Skip to content

Remove mounts support from agent sandbox, MCP gateway, and GitHub MCP server#22309

Closed
dsyme wants to merge 1 commit intomainfrom
sb
Closed

Remove mounts support from agent sandbox, MCP gateway, and GitHub MCP server#22309
dsyme wants to merge 1 commit intomainfrom
sb

Conversation

@dsyme
Copy link
Contributor

@dsyme dsyme commented Mar 22, 2026

Summary

Removes the mounts field from all three container configuration areas:

  1. AWF agent sandbox (sandbox.agent.mounts): Removed from AgentSandboxConfig struct, frontmatter extraction, sandbox validation, AWF helper args building, schema, and docs.

  2. MCP gateway (sandbox.mcp.mounts): Removed from MCPGatewayRuntimeConfig struct, default config initialization, MCP setup generator, schema, and docs.

  3. GitHub MCP server (tools.github.mounts): Removed extractMounts/getGitHubMounts helper functions, GitHubMCPDockerOptions.Mounts field, mounts rendering from JSON/TOML renderers, schema, and docs.

Changes

  • Removed Mounts fields from Go structs in sandbox.go, tools_types.go, mcp_renderer_types.go
  • Removed mounts logic from awf_helpers.go, mcp_gateway_config.go, mcp_setup_generator.go, args.go, mcp_renderer_github.go, frontmatter_extraction_security.go, sandbox_validation.go, mcp_config_custom.go
  • Removed mounts schema entries from pkg/parser/schemas/main_workflow_schema.json
  • Updated docs in frontmatter-full.md and sandbox.md
  • Deleted mounts-specific test files and updated remaining tests
  • Fixed .github/workflows/hourly-ci-cleaner.md to use sandbox.agent.id: awf instead of mounts
  • Regenerated golden test files

Copilot AI review requested due to automatic review settings March 22, 2026 19:25
@dsyme dsyme closed this Mar 22, 2026
@dsyme
Copy link
Contributor Author

dsyme commented Mar 22, 2026

THis conflicted , also would conflict with #22310

Copilot AI reviewed Mar 22, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the mounts field from container-related configuration surfaces (agent sandbox, MCP gateway runtime config, and the GitHub MCP server), updating code, schema, docs, tests, and workflow lockfiles accordingly.

Changes:

  • Removed mounts from sandbox.agent (AWF agent sandbox) and deleted related extraction/arg-building logic.
  • Removed mounts from sandbox.mcp (MCP gateway runtime config) and updated setup generation/defaulting/tests accordingly.
  • Removed mounts from tools.github (GitHub MCP server) plus schema/docs examples, and regenerated golden/lock outputs.

Reviewed changes

Copilot reviewed 205 out of 205 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
pkg/workflow/tools_types.go Removes MCP gateway runtime Mounts field from config struct.
pkg/workflow/sandbox.go Removes agent sandbox Mounts field from AgentSandboxConfig.
pkg/workflow/mcp_setup_generator.go Drops adding user-configured gateway mounts to the generated Docker command.
pkg/workflow/mcp_renderer_types.go Removes GitHub MCP server Docker option Mounts.
pkg/workflow/mcp_gateway_config_test.go Removes default/custom mounts expectations from MCP gateway defaulting tests.
pkg/workflow/mcp_gateway_config.go Stops defaulting MCP gateway mounts.
pkg/workflow/mcp_config_custom.go Removes mounts rendering branches from shared MCP config rendering.
pkg/workflow/frontmatter_extraction_security.go Removes frontmatter extraction for agent and MCP gateway mounts.
pkg/workflow/awf_helpers.go Removes AWF --mount argument wiring (and the now-unused sort import).
pkg/workflow/args_field_test.go Deletes tests for GitHub tool mounts extraction helpers.
pkg/workflow/args.go Removes mounts extraction helpers for GitHub tool config.
pkg/parser/schemas/main_workflow_schema.json Removes mounts fields from schema for sandbox.agent, sandbox.mcp, and tools.github.
pkg/cli/workflows/test-custom-mounts.md Deletes the mounts-focused example workflow file.
docs/src/content/docs/reference/sandbox.md Removes agent mounts documentation and updates MCP gateway heading/content accordingly.
docs/src/content/docs/reference/frontmatter-full.md Removes mounts fields from the frontmatter reference for agent/mcp/github tool.
.github/workflows/workflow-normalizer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/workflow-health-manager.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/workflow-generator.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/weekly-issue-summary.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/video-analyzer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/update-astro.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/ubuntu-image-analyzer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/typist.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/tidy.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/test-workflow.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/test-project-url-default.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/test-dispatcher.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/test-create-pr-error-handling.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/terminal-stylist.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/super-linter.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/step-name-alignment.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/static-analysis-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-test-tools.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-project.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-call-workflow.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-agent-scoped-approved.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-agent-public-none.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-agent-public-approved.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-agent-all-none.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/smoke-agent-all-merged.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/sergo.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/semantic-function-refactor.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/security-review.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/security-compliance.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/scout.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/schema-feature-coverage.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/schema-consistency-checker.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/safe-output-health.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/research.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/repo-tree-map.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/release.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/refiner.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/q.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/python-data-charts.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/prompt-clustering-analysis.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/pr-triage-agent.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/portfolio-analyst.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/poem-bot.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/plan.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/pdf-summary.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/org-health-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/metrics-collector.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/mergefest.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/lockfile-stats.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/layout-spec-maintainer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/jsweep.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/issue-monster.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/issue-arborist.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/instructions-janitor.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/hourly-ci-cleaner.md Updates workflow config to use sandbox.agent.id: awf instead of mounts.
.github/workflows/grumpy-reviewer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/gpclean.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/go-pattern-detector.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/go-fan.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/github-mcp-tools-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/github-mcp-structural-analysis.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/firewall.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/firewall-escape.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/example-workflow-analyzer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/example-permissions-warning.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/duplicate-code-detector.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/dev.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/dev-hawk.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/delight.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/deep-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-team-status.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-security-red-team.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-safe-output-optimizer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-observability-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-issues-report.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-function-namer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-fact.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-code-metrics.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/daily-choice-test.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/craft.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/copilot-session-insights.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/copilot-agent-analysis.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/contribution-check.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/commit-changes-analyzer.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/codex-github-remote-mcp-test.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/code-simplifier.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/cloclo.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/cli-version-checker.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/ci-doctor.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/ci-coach.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/changeset.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/brave.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/bot-detection.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/blog-auditor.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/audit-workflows.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/artifacts-summary.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/archie.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/ai-moderator.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.
.github/workflows/ace-editor.lock.yml Removes default gateway mounts from embedded MCP_GATEWAY_DOCKER_COMMAND.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/workflow/mcp_config_custom.go
Comment on lines 136 to 143
case "entrypointArgs":
if len(mcpConfig.EntrypointArgs) > 0 {
existingProperties = append(existingProperties, prop)
}
case "mounts":
if len(mcpConfig.Mounts) > 0 {
existingProperties = append(existingProperties, prop)
}

case "command":
if mcpConfig.Command != "" {
existingProperties = append(existingProperties, prop)
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

renderSharedMCPConfig still includes "mounts" in propertyOrder for stdio MCP tools (see earlier in this function), but the logic that detects/renders existing properties no longer handles the "mounts" case. As a result, any user-configured mounts for custom/containerized MCP servers will be silently dropped from rendered config despite the workflow schema still allowing tools.<name>.mounts. Either re-add mounts handling here, or remove mounts from the supported schema/property order if this is an intentional breaking change beyond agent/gateway/GitHub MCP mounts.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dsyme