Fix template injection in MCP server configuration generation (Claude/Copilot engines)

[Copilot]

Fix template injection in MCP server configuration generation (Claude/Copilot engines)

Problem

Security scan identified 176 template injection vulnerabilities, with 74 occurrences in MCP server configuration generation. GitHub Actions expressions like ${{ env.GH_AW_ASSETS_BRANCH }} were being used directly inside HERE documents, allowing attackers to inject arbitrary commands.

Solution

• Explore repository and understand the vulnerability pattern
• Identify affected code in pkg/workflow/mcp-config.go and pkg/workflow/engine_helpers.go
• Modify mcp_servers.go to add env: block to "Setup MCPs" step
• Update mcp-config.go to use shell environment variables instead of GitHub expressions (Claude/Copilot only)
• Test changes with unit tests
• Compile workflows and verify fixes work correctly
• Verify security improvement with example workflow
• Address code review feedback
• Merge main branch and format code

Implementation Details

Changes Made

1. Added env block to Setup MCPs step (mcp_servers.go)

   • GitHub expressions are now placed in the step's env: block
   • Expressions are evaluated safely before the shell script runs

2. Updated MCP configuration generation (Claude/Copilot engines only)

   • JSON format (mcp-config.go, engine_helpers.go):
     • Safe-outputs: Uses $GH_AW_SAFE_OUTPUTS instead of ${{ env.GH_AW_SAFE_OUTPUTS }}
     • Agentic-workflows: Uses $GITHUB_TOKEN instead of ${{ secrets.GITHUB_TOKEN }}
     • GitHub MCP: Uses $GITHUB_MCP_SERVER_TOKEN instead of ${{ secrets.GH_AW_GITHUB_TOKEN }}

3. Updated affected engines

   • Claude engine (claude_mcp.go): Uses plain shell variables in JSON ✅
   • Copilot engine (copilot_engine.go): Uses escaped variables for CLI interpolation in JSON ✅
   • Custom engine (custom_engine.go): Uses plain shell variables in JSON ✅
   • Codex engine (codex_engine.go): Unchanged - retains original TOML with GitHub expressions

4. Updated tests (7 test files)

   • Verified GitHub expressions are in env blocks for JSON configs
   • Verified shell variables are used in JSON HERE documents
   • Confirmed no GitHub expressions remain in JSON generation

5. Merged main branch and formatted code

   • Merged latest changes from main branch
   • Applied code formatting with make fmt
   • Resolved merge conflicts
   • All tests passing

Security Impact

Claude/Copilot Engines (Secure) - JSON

Before (Vulnerable):

{
  "env": {
    "GH_AW_SAFE_OUTPUTS": "${{ env.GH_AW_SAFE_OUTPUTS }}"
  }
}

After (Secure):

# Step env block:
env:
  GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}

# JSON in HERE document:
{
  "env": {
    "GH_AW_SAFE_OUTPUTS": "$GH_AW_SAFE_OUTPUTS"
  }
}

Codex Engine (Unchanged) - TOML

The Codex engine retains its original TOML implementation:

env = { "GH_AW_SAFE_OUTPUTS" = "${{ env.GH_AW_SAFE_OUTPUTS }}", ... }

Results

✅ Claude/Copilot workflows fixed with secure JSON using shell variables
⚠️ Codex workflows unchanged - retains original TOML with GitHub expressions
✅ All unit tests passing
✅ Code review feedback addressed
✅ Merged with main and code formatted

Security Summary

The fix eliminates template injection vulnerabilities for Claude and Copilot engines by:

1. Moving GitHub Actions expressions to the safe env: context
2. Using only shell variable references in JSON HERE documents
3. Preventing attackers from injecting commands via environment variables

Note: The Codex engine was intentionally excluded from this fix and retains its original implementation.

• Fixes [task] Fix template injection in MCP server configuration generation #2865

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[task] Fix template injection in MCP server configuration generation</issue_title>
<issue_description>## Objective
Fix template injection vulnerabilities in MCP server configuration generation across all workflows. This is the most common pattern (74 occurrences) where GitHub Actions expressions are used unsafely in run: blocks.

Context

Security scan identified 176 template injection vulnerabilities, with the majority occurring in MCP server configuration generation. These vulnerabilities allow attackers to inject arbitrary commands by controlling environment variables or GitHub context values.

Related to discussion #2855 (Zizmor Security Analysis Report).

Approach

Pattern to Fix

Before (Vulnerable):

run: |
  cat > /tmp/gh-aw/mcp-config/mcp-servers.json << EOF
  {
    "mcpServers": {
      "safeoutputs": {
        "env": {
          "GH_AW_ASSETS_BRANCH": "${{ env.GH_AW_ASSETS_BRANCH }}",
          "GH_AW_ASSETS_MAX_SIZE_KB": "${{ env.GH_AW_ASSETS_MAX_SIZE_KB }}"
        }
      }
    }
  }
  EOF

After (Secure):

env:
  ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }}
  ASSETS_MAX_SIZE: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }}
run: |
  cat > /tmp/gh-aw/mcp-config/mcp-servers.json << EOF
  {
    "mcpServers": {
      "safeoutputs": {
        "env": {
          "GH_AW_ASSETS_BRANCH": "$ASSETS_BRANCH",
          "GH_AW_ASSETS_MAX_SIZE_KB": "$ASSETS_MAX_SIZE"
        }
      }
    }
  }
  EOF

Files to Modify

Search all .lock.yml files for the pattern:

grep -r "GH_AW_ASSETS_BRANCH.*\${{" .github/workflows/*.lock.yml

Primary focus workflows:

• smoke-detector.lock.yml
• dev-hawk.lock.yml
• ci-doctor.lock.yml
• scout.lock.yml
• All other workflows with MCP server configuration steps

Acceptance Criteria

• All MCP server configuration steps use env: block for GitHub expressions
• No ${{ ... }} expressions remain in HERE documents or JSON generation
• Re-run zizmor scan shows reduction in template-injection findings for MCP config
• Workflows continue to function correctly after fixes
• Compile all workflows with gh aw compile to ensure no syntax errors
  Related to 🔒 Zizmor Security Analysis Report - 2025-10-31 #2855

AI generated by Plan Command for discussion #2855</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [task] Fix template injection in MCP server configuration generation #2865

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot the generated TOML has syntax errors

30 | env = { "GH_AW_SAFE_OUTPUTS" = "/tmp/gh-aw/safeoutputs/outputs.jsonl", "GH_AW_SAFE_OUTPUTS_CONFIG" = ""{\"create_issue\":{\"max\":1,\"min\":1},\"missing_tool\":{}}"", "GH_AW_ASSETS_BRANCH" = "", "GH_AW_ASSETS_MAX_SIZE_KB" = "", "GH_AW_ASSETS_ALLOWED_EXTS" = "" }

[pelikhan]

Claude, copilot ok

[github-actions]

🔍 Smoke Test Investigation - Run #68

Summary

The Smoke Codex workflow is failing due to invalid TOML syntax in the generated MCP server configuration. The issue is caused by using toJSON() on an already-JSON-formatted string in a TOML inline table context, which creates double-escaped content that violates TOML syntax rules.

Failure Details

• Run: #18975512058
• Commit: fff74ce
• Branch: copilot/fix-template-injection-vulnerability
• Trigger: workflow_dispatch
• Duration: 47 seconds
• Failed Job: agent (19s duration)

Root Cause Analysis

The Problem: Invalid TOML syntax in MCP configuration

The error occurs in the generated TOML configuration at pkg/workflow/mcp-config.go:207:

env = { "GH_AW_SAFE_OUTPUTS" = "${{ env.GH_AW_SAFE_OUTPUTS }}", "GH_AW_SAFE_OUTPUTS_CONFIG" = ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }}, ... }

When env.GH_AW_SAFE_OUTPUTS_CONFIG contains "{\"create_issue\":{\"max\":1,\"min\":1},\"missing_tool\":{}}" and toJSON() is applied, it produces:

"GH_AW_SAFE_OUTPUTS_CONFIG" = "\"{\\\"create_issue\\\":{\\\"max\\\":1,\\\"min\\\":1},\\\"missing_tool\\\":{}}\""

This creates invalid TOML because:

1. The value has nested quotes that aren't properly handled in TOML inline table syntax
2. TOML parser fails with: TOML parse error at line 30, column 109: missing comma between key-value pairs

Failed Jobs and Errors

Job Sequence:

1. ✅ pre_activation - succeeded (3s)
2. ✅ activation - succeeded (3s)
3. ❌ agent - failed (19s) - Codex CLI couldn't parse TOML config
4. ⏭️ detection - skipped
5. ⏭️ missing_tool - skipped
6. ❌ create_issue - failed (6s) - Dependent on agent job

Error Message:

Error: TOML parse error at line 30, column 109
   |
30 | env = { "GH_AW_SAFE_OUTPUTS" = "/tmp/gh-aw/safeoutputs/outputs.jsonl", "GH_AW_SAFE_OUTPUTS_CONFIG" = "\"{\\\"create_issue\\\":{\\\"max\\\":1,\\\"min\\\":1},\\\"missing_tool\\\":{}}\", ...
   |                                                                                                             ^
missing comma between key-value pairs, expected `,`

Investigation Findings

Why toJSON() Was Used (Correctly) in Other Contexts:

This PR fixes template injection vulnerabilities by moving GitHub expressions from HERE documents to step env blocks. In HERE documents, toJSON() prevented shell expansion - this was the correct approach for JSON/YAML contexts.

Why toJSON() Fails in TOML Inline Tables:

TOML inline tables have different quoting requirements than JSON or YAML. When you use toJSON() on a string that's already JSON, it adds another layer of escaping that creates invalid TOML syntax.

Comparison of Contexts:

Context	Variable Reference	Works?	Notes
HERE document (JSON)	${{ toJSON(env.VAR) }}	✅	Prevents shell expansion
TOML inline table	${{ toJSON(env.VAR) }}	❌	Creates invalid TOML
TOML inline table	"${{ env.VAR }}"	✅	Simple string in quotes

Recommended Actions

Critical Priority

• Fix mcp-config.go line 207

  Current code:

  yaml.WriteString("          env = { \"GH_AW_SAFE_OUTPUTS\" = \"${{ env.GH_AW_SAFE_OUTPUTS }}\", \"GH_AW_SAFE_OUTPUTS_CONFIG\" = ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }}, \"GH_AW_ASSETS_BRANCH\" = \"${{ env.GH_AW_ASSETS_BRANCH }}\", \"GH_AW_ASSETS_MAX_SIZE_KB\" = \"${{ env.GH_AW_ASSETS_MAX_SIZE_KB }}\", \"GH_AW_ASSETS_ALLOWED_EXTS\" = \"${{ env.GH_AW_ASSETS_ALLOWED_EXTS }}\" }\n")

  Fixed code:

  yaml.WriteString("          env = { \"GH_AW_SAFE_OUTPUTS\" = \"${{ env.GH_AW_SAFE_OUTPUTS }}\", \"GH_AW_SAFE_OUTPUTS_CONFIG\" = \"${{ env.GH_AW_SAFE_OUTPUTS_CONFIG }}\", \"GH_AW_ASSETS_BRANCH\" = \"${{ env.GH_AW_ASSETS_BRANCH }}\", \"GH_AW_ASSETS_MAX_SIZE_KB\" = \"${{ env.GH_AW_ASSETS_MAX_SIZE_KB }}\", \"GH_AW_ASSETS_ALLOWED_EXTS\" = \"${{ env.GH_AW_ASSETS_ALLOWED_EXTS }}\" }\n")

  Change: Remove toJSON() and add explicit quotes around the GitHub Actions expression, matching the pattern used for other variables in the same line.

• Recompile workflows: Run gh aw compile to regenerate all workflow lock files with the fix

• Verify TOML syntax: Test that the generated TOML is valid before the agent runs

High Priority

• Add TOML validation test: Create a test that validates generated TOML configurations can be parsed successfully

• Document toJSON() usage: Add comments explaining when to use toJSON() (HERE documents, shell contexts) vs when not to use it (TOML inline tables)

Prevention Strategies

1. TOML Syntax Validation: Add validation step that parses generated TOML before committing workflow files

2. Integration Tests: Test MCP configuration generation with actual TOML parser:

   func TestCodexMCPConfigTOMLSyntax(t *testing.T) {
       // Generate config with JSON-valued env var
       config := generateCodexMCPConfig(...)
       
       // Parse with TOML library
       _, err := toml.Parse(config)
       require.NoError(t, err, "Generated TOML must be valid")
   }

3. Context-Aware Templates: Consider using TOML library (like github.com/BurntSushi/toml) instead of string concatenation for TOML generation

4. Documentation: Create a guide for when to use toJSON():

   • ✅ Use in HERE documents to prevent shell expansion
   • ✅ Use in JSON/YAML contexts
   • ❌ Don't use in TOML inline tables (use quoted expressions instead)
   • ❌ Don't use when value is already JSON and you're in a strict syntax context

Historical Context

This issue is related to previous investigations of similar toJSON() problems:

• Issue [smoke-detector] Comment on #2323 #2341: Copilot --additional-mcp-config with invalid JSON due to double-quoting
• Issue [smoke-detector] 🔄 THIRD REGRESSION - Run #39: Second Fix Also Failed #2346: Third regression of similar toJSON() misuse
• Pattern: Different engines (Copilot, Claude, Codex) have different MCP config formats and quoting requirements

Key Difference: Previous issues involved JSON format for Copilot. This issue involves TOML inline table format for Codex, which has stricter syntax requirements.

Technical Details

Generated TOML (Current - Broken):

[mcp_servers.safeoutputs]
command = "node"
args = ["/tmp/gh-aw/safeoutputs/mcp-server.cjs"]
env = { "GH_AW_SAFE_OUTPUTS_CONFIG" = ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }} }

After GitHub Actions evaluation:

env = { "GH_AW_SAFE_OUTPUTS_CONFIG" = "\"{\\\"create_issue\\\":{...}}\"" }

❌ Invalid - double-quoted value confuses TOML parser

Generated TOML (Fixed):

env = { "GH_AW_SAFE_OUTPUTS_CONFIG" = "${{ env.GH_AW_SAFE_OUTPUTS_CONFIG }}" }

After GitHub Actions evaluation:

env = { "GH_AW_SAFE_OUTPUTS_CONFIG" = "{\"create_issue\":{...}}" }

✅ Valid - properly quoted string value in TOML

---

Investigation stored: /tmp/gh-aw/cache-memory/investigations/2025-10-31-18975512058.json
Pattern ID: CODEX_TOML_PARSE_ERROR_DOUBLE_TOJSON
Severity: Critical
Is Flaky: No

AI generated by Smoke Detector - Smoke Test Failure Investigator

AI generated by Smoke Detector - Smoke Test Failure Investigator

[Copilot]

@copilot the generated TOML has syntax errors

30 | env = { "GH_AW_SAFE_OUTPUTS" = "/tmp/gh-aw/safeoutputs/outputs.jsonl", "GH_AW_SAFE_OUTPUTS_CONFIG" = ""{\"create_issue\":{\"max\":1,\"min\":1...

Fixed in 382c18a. The TOML generation now uses shell variables instead of GitHub Actions expressions.

Before:

env = { "GH_AW_SAFE_OUTPUTS" = "${{ env.GH_AW_SAFE_OUTPUTS }}", "GH_AW_SAFE_OUTPUTS_CONFIG" = ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }}, ... }

After:

env = { "GH_AW_SAFE_OUTPUTS" = "$GH_AW_SAFE_OUTPUTS", "GH_AW_SAFE_OUTPUTS_CONFIG" = "$GH_AW_SAFE_OUTPUTS_CONFIG", ... }

The GitHub expressions are now in the step's env block:

env:
  GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
  GH_AW_SAFE_OUTPUTS_CONFIG: ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }}

[github-actions]

🔍 Smoke Test Investigation - Run #69

Summary

The Smoke Codex workflow failed during agent initialization due to a TOML parse error in the MCP server configuration. The error occurs when a JSON-valued environment variable is substituted into a TOML inline table, creating invalid syntax with double-quoted strings.

Failure Details

• Run: 18977321431
• Commit: 382c18a
• Trigger: workflow_dispatch
• Duration: 1.5 minutes (agent job failed after 51s)
• Conclusion: failure

Root Cause Analysis

The template injection security fix (PR #2871) changed MCP configuration generation to use shell variables instead of GitHub expressions. However, when $GH_AW_SAFE_OUTPUTS_CONFIG (which contains a JSON string) is substituted into the TOML inline table, it creates invalid TOML syntax:

Problematic TOML (line 30, column 104):

env = { "GH_AW_SAFE_OUTPUTS" = "/tmp/gh-aw/safeoutputs/outputs.jsonl", "GH_AW_SAFE_OUTPUTS_CONFIG" = ""{\"create_issue\":{\"max\":1,\"min\":1},\"missing_tool\":{}}"", ... }

Notice the double quotes: ""{...}""

The TOML parser sees the first closing quote as the end of the string value, then encounters unexpected content ({), causing the error:

Error: TOML parse error at line 30, column 104
missing key for inline table element, expected `,`

Failed Jobs and Errors

1. ✅ pre_activation - succeeded (6s)
2. ✅ activation - succeeded (4s)
3. ❌ agent - failed (51s) - TOML parse error prevents Codex from starting
4. ❌ create_issue - failed (8s) - Dependent on agent job
5. ⏭️ detection - skipped
6. ⏭️ missing_tool - skipped

Error Location: /tmp/gh-aw/aw-mcp/logs/run-18977321431/agent-stdio.log:1

Investigation Findings

Pattern Recognition: This is the second occurrence of TOML-related issues in this PR:

Run	Commit	Issue	Status
18975512058	fff74ce	Used toJSON() causing double-escaping	Previous
18977321431	382c18a	Shell variable with JSON creates double quotes	Current

Evolution:

1. Initial approach used ${{ toJSON(env.GH_AW_SAFE_OUTPUTS_CONFIG) }} → double-escaping
2. Removed toJSON() to use $GH_AW_SAFE_OUTPUTS_CONFIG → double-quoting issue persists

Root Problem: TOML inline tables with shell variable substitution of JSON values is inherently problematic due to escaping complexity.

Recommended Actions

Option A: File-Based Configuration (Recommended) ⭐

Change Codex to use a file-based TOML configuration, matching the pattern used by Claude engine:

Current (Inline TOML):

run: |
  codex --config-toml "env = { \"VAR\" = \"$VALUE\" }"

Proposed (File-Based):

run: |
  cat > /tmp/gh-aw/mcp-config/config.toml <<'EOF'
  [mcp_servers.safeoutputs]
  env = { "GH_AW_SAFE_OUTPUTS" = "$GH_AW_SAFE_OUTPUTS", "GH_AW_SAFE_OUTPUTS_CONFIG" = "$GH_AW_SAFE_OUTPUTS_CONFIG" }
  EOF
  
  codex --config /tmp/gh-aw/mcp-config/config.toml

Benefits:

• Eliminates shell substitution escaping issues
• Matches patterns used by other engines (Claude, GenAIScript)
• More maintainable and testable
• Cleaner separation of config from command

Files to Modify:

• pkg/workflow/mcp-config.go - Add file-based TOML generation
• pkg/workflow/codex_engine.go - Update to write config file and reference it

Estimated Effort: 2-3 hours

Option B: Proper TOML Escaping (Alternative)

Use a TOML library to properly escape JSON strings when generating inline TOML:

Benefits:

• Keeps inline approach
• Handles escaping correctly

Drawbacks:

• Complex escaping rules with edge cases
• Still vulnerable to special characters in env vars
• Less maintainable than file-based approach

Estimated Effort: 1-2 hours + ongoing maintenance risk

Prevention Strategies

1. Add TOML Validation Tests: Test MCP config generation with JSON-valued environment variables

   func TestCodexMCPConfigWithJSONEnvVar(t *testing.T) {
       // Set env var with JSON containing quotes
       // Generate TOML config
       // Parse with TOML parser to verify validity
   }

2. Integration Tests: Parse generated config files with actual TOML parser during compilation

3. Use File-Based Configs: Standardize on file-based configuration across all engines to avoid inline substitution issues

4. Document Engine Differences: Create comparison matrix of config approaches:

   • Claude: File-based JSON
   • Copilot: Inline JSON via CLI flag
   • Codex: Should use file-based TOML (recommended fix)
   • Custom: File-based JSON

Historical Context

This is part of a broader pattern of MCP configuration challenges across engines:

• Issue [smoke-detector] 🔍 Smoke Test Investigation - Smoke Claude: Invalid MCP Configuration Argument #2267: Claude expected file path but received inline JSON
• Issue [smoke-detector] Comment on #2323 #2341, [smoke-detector] 🔄 THIRD REGRESSION - Run #39: Second Fix Also Failed #2346: Copilot double-escaping with toJSON()
• Current Issue: Codex TOML inline table with JSON variable substitution

The common theme: Inline configuration with complex escaping is error-prone. File-based configuration eliminates these issues.

Technical Details

TOML Inline Table Syntax:

# Valid:
env = { "KEY" = "simple-value" }

# Invalid (what we're generating):
env = { "KEY" = ""{"nested":"json"}"" }

Why It Fails:

1. Shell substitutes $GH_AW_SAFE_OUTPUTS_CONFIG with {"create_issue":{...}}
2. This appears in TOML as: "KEY" = "{"nested":"json"}"
3. TOML parser sees: "KEY" = " then { (unexpected character)
4. Error: "missing key for inline table element, expected ,"

---

Investigation Metadata:

• Pattern ID: CODEX_TOML_DOUBLE_QUOTE_JSON_VALUE
• Severity: Critical
• Occurrences: 2 (both in this PR branch)
• Investigation saved to: /tmp/gh-aw/cache-memory/investigations/2025-10-31-18977321431.json
• Is Flaky: No - deterministic configuration error

Recommendation: Implement Option A (File-Based Configuration) to permanently resolve TOML escaping issues and align with best practices used by other engines.

AI generated by Smoke Detector - Smoke Test Failure Investigator

[pelikhan]

@copilot try option A

[pelikhan]

@copilot revert changes for codex and only keep changes in Claude/copilot engines

[Copilot]

@copilot revert changes for codex and only keep changes in Claude/copilot engines

Reverted in cd5e668. Codex TOML now uses the original implementation with GitHub Actions expressions, while Claude/Copilot engines retain the secure JSON implementation with shell variables.

Codex TOML (unchanged):

env = { "GH_AW_SAFE_OUTPUTS" = "${{ env.GH_AW_SAFE_OUTPUTS }}", ... }

Claude/Copilot JSON (secure):

{
  "env": {
    "GH_AW_SAFE_OUTPUTS": "$GH_AW_SAFE_OUTPUTS"
  }
}

[Copilot]

Pull Request Overview

This PR addresses a security vulnerability by fixing template injection in MCP server configuration generation for Claude and Copilot engines. GitHub Actions expressions like ${{ env.GH_AW_SAFE_OUTPUTS }} were previously embedded directly in HERE documents, creating a security risk where attackers could inject arbitrary commands. The fix moves these expressions to safe env: blocks and uses plain shell variable references in the generated JSON/TOML configuration files.

Key Changes:

• Added environment variable blocks to "Setup MCPs" steps to evaluate GitHub expressions safely
• Updated MCP configuration generation to use shell variables ($VAR) instead of GitHub expressions (${{ ... }})
• Modified test files to verify the security improvements

Reviewed Changes

Copilot reviewed 73 out of 74 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/workflow/mcp_servers.go	Adds env: block logic to Setup MCPs step for safe GitHub expression evaluation
pkg/workflow/mcp-config.go	Updates safe-outputs and agentic-workflows config to use shell variables
pkg/workflow/engine_helpers.go	Modifies GitHub MCP Docker config to use shell variables instead of effective tokens
pkg/workflow/claude_mcp.go	Removes unused imports and updates to use shell variables for GitHub tokens
pkg/workflow/custom_engine.go	Updates custom engine to use shell variables for GitHub MCP configuration
pkg/workflow/schemas/github-workflow.json	Formatting changes to enum arrays (multi-line formatting)
pkg/workflow/*_test.go (7 files)	Updates test expectations to verify env blocks and shell variable usage
.github/workflows/*.lock.yml (50+ files)	Compiled workflow files showing env blocks and shell variable usage in action

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[pelikhan]

@copilot merge main format

[Copilot]

@copilot merge main format

Merged and formatted in 05bb18b.

• Merged latest changes from main branch
• Applied code formatting with make fmt
• Resolved merge conflict in example-permissions-warning.lock.yml
• All tests passing ✅