Skip to content

feat: remove features.mcp-cli flag, rename mount-as-clis to cli-proxy#28842

Merged
pelikhan merged 5 commits intomainfrom
copilot/remove-features-mcp-cli
Apr 28, 2026
Merged

feat: remove features.mcp-cli flag, rename mount-as-clis to cli-proxy#28842
pelikhan merged 5 commits intomainfrom
copilot/remove-features-mcp-cli

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 28, 2026
edited
Loading

The features.mcp-cli flag was a redundant gate on top of tools.mount-as-clis. This removes the feature flag and makes CLI mounting default behavior when tools.cli-proxy: true is set. Safeoutputs and mcpscripts lose their auto-mount privilege — they now require explicit cli-proxy: true like all other servers.

Changes

  • pkg/constants/feature_constants.go — Remove MCPCLIFeatureFlag ("mcp-cli")
  • pkg/workflow/mcp_cli_mount.go
    • Gate on ParsedTools.CLIProxy instead of isFeatureEnabled(MCPCLIFeatureFlag)
    • Remove alwaysCLIMountedServers — safeoutputs/mcpscripts are no longer unconditionally mounted; they follow the same cli-proxy: true path as playwright, custom servers, etc.
    • Simplify getMCPCLIExcludeFromAgentConfig (drops dual-access special-casing)
    • Remove feature-flag auto-synthesis from buildCLIWorkflowDataForMounts
  • pkg/workflow/tools_types.go / tools_parser.go / schema — Rename MountAsCLIs/mount-as-clisCLIProxy/cli-proxy
  • 162+ workflow .md filesmount-as-clis: truecli-proxy: true; mcp-cli: true removed from features: blocks; empty features: blocks cleaned up
  • Engine tests — Updated to use CLIProxy field, MCPCLIFeatureFlag references removed
  • pkg/cli/codemod_mount_as_clis.go — New codemod mount-as-clis-to-cli-proxy that renames tools.mount-as-clistools.cli-proxy and removes the deprecated features.mcp-cli flag; registered in GetAllCodemods() and runnable via gh aw fix

Before / After

# Before
tools:
  mount-as-clis: true
features:
  mcp-cli: true

# After
tools:
  cli-proxy: true

@pelikhan
feat: remove features.mcp-cli flag, rename mount-as-clis to cli-proxy
b1ee800 
- Remove MCPCLIFeatureFlag from constants; MCP CLI mounting is now always
  active when tools.cli-proxy: true is set (no feature flag needed)
- Rename tools.mount-as-clis → tools.cli-proxy in ToolsConfig, parser,
  schema, and all workflow .md files
- Remove alwaysCLIMountedServers: safeoutputs and mcpscripts are no longer
  auto-mounted; they are only mounted when cli-proxy: true is set
- Simplify getMCPCLIExcludeFromAgentConfig (no more dual-access exclusion)
- Update all test files to use CLIProxy field and remove MCPCLIFeatureFlag
- Remove mcp-cli: true from 60+ workflow features blocks
- Recompile all lock files

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/54c0f788-c290-4ae1-93ab-f3eaaa051b93

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
pelikhan
pelikhan reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@pelikhan pelikhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot add codemod to rename mount-as-cli to cli-proxy

@pelikhan
feat: add codemod to rename mount-as-clis to cli-proxy
db61398 
Adds codemod 'mount-as-clis-to-cli-proxy' that:
- Renames tools.mount-as-clis → tools.cli-proxy
- Removes deprecated features.mcp-cli flag

Registered in GetAllCodemods() and covered by 6 test cases.

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e26bc328-2349-4521-887c-e7619d4561e9

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 28, 2026

@copilot add codemod to rename mount-as-cli to cli-proxy

Added in db61398. The mount-as-clis-to-cli-proxy codemod is now registered in GetAllCodemods() and handles:

  • Renaming tools.mount-as-clistools.cli-proxy
  • Removing the deprecated features.mcp-cli flag

Run it with gh aw fix to migrate existing workflows.

Copilot AI requested a review from pelikhan April 28, 2026 03:47
@pelikhan pelikhan marked this pull request as ready for review April 28, 2026 03:48
Copilot AI review requested due to automatic review settings April 28, 2026 03:48
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 28, 2026

@copilot Merge main and recompile

@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/remove-featur…
85245cd 
…es-mcp-cli

# Conflicts:
#	.github/workflows/ace-editor.lock.yml
#	.github/workflows/agent-performance-analyzer.lock.yml
#	.github/workflows/agent-persona-explorer.lock.yml
#	.github/workflows/agentic-observability-kit.lock.yml
#	.github/workflows/agentic-optimization-kit.lock.yml
#	.github/workflows/ai-moderator.lock.yml
#	.github/workflows/api-consumption-report.lock.yml
#	.github/workflows/approach-validator.lock.yml
#	.github/workflows/archie.lock.yml
#	.github/workflows/architecture-guardian.lock.yml
#	.github/workflows/artifacts-summary.lock.yml
#	.github/workflows/audit-workflows.lock.yml
#	.github/workflows/auto-triage-issues.lock.yml
#	.github/workflows/aw-failure-investigator.lock.yml
#	.github/workflows/blog-auditor.lock.yml
#	.github/workflows/bot-detection.lock.yml
#	.github/workflows/brave.lock.yml
#	.github/workflows/breaking-change-checker.lock.yml
#	.github/workflows/changeset.lock.yml
#	.github/workflows/ci-coach.lock.yml
#	.github/workflows/ci-doctor.lock.yml
#	.github/workflows/claude-code-user-docs-review.lock.yml
#	.github/workflows/cli-consistency-checker.lock.yml
#	.github/workflows/cli-version-checker.lock.yml
#	.github/workflows/cloclo.lock.yml
#	.github/workflows/code-scanning-fixer.lock.yml
#	.github/workflows/code-simplifier.lock.yml
#	.github/workflows/codex-github-remote-mcp-test.lock.yml
#	.github/workflows/commit-changes-analyzer.lock.yml
#	.github/workflows/constraint-solving-potd.lock.yml
#	.github/workflows/contribution-check.lock.yml
#	.github/workflows/copilot-agent-analysis.lock.yml
#	.github/workflows/copilot-cli-deep-research.lock.yml
#	.github/workflows/copilot-opt.lock.yml
#	.github/workflows/copilot-pr-merged-report.lock.yml
#	.github/workflows/copilot-pr-nlp-analysis.lock.yml
#	.github/workflows/copilot-pr-prompt-analysis.lock.yml
#	.github/workflows/copilot-session-insights.lock.yml
#	.github/workflows/copilot-token-audit.lock.yml
#	.github/workflows/copilot-token-optimizer.lock.yml
#	.github/workflows/craft.lock.yml
#	.github/workflows/daily-architecture-diagram.lock.yml
#	.github/workflows/daily-assign-issue-to-user.lock.yml
#	.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml
#	.github/workflows/daily-aw-cross-repo-compile-check.lock.yml
#	.github/workflows/daily-cache-strategy-analyzer.lock.yml
#	.github/workflows/daily-choice-test.lock.yml
#	.github/workflows/daily-cli-performance.lock.yml
#	.github/workflows/daily-cli-tools-tester.lock.yml
#	.github/workflows/daily-code-metrics.lock.yml
#	.github/workflows/daily-community-attribution.lock.yml
#	.github/workflows/daily-compiler-quality.lock.yml
#	.github/workflows/daily-doc-healer.lock.yml
#	.github/workflows/daily-doc-updater.lock.yml
#	.github/workflows/daily-fact.lock.yml
#	.github/workflows/daily-file-diet.lock.yml
#	.github/workflows/daily-firewall-report.lock.yml
#	.github/workflows/daily-firewall-report.md
#	.github/workflows/daily-function-namer.lock.yml
#	.github/workflows/daily-hippo-learn.lock.yml
#	.github/workflows/daily-issues-report.lock.yml
#	.github/workflows/daily-malicious-code-scan.lock.yml
#	.github/workflows/daily-mcp-concurrency-analysis.lock.yml
#	.github/workflows/daily-multi-device-docs-tester.lock.yml
#	.github/workflows/daily-news.lock.yml
#	.github/workflows/daily-observability-report.lock.yml
#	.github/workflows/daily-otel-instrumentation-advisor.lock.yml
#	.github/workflows/daily-performance-summary.lock.yml
#	.github/workflows/daily-regulatory.lock.yml
#	.github/workflows/daily-rendering-scripts-verifier.lock.yml
#	.github/workflows/daily-repo-chronicle.lock.yml
#	.github/workflows/daily-safe-output-integrator.lock.yml
#	.github/workflows/daily-safe-output-optimizer.lock.yml
#	.github/workflows/daily-safe-outputs-conformance.lock.yml
#	.github/workflows/daily-secrets-analysis.lock.yml
#	.github/workflows/daily-security-observability.lock.yml
#	.github/workflows/daily-security-red-team.lock.yml
#	.github/workflows/daily-semgrep-scan.lock.yml
#	.github/workflows/daily-skill-optimizer.lock.yml
#	.github/workflows/daily-syntax-error-quality.lock.yml
#	.github/workflows/daily-team-evolution-insights.lock.yml
#	.github/workflows/daily-team-status.lock.yml
#	.github/workflows/daily-testify-uber-super-expert.lock.yml
#	.github/workflows/daily-token-consumption-report.lock.yml
#	.github/workflows/daily-workflow-updater.lock.yml
#	.github/workflows/dead-code-remover.lock.yml
#	.github/workflows/deep-report.lock.yml
#	.github/workflows/delight.lock.yml
#	.github/workflows/dependabot-burner.lock.yml
#	.github/workflows/dependabot-go-checker.lock.yml
#	.github/workflows/design-decision-gate.lock.yml
#	.github/workflows/dev-hawk.lock.yml
#	.github/workflows/dev.lock.yml
#	.github/workflows/developer-docs-consolidator.lock.yml
#	.github/workflows/dictation-prompt.lock.yml
#	.github/workflows/discussion-task-miner.lock.yml
#	.github/workflows/docs-noob-tester.lock.yml
#	.github/workflows/draft-pr-cleanup.lock.yml
#	.github/workflows/duplicate-code-detector.lock.yml
#	.github/workflows/example-permissions-warning.lock.yml
#	.github/workflows/example-workflow-analyzer.lock.yml
#	.github/workflows/firewall-escape.lock.yml
#	.github/workflows/firewall.lock.yml
#	.github/workflows/functional-pragmatist.lock.yml
#	.github/workflows/github-mcp-structural-analysis.lock.yml
#	.github/workflows/github-mcp-tools-report.lock.yml
#	.github/workflows/github-remote-mcp-auth-test.lock.yml
#	.github/workflows/glossary-maintainer.lock.yml
#	.github/workflows/go-fan.lock.yml
#	.github/workflows/go-logger.lock.yml
#	.github/workflows/go-pattern-detector.lock.yml
#	.github/workflows/gpclean.lock.yml
#	.github/workflows/grumpy-reviewer.lock.yml
#	.github/workflows/hippo-embed.lock.yml
#	.github/workflows/hourly-ci-cleaner.lock.yml
#	.github/workflows/instructions-janitor.lock.yml
#	.github/workflows/issue-arborist.lock.yml
#	.github/workflows/issue-monster.lock.yml
#	.github/workflows/issue-triage-agent.lock.yml
#	.github/workflows/jsweep.lock.yml
#	.github/workflows/layout-spec-maintainer.lock.yml
#	.github/workflows/lockfile-stats.lock.yml
#	.github/workflows/mcp-inspector.lock.yml
#	.github/workflows/mergefest.lock.yml
#	.github/workflows/metrics-collector.lock.yml
#	.github/workflows/notion-issue-summary.lock.yml
#	.github/workflows/org-health-report.lock.yml
#	.github/workflows/pdf-summary.lock.yml
#	.github/workflows/plan.lock.yml
#	.github/workflows/poem-bot.lock.yml
#	.github/workflows/pr-nitpick-reviewer.lock.yml
#	.github/workflows/pr-triage-agent.lock.yml
#	.github/workflows/prompt-clustering-analysis.lock.yml
#	.github/workflows/python-data-charts.lock.yml
#	.github/workflows/q.lock.yml
#	.github/workflows/refactoring-cadence.lock.yml
#	.github/workflows/refiner.lock.yml
#	.github/workflows/release.lock.yml
#	.github/workflows/repo-audit-analyzer.lock.yml
#	.github/workflows/repo-tree-map.lock.yml
#	.github/workflows/repository-quality-improver.lock.yml
#	.github/workflows/research.lock.yml
#	.github/workflows/schema-feature-coverage.lock.yml
#	.github/workflows/security-review.lock.yml
#	.github/workflows/slide-deck-maintainer.lock.yml
#	.github/workflows/smoke-agent-public-approved.lock.yml
#	.github/workflows/smoke-call-workflow.lock.yml
#	.github/workflows/smoke-ci.lock.yml
#	.github/workflows/smoke-copilot-arm.lock.yml
#	.github/workflows/smoke-copilot.lock.yml
#	.github/workflows/smoke-multi-pr.lock.yml
#	.github/workflows/smoke-temporary-id.lock.yml
#	.github/workflows/smoke-workflow-call-with-inputs.lock.yml
#	.github/workflows/spec-extractor.lock.yml
#	.github/workflows/static-analysis-report.lock.yml
#	.github/workflows/super-linter.lock.yml
#	.github/workflows/test-create-pr-error-handling.lock.yml
#	.github/workflows/test-quality-sentinel.lock.yml
#	.github/workflows/typist.lock.yml
#	.github/workflows/update-astro.lock.yml
#	.github/workflows/weekly-editors-health-check.lock.yml
#	.github/workflows/workflow-generator.lock.yml
#	.github/workflows/workflow-skill-extractor.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 28, 2026
edited
Loading

@copilot Merge main and recompile

Done in 85245cd. Merged origin/main (163 lock file conflicts resolved), rebuilt the binary, and recompiled all 204 workflow lock files successfully.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -embedcfg /tmp/go-build3313774004/b349/embedcfg -pack (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 28, 2026

@copilot merge main and recompile

@pelikhan
Merge remote-tracking branch 'origin/main' into copilot/remove-featur…
b71d912 
…es-mcp-cli

# Conflicts:
#	.github/workflows/copilot-opt.lock.yml

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 28, 2026
edited
Loading

@copilot merge main and recompile

Done in b71d912. Resolved 1 lock file conflict, rebuilt the binary, and recompiled all 204 workflow lock files successfully.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv {commit} (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv {commit} (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2026

Comment Memory

CI lights the path\nGreen checks bloom at dawn\nQuiet bots still sing

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Generated by Smoke CI for issue #28842 ·

@pelikhan pelikhan merged commit d555622 into main Apr 28, 2026
24 checks passed
@pelikhan pelikhan deleted the copilot/remove-features-mcp-cli branch April 28, 2026 05:12
@github-actions github-actions Bot mentioned this pull request Apr 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan