Smoke testing

[lpcox]

No description provided.

[Copilot]

Pull request overview

This pull request introduces the MCP Gateway specification and implements a significant architectural change to use containerized MCP servers through a gateway proxy instead of direct local command execution. The PR is titled "Smoke testing" which appears to be a placeholder or incomplete title.

Changes:

• Adds comprehensive MCP Gateway specification document (mcp-gateway.md) defining protocol translation, server isolation, authentication, and health monitoring for containerized MCP servers
• Refactors GitHub Actions workflow to use the new MCP gateway architecture with containerized servers instead of local command execution
• Updates tool schemas to make certain fields optional and adds new "missing_data" tool
• Includes development backup files that should not be in version control

Reviewed changes

Copilot reviewed 8 out of 11 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
mcp-gateway.md	New specification document for MCP Gateway defining architecture, configuration, protocol behavior, and compliance requirements
go.sum	Updated checksums for Go dependencies, adding many transitive dependencies
go.mod.bak	Backup file of go.mod that should not be committed
go.mod	Cleaned up indirect dependencies section
bak/go.sum	Backup copy of go.sum that should not be committed
bak/go.mod	Backup copy of go.mod that should not be committed
awmg-config.json	New MCP server configuration for safe-outputs using Node.js Alpine container
Makefile	Modified lint target to suppress golangci-lint failures for Go 1.25.0 compatibility
.github/workflows/smoke-copilot.lock.yml	Major refactoring to use MCP gateway with containerized servers, updated tool schemas with API changes, added new missing_data tool, improved security with proper permission scoping
.github/workflows/.github/aw/actions-lock.json	New actions lock file for versioning GitHub Actions
.gitattributes	Minor formatting change to merge strategy for lock files

Comments suppressed due to low confidence (6)

.github/workflows/smoke-copilot.lock.yml:773

• The awf command now includes the --enable-host-access flag, which allows the firewall container to access the host network. This is a security-sensitive change that expands the network access permissions. Ensure this flag is necessary for the MCP gateway to function properly and that its security implications are understood and acceptable.

          sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --mount /opt/gh-aw:/opt/gh-aw:ro --allow-domains '*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.10.0 \

.github/workflows/smoke-copilot.lock.yml:282

• The item_number field is no longer required (removed from the required array), and its description now states it can be omitted with automatic resolution from workflow context. This is a breaking API change that makes the field optional when it was previously required. Ensure that all consumers of this tool can handle cases where item_number is not provided, and that the automatic resolution logic is properly implemented and tested.

                    "description": "The issue, pull request, or discussion number to comment on. This is the numeric ID from the GitHub URL (e.g., 123 in github.com/owner/repo/issues/123). If omitted, the tool will attempt to resolve the target from the current workflow context (triggering issue, PR, or discussion).",
                    "type": "number"
                  }
                },
                "required": [
                  "body"

.github/workflows/smoke-copilot.lock.yml:783

• The GITHUB_MCP_SERVER_TOKEN environment variable has been removed from the agent execution environment. This token was previously available during agent execution but is now only passed to the MCP gateway. Verify that the agent and any tools it uses don't require direct access to this token, or if they need it, ensure they can obtain it through the MCP gateway instead.

          GITHUB_HEAD_REF: ${{ github.head_ref }}

.github/workflows/smoke-copilot.lock.yml:379

• A new "missing_data" tool has been added to the tool schema. This tool has no required fields, which may allow for incomplete or unclear reporting. Consider whether at least one of data_type, reason, context, or alternatives should be required to ensure the tool provides meaningful information when invoked.

            {
              "description": "Report that data or information needed to complete the task is not available. Use this when you cannot accomplish what was requested because required data, context, or information is missing.",
              "inputSchema": {
                "additionalProperties": false,
                "properties": {
                  "alternatives": {
                    "description": "Any workarounds, manual steps, or alternative approaches the user could take (max 256 characters).",
                    "type": "string"
                  },
                  "context": {
                    "description": "Additional context about the missing data or where it should come from (max 256 characters).",
                    "type": "string"
                  },
                  "data_type": {
                    "description": "Type or description of the missing data or information (max 128 characters). Be specific about what data is needed.",
                    "type": "string"
                  },
                  "reason": {
                    "description": "Explanation of why this data is needed to complete the task (max 256 characters).",
                    "type": "string"
                  }
                },
                "required": [],
                "type": "object"
              },
              "name": "missing_data"

.github/workflows/smoke-copilot.lock.yml:274

• The description field text has been significantly changed. The previous version mentioned "Comment content in Markdown" while the new version includes "This is the 'body' field - do not use 'comment_body' or other variations." This suggests there was confusion about field naming. The added clarification is helpful, but if this is an API contract change or if the field name itself has changed, this needs careful review to ensure backward compatibility.

                    "description": "The comment text in Markdown format. This is the 'body' field - do not use 'comment_body' or other variations. Provide helpful, relevant information that adds value to the conversation.",
                    "type": "string"

.github/workflows/smoke-copilot.lock.yml:331

• The tool field is no longer required (removed from the required array) and is now described as "Optional:" in the description. This is a breaking API change. The description also changes from requiring the tool name to making it optional while keeping the reason required. Verify that the tool implementation can handle cases where the tool field is not provided.

                    "description": "Optional: Name or description of the missing tool or capability (max 128 characters). Be specific about what functionality is needed.",
                    "type": "string"
                  }
                },
                "required": [
                  "reason"

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The section title "Optimal Temporary API Key" appears to contain a typo. This should likely be "Optional Temporary API Key" rather than "Optimal", as the context is about supporting temporary API keys as an optional feature.

Suggested change

	### 7.2 Optimal Temporary API Key
	### 7.2 Optional Temporary API Key

[Copilot]

Backup files like go.mod.bak should not be committed to the repository. These appear to be temporary files used during development. Consider adding *.bak to .gitignore and removing these files from the repository.

Suggested change

	module github.com/githubnext/gh-aw-mcpg
	go 1.25.0
	require (
	github.com/BurntSushi/toml v1.5.0
	github.com/modelcontextprotocol/go-sdk v1.1.0
	github.com/spf13/cobra v1.10.2
	golang.org/x/term v0.38.0
	)
	// Deprecated backup file: go.mod.bak
	// This file should not be version-controlled.
	// Remove it from the repository and add '*.bak' to .gitignore.

[Copilot]

The comment states "This file was automatically generated by gh-aw. DO NOT EDIT." without a version number, whereas the previous version included "(v0.36.0)". While this change removes version-specific information from the header, it reduces traceability. Consider whether the generating tool version should be retained for debugging purposes.

Suggested change

	# This file was automatically generated by gh-aw. DO NOT EDIT.
	# This file was automatically generated by gh-aw (v0.36.0). DO NOT EDIT.

[Copilot]

The output references have been renamed from using the "react" step (which added reactions) to "add-comment" step, but the corresponding step is actually renamed to "add-comment" at line 81. However, the reaction_id output is being removed. If downstream jobs depend on reaction_id, this could be a breaking change. Verify that no other jobs or workflows depend on the reaction_id output.

This issue also appears in the following locations of the same file:

• line 277
• line 273
• line 326

[Copilot]

The MCP_GATEWAY_DOCKER_COMMAND includes --network host and mounts the Docker socket (-v /var/run/docker.sock:/var/run/docker.sock), which gives the gateway container significant privileges including the ability to start other containers and access the host network. This is necessary for the gateway's function but represents a security consideration. Ensure that the ghcr.io/githubnext/gh-aw-mcpg:latest image is properly secured and regularly scanned for vulnerabilities.

This issue also appears in the following locations of the same file:

• line 773

Suggested change

export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:latest'

export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm -p 127.0.0.1:${MCP_GATEWAY_PORT}:${MCP_GATEWAY_PORT} -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:latest'

[Copilot]

The entire bak/ directory with go.mod and go.sum files should not be committed to the repository. These appear to be backup files used during development. Consider adding bak/ to .gitignore and removing this directory from the repository.

Suggested change

	module github.com/githubnext/gh-aw-mcpg
	go 1.25.0
	require (
	github.com/BurntSushi/toml v1.5.0
	github.com/modelcontextprotocol/go-sdk v1.1.0
	github.com/spf13/cobra v1.10.2
	golang.org/x/term v0.38.0
	)
	// This file previously defined a backup Go module under bak/.
	// It has been intentionally neutralized to avoid committing backup modules.
	// The bak/ directory should not be used as an active Go module.

[Copilot]

The MCP_GATEWAY_API_KEY is generated using openssl and masked, but then immediately used in an environment variable export and passed to Docker. While masking prevents it from appearing in logs, the security of this approach depends on proper handling within the container. Ensure that the gateway container properly secures this API key and that it's not logged or exposed through any container inspection commands.

This issue also appears in the following locations of the same file:

• line 783

Suggested change

export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:latest'

export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:latest'

[Copilot]

The safe outputs handler configuration now includes "missing_data" and "missing_tool" with empty configuration objects. Since these are new tool types being added to the system, verify that the safe outputs handler implementation has been updated to properly process these new tool types, even with empty configurations.

This issue also appears in the following locations of the same file:

• line 354

Suggested change

	GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"hide_older_comments\":true,\"max\":1},\"add_labels\":{\"allowed\":[\"smoke-copilot\"]},\"create_issue\":{\"expires\":2,\"max\":1},\"missing_data\":{},\"missing_tool\":{}}"
	GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"hide_older_comments\":true,\"max\":1},\"add_labels\":{\"allowed\":[\"smoke-copilot\"]},\"create_issue\":{\"expires\":2,\"max\":1}}"

[Copilot]

The error handling with "|| echo" effectively suppresses the exit code from golangci-lint failures, causing the lint target to always succeed even when linting fails. This undermines the purpose of having a linting step. Consider either removing golangci-lint from the pipeline until Go 1.25.0 compatibility is resolved, or fail the build with a clear error message directing developers to use a compatible Go version.

See below for a potential fix:

		$$GOPATH/bin/golangci-lint run --timeout=5m || { echo "⚠ Warning: golangci-lint failed (compatibility issue with Go 1.25.0). Please run lint with a compatible Go version."; exit 1; }; \
	elif command -v golangci-lint >/dev/null 2>&1; then \
		golangci-lint run --timeout=5m || { echo "⚠ Warning: golangci-lint failed (compatibility issue with Go 1.25.0). Please run lint with a compatible Go version."; exit 1; }; \

[Copilot]

A new "Handle Agent Failure" step has been added that only runs when the agent job completes. This step references a new action script at /opt/gh-aw/actions/handle_agent_failure.cjs. Ensure this script exists and properly handles agent failures, and verify that the GH_AW_AGENT_CONCLUSION environment variable correctly reflects the agent's result status.