Fix MCP config generation when AWF firewall is disabled

[Copilot]

• Understand the issue: When AWF firewall is disabled (sandbox: false), the mcp-config.json file is never created
• Identify root cause: The entire MCP config generation block is inside if !isSandboxDisabled(workflowData)
• Fix: Add MCP config generation for the sandbox-disabled case
  • Add SkipGatewayStartup option to JSONMCPConfigOptions
  • Modify RenderJSONMCPConfig to write config directly when SkipGatewayStartup is true
  • Add RenderMCPConfigWithoutGateway method to CopilotEngine
  • Add else-if block in mcp_setup_generator.go to handle sandbox-disabled with MCP tools
• Run validation to ensure no regressions
  • All sandbox disabled tests pass
  • All MCP config tests pass
  • All unit tests pass
  • All 150 workflows recompile successfully
  • Linting passes
• Code review feedback addressed
  • Fix misleading comments about "local stdio processes"
  • Add directory creation before MCP config rendering
  • Improve fallback warning for engines without RenderMCPConfigWithoutGateway
• CodeQL security check passed
• Add smoke-copilot-no-firewall workflow for testing sandbox disabled case
• Merge main and recompile all workflows (Feb 1)
• Fix MCP config format for CLI consumption without MCP Gateway:
  • Add UseDirectDockerCommand option to MCP renderer
  • Use "command": "docker" format instead of "container" field
  • Container-based tools (github, playwright, serena, agentic-workflows) now work via Docker CLI

Original prompt

When the awf firewall is disabled, it seems like the copilot CLI is not told to start the GitHub MCP server. Can you fix that?

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

🔍 PR Triage Results

Category: bug | Risk: low | Priority: 50/100

Scores Breakdown

• Impact: 40/50 - Bug fix addressing MCP config generation
• Urgency: 0/30 - New PR, not urgent
• Quality: 10/20 - Pending CI, good description

📋 Recommended Action: batch_review

This PR fixes MCP config generation when AWF firewall is disabled. The fix ensures Copilot CLI has access to configured MCP servers.

Batch: batch-bug-low-001

---

Triaged by PR Triage Agent on 2026-01-30

AI generated by PR Triage Agent

[Mossaka]

@copilot copy and paste the smoke-copilot workflow but make the firewall off. (keep everything else the same)

[Copilot]

@copilot copy and paste the smoke-copilot workflow but make the firewall off. (keep everything else the same)

Added smoke-copilot-no-firewall.md workflow in 38e79df. It's a copy of smoke-copilot.md with sandbox: false and strict: false added, and the label names updated to avoid conflicts. The compiled lock file shows the "Write MCP configuration" step is now properly generated.

[github-actions]

🔍 PR Triage Results

Category: bug | Risk: medium | Priority: 55/100

Scores Breakdown

• Impact: 40/50 - Bug fixes have high impact
• Urgency: 0/30 - Recent PR, standard timeline
• Quality: 15/20 - Good PR quality with detailed description

📋 Recommended Action: Batch Review

This PR is part of batch review: batch-bug-medium-001

Multiple similar PRs can be reviewed together for efficiency.

Next Step: Review with other PRs in the same batch.

---

Triaged by PR Triage Agent on 2026-01-30 12:21 UTC - Run #21515504739

AI generated by PR Triage Agent

[pelikhan]

@copilot merge main and recompile

[github-actions]

🧪 Smoke Project is now testing project operations...

[Mossaka]

@copilot looking at the generated action yml file for the smoke-no-firewall. I still don't find how copilot CLI was using MCP because the mcp config is not feed into the copilot CLI.

copilot --add-dir /tmp/ --add-dir /tmp/gh-aw/ --add-dir /tmp/gh-aw/agent/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --allow-all-tools --add-dir /tmp/gh-aw/cache-memory/ --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$COPILOT_CLI_INSTRUCTION"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} 2>&1 | tee /tmp/gh-aw/agent-stdio.log

please fix this

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.52.0
jq	✅	1.7
yq	✅	4.50.1
curl	✅	8.5.0
gh	✅	2.86.0
node	✅	24.13.0
python3	✅	3.13.11
go	✅	1.24.12
java	❌	command not found
dotnet	❌	command not found

Result: 10/12 tools available ⚠️

Missing tools:

• java - Java runtime not available
• dotnet - .NET runtime not available

All core development tools (shell, git, JSON/YAML processing, HTTP, GitHub CLI, Node.js, Python, Go) are available and functional.

AI generated by Agent Container Smoke Test

[github-actions]

🧪 Smoke Test Complete - Run 21597875170

PR Titles:

• Use XML comment markers for agentic workflow detection #13309: Use XML comment markers for agentic workflow detection
• Refactor project URLs and GitHub token in workflow #13305: Refactor project URLs and GitHub token in workflow

Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP
• ✅ Playwright
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction
• ✅ Build gh-aw
• ✅ Workflow Dispatch

Overall Status: PASS ✅

cc @Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

✅ Smoke Project completed successfully. All project operations validated.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Use XML comment markers for agentic workflow detection #13309: Use XML comment markers for agentic workflow detection
• Refactor project URLs and GitHub token in workflow #13305: Refactor project URLs and GitHub token in workflow

Test Status:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP
• ✅ Make Build
• ✅ Playwright
• ✅ Tavily Search
• ✅ File Creation
• ✅ Bash Tools
• ✅ Discussion Comment

Overall Status: PASS

AI generated by Smoke Claude

[github-actions]

PR titles: Use XML comment markers for agentic workflow detection | Refactor project URLs and GitHub token in workflow
1 GitHub MCP ✅, 2 safeinputs-gh ✅, 3 Serena activate ✅
4 Playwright title ✅, 5 Tavily search ✅, 6 File write ✅
7 Bash cat ✅, 8 Discussion comment ✅, 9 Build ✅
Overall: PASS

AI generated by Smoke Codex

[Copilot]

@copilot looking at the generated action yml file for the smoke-no-firewall. I still don't find how copilot CLI was using MCP because the mcp config is not feed into the copilot CLI.
...

Fixed in a397376. The issue was that when sandbox is disabled, container-based MCP servers (github with Docker, playwright, serena, agentic-workflows) don't work because Docker is not available.

Changes:

1. GitHub MCP now automatically switches to remote mode (HTTP to api.githubcopilot.com) when sandbox is disabled
2. Container-based tools (playwright, serena, agentic-workflows) are filtered out since they require Docker
3. HTTP-based tools (safeinputs, safeoutputs) continue to work as they don't need Docker

The MCP config now only contains servers that can actually run on the host without the container runtime.

[Mossaka]

@copilot "because Docker is not available." Why? I thought docker is enabled in the github action runner by default.

[Copilot]

@copilot "because Docker is not available." Why? I thought docker is enabled in the github action runner by default.

You're right - Docker is available on the runner. My explanation was incorrect.

The actual issue is that the MCP Gateway (awmg) is not running when sandbox is disabled. The MCP Gateway is the component that reads the mcp-config.json and manages Docker containers for stdio-based MCP servers. When you disable the sandbox:

1. AWF (firewall) doesn't run
2. MCP Gateway (awmg) doesn't start
3. Copilot CLI reads mcp-config.json directly but doesn't know how to spawn Docker containers from the "container" field - that's the Gateway's job

The current fix switches to HTTP-based servers (remote GitHub MCP, safeinputs, safeoutputs) that work without the Gateway.

If you want container-based MCP servers without the full AWF sandbox, we'd need to start the MCP Gateway separately. Would you like me to explore that approach?

[Mossaka]

@copilot

"Copilot CLI reads mcp-config.json directly but doesn't know how to spawn Docker containers from the "container" field - that's the Gateway's job"

The mcp-config.json should be changed to be syntactically correct for copilot CLI / codex / claude code to parse. For e example, the container field shold be removed and the command should have docker.

[Copilot]

@copilot

"Copilot CLI reads mcp-config.json directly but doesn't know how to spawn Docker containers from the "container" field - that's the Gateway's job"
...

Fixed in 01d793c. The MCP config now uses "command": "docker" format with inline args that Copilot CLI can directly execute:

"github": {
  "type": "stdio",
  "command": "docker",
  "args": [
    "run", "-i", "--rm",
    "-e", "GITHUB_PERSONAL_ACCESS_TOKEN=${GITHUB_MCP_SERVER_TOKEN}",
    "-e", "GITHUB_READ_ONLY=1",
    "ghcr.io/github/github-mcp-server:v0.30.2"
  ]
}

All container-based MCP servers (github, playwright, serena, agentic-workflows) now use this format when sandbox is disabled.

[github-actions]

🔍 PR Triage Results

Category: bug | Risk: high | Priority: 63/100

Scores Breakdown

• Impact: 40/50 - Bug fix (high impact on stability); 7 files changed
• Urgency: 16/30 - 3 days old; Bug fixes are urgent
• Quality: 7/20 - CI pending; Detailed description; Iterative development (13 commits)

📋 Recommended Action: batch_review

This PR fixes an important bug in MCP config generation when the AWF firewall is disabled. While urgent, the iterative development (13 commits, 44 comments) suggests thorough refinement. Batch review recommended to ensure no regressions.

Batch: This PR is part of batch-bug-001 for efficient group review.

---

Triaged by PR Triage Agent on 2026-02-02

AI generated by PR Triage Agent