Skip to content

Fix large payload tester mount isolation - remove test data from gateway #733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lpcox merged 4 commits into from
Feb 5, 2026
Merged

Fix large payload tester mount isolation - remove test data from gateway #733

lpcox merged 4 commits into from
Feb 5, 2026
+47 −24

Conversation

Copy link
Contributor

Copilot AI commented Feb 5, 2026
edited
Loading

The large-payload-tester workflow had /tmp/mcp-test-fs (test data) mounted to the gateway container, breaking test isolation. The gateway should only access test files through the filesystem MCP server via protocol, not direct filesystem access.

Changes

  • Removed test data mount from gateway: Gateway now only has /tmp/jq-payloads (payload dir) mounted, not /tmp/mcp-test-fs (test data)
  • Removed payload directory pre-creation: Gateway creates /tmp/jq-payloads on-demand via MkdirAll when storing first payload
  • Updated docs: Architecture diagram and isolation rationale

Technical Detail

Gateway uses Docker-in-Docker (socket mounted). When launching backend MCP servers:

# Gateway executes this command (runs on host Docker daemon)
docker run -v /tmp/mcp-test-fs:/workspace/test-data filesystem-mcp-server

The path /tmp/mcp-test-fs is relative to the host filesystem, not the gateway container's filesystem. Gateway container doesn't need this directory mounted to pass it to child containers.

Result

# Before (incorrect)
sandbox.mcp.mounts:
  - "/tmp/mcp-test-fs:/tmp/mcp-test-fs:ro"  # Gateway had direct access
  - "/tmp/jq-payloads:/tmp/jq-payloads:rw"

# After (correct)
sandbox.mcp.mounts:
  - "/tmp/jq-payloads:/tmp/jq-payloads:rw"  # Gateway only has payload dir

Test data isolation ensures the gateway must retrieve files via MCP protocol, properly testing payload interception and storage.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 3 commits February 5, 2026 23:29
@lpcox
Remove pre-creation of /tmp/jq-payloads directory - let gateway creat…
483a8b2 
…e it on-demand

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
@lpcox
Remove /tmp/mcp-test-fs mount from gateway - test data should only be…
b40e84f 
… accessible to filesystem MCP server

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
@lpcox
Update documentation to clarify test data isolation and correct mount…
3618cf1 
… structure

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix large payload structure in shared directory usage Fix large payload tester mount isolation - remove test data from gateway Feb 5, 2026
Copilot AI requested a review from lpcox February 5, 2026 23:34
@lpcox lpcox marked this pull request as ready for review February 5, 2026 23:37
Copilot AI review requested due to automatic review settings February 5, 2026 23:37
@lpcox lpcox merged commit cbf3668 into main Feb 5, 2026
@lpcox lpcox deleted the copilot/fix-large-payload-structure branch February 5, 2026 23:37
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a mount isolation issue in the large-payload-tester workflow where test data was incorrectly mounted to the gateway container. The gateway uses Docker-in-Docker: when it launches backend MCP servers with volume mounts, the paths are relative to the host filesystem, not the gateway container's filesystem. Therefore, the gateway doesn't need test data mounted to pass it to child containers.

Changes:

  • Removed /tmp/mcp-test-fs mount from gateway container's sandbox.mcp.mounts configuration
  • Removed mkdir -p /tmp/jq-payloads from setup step (gateway creates this on-demand via MkdirAll)
  • Updated documentation to explain the isolation architecture and Docker-in-Docker behavior

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
.github/workflows/large-payload-tester.md Removed test data mount from gateway, removed payload dir pre-creation, updated comment
.github/workflows/large-payload-tester.lock.yml Compiled lock file with updated gateway Docker command and setup step
.github/workflows/large-payload-tester-README.md Enhanced documentation with architecture diagram, flow description, and isolation principles
.github/agentics/large-payload-tester.md Updated test protocol description to emphasize isolation and architecture

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

This was referenced Feb 6, 2026
Closed
Closed
Copilot AI mentioned this pull request Feb 7, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lpcox