Run safe-outputs MCP in the gh-aw node container

[Copilot]

This changes safe-outputs from a separately started HTTP sidecar into a first-class MCP server entry. The generated workflow now runs safe-outputs inside the gh-aw-node container with write access to the workspace, safe-outputs runtime files, and the safe-outputs log directory.

• What changed

  • Replaced the generated safe-outputs HTTP server config with a containerized stdio MCP server definition.
  • Added a dedicated published container constant for ghcr.io/github/gh-aw-node.
  • Mounted the required writable paths directly into the MCP server:
    • workspace
    • ${RUNNER_TEMP}/gh-aw/safeoutputs
    • /tmp/gh-aw/mcp-logs/safeoutputs

• Workflow generation

  • Removed the dedicated “generate safe-outputs server config” / “start safe-outputs HTTP server” flow.
  • Kept safe-outputs runtime file generation (config.json, tools.json) but made those files inputs to the MCP container instead of a host-side server process.
  • Dropped the now-unused safe-outputs port/API-key wiring from generated env and gateway setup.

• MCP server model

  • Safe-outputs is now emitted alongside the rest of the MCP server list instead of being bootstrapped out-of-band.
  • The generated MCP entry passes through the runtime env needed by the JS implementation (workspace, runner temp, safe-outputs config/tools paths, log dir, repo context).

• Generated shape

  {
    "safeoutputs": {
      "container": "ghcr.io/github/gh-aw-node",
      "mounts": [
        "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw",
        "${RUNNER_TEMP}/gh-aw/safeoutputs:${RUNNER_TEMP}/gh-aw/safeoutputs:rw",
        "/tmp/gh-aw/mcp-logs/safeoutputs:/tmp/gh-aw/mcp-logs/safeoutputs:rw"
      ],
      "args": ["-w", "${GITHUB_WORKSPACE}"]
    }
  }

• Related updates

  • Updated renderer and setup-generation expectations to reflect stdio container transport instead of HTTP transport.
  • Refreshed the affected golden outputs and focused MCP/safe-outputs workflow expectations.

---

Changeset\n\n- Type: patch\n- Description: Run safe-outputs as a containerized MCP server inside the runtime instead of a separate HTTP sidecar.

Generated by 📋 Changeset Generator for issue #39100 · 13.6 AIC · ⊞ 14.8K · ◷

---

---

✨ PR Review Safe Output Test - Run 27471836462

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 84.9 AIC · ⌖ 7.94 AIC · ⊞ 8.1K · ◷

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges...

[github-actions]

🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨

[github-actions]

❌ Design Decision Gate 🏗️ failed to deliver outputs during design decision gate check.

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

⚠️ Smoke Gemini failed. Gemini encountered unexpected challenges...

[github-actions]

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

[github-actions]

🌑 The shadows whisper... Smoke Codex failed to deliver outputs. The oracle requires further meditation...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.54.0
jq	✅	1.7
yq	✅	4.53.3
curl	✅	8.5.0
gh	✅	2.93.0
node	✅	22.22.3
python3	✅	3.11.15 (PyPy 7.3.23)
go	✅	1.24.13
java	✅	21.0.11 (Temurin)
dotnet	✅	10.0.300

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · 40.1 AIC · ⌖ 12.6 AIC · ⊞ 28.1K · ◷

[github-actions]

⚠️ Smoke Gemini failed. Gemini encountered unexpected challenges...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

❌ Tool validation failed! Agent Container Smoke Test detected missing tools: failed

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨

[github-actions]

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

[pelikhan]

@copilot merge main, recompile

Investigate https://github.com/github/gh-aw/actions/runs/27505145830/job/81294978998#step:27:1

[Copilot]

@copilot merge main, recompile

Investigate https://github.com/github/gh-aw/actions/runs/27505145830/job/81294978998#step:27:1

The CI failure was: Configuration validation failed: undefined environment variable referenced: GH_AW_SAFE_OUTPUTS_CONFIG_PATH (plus GH_AW_SAFE_OUTPUTS_TOOLS_PATH and GITHUB_TOKEN).

Root cause: collectMCPEnvironmentVariables only added GH_AW_SAFE_OUTPUTS to the gateway step env: block, but not GH_AW_SAFE_OUTPUTS_CONFIG_PATH or GH_AW_SAFE_OUTPUTS_TOOLS_PATH. The MCP gateway uses resolveEnvPlaceholders to expand ${VAR} references in the safeoutputs container env JSON — if those vars aren't in process.env, startup fails.

Fixed in the latest commit by adding all three to mcp_environment.go in the hasSafeOutputs block, and recompiled all 246 lock files. Also merged latest main (1 new commit).