helper

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* Replace go-github-mock usage in tests with shared HTTP mock helper

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* fix tests and lint after mock cleanup

Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>

* Remove import completely

* Partial removal in repositories_test.go

* Final removal

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>
Co-authored-by: JoannaaKL <joannaakl@github.com>

* initial projects consolidation

* update tool aliases

* hold-bac feature flag

* update docs

* revert "hold-bac feature flag"

* fix project tools to add scope to newtool init

* add http resp code checking for getProjectItem

* update tests to use new mock pattern

* Update command instructions for terminal usage

Clarified instructions to run commands in the terminal instead of Claude Code CLI.

* Fix nil pointer dereference in completion handler

The CompleteParams.Context field is optional (marked omitempty) and can be
nil when clients don't send it. The code was accessing Context.Arguments
directly without checking if Context was nil first, causing a panic.

This fix adds a nil check for Context before accessing Arguments.

* updated (#1756)

* Add list-scopes command using inventory architecture

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Add list_scopes.go implementation file

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Refactor formatToolsetName to shared helper function

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Add helpers.go with shared formatToolsetName function

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Add formatScopeDisplay helper and improve empty scope handling

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Update Claude Code installation command to use add-json format for v2.1.1+

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Use default scope in examples and clarify --scope flag is optional

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* bug fix (#1775)

* Bringing back local mcp server registry config (#1767)

* Bringing back local mcp server registry config

* Making auth header optional

* Update automation to use toolset IDs instead of display names

The generate-docs command now outputs toolset IDs (e.g., `actions`, `code_security`)
wrapped in backticks instead of display names (e.g., "Actions", "Code Security").

This ensures the manual changes from PR #1756 persist when the docs are regenerated,
fixing the issue where users need to configure the actual toolset ID, not the display name.

Changes:
- Modified generateRemoteToolsetsDoc() to use `idStr` instead of `formattedName()`
- Modified generateRemoteOnlyToolsetsDoc() to use `idStr` instead of `formattedName()`
- Both functions now wrap the toolset ID in backticks for clarity

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Fix resource handler to use deps from context

The RepositoryResourceContentsHandler was using closure-captured deps
instead of retrieving them from context at call time. This causes issues
on the remote server which injects per-request deps via context.

Changed to use MustDepsFromContext(ctx) pattern consistent with tool
handlers in NewTool and NewToolFromHandler.

* fix: keep all resources registered for resources/read requests

The ForMCPRequest optimization was incorrectly filtering resources by
doing an exact string match between the URI template pattern and the
concrete URI. This would never match because templates like
'repo://{owner}/{repo}/contents{/path*}' don't match concrete URIs
like 'repo://owner/repo/contents/file.py'.

Instead of implementing template matching in the inventory, we simply
keep all resources registered for resources/read requests and let the
SDK handle URI template matching internally (which it already does
correctly via uritemplate.Regexp().MatchString()).

This fixes resources/read returning 'Resource not found' for valid URIs.

* chore: remove unused filterResourcesByURI function

* Add base_ref support to assign_copilot_to_issue tool

- Add optional base_ref parameter to tool schema
- Change from replaceActorsForAssignable to updateIssue mutation with agentAssignment
- Add AgentAssignmentInput and UpdateIssueInput structs for new GraphQL mutation
- Update all tests to use new mutation structure
- Add test case for base_ref functionality
- Update toolsnaps and documentation

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Add GraphQL-Features header support for agent assignment API

- Add context-based GraphQL feature flag support
- Modify bearerAuthTransport to read features from context and add GraphQL-Features header
- Use issues_copilot_assignment_api_support feature flag for updateIssue mutation
- Export GetGraphQLFeatures function for use in HTTP transport layer

This allows the assign_copilot_to_issue tool to work with the non-GA agent assignment API
by sending the required GraphQL-Features header.

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Regenerate documentation TOCs

* chore: remove binary files

* Implement recursive JSON key sorting for toolsnaps

Sort all JSON object keys alphabetically at every level in toolsnaps by
unmarshaling and remarshaling. This leverages Go's built-in behavior where
json.Marshal automatically sorts map keys alphabetically, ensuring
consistent field ordering and eliminating noop churn in diffs.

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Regenerate toolsnaps with deterministic sorting

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Add test for struct field ordering in toolsnaps

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Bug fix: invalid tool should error out (#1776)

* get it working

* clean up approach by moving cleantools inside builder, this simplifies remote server too

* add tests for trimming and deduplication

* error out in the builder if there are unrecognized tools

---------

Co-authored-by: Sam Morrow <info@sam-morrow.com>

* Add custom_instructions parameter to assign_copilot_to_issue tool

- Added optional custom_instructions parameter to tool schema
- Updated implementation to pass custom instructions to agent assignment
- Added test case to verify custom_instructions works correctly
- Updated toolsnaps and documentation

The custom_instructions parameter allows users to provide additional
context, constraints, or guidance to the Copilot agent beyond what's
in the issue body, addressing the issue where additional context
would otherwise be lost.

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Fix dismiss_notification to accept HTTP 204 No Content response

- Add http.StatusNoContent (204) to the list of accepted success status codes
- Add test case for 204 response when marking notification as done
- Retain existing test for 200 response for backwards compatibility

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* adding feature flag on dependency level (#1801)

* wip injecting ff function into tool as dep

* remove debug

* fix linter

* add better test

* adding compile time check

* move experimental to seperate config/ff value

* adding test var

* fixing test

* adding flag and possibility to call feature checker

* fixing name

* feat: poll for linked PR after assigning Copilot to issue

Enhances the assign_copilot_to_issue tool to automatically poll for
the PR created by the Copilot coding agent after assignment.

Changes:
- Add findLinkedCopilotPR() to query issue timeline for CrossReferencedEvent
  items from PRs authored by copilot-swe-agent
- Add polling loop (9 attempts, 1s delay) matching remote server latency
- Return structured JSON with PR details when found, or helpful note otherwise
- Add PollConfig for configurable polling (used in tests to disable)
- Add GraphQLFeaturesTransport for feature flag header support

The returned response now includes:
- issue_number, issue_url, owner, repo
- pull_request object (if found during polling)
- Note with instructions to use get_copilot_job_status if PR not yet created

* fix: filter PRs by timestamp to avoid returning stale results

When polling for a linked PR after assigning Copilot to an issue,
we now capture the assignment time before the mutation and filter
to only return PRs created after that time. This prevents the tool
from incorrectly returning old PRs from previous Copilot assignments.

* fix: remove tool name reference from pending note message

* fix: address review feedback

- Document GraphQLFeaturesTransport is for library consumers
- Convert githubv4.Int/String to native Go types in result map
- Remove misleading log comment since tool handlers lack logger access

* refactor: use GraphQLFeaturesTransport internally

Replace inline GraphQL-Features header logic in bearerAuthTransport with
the exported GraphQLFeaturesTransport. This removes code duplication and
ensures the transport is actually used, not just exported.

* feat: add progress notifications during PR polling in assign_copilot_to_issue

Add MCP progress notifications during the PR polling loop to provide
real-time status updates while waiting for Copilot to create a PR.

Changes:
- Use the request parameter to access the ServerSession for notifications
- Send an initial progress notification when polling starts
- Send progress updates on each polling attempt with attempt count
- Only send notifications when progressToken is provided by the client

This aligns with the behavior in create_pull_request_with_copilot tool
and improves the user experience during the waiting period.

* Add default label to all new issues (#1828)

* Add default label to all new issues

* Run on all issues

* Update .github/workflows/issue-labeler.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update .github/workflows/issue-labeler.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* build(deps): bump github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0 (#1798)

* build(deps): bump github.com/go-viper/mapstructure/v2

Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](go-viper/mapstructure@v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: regenerate license files

Auto-generated by license-check workflow

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: JoannaaKL <joannaakl@github.com>

* Add tool search CLI (#1839)

* Add tool search CLI

* Update comments

* Update docs

* Generate docs

* Dont document other commands

* Licenses

* chore: regenerate license files

Auto-generated by license-check workflow

* Try to unlock checks

* generate docs

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Build full package in Dockerfile to include all commands (#1844)

* Pin go-licenses to v2.0.1 for reproducible builds

Fixes code scanning alerts #10 and #11 by removing the @latest
version for local development and using the pinned v2.0.1 version
consistently across all environments.

This ensures deterministic builds and addresses the CWE-494
'Download of Code Without Integrity Check' security concern.

* Build full package in Dockerfile to include all commands

* Add -t option to docker run command

* Update README.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* initial OSS insiders docs (#1857)

* Update consolidated projects tools: make owner_type optional and fix add_project_item

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

Fix tests and update toolsnaps for consolidated projects tools

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>

* Address PR review feedback

- Extract dual-fetch logic into listProjectsFromBothOwnerTypes helper
- Rename addProjectItemWithResolution to addProjectItem (old function removed)
- Add GraphQL test coverage for add_project_item using githubv4mock
- Tests cover both org/issue and user/pull_request success paths

* ci: use mcp-conformance-action for conformance tests

Replace custom script/conformance-test with the reusable
mcp-conformance-action GitHub Action. This provides:

- Standardized MCP conformance testing across all MCP servers
- Automatic comparison between PR branch and merge-base
- Support for multiple configurations with different flags
- Custom message support for dynamic toolset testing
- Detailed conformance reports with timing comparisons
- Artifact upload for test results

All 16 original test configurations are preserved including
the dynamic tool call tests for toolset management.

Action: https://github.com/marketplace/actions/mcp-conformance-test
Related: #1826

* fix: use correct action input names

* fix: address review feedback

- Use checkout@v6 for consistency with other workflows
- Pin mcp-conformance-action to SHA for security

* fix: update action SHA to include subshell fix

* fix: update action SHA to include stderr logging

* chore: use immutable semver tag v1.4.0

* chore: update mcp-conformance-action to v1.4.1

* chore: update mcp-conformance-action to v1.4.2

Fixes step summary size limit issue by excluding full stderr logs from
the markdown report. Logs are still available in the uploaded artifact.

* chore: update mcp-conformance-action to v1.4.3

Removes embedded JSON schemas from report to stay under GitHub's 1MB
step summary limit. Full data is still available in the artifact.

* chore: update mcp-conformance-action to v1.4.4

Removes stderr log capture entirely for cleaner output and smaller artifacts.

* chore: update mcp-conformance-action to v1.4.6

Uses named pipes for reliable server startup detection instead of
a blind sleep, fixing intermittent failures on slow startup.

* ci: update to mcp-conformance-action@v2.0.0

* chore: update conformance action to v2.0.1 with transport fix

* chore: update conformance action to v2.0.2 with Zod schema fix

Fixes custom message validation error:
'v3Schema.safeParse is not a function'

* ci: upgrade mcp-conformance-action to v2.2.0

v2.2.0 adds automatic HTTP server lifecycle management and
improved documentation for transport configuration.

* chore: update mcp-conformance-action to v2.3.0

* chore: update mcp-conformance-action to v2.3.2

* chore: update mcp-conformance-action to v2 for security fixes

* Rename to mcp-diff.yml (action renamed to mcp-server-diff)

* Rename workflow for mcp-server-diff action

* Fix mcp-diff workflow triggers

Add push triggers to run on:
- Pushes to main branch (catches merges)
- Tag pushes (v*) for release comparisons against previous tags

The pull_request trigger alone doesn't run when commits are pushed
to PR branches via merge or direct push. Adding push triggers ensures
the diff runs in all expected scenarios.

* Generate server instructions in Inventory (#1869)

* carry over from #1863

* remove unused inv

* update toolsnap

---------

Co-authored-by: Sam Morrow <info@sam-morrow.com>

* default to consolidated actions/projects toolsets and add hold back flag

* update docs

* docs update (2)

* chore: remove unused github.com/fatih/color

* chore: workaround LF for Windows

* Fix typo in OpenAI Codex installation guide link

* Update Go version requirement in mcpcurl to 1.24

* docs: add Windows notes for Claude MCP HTTP setup

Add a Windows/CLI note that `claude mcp add-json` may return "Invalid input"
when adding an HTTP server, and point users to the legacy `claude mcp add
--transport http ...` format.

Also add a Windows (PowerShell) example for the legacy command when the CLI
expects the MCP server name immediately after `claude mcp add`.

* remove old flags

* adding correct insiders-mode name

* fix naming

* Fix generateInstructions to use only enabled toolsets

Previously, generateInstructions() iterated over AvailableToolsets() which
returns all toolsets that have tools defined, rather than only the enabled
toolsets based on WithToolsets() configuration.

This caused instructions for all toolsets to be included regardless of which
toolsets were actually enabled, leading to bloated instructions (e.g., 5886
chars vs 1226 chars when only 'repos' toolset is enabled).

Changes:
- Add EnabledToolsets() method to return only enabled toolset metadata
- Update generateInstructions() to use EnabledToolsets()
- Add regression test for the fix

Fixes #1897

* Update mcp-server-diff action to v2.2.0

Updates to v2.2.0 which includes server instructions diff support for
detecting issues like #1897.

* Add more toolset configurations to mcp-diff workflow

Add toolsets-context and toolsets-issues,context configurations to
improve test coverage for instruction generation with different
toolset combinations.

* build(deps): bump SamMorrowDrums/mcp-server-diff from 2.2.0 to 2.3.5

Bumps [SamMorrowDrums/mcp-server-diff](https://github.com/sammorrowdrums/mcp-server-diff) from 2.2.0 to 2.3.5.
- [Release notes](https://github.com/sammorrowdrums/mcp-server-diff/releases)
- [Commits](SamMorrowDrums/mcp-server-diff@v2.2.0...v2.3.5)

---
updated-dependencies:
- dependency-name: SamMorrowDrums/mcp-server-diff
  dependency-version: 2.3.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump golang from 1.25.4-alpine to 1.25.6-alpine

Bumps golang from 1.25.4-alpine to 1.25.6-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.6-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* add line length truncate buffer

* consolidate buffer logic

* Refactor buffer processing for clarity and add edge case tests

- Extract storeLine() and accumulate() helper closures to eliminate
  duplicated line processing and truncation logic
- Simplify main loop by using early return pattern (newlineIdx < 0 -> break)
- Add test for empty response body edge case
- Add test for exact maxLineSize boundary condition (10MB)

The refactored code reduces nesting and makes the flow clearer:
accumulate handles byte collection with truncation detection,
storeLine handles ring buffer storage with truncation markers.

* docs: add Copilot CLI installation guide

* Update docs/installation-guides/install-copilot-cli.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @GeekTrainer

* adding trailing slash to uploads url (#1947)

* replace context.Background() (#1948)

* Initial plan

* Remove leftover conflict markers from actions.go

Co-authored-by: mattdholloway <918573+mattdholloway@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: tommaso-moro <tommaso-moro@github.com>
Co-authored-by: Matt Holloway <mattdholloway@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: s-sanjay <7111850+s-sanjay@users.noreply.github.com>
Co-authored-by: majiayu000 <1835304752@qq.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Co-authored-by: Adam Holt <omgitsads@github.com>
Co-authored-by: Kun Chen <kchen6@atlassian.com>
Co-authored-by: Matt Holloway <mattdholloway@pm.me>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Ksenia Bobrova <almaleksia@github.com>
Co-authored-by: Sam Morrow <info@sam-morrow.com>
Co-authored-by: JoannaaKL <67866556+JoannaaKL@users.noreply.github.com>
Co-authored-by: JoannaaKL <joannaakl@github.com>
Co-authored-by: Florian Grousset <floriangrousset@users.noreply.github.com>
Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>
Co-authored-by: Oleksandr Redko <oleksandr.red+github@gmail.com>
Co-authored-by: Tony Truong <tonytrg@github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Sam Morrow <sammorrowdrums@github.com>
Co-authored-by: Lee Reilly <lee@github.com>
Co-authored-by: Jason <loktar00@gmail.com>
Co-authored-by: Christopher Harrison <geektrainer@github.com>
Co-authored-by: Roberto Nacu <kerobbi@github.com>
Co-authored-by: mattdholloway <918573+mattdholloway@users.noreply.github.com>