Fix MCP Gateway failure: default repos to "all" when only min-integrity is set

pkg/cli/compile_guard_policy_test.go

@@ -146,3 +146,45 @@ This workflow specifies repos without min-integrity.
 		})
 	}
 }
+
+// TestGuardPolicyMinIntegrityOnlyCompiledOutput verifies that when only min-integrity is
+// specified (without repos), the compiled lock file includes repos="all" in the guard policy.
+// This is a regression test for the MCP Gateway requirement that allow-only must include repos.
+func TestGuardPolicyMinIntegrityOnlyCompiledOutput(t *testing.T) {
+	workflowContent := `---
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+engine: copilot
+tools:
+  github:
+    min-integrity: approved
+---
+
+# Guard Policy Test
+
+This workflow uses min-integrity without specifying repos.
+`
+
+	tmpDir := t.TempDir()
+	workflowPath := filepath.Join(tmpDir, "test-guard-policy.md")
+	err := os.WriteFile(workflowPath, []byte(workflowContent), 0644)
+	require.NoError(t, err, "Failed to write workflow file")
+
+	compiler := workflow.NewCompiler()
+	err = CompileWorkflowWithValidation(compiler, workflowPath, false, false, false, false, false, false)
+	require.NoError(t, err, "Expected compilation to succeed")
+
+	// Read the compiled lock file and verify it contains the correct guard-policies JSON block.
+	// The MCP Gateway requires repos to be present in the allow-only policy.
+	lockFilePath := filepath.Join(tmpDir, "test-guard-policy.lock.yml")
+	lockFileBytes, err := os.ReadFile(lockFilePath)
+	require.NoError(t, err, "Failed to read compiled lock file")
+
+	lockFileContent := string(lockFileBytes)
+	// Check that the guard-policies allow-only block contains both repos=all and min-integrity=approved
+	// in the correct JSON structure expected by the MCP Gateway.
+	assert.Contains(t, lockFileContent, `"guard-policies": {`+"\n"+`                  "allow-only": {`+"\n"+`                    "min-integrity": "approved",`+"\n"+`                    "repos": "all"`,
+		"Compiled lock file must include repos=all and min-integrity=approved in the guard-policies allow-only block")
+}

pkg/workflow/mcp_github_config.go

@@ -235,6 +235,10 @@ func getGitHubAllowedTools(githubTool any) []string {
 
 // getGitHubGuardPolicies extracts guard policies from GitHub tool configuration.
 // It reads the flat repos/min-integrity fields and wraps them for MCP gateway rendering.
+// When min-integrity is set but repos is not, repos defaults to "all" because the MCP
+// Gateway requires repos to be present in the allow-only policy.
+// Note: repos-only (without min-integrity) is rejected earlier by validateGitHubGuardPolicy,
+// so this function will never be called with repos but without min-integrity in practice.
 // Returns nil if no guard policies are configured.
 func getGitHubGuardPolicies(githubTool any) map[string]any {
 	if toolConfig, ok := githubTool.(map[string]any); ok {
@@ -244,6 +248,10 @@ func getGitHubGuardPolicies(githubTool any) map[string]any {
 			policy := map[string]any{}
 			if hasRepos {
 				policy["repos"] = repos
+			} else {
+				// Default repos to "all" when min-integrity is specified without repos.
+				// The MCP Gateway requires repos in the allow-only policy.
+				policy["repos"] = "all"
 			}
 			if hasIntegrity {
 				policy["min-integrity"] = integrity

pkg/workflow/safeoutputs_guard_policy_test.go

@@ -197,8 +197,13 @@ func TestDeriveSafeOutputsGuardPolicyFromGitHub(t *testing.T) {
 			githubTool: map[string]any{
 				"min-integrity": "approved",
 			},
-			expectNil:   true,
-			description: "No repos means no guard-policy for safeoutputs",
+			expectedPolicies: map[string]any{
+				"write-sink": map[string]any{
+					"accept": []string{"*"},
+				},
+			},
+			expectNil:   false,
+			description: "No repos defaults to all, which means accept=[*] for safeoutputs",
 		},
 		{
 			name: "no guard policy at all",