Remove session management from safe outputs MCP HTTP server#22056
Remove session management from safe outputs MCP HTTP server#22056
Conversation
… server Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6253a4d6-5bdc-4886-8c02-12f7da3cc06d
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6253a4d6-5bdc-4886-8c02-12f7da3cc06d
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request... |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
|
Smoke Test Results for §23368452920 —
Overall: Note 🔒 Integrity filtering filtered 1 itemIntegrity filtering activated and filtered the following item during workflow execution.
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Commit pushed:
|
|
Smoke Test 23368452880 Results
Overall: PARTIAL (all non-skipped tests passed) Note 🔒 Integrity filtering filtered 1 itemIntegrity filtering activated and filtered the following item during workflow execution.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Note
🔒 Integrity filtering filtered 1 item
Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
- pr:#22056 (
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
💥 [THE END] — Illustrated by Smoke Claude
| logger.debug("Successfully required safe_outputs_mcp_server_http.cjs"); | ||
|
|
||
| // Start the HTTP server | ||
| // If run directly, start the HTTP server |
There was a problem hiding this comment.
The updated comment "If run directly, start the HTTP server" is clearer than the previous version. The removal of the stateless-mode explanation comment is appropriate since that context is now documented in safe_outputs_mcp_server_http.cjs directly.
| logger.debug(`=== Starting Safe Outputs MCP HTTP Server ===`); | ||
| logger.debug(`Port: ${port}`); | ||
| logger.debug(`Mode: ${stateless ? "stateless" : "stateful"}`); | ||
| logger.debug(`Mode: stateless`); |
There was a problem hiding this comment.
Hardcoding "Mode: stateless" is clean now that stateful mode is removed. Consider also removing the logger.debug for mode entirely if all deployments are always stateless — reduces noise in logs.
There was a problem hiding this comment.
Pull request overview
This PR makes the safe-outputs MCP HTTP server stateless-only by removing session management and the now-redundant --stateless/stateless configuration pathways, aligning server behavior with how the MCP gateway actually calls it.
Changes:
- Removed stateful/stateless mode toggling from
safe_outputs_mcp_server_http.cjsand always disable session ID generation. - Simplified the safe-outputs entrypoint to stop passing
stateless: true. - Updated the smoke workflow lock file to pass structured inputs for the
add_smoked_labelcustom action. - Added a changeset documenting the behavior change.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| actions/setup/js/safe_outputs_mcp_server_http.cjs | Removes session-mode switching and always runs transport without session management. |
| actions/setup/js/safe-outputs-mcp-server.cjs | Removes redundant stateless: true argument when starting the server. |
| .github/workflows/smoke-codex.lock.yml | Updates dynamic tool schema and workflow step inputs for add_smoked_label. |
| .changeset/patch-remove-safe-outputs-session-management.md | Documents the stateless-only change as a patch release note. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| }, | ||
| "required": [ | ||
| "labels" |
There was a problem hiding this comment.
In the add_smoked_label tool schema, number is defined but not required, yet the workflow step unconditionally reads and passes .number to action-add-labels. This can produce an empty/undefined number input at runtime if the payload omits it. Either add number to the schema’s required list (and ensure the handler always includes it) or stop passing number in the with: block and rely on action/context defaults.
| "labels" | |
| "labels", | |
| "number" |
The safe outputs MCP HTTP server supported both stateful and stateless modes, but the MCP gateway never performs the initialization handshake — it calls
tools/listdirectly without anMcp-Session-Idheader, making stateful mode non-functional and the--statelessflag a required workaround at the entry point.Changes
safe_outputs_mcp_server_http.cjs: Removestatelessoption,--statelessCLI flag, andrandomUUIDimport.MCPHTTPTransportnow always receivessessionIdGenerator: undefined. Updated module docstring to document stateless-only behavior.safe-outputs-mcp-server.cjs: Drop the now-redundantstateless: truecall argument and the accompanying explanatory comment (the constraint is now enforced in the server itself).✨ PR Review Safe Output Test - Run 23368452880
Note
🔒 Integrity filtering filtered 1 item
Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)