Skip to content

Duplicate Code: HTTP MCP server lifecycle duplicated between mcp_scripts and safe_outputs servers #22077

New issue
New issue
Closed
#22078
Closed
Duplicate Code: HTTP MCP server lifecycle duplicated between mcp_scripts and safe_outputs servers#22077
#22078
Assignees
pelikhancopilot-swe-agent
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 21, 2026

Overview

A significant structural duplication exists between the HTTP server implementations in mcp_scripts_mcp_server_http.cjs and safe_outputs_mcp_server_http.cjs.

This overlap exceeds the reporting threshold and increases maintenance risk for transport behavior, request parsing, error handling, and shutdown paths.

Summary

  • Severity: Medium
  • Occurrences: 2 primary modules
  • Analyzed changed code: 2 .cjs files in commit 48d8fdfddc8cad854ac0c70ceb573f09fb8f9c9b
  • Duplication signal: ~171 identical non-comment/non-empty lines between the two HTTP server files

Duplication Pattern

  • Pattern: Repeated HTTP MCP server lifecycle implementation (startup logs, transport setup, request handling pipeline, bind error handling, graceful shutdown handlers)
  • Locations:
    • actions/setup/js/mcp_scripts_mcp_server_http.cjs (notably around lines 126-317)
    • actions/setup/js/safe_outputs_mcp_server_http.cjs (notably around lines 226-425)
Representative duplicated block (request handling loop) 
// Common structure in both files:
const httpServer = http.createServer(async (req, res) => {
  res.setHeader("Access-Control-Allow-Origin", "*");
  res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
  res.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept");

  if (req.method === "OPTIONS") { ... }
  if (req.method === "GET" && req.url === "/health") { ... }
  if (req.method !== "POST") { ... }

  try {
    // parse JSON body
    await transport.handleRequest(req, res, body);
  } catch (error) {
    // JSON-RPC internal error response
  }
});

Line references:

  • actions/setup/js/mcp_scripts_mcp_server_http.cjs:166
  • actions/setup/js/safe_outputs_mcp_server_http.cjs:268
Representative duplicated block (transport/connect/startup/shutdown)

Line references:

  • Transport + connect:
    • actions/setup/js/mcp_scripts_mcp_server_http.cjs:150
    • actions/setup/js/safe_outputs_mcp_server_http.cjs:250
  • Bind errors:
    • actions/setup/js/mcp_scripts_mcp_server_http.cjs:262
    • actions/setup/js/safe_outputs_mcp_server_http.cjs:371
  • Graceful shutdown:
    • actions/setup/js/mcp_scripts_mcp_server_http.cjs:276
    • actions/setup/js/safe_outputs_mcp_server_http.cjs:385

Impact

  • Maintainability: behavior fixes in one server can be missed in the other.
  • Bug risk: drift in protocol/error semantics can create inconsistent MCP behavior.
  • Change cost: future enhancements (timeouts, CORS, parsing, health endpoint) require parallel edits.

Recommendations

  1. Extract a shared HTTP transport server runner helper
  • Candidate: actions/setup/js/mcp_http_server_runner.cjs
  • Move shared logic: request method routing, JSON parse/parse-error handling, transport delegation, bind/error/shutdown wiring.
  • Keep per-server customization in options (health payload, logger namespace, stateless/stateful session mode, timeout policy).
  1. Introduce a small per-server adapter layer
  • mcp_scripts_mcp_server_http.cjs and safe_outputs_mcp_server_http.cjs should primarily provide:
    • server bootstrap function
    • transport mode config
    • health metadata provider
  1. Add parity tests at shared layer
  • Ensure a single test suite validates request lifecycle semantics used by both servers.

Implementation Checklist

  • Define shared HTTP MCP server lifecycle abstraction
  • Migrate mcp_scripts_mcp_server_http.cjs to shared abstraction
  • Migrate safe_outputs_mcp_server_http.cjs to shared abstraction
  • Add/adjust tests for shared lifecycle behavior
  • Verify both servers preserve current behavior

Analysis Metadata

  • Detection method: semantic + structural comparison of changed .cjs files
  • Commit: 48d8fdfddc8cad854ac0c70ceb573f09fb8f9c9b
  • Workflow run: 23371416954
  • Date (UTC): 2026-03-21

References:

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • ab.chatgpt.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"

See Network Configuration for more information.

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

  • issue:github/gh-aw#unknown (search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

Generated by Duplicate Code Detector ·

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions