From 5ffa6fa9225ae6a433280f29f8f497851ecd49f0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 14 Apr 2026 15:43:53 +0000
Subject: [PATCH 1/2] Initial plan


From b0cd1be4ed3c4e564593b0d1e6dd9ee35dd2a4cf Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 14 Apr 2026 15:51:21 +0000
Subject: [PATCH 2/2] Add test coverage for stdio server auth validation via
 stdin JSON path

Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/9bb8172a-0619-4ff2-a7be-d88c9c3c668b

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
---
 internal/config/config_stdin_test.go | 37 ++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/internal/config/config_stdin_test.go b/internal/config/config_stdin_test.go
index 9f1c28b0..7419e75c 100644
--- a/internal/config/config_stdin_test.go
+++ b/internal/config/config_stdin_test.go
@@ -1,9 +1,11 @@
 package config
 
 import (
+	"errors"
 	"os"
 	"testing"
 
+	"github.com/github/gh-aw-mcpg/internal/config/rules"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -276,6 +278,17 @@ func TestConvertStdinServerConfig_ValidationError(t *testing.T) {
 			},
 			errorContains: "url",
 		},
+		{
+			name: "stdio with auth block",
+			server: &StdinServerConfig{
+				Type:      "stdio",
+				Container: "ghcr.io/owner/image:latest",
+				Auth: &AuthConfig{
+					Type: "github-oidc",
+				},
+			},
+			errorContains: "auth is only supported for HTTP servers",
+		},
 	}
 
 	for _, tc := range testCases {
@@ -288,6 +301,30 @@ func TestConvertStdinServerConfig_ValidationError(t *testing.T) {
 	}
 }
 
+// TestConvertStdinServerConfig_StdioWithAuth verifies that a stdio server with an auth block
+// returns a structured rules.ValidationError with the correct JSONPath and suggestion,
+// guarding against regressions in error type or message.
+func TestConvertStdinServerConfig_StdioWithAuth(t *testing.T) {
+	server := &StdinServerConfig{
+		Type:      "stdio",
+		Container: "ghcr.io/owner/image:latest",
+		Auth: &AuthConfig{
+			Type: "github-oidc",
+		},
+	}
+
+	result, err := convertStdinServerConfig("my-server", server, nil)
+	require.Error(t, err)
+	assert.Nil(t, result)
+
+	var valErr *rules.ValidationError
+	require.True(t, errors.As(err, &valErr), "expected a *rules.ValidationError, got %T: %v", err, err)
+	assert.Equal(t, "auth", valErr.Field)
+	assert.Contains(t, valErr.Message, "auth is only supported for HTTP servers")
+	assert.Contains(t, valErr.JSONPath, "mcpServers.my-server")
+	assert.NotEmpty(t, valErr.Suggestion)
+}
+
 // TestConvertStdinServerConfig_EmptyEnvAndHeaders tests handling of empty env and headers.
 func TestConvertStdinServerConfig_EmptyEnvAndHeaders(t *testing.T) {
 	server := &StdinServerConfig{