Filter out safe-inputs and safe-outputs from MCP gateway

- Gateway now ignores safe-inputs and safe-outputs MCP servers
- These are internal workflow servers, not external servers to proxy
- Added filtering logic in parseGatewayConfig function
- Logs when filtering out internal servers
- Added 2 comprehensive tests:
  * TestParseGatewayConfig_FiltersInternalServers
  * TestParseGatewayConfig_OnlyInternalServers
- All 39 CLI tests passing (2 new tests added)
- Recompiled all 121 workflows

This addresses the requirement that safe-inputs and safe-outputs should
be excluded from the gateway, which only processes external MCP servers.

Co-authored-by: pelikhan <[email protected]>

Author: Copilot

pkg/cli/mcp_gateway_command.go

@@ -273,6 +273,20 @@ func parseGatewayConfig(data []byte) (*MCPGatewayConfig, error) {
 	}
 
 	gatewayLog.Printf("Successfully parsed JSON configuration")
+	
+	// Filter out internal workflow MCP servers (safe-inputs and safe-outputs)
+	// These are used internally by the workflow and should not be proxied by the gateway
+	filteredServers := make(map[string]MCPServerConfig)
+	for name, serverConfig := range config.MCPServers {
+		if name == "safe-inputs" || name == "safe-outputs" {
+			gatewayLog.Printf("Filtering out internal workflow server: %s", name)
+			fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Filtering out internal workflow server: %s", name)))
+			continue
+		}
+		filteredServers[name] = serverConfig
+	}
+	config.MCPServers = filteredServers
+	
 	return &config, nil
 }
 

pkg/cli/mcp_gateway_command_test.go

@@ -422,3 +422,84 @@ func TestMergeConfigs_EmptyOverride(t *testing.T) {
 		t.Error("Port should be kept from base")
 	}
 }
+
+func TestParseGatewayConfig_FiltersInternalServers(t *testing.T) {
+	// Create a config with safe-inputs, safe-outputs, and other servers
+	configJSON := `{
+		"mcpServers": {
+			"safe-inputs": {
+				"command": "node",
+				"args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"]
+			},
+			"safe-outputs": {
+				"command": "node",
+				"args": ["/tmp/gh-aw/safeoutputs/mcp-server.cjs"]
+			},
+			"github": {
+				"command": "gh",
+				"args": ["aw", "mcp-server", "--toolsets", "default"]
+			},
+			"custom-server": {
+				"command": "custom-command",
+				"args": ["arg1"]
+			}
+		},
+		"gateway": {
+			"port": 8080
+		}
+	}`
+
+	config, err := parseGatewayConfig([]byte(configJSON))
+	if err != nil {
+		t.Fatalf("Failed to parse config: %v", err)
+	}
+
+	// Verify that safe-inputs and safe-outputs are filtered out
+	if _, exists := config.MCPServers["safe-inputs"]; exists {
+		t.Error("safe-inputs should be filtered out")
+	}
+
+	if _, exists := config.MCPServers["safe-outputs"]; exists {
+		t.Error("safe-outputs should be filtered out")
+	}
+
+	// Verify that other servers are kept
+	if _, exists := config.MCPServers["github"]; !exists {
+		t.Error("github server should be kept")
+	}
+
+	if _, exists := config.MCPServers["custom-server"]; !exists {
+		t.Error("custom-server should be kept")
+	}
+
+	// Verify server count
+	if len(config.MCPServers) != 2 {
+		t.Errorf("Expected 2 servers after filtering, got %d", len(config.MCPServers))
+	}
+}
+
+func TestParseGatewayConfig_OnlyInternalServers(t *testing.T) {
+	// Create a config with only safe-inputs and safe-outputs
+	configJSON := `{
+		"mcpServers": {
+			"safe-inputs": {
+				"command": "node",
+				"args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"]
+			},
+			"safe-outputs": {
+				"command": "node",
+				"args": ["/tmp/gh-aw/safeoutputs/mcp-server.cjs"]
+			}
+		}
+	}`
+
+	config, err := parseGatewayConfig([]byte(configJSON))
+	if err != nil {
+		t.Fatalf("Failed to parse config: %v", err)
+	}
+
+	// Verify that all internal servers are filtered out, resulting in 0 servers
+	if len(config.MCPServers) != 0 {
+		t.Errorf("Expected 0 servers after filtering internal servers, got %d", len(config.MCPServers))
+	}
+}