Skip to content

Split safe-inputs setup into separate JavaScript/config and tool file steps #5568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 4 commits into from
Dec 4, 2025
Merged

Split safe-inputs setup into separate JavaScript/config and tool file steps #5568

pelikhan merged 4 commits into from
Dec 4, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 4, 2025
edited
Loading

The compiler was generating all safe-inputs files in a single workflow step, mixing infrastructure setup (JavaScript modules, MCP server, configuration) with tool-specific file generation.

Changes

Modified pkg/workflow/mcp_servers.go:

  • Split generateMCPSetup() to produce two sequential steps instead of one:
    1. "Setup Safe Inputs JavaScript and Config" - writes MCP server modules, handlers, and tools.json
    2. "Setup Safe Inputs Tool Files" - generates user-defined tool files (.cjs, .sh, .py)

The split occurs after chmod +x /tmp/gh-aw/safe-inputs/mcp-server.cjs, cleanly separating infrastructure from tool-specific artifacts.

Example workflow output:

- name: Setup Safe Inputs JavaScript and Config
  run: |
    mkdir -p /tmp/gh-aw/safe-inputs/logs
    cat > /tmp/gh-aw/safe-inputs/read_buffer.cjs << 'EOF'
    # ... MCP server modules ...
    cat > /tmp/gh-aw/safe-inputs/tools.json << 'EOF'
    # ... config ...
    chmod +x /tmp/gh-aw/safe-inputs/mcp-server.cjs

- name: Setup Safe Inputs Tool Files
  run: |
    cat > /tmp/gh-aw/safe-inputs/analyze-numbers.py << 'EOF'
    # ... user tool implementation ...

All workflow lock files have been recompiled to reflect the new step structure.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/user
    • Triggering command: /usr/bin/gh gh api user --jq .login ut.js GO111MODULE es/.bin/sh GOINSECURE GOMOD GOMODCACHE go env &#39;../../**/*.json&#39; &#39;!../../workflow/js/**/*.json&#39; --ignore-path -- GO111MODULE ps GOINSECURE GOMOD GOMODCACHE ps (http block)
    • Triggering command: /usr/bin/gh gh api user --jq .login &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; GO111MODULE /usr/local/.ghcup/bin/git GOINSECURE GOMOD GOMODCACHE git add . -v ps GOSUMDB GOWORK ules/.bin/sh ps (http block)
    • Triggering command: /usr/bin/gh gh api user --jq .login d/gh-aw/main.go d/gh-aw/capitalization_test.go 20c0783ad176c7a347db4b75ff6ae03bc55/log.json GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -c /ref/tags/v8 GOPROXY 4055515/b331=&gt; GOSUMDB GOWORK -d/gh-aw sh (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Update the compiler to split the step that generates the safe intputs files into 2 steps. One step to write the safe inputs javascript and config files, another step to generate the tool files (js/py/sh).

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 2 commits December 4, 2025 20:20
@pelikhan
Initial plan for splitting safe-inputs setup step
85b2343 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Split safe-inputs setup step into two steps
2e5c2de 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update compiler to split safe inputs file generation Split safe-inputs setup into separate JavaScript/config and tool file steps Dec 4, 2025
Copilot AI requested a review from pelikhan December 4, 2025 20:34
@pelikhan pelikhan marked this pull request as ready for review December 4, 2025 20:36
@pelikhan pelikhan merged commit 02c488d into main Dec 4, 2025
4 checks passed
@pelikhan pelikhan deleted the copilot/update-compiler-safe-inputs branch December 4, 2025 20:36
@github-actions github-actions bot mentioned this pull request Dec 4, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan