Skip to content

Fix: Only reference Safe Inputs env vars when Safe Inputs is enabled #9835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 3 commits into from
Jan 13, 2026
Merged

Fix: Only reference Safe Inputs env vars when Safe Inputs is enabled #9835

pelikhan merged 3 commits into from
Jan 13, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 13, 2026
edited
Loading

The MCP gateway step was unconditionally referencing GH_AW_SAFE_INPUTS_PORT and GH_AW_SAFE_INPUTS_API_KEY environment variables, even when Safe Inputs was not configured. This caused the compiled workflow to reference step outputs that don't exist.

Changes

  • collectMCPEnvironmentVariables: Replace manual mcpTools list check with IsSafeInputsEnabled() to verify Safe Inputs is actually configured with tools
  • Docker command generation: Conditionally include Safe Inputs env vars in the gateway container command only when enabled

Before/After

Before - workflow without Safe Inputs:

docker run ... -e GH_AW_SAFE_INPUTS_PORT -e GH_AW_SAFE_INPUTS_API_KEY ...

After - workflow without Safe Inputs:

docker run ... -e GITHUB_TOKEN ...  # Safe Inputs env vars omitted

Workflows with Safe Inputs configured continue to include the variables as expected.

Test Coverage

Added TestMCPGatewaySafeInputsEnvVarsConditional with cases for Copilot, Claude, and Codex engines, verifying env vars are present only when Safe Inputs is configured.

Original prompt

The compiled "start MCP gateway" step should not reference environment variables GH_AW_SAFE_INPUTS_PORT and GH_AW_SAFE_INPUTS_API_KEY if the Safe Inputs is not used in the workflow

Otherwise it should validate those variables are set.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits January 13, 2026 14:41
@pelikhan
Fix: Only include Safe Inputs env vars when actually used
ad50230 
- Modified collectMCPEnvironmentVariables to use IsSafeInputsEnabled instead of checking mcpTools list
- Modified MCP gateway Docker command to conditionally include Safe Inputs env vars
- Added comprehensive test coverage for conditional Safe Inputs env vars
- Tests verify env vars are excluded when Safe Inputs not configured
- Tests verify env vars are included when Safe Inputs is configured

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Complete: Safe Inputs env vars only when enabled
a4eea33 
All changes complete and tested:
- Modified collectMCPEnvironmentVariables to use IsSafeInputsEnabled
- Modified Docker command generation to conditionally add env vars
- Created comprehensive test coverage
- Ran recompile successfully
- All validation passed

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix MCP gateway step to validate Safe Inputs environment variables Fix: Only reference Safe Inputs env vars when Safe Inputs is enabled Jan 13, 2026
Copilot AI requested a review from pelikhan January 13, 2026 14:52
@pelikhan pelikhan marked this pull request as ready for review January 13, 2026 14:52
@pelikhan pelikhan merged commit 99f534b into main Jan 13, 2026
@pelikhan pelikhan deleted the copilot/validate-safe-inputs-variables-again branch January 13, 2026 14:53
Copilot AI mentioned this pull request Jan 13, 2026
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan