Run pre-agent-steps before MCP gateway startup

docs/src/content/docs/reference/frontmatter-full.md

@@ -1469,8 +1469,8 @@ pre-steps:
 pre-steps: []
   # Array items: undefined
 
-# Custom workflow steps to run immediately before AI execution, after all
-# initialization and setup steps in the agent job.
+# Custom workflow steps to run before MCP gateway startup in the agent job,
+# so prerequisite MCP installation/configuration can happen first.
 # (optional)
 # This field supports multiple formats (oneOf):
 

docs/src/content/docs/reference/frontmatter.md

@@ -688,7 +688,7 @@ Custom steps run outside the firewall sandbox. These steps execute with standard
 
 ## Pre-Agent Steps (`pre-agent-steps:`)
 
-Add custom steps immediately before the agent execution step, after all initialization/setup logic in the agent job.
+Add custom steps before MCP gateway startup in the agent job so prerequisite MCP installation/configuration can happen first.
 
 ```yaml wrap
 pre-agent-steps:

pkg/workflow/compiler_pre_agent_steps_test.go

@@ -49,14 +49,14 @@ Test pre-agent-steps.
 		t.Error("Expected pre-agent-step to be in generated workflow")
 	}
 
-	cleanGitCredsIndex := indexInNonCommentLines(lockContent, "- name: Clean git credentials")
+	startMCPGatewayIndex := indexInNonCommentLines(lockContent, "- name: Start MCP Gateway")
 	preAgentStepIndex := indexInNonCommentLines(lockContent, "- name: Finalize prompt context")
 	aiStepIndex := indexInNonCommentLines(lockContent, "- name: Execute Claude Code CLI")
-	if cleanGitCredsIndex == -1 || preAgentStepIndex == -1 || aiStepIndex == -1 {
+	if startMCPGatewayIndex == -1 || preAgentStepIndex == -1 || aiStepIndex == -1 {
 		t.Fatal("Could not find expected steps in generated workflow")
 	}
-	if preAgentStepIndex <= cleanGitCredsIndex {
-		t.Errorf("Pre-agent-step (%d) should appear after clean git credentials (%d)", preAgentStepIndex, cleanGitCredsIndex)
+	if preAgentStepIndex >= startMCPGatewayIndex {
+		t.Errorf("Pre-agent-step (%d) should appear before Start MCP Gateway (%d)", preAgentStepIndex, startMCPGatewayIndex)
 	}
 	if preAgentStepIndex >= aiStepIndex {
 		t.Errorf("Pre-agent-step (%d) should appear before AI execution step (%d)", preAgentStepIndex, aiStepIndex)
@@ -113,13 +113,17 @@ Main workflow.
 
 	importedIdx := indexInNonCommentLines(lockContent, "- name: Imported pre-agent step")
 	mainIdx := indexInNonCommentLines(lockContent, "- name: Main pre-agent step")
+	startMCPGatewayIdx := indexInNonCommentLines(lockContent, "- name: Start MCP Gateway")
 	aiStepIdx := indexInNonCommentLines(lockContent, "- name: Execute Claude Code CLI")
-	if importedIdx == -1 || mainIdx == -1 || aiStepIdx == -1 {
-		t.Fatal("Could not find expected pre-agent and AI steps in generated workflow")
+	if importedIdx == -1 || mainIdx == -1 || startMCPGatewayIdx == -1 || aiStepIdx == -1 {
+		t.Fatal("Could not find expected pre-agent, MCP gateway, and AI steps in generated workflow")
 	}
 	if importedIdx >= mainIdx {
 		t.Errorf("Imported pre-agent-step (%d) should appear before main pre-agent-step (%d)", importedIdx, mainIdx)
 	}
+	if mainIdx >= startMCPGatewayIdx {
+		t.Errorf("Main pre-agent-step (%d) should appear before Start MCP Gateway (%d)", mainIdx, startMCPGatewayIdx)
+	}
 	if mainIdx >= aiStepIdx {
 		t.Errorf("Main pre-agent-step (%d) should appear before AI execution step (%d)", mainIdx, aiStepIdx)
 	}
@@ -179,14 +183,14 @@ Main workflow.
 	}
 	lockContent := string(content)
 
-	restoreBaseIdx := indexInNonCommentLines(lockContent, "- name: Restore agent config folders from base branch")
 	restoreAPMIdx := indexInNonCommentLines(lockContent, "- name: Restore APM packages")
+	startMCPGatewayIdx := indexInNonCommentLines(lockContent, "- name: Start MCP Gateway")
 	aiStepIdx := indexInNonCommentLines(lockContent, "- name: Execute Claude Code CLI")
-	if restoreBaseIdx == -1 || restoreAPMIdx == -1 || aiStepIdx == -1 {
-		t.Fatal("Could not find expected PR restore, pre-agent, and AI steps in generated workflow")
+	if restoreAPMIdx == -1 || startMCPGatewayIdx == -1 || aiStepIdx == -1 {
+		t.Fatal("Could not find expected pre-agent, MCP gateway, and AI steps in generated workflow")
 	}
-	if restoreBaseIdx >= restoreAPMIdx {
-		t.Errorf("PR base restore step (%d) should appear before imported pre-agent step (%d)", restoreBaseIdx, restoreAPMIdx)
+	if restoreAPMIdx >= startMCPGatewayIdx {
+		t.Errorf("Imported pre-agent step (%d) should appear before Start MCP Gateway (%d)", restoreAPMIdx, startMCPGatewayIdx)
 	}
 	if restoreAPMIdx >= aiStepIdx {
 		t.Errorf("Imported pre-agent step (%d) should appear before AI execution step (%d)", restoreAPMIdx, aiStepIdx)

pkg/workflow/compiler_yaml_main_job.go

@@ -302,6 +302,10 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat
 	// to avoid double-filtering: the gateway uses the same guard policy for the agent phase.
 	c.generateStopDIFCProxyStep(yaml, data)
 
+	// Add pre-agent-steps (if any) before MCP setup so they can install/configure MCP dependencies
+	// that the gateway may reference when it starts.
+	c.generatePreAgentSteps(yaml, data)
+
 	// Add MCP setup
 	if err := c.generateMCPSetup(yaml, data.Tools, engine, data); err != nil {
 		return fmt.Errorf("failed to generate MCP setup: %w", err)
@@ -384,9 +388,6 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat
 	// connects to via host.docker.internal:18443.
 	c.generateStartCliProxyStep(yaml, data)
 
-	// Add pre-agent-steps (if any) immediately before AI execution.
-	c.generatePreAgentSteps(yaml, data)
-
 	// Add AI execution step using the agentic engine
 	compilerYamlLog.Printf("Generating engine execution steps for %s", engine.GetID())
 	c.generateEngineExecutionSteps(yaml, data, engine, logFileFull)