Conversation
…workflow.md - Add explicit warning in Tools & MCP Servers section that all engines (copilot, claude, codex, custom) cannot access api.github.com directly - Include correct (tools: github:) and incorrect (network: allowed:) examples - Reinforce guidance in Quick Reference tools checklist - Recompile lock files with make recompile Fixes: #19306 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add GitHub MCP requirement guidance in create-agentic-workflow.md
Add explicit GitHub MCP requirement warning for all engines in create-agentic-workflow.md
Mar 3, 2026
pelikhan
approved these changes
Mar 3, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a prominent warning in the workflow-creation prompt clarifying that GitHub API operations should use the GitHub MCP configuration (tools: github:) rather than attempting direct access to api.github.com via network: allowed:.
Changes:
- Added a new “GitHub API Access” warning block in Tools & MCP Servers, including correct/incorrect YAML examples.
- Reinforced the guidance in the “Quick Reference / Tools checklist” section with an inline note.
Comments suppressed due to low confidence (2)
.github/aw/create-agentic-workflow.md:234
- The statement that all engines cannot access
api.github.comdirectly, and that adding it tonetwork: allowed:will NOT work, conflicts with existing repo docs/examples that explicitly allowapi.github.comvianetwork.allowed(e.g..github/aw/github-agentic-workflows.md:1565-1600 showsnetwork.allowed: ["api.github.com"]and thegithubecosystem includesapi.github.com). Please narrow this warning to the specific engine/constraint that actually applies (perAGENTS.md:135-160 this is a Copilot-engine limitation), or reword to clarify that GitHub MCP is the recommended/required mechanism for GitHub data access within the workflow agent, not that network allowlisting cannot reach the host at all.
- ⚠️ **GitHub API Access — All Engines**: Agentic workflow engines (including `copilot`, `claude`, `codex`, and custom engines) **cannot access `api.github.com` directly**. For any GitHub API operations (reading issues, searching PRs, listing commits, checking runs, etc.), you **must** configure the GitHub MCP server via `tools: github:`. Adding `api.github.com` to `network: allowed:` will **NOT** work and will cause silent failures.
.github/aw/create-agentic-workflow.md:247
- The “❌ WRONG — Direct API access (will silently fail)” example is too absolute:
network.allowedgoverns egress/firewall and is used elsewhere to permitcurl https://api.github.com/ GitHub-domain access. If the intent is “wrong as a substitute for GitHub MCP when you need authenticated GitHub API reads in the agent”, please say that explicitly (e.g., missing auth/tooling), rather than implying the host is unreachable even when allowlisted.
- ❌ **WRONG** — Direct API access (will silently fail):
```yaml
network:
allowed:
- api.github.com # Does not grant API access to the engine
```
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| 3. **Tools**: Determine required tools: | ||
| - **`bash` and `edit` are enabled by default** - No need to add (sandboxed by AWF) | ||
| - GitHub API reads → `tools: github: toolsets: [default]` (use toolsets, NOT allowed) | ||
| - GitHub API reads → `tools: github: toolsets: [default]` (use toolsets, NOT allowed); ⚠️ engines cannot access `api.github.com` directly — GitHub MCP is required for all GitHub API operations |
There was a problem hiding this comment.
This checklist item repeats the claim that engines cannot access api.github.com directly. That contradicts the repo’s network-permissions guidance (e.g. .github/aw/github-agentic-workflows.md:1591-1599) and Copilot smoke tests that expect curl https://api.github.com` to succeed when GitHub domains are allowed. Recommend rephrasing to the specific limitation you’re documenting (e.g., “for GitHub API reads in workflows, prefer/require GitHub MCP tools rather than raw HTTP calls”).
This issue also appears in the following locations of the same file:
- line 234
- line 242
Suggested change
| - GitHub API reads → `tools: github: toolsets: [default]` (use toolsets, NOT allowed); ⚠️ engines cannot access `api.github.com` directly — GitHub MCP is required for all GitHub API operations | |
| - GitHub API reads → `tools: github: toolsets: [default]` (use toolsets, NOT `allowed`); ⚠️ for GitHub API operations in workflows, prefer using the GitHub MCP tools (github toolsets) rather than raw HTTP calls, even when `api.github.com` is reachable via `network: allowed: [...]` |
This was referenced Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Workflows created without the GitHub MCP server silently fail when trying to access GitHub API — engines cannot access
api.github.comdirectly, regardless of what's innetwork: allowed:.Changes
Tools & MCP Servers section: Added
⚠️ GitHub API Access — All Engineswarning block covering all engines (copilot,claude,codex, custom) with explicit correct/incorrect YAML examples:Quick Reference / Tools checklist: Added inline note on the GitHub API reads bullet reinforcing that
tools: github:is required, notnetwork: allowed:.Warning is intentionally scoped to all engines (not just
copilot) per review feedback.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha(http block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.