Add gh-aw-mcpg gateway support (replacing awmg)

[Copilot]

Adds foundation for gh-aw-mcpg as the MCP gateway, running as a Docker container on port 80 with HTTP transport for AWF containers to access via host.docker.internal.

Changes

Gateway Core (pkg/workflow/gateway.go)

• GenerateMCPGatewayDockerCommands() - Docker run command generation with socket mount, port mapping, and routed mode
• TransformMCPConfigForGateway() - Converts MCP server configs to HTTP transport with Bearer auth
• ValidateGatewayVersion() - Rejects latest tag for reproducibility
• IsMCPGatewayEnabled() - Checks AWF + MCP server conditions

Configuration

• Added MCP field to SandboxConfig for gateway config in frontmatter
• Added SessionToken field to MCPGatewayRuntimeConfig
• Updated constants: port 80, image path, default version v0.1.0

Validation

• Gateway version validation integrated into validateSandboxConfig()
• Version must start with v, cannot be empty or latest

Health Check

• Updated verify_mcp_gateway_health.sh for Docker container checks
• Session token now configurable (4th parameter, defaults to awf-session)

Smoke Tests

• Enabled MCP gateway (sandbox.mcp.version: v0.1.0) for all smoke test workflows:
  • smoke-copilot.md
  • smoke-copilot-no-firewall.md
  • smoke-copilot-playwright.md
  • smoke-copilot-safe-inputs.md
  • smoke-claude.md
  • smoke-codex.md
  • smoke-codex-firewall.md
  • smoke-srt.md
  • smoke-srt-custom-config.md
  • smoke-detector.md

Example Usage

sandbox:
  agent: awf
  mcp:
    version: v0.1.0
    port: 80
    session-token: custom-token

Generates Docker command:

cat /tmp/gh-aw/mcpg-config.json | docker run \
  --rm -i --name gh-aw-mcpg \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -p 80:8000 \
  --add-host host.docker.internal:host-gateway \
  ghcr.io/githubnext/gh-aw-mcpg:v0.1.0 \
  --routed --listen 0.0.0.0:8000 --config-stdin

And transforms client config to HTTP transport:

{
  "github": {
    "type": "http",
    "url": "http://host.docker.internal/mcp/github",
    "headers": { "Authorization": "Bearer awf-session" }
  }
}

Original prompt

Implementation Plan: Replace awmg with gh-aw-mcpg

This plan modifies the gh-aw compiler to use gh-aw-mcpg as the MCP gateway instead of awmg, working together with AWF (Agentic Workflow Firewall).

Overview

Current State:

• awmg binary runs on the Actions runner host
• MCP servers configured via JSON file
• AWF wraps agent execution with network firewall

Target State:

• gh-aw-mcpg runs as Docker container on Actions runner (port 80)
• AWF containers connect to gateway via host.docker.internal
• MCP client config uses type: "http" with Bearer token authentication

Architecture Diagram

┌─────────────────────────────────────────────────────────────────┐
│                    GitHub Actions Runner                         │
│                                                                  │
│  ┌──────────────────────┐     ┌─────────────────────────────┐   │
│  │  gh-aw-mcpg          │     │  AWF Container Network      │   │
│  │  (MCP Gateway)       │     │                             │   │
│  │                      │     │  ┌────────────────────┐     │   │
│  │  Port 80 ◄───────────┼─────┼──┤ Squid Proxy        │     │   │
│  │                      │     │  │ (172.30.0.10)      │     │   │
│  │  /mcp/github ────────┼──┐  │  └─────────┬──────────┘     │   │
│  │  /mcp/safeoutputs    │  │  │            │                │   │
│  │                      │  │  │  ┌─────────▼──────────┐     │   │
│  │  Backend MCP         │  │  │  │ Agent Container    │     │   │
│  │  Servers (Docker)    │  │  │  │ (172.30.0.20)      │     │   │
│  └──────────────────────┘  │  │  │                    │     │   │
│           ▲                │  │  │  Copilot/Claude/   │     │   │
│           │                │  │  │  Codex CLI         │     │   │
│           │                │  │  │                    │     │   │
│  ┌────────┴────────┐       │  │  │  MCP Client ───────┼─────┼───┘
│  │ Docker Socket   │       │  │  │  (HTTP transport)  │     │
│  │ /var/run/docker │       │  │  └────────────────────┘     │
│  └─────────────────┘       │  └─────────────────────────────┘
│                            │
│                            └── host.docker.internal:80
└──────────────────────────────────────────────────────────────────┘

Phase 1: Update Gateway Constants and Types

1.1 Update Constants (pkg/workflow/gateway.go)

CRITICAL: All container versions MUST be pinned to specific tags, never use latest.

const (
    DefaultMCPGatewayPort = 80  // Port 80 for host.docker.internal access

    // IMPORTANT: Pin to specific version, NEVER use "latest"
    // Update this version when releasing new gh-aw-mcpg versions
    DefaultMCPGatewayImage = "ghcr.io/githubnext/gh-aw-mcpg"
    DefaultMCPGatewayVersion = "v0.1.0"  // MUST be pinned version

    DefaultGatewaySessionToken = "awf-session"
    MCPGatewayLogsFolder = "/tmp/gh-aw/mcp-gateway-logs"
)

1.2 Update MCPGatewayRuntimeConfig (pkg/workflow/tools_types.go)

Add new field for session token:

type MCPGatewayRuntimeConfig struct {
    // ... existing fields ...
    SessionToken string `yaml:"session-token,omitempty"` // Bearer token for MCP client auth
}

Phase 2: Rewrite Gateway Start Step Generation

2.1 Replace generateDefaultAWMGCommands() with gh-aw-mcpg Docker

File: pkg/workflow/gateway.go

Replace the default awmg binary commands with gh-aw-mcpg Docker container:

func generateMCPGatewayDockerCommands(config *MCPGatewayRuntimeConfig, mcpConfigPath string, port int) []string {
    // CRITICAL: Version must be pinned - resolve version before generating command
    version := config.Version
    if version == "" || version == "latest" {
        version = DefaultMCPGatewayVersion  // Use pinned default, NEVER "latest"
    }

    // Docker command with PINNED version:
    // cat /tmp/gh-aw/mcpg-config.json | docker run \
    //   --rm -i \
    //   --name gh-aw-mcpg \
    //   -v /var/run/docker.sock:/var/run/docker.sock \
    //   -p 80:8000 \
    //   --add-host host.docker.internal:host-gateway \
    //   -e GITHUB_PERSONAL_ACCESS_TOKEN \
    //   ghcr.io/githubnext/gh-aw-mcpg:v0.1.0 \  // PINNED VERSION
    //   --routed --listen 0.0.0.0:8000 --config-stdin \
    //   > /tmp/gh-aw/mcp-gateway-logs/gateway.log 2>&1 &
}

Key Docker flags:

• -v /var/run/docker.sock:/var/run/docker.sock - Mount Docker socket for spawning backend MCP servers
• -p 80:8000 - Map host port 80 to container port 8000
• --add-host host.docker.internal:host-gateway - Enable host access from gateway container
• -e GITHUB_PERSONAL_ACCESS_TOKEN - Pass through token for GitHub MCP server
• --routed - Use routed mode with /mcp/{serverID} endpoints
• --config-stdin - Read config from stdin (piped)

2.2 Version Pinning Validation

Add compile-time validation to prevent latest tag:

func validateGatewayVersion(version string) error {
    if version == "latest" || version == "" {
        return fm...

</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

[Mossaka]

@copilot enable the gateway for all the smoke tests. (including the one without the firewall)

[Copilot]

@copilot enable the gateway for all the smoke tests. (including the one without the firewall)

Enabled MCP gateway for all smoke tests in commit 29c657d. Added sandbox.mcp.version: v0.1.0 to:

• smoke-copilot.md
• smoke-copilot-no-firewall.md
• smoke-copilot-playwright.md
• smoke-copilot-safe-inputs.md
• smoke-claude.md
• smoke-codex.md
• smoke-codex-firewall.md
• smoke-srt.md
• smoke-srt-custom-config.md
• smoke-detector.md

[Mossaka]

@copilot can you regenerate all the workflow yamls and push them?

[Copilot]

@copilot can you regenerate all the workflow yamls and push them?

Ran make recompile to regenerate all workflow YAMLs - verified that all 125 lock files are already up-to-date with the source .md files. The merge from main (d680213) already included the latest compiled versions, so there are no changes to push.

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

❌ Firewall validation failed... Smoke Codex Firewall failed. Network sandboxing may not be working correctly.

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

✅ Smoke Test Results - Copilot Engine (No Firewall)

All tests passed successfully:

• ✅ Reviewed last 2 merged PRs (#9173, #9170)
• ✅ Created test file /tmp/gh-aw/agent/smoke-test-copilot-20765714777.txt
• ✅ Navigated to https://github.com with Playwright (page loaded successfully)

AI generated by Smoke Copilot No Firewall

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results - Copilot Engine (No Firewall) ✅

All tests passed successfully:

• ✅ Reviewed last 2 merged PRs (#9173, #9170)
• ✅ Created test file at /tmp/gh-aw/agent/smoke-test-copilot-20766610165.txt
• ✅ Navigated to https://github.com with Playwright (page title verified)
• ✅ Listed 3 open issues using GitHub API (#9127, #9122, #9101)

AI generated by Smoke Copilot No Firewall

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✅ Smoke test passed - All 4 tests successful:

1. Reviewed last 2 merged PRs (#9173, #9170)
2. Created test file in /tmp/gh-aw/agent/
3. Navigated to GitHub with Playwright (page title verified)
4. Listed 3 open issues using GitHub tool

AI generated by Smoke Copilot No Firewall

[pelikhan]

Let's restart from the spec. If need, update spec, the update code.