Enable template substitution and safeinputs proxying in AWMG gateway

[Copilot]

The AWMG gateway needs to expand ${VAR} template expressions in MCP server configurations and proxy safeinputs/safeoutputs servers.

Changes

• Template substitution: Apply os.ExpandEnv() to URL, headers, and env fields during config parsing
• Remove safeinputs/safeoutputs filtering: Proxy these servers through the gateway like any other MCP server

Example

Configuration with template expressions:

{
  "mcpServers": {
    "safeinputs": {
      "type": "http",
      "url": "http://localhost:${GH_AW_SAFE_INPUTS_PORT}",
      "headers": {
        "Authorization": "Bearer ${GH_AW_SAFE_INPUTS_API_KEY}"
      }
    }
  }
}

With environment variables set (GH_AW_SAFE_INPUTS_PORT=3000, GH_AW_SAFE_INPUTS_API_KEY=secret), the gateway now:

1. Expands templates to actual values
2. Proxies safeinputs at http://localhost:8080/mcp/safeinputs
3. Rewrites client config to point to gateway endpoint

Test Coverage

• Template substitution for URL, headers, env fields
• SafeInputs/safeoutputs inclusion and proxying
• Config rewrite behavior for internal servers

Original prompt

The awmg gateway should apply the template substitution in ${name} expressions and gateway the safeinputs server.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Copilot Smoke Test Results

Last 2 merged PRs:

• Resolve Setup action tags to SHAs in release mode using action pin manager #8694: Resolve Setup action tags to SHAs in release mode using action pin manager
• CI cleanup: Verify fuzz tests and code quality #8697: CI cleanup: Verify fuzz tests and code quality

Test Results:

• ✅ GitHub MCP Testing (retrieved merged PRs)
• ✅ File Writing Testing (/tmp/gh-aw/agent/smoke-test-copilot-20670601114.txt)
• ✅ Bash Tool Testing (verified file creation with cat)
• ✅ GitHub MCP Default Toolset Testing (get_me tool not available - confirmed)
• ✅ Cache Memory Testing (/tmp/gh-aw/cache-memory/smoke-test-20670601114.txt)
• ✅ Available Tools: add_comment, add_labels, create_issue, missing_tool, noop

Overall Status: ✅ PASS

@pelikhan (PR author/assignee)

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results - Run 20670601131

✅ Last 2 merged PRs reviewed: #8699, #8694
✅ Test file created: /tmp/gh-aw/agent/smoke-test-copilot-20670601131.txt
✅ Playwright navigation: github.com (title verified)
✅ GitHub CLI: Listed 3 issues (#8698, #8610, #8606)

AI generated by Smoke Copilot No Firewall

[github-actions]

MCP merged PR titles: Security Fix: Prevent path traversal in shell completion config file reads (Alerts #444, #443); Resolve Setup action tags to SHAs in release mode using action pin manager
✅ OpenAI curl blocked
✅ MCP merged PRs fetched
✅ File write/read
✅ Blocked domain curl blocked
Network: SANDBOXED
Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

Smoke Test Results: FAIL

❌ Playwright MCP: Tool not available in environment
✅ Cache Memory: File written and verified successfully
❌ safeinputs-gh: Tool not available in environment

Status: FAIL - 1/3 tests passed

AI generated by Smoke Copilot Playwright

[github-actions]

Smoke Test Results (Claude Sonnet 4.5)

Last 2 merged PRs:

• Resolve Setup action tags to SHAs in release mode using action pin manager #8694: Resolve Setup action tags to SHAs in release mode using action pin manager
• CI cleanup: Verify fuzz tests and code quality #8697: CI cleanup: Verify fuzz tests and code quality

Test Results:

• ✅ GitHub MCP: Fetched PRs successfully
• ✅ File Write: Created /tmp/gh-aw/agent/smoke-test-claude-20670601098.txt
• ✅ Bash Tool: Verified file creation
• ✅ Playwright MCP: Navigated to GitHub.com, title contains "GitHub"
• ✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20670601098.txt
• ❌ safeinputs-gh: Tool not available in this workflow

Status: PASS (5/6 tests passed; safeinputs-gh not configured)

AI generated by Smoke Claude

[github-actions]

PRs: #8699 "Security Fix: Prevent path traversal in shell completion config file reads (Alerts #444, #443)", #8694 "Resolve Setup action tags to SHAs in release mode using action pin manager"
GitHub MCP PR fetch: ✅
File write/read (/tmp/gh-aw/agent): ✅
Playwright title check (github.com): ✅
Cache memory write/read: ✅
safeinputs-gh "gh issues list --limit 3": ❌ (command not found)
Overall: FAIL

AI generated by Smoke Codex