Skip to content

[cli-tools-test] MCP tools not accessible in daily-cli-tools-tester workflow - blocking exploratory testing #14199

New issue
New issue
Closed
#14201
Closed
[cli-tools-test] MCP tools not accessible in daily-cli-tools-tester workflow - blocking exploratory testing#14199
#14201
Assignees
pelikhancopilot-swe-agent
Labels
automationblockedbugSomething isn't workingcli-toolsmcptesting
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 6, 2026

Problem Description

The daily-cli-tools-tester workflow is designed to perform exploratory testing of audit, logs, and compile tools from the agentic-workflows MCP server. However, none of these tools are accessible through any available interface, completely blocking the testing mission.

Tool Configuration

The workflow frontmatter correctly declares the agentic-workflows tool:

tools:
  agentic-workflows:
  bash:

The MCP configuration is generated correctly:

{
  "agenticworkflows": {
    "headers": {
      "Authorization": "I7HCampDYk79ahoUDnxdp4RMIMjXKW6V9jHJtdPxmQKjgJ9jB7AzvZLNnk"
    },
    "type": "http",
    "url": "(host.docker.internal/redacted)
    "tools": ["*"]
  }
}

Steps to Reproduce

  1. Run the daily-cli-tools-tester workflow
  2. Attempt to call agenticworkflows-status tool
  3. Observe "Permission denied and could not request permission from user"
  4. Attempt to call agenticworkflows-mcp-inspect tool
  5. Observe same permission denied error
  6. Attempt to access MCP server via HTTP (curl)
  7. Observe network access is blocked

Expected Behavior

The agentic-workflows MCP tools should be accessible to the Copilot CLI agent via:

  • Direct tool calls (e.g., agenticworkflows-status)
  • HTTP requests to the MCP proxy endpoint

The workflow prompt explicitly states:

You have access to the agentic-workflows MCP tool which provides:

  • audit - Audit a workflow run and generate detailed report
  • logs - Download workflow logs with filtering and analysis
  • compile - Compile workflow markdown files to YAML
  • list - List all workflows in the repository
  • status - Get status and metadata for workflows

Actual Behavior

  • All direct tool calls return "Permission denied and could not request permission from user"
  • Network access to MCP proxy is blocked
  • No alternative method to access the tools exists
  • The entire testing mission is blocked

Environment

  • Repository: github/gh-aw
  • Run ID: 21759712719
  • Workflow: daily-cli-tools-tester
  • Engine: copilot (GitHub Copilot CLI v0.0.405)
  • Date: 2026-02-06
  • Event: workflow_dispatch

Impact

  • Severity: Critical
  • Frequency: Always (100% failure rate)
  • Workaround: None - testing cannot proceed
  • Blocked workflows: Daily CLI tools testing is completely non-functional

Diagnostic Information

Available tools in environment:

  • bash commands: ✅ Working (echo, ls, cat, grep, etc.)
  • File system access: ✅ Working
  • Network access: ❌ Blocked (even for MCP proxy)
  • agenticworkflows-* tools: ❌ Permission denied
  • github-* tools: Unknown (not tested)
  • safeoutputs-* tools: ✅ Working (this issue was created)

MCP configuration location: /home/runner/.copilot/mcp-config.json
MCP log directory: /tmp/gh-aw/mcp-logs/

Root Cause Hypothesis

Possible causes:

  1. HTTP MCP proxy not routing correctly: The agenticworkflows server may not be responding or the proxy isn't forwarding requests
  2. Tool registry mismatch: Copilot CLI may not be discovering tools from HTTP MCP servers correctly
  3. Authorization issue: Headers may not be passed through the proxy chain
  4. Server not started: The agenticworkflows MCP server may not be running in the Docker container
  5. Network isolation: Firewall rules may be blocking communication with host.docker.internal

Suggested Investigation Steps

  1. Check if agenticworkflows MCP server is running:

    docker ps | grep agenticworkflows
curl (host.docker.internal/redacted)

  2. Check MCP proxy logs for routing errors:

    ls -la /tmp/gh-aw/mcp-logs/
cat /tmp/gh-aw/mcp-logs/agenticworkflows/*.log

  3. Test tool discovery via Copilot CLI:

    copilot --list-tools | grep agentic

  4. Test direct MCP protocol communication:

    curl -X POST (host.docker.internal/redacted) \
  -H "Authorization: ..." \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

  5. Compare with working MCP servers (safeoutputs, github):

    • Check their configuration
    • Check if they're also HTTP-based
    • Verify they don't have the same access issues

Related Files

  • Workflow: .github/workflows/daily-cli-tools-tester.md
  • MCP Config: /home/runner/.copilot/mcp-config.json (generated)
  • Session log: /tmp/gh-aw/agent/testing-log.md (created during this run)

Additional Context

This is a brand new testing workflow designed to provide comprehensive exploratory testing of core CLI functionality. It cannot fulfill its purpose without access to the tools it's meant to test.

The workflow was likely created with the assumption that HTTP MCP servers work identically to stdio MCP servers from the tool consumer's perspective, but that may not be the case in the GitHub Copilot CLI environment.

Resolution priority: High - this blocks an entire category of automated quality assurance for the gh-aw project.

AI generated by Daily CLI Tools Exploratory Tester

  • expires on Feb 13, 2026, 5:32 PM UTC

Metadata

Metadata

Assignees

Labels

automationblockedbugSomething isn't workingcli-toolsmcptesting

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions