Add support for safe-inputs front matter section

[Copilot]

Adds a new safe-inputs front matter section that provides a way to register custom tools as JavaScript or shell scripts. These tools are mounted in an MCP server and have access to secrets as specified by the user.

Changes Made

• JSON Schema: Added safe-inputs property definition in main_workflow_schema.json and included_file_schema.json with validation for tool configurations (description required, script/run mutually exclusive)
• Go Types & Parsing: Created SafeInputsConfig type and ParseSafeInputs function in safe_inputs.go
• MCP Server Generation: Generates standalone MCP server JavaScript at runtime with support for both JavaScript and shell script tool execution
• Engine Integration: Integrated safe-inputs MCP server into Copilot, Claude, Codex, and Custom engines
• Secret Handling: Environment variables from env field are properly passed through to the MCP server
• Import Support: Added MergedSafeInputs to ImportsResult and implemented mergeSafeInputs for importing safe-inputs from shared workflows
• Auto-wrapping JavaScript: User JavaScript code is automatically wrapped in an async function with module.exports. Input parameters are destructured and available as local variables, so users can write simple code without worrying about exports.
• Large Output Handling: Tool outputs larger than 500 characters are automatically written to /tmp/gh-aw/safe-inputs/calls/ directory. The response now includes:
  • status: "output_saved_to_file"
  • file_path: Path to the saved output file
  • file_size_bytes: Size of the file in bytes
  • file_size_chars: Size of the file in characters
  • message: Human-readable description
  • json_schema_preview: (optional) Simplified JSON schema extracted using jq if the output is JSON
• Documentation: Added comprehensive documentation page at docs/src/content/docs/reference/safe-inputs.md

New Files

• shared/pr-data-safe-input.md - Shared workflow providing fetch-pr-data tool using gh CLI
• docs/src/content/docs/reference/safe-inputs.md - Documentation for safe-inputs feature

Usage Example

Define a safe-input tool (simplified - no exports needed!)

safe-inputs:
  test-js-math:
    description: "Test JavaScript math operations"
    inputs:
      a:
        type: number
        required: true
      b:
        type: number
        required: true
    script: |
      // Users can write simple code - inputs are available as local variables
      const sum = a + b;
      const product = a * b;
      return { sum, product };
    env:
      API_KEY: ${{ secrets.API_KEY }}
  echo-message:
    description: "Echo a message"
    inputs:
      message:
        type: string
        default: "Hello"
    run: |
      echo $INPUT_MESSAGE

Import safe-inputs from shared workflows

imports:
  - shared/pr-data-safe-input.md

Testing

• ✅ All unit tests pass
• ✅ All lint checks pass
• ✅ Code formatting applied

Original prompt

Add support for a new front matter section "safe-inputs" that provides a way to register tools as JavaScript or shell scripts.

So the plan will be to support “ligjtweight” definition of tools in the frontmatter (JavaScript or shell). The tools will be mounted in a MCP server, and will have access to secrets as specified by the user.
Something like this:

safe-inputs: # name TBD, safe-tools?
search-issues: # tool name
description: … # mandatory
inputs: # optional
# workflow syntax inputs
script: … JavaScript impl (cjs)
run: … shell script (script or run, not both)
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The compiler should generate all the necessary files (MCP server JavaScript, cjs and shell scripts) under /tmp/gh-aw/safe-inputs/ and add the MCP server configuration in the generated mcpServer config of the agent.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot continue work

[Copilot]

@copilot continue work

Continued work on safe-inputs. In commit 1e1e43b, I've integrated the safe-inputs MCP server into workflow compilation:

• Added RenderSafeInputs callback to all engines (Copilot, Claude, Codex, Custom)
• Safe-inputs MCP server is now generated inline in the workflow with a self-contained MCP server implementation
• Individual tool files (.cjs for JavaScript, .sh for shell) are generated per tool
• Environment variables for secrets are properly passed through
• Updated test files to handle new function signatures

The implementation now generates a working MCP server that exposes custom tools to the agent. Unit tests for safe-inputs parsing and generation are still pending.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot add support for importing safe-inputs tool from shared agentic workflows.

Add a shared agentic workflow that uses gh PRs to download PR data using a shell script. Use that workflow with dev.md to compute basic PR stats

[Copilot]

@copilot add support for importing safe-inputs tool from shared agentic workflows.

Add a shared agentic workflow that uses gh PRs to download PR data using a shell script. Use that workflow with dev....

Added safe-inputs import support in commit 63e918c. Created shared/pr-data-safe-input.md that provides a fetch-pr-data tool using gh CLI. Updated dev.md to import this shared workflow and compute Copilot PR statistics.

The agent can now use fetch-pr-data with parameters like search: "head:copilot/" to fetch PR data and compute stats (total PRs, merged/closed/open counts, average merge time, most active day).

[pelikhan]

@copilot add special handling for large tool outputs. If larger than 500 chars,

• write output to a temp file (under /tmp/gh-aw/safe-inputs/calls/
• use jq to extract schema
• return response with file path, size and scheme if it was extracted

[Copilot]

@copilot add special handling for large tool outputs. If larger than 500 chars,

• write output to a temp file (under /tmp/gh-aw/safe-inputs/calls/ ...

Added large output handling in commit 91c65f4. Tool outputs > 500 chars are written to /tmp/gh-aw/safe-inputs/calls/call_{timestamp}_{counter}.txt and the MCP response contains a reference to the file path.

[pelikhan]

@copilot when the file is too large return a structure response to the LLM that clearly states where the output response file path is, file size and attempt to run "jq" to extract a simplified JSON schema.

[pelikhan]

@copilot the javascript should always be wrapped into a function with modules.exports assignment so that the user can simplify write code without worrying about exports.

[github-actions]

⚠️ Dev Hawk Report - Failure Analysis

Workflow Run: #3019

• Status: failure
• Commit: 91c65f4
• Duration: ~4 minutes 39 seconds
• Failed Job: agent
• Failed Step: gh add: better tracking of added/modified files #34 "Parse agent logs for step summary"

Root Cause Analysis

The Dev workflow failed due to an MCP server launch failure for the new safe-inputs feature being tested in this PR.

Primary Error

##[error]MCP server(s) failed to launch: safeinputs

This error occurred at step 34 during log parsing, after the Claude Code CLI execution completed successfully (step 27). The safe-inputs MCP server that was configured in step 13 ("Setup Safe Inputs MCP") failed to launch properly.

Error Context

What happened:

1. ✅ Safe Inputs MCP setup completed (step 13)
2. ✅ Claude Code CLI executed successfully (step 27)
3. ✅ Claude agent completed its task (analyzed 978 Copilot PRs from the last 30 days)
4. ❌ Log parsing step detected the MCP server launch failure

Key observation: The Claude agent was able to run and complete its analysis task successfully, but the safe-inputs MCP server failed to launch. This suggests the MCP server configuration or initialization code has an issue.

Failure Category

Infrastructure/Configuration Error - MCP Server Launch Failure

The failure is related to the new safe-inputs MCP server infrastructure introduced in this PR, not the core functionality of the agent or the workflow logic.

Recommended Actions

• Investigate MCP server generation code - Review the safe-inputs MCP server JavaScript generation in the compiler (likely in pkg/workflow/safe_inputs.go or related files)
• Check MCP server configuration - Verify the generated MCP config at /tmp/gh-aw/.copilot/mcp-config.json or similar path
• Add MCP server validation - Consider adding validation or error handling for MCP server launch failures
• Review step 13 logs - Examine "Setup Safe Inputs MCP" step logs for any warnings or initialization issues
• Test MCP server locally - Try running the generated safe-inputs MCP server outside of the workflow to reproduce the issue

Investigation Notes

Positive findings:

• The workflow successfully installed Claude Code CLI
• Network permissions hook was generated correctly
• The Claude agent executed and completed its assigned task (PR analysis)
• Error validation passed (no ERROR/WARNING patterns detected in agent logs)

Key diagnostic info:

• The agent ran for 3 minutes with 15 turns and cost $1.67
• Token usage: 48 input, 185k cache creation, 810k cache read, 6.9k output
• All other workflow steps completed successfully
• The failure only manifested during the log parsing step

The error suggests the safe-inputs MCP server configuration or initialization is problematic, but doesn't prevent the main agent execution. This indicates the issue is in how the MCP server is being launched or configured, not in the agent's ability to use it.

---

🤖 Automated analysis by Dev Hawk - monitoring copilot/ branch workflows

🦅 Observed from above by Dev Hawk

[Copilot]

@copilot when the file is too large return a structure response to the LLM that clearly states where the output response file path is, file size and attempt to run "jq" to extract a simplified JSON sc...

Implemented in commit 6adf6bd. When output exceeds 500 chars, the response now includes:

• status: "output_saved_to_file"
• file_path: Full path to the output file
• file_size_bytes and file_size_chars: Size information
• json_schema_preview: Simplified JSON schema extracted via jq (if output is JSON)

[pelikhan]

/q investigate #5090 (comment)

If the error is not clear, update dev.md to use codex for better error messages.

[github-actions]

🔧 Pay attention, 007! Q is preparing your gadgets for this issue comment...

[github-actions]

🔧 Q Investigation Report - MCP Server Launch Failure

Issue Analysis

I investigated the Dev workflow failure (run #19791426012) reported by Dev Hawk.

Root Cause

The workflow failed with:

##[error]MCP server(s) failed to launch: safeinputs

This failure occurred during log parsing (step 34) after the Claude agent had already completed its execution successfully.

Key Findings

1. MCP Server Not Launching: The "safeinputs" MCP server is being registered in the workflow configuration but fails to launch when the agent starts
2. Agent Completed Successfully: The Claude agent ran for 3 minutes with 15 turns and completed its PR analysis task, indicating the safe-inputs feature wasn't actually needed for this workflow
3. Clear Error Location: The failure is in the MCP server initialization, not in the agent's ability to process tasks

Investigation Details

What I Checked:

• ✅ Reviewed audit logs from run #19791426012
• ✅ Examined dev.md workflow configuration
• ✅ Checked for safe-inputs implementation files
• ✅ Analyzed MCP server failure patterns

Observations:

• The dev.md workflow uses the Claude engine (not Copilot or Codex)
• No actual safe-inputs usage occurs in the dev.md workflow prompt
• The MCP server is being registered but the launch fails silently until log parsing
• Error reporting shows the failure but doesn't provide details about WHY the server failed to launch

Recommended Actions

1. Fix the Safe-Inputs MCP Server Implementation

The issue is in the safe-inputs MCP server generation code (likely in the PR changes). The server needs to:

• Generate valid JavaScript for the MCP server
• Handle proper module exports
• Include error handling for initialization failures

Files to Check:

• Go code that generates the safe-inputs MCP server JavaScript
• MCP server configuration generation for safe-inputs
• Server initialization and validation logic

2. Consider Engine Change for Dev Workflow

As suggested by @pelikhan, switching dev.md from Claude to Codex might provide better error messages:

- engine: claude
+ engine: codex

Pros:

• Codex may provide clearer error reporting for MCP failures
• Could help diagnose the safe-inputs launch issue

Cons:

• Doesn't fix the underlying safe-inputs MCP server bug
• Just provides better diagnostics

3. Add MCP Server Validation

Add validation that checks if safe-inputs MCP server can launch before the agent starts:

• Pre-flight check for MCP server validity
• Better error messages when server fails to initialize
• Clear indication of what went wrong (missing file, invalid JS, etc.)

Why Not Creating a PR

The actual bug is in the safe-inputs implementation code (within this PR's changes), not in the workflow configuration. The fix needs to happen at the compiler/code-generation level where the safe-inputs MCP server is created.

What I Would Fix If I Had Access:

1. Review the safe-inputs MCP server generation logic in the Go code
2. Ensure the generated JavaScript is valid and can be executed
3. Add better error handling during MCP server initialization
4. Add validation tests for safe-inputs MCP server generation

Next Steps

For the PR author to fix:

1. Debug why the generated safe-inputs MCP server fails to launch
2. Add error logging to the MCP server generation to show what's going wrong
3. Test the generated MCP server JavaScript in isolation to verify it works
4. Consider adding integration tests that validate MCP server launch

---

🤖 Automated analysis by Q - agentic workflow optimizer
📊 Workflow Run: https://github.com/githubnext/gh-aw/actions/runs/19791581437

🎩 Equipped by Q fer issue #5090 🗺️

[pelikhan]

@copilot update dev.md to use codex, add test cases in JavaScript to discover the error.

[Copilot]

@copilot the javascript should always be wrapped into a function with modules.exports assignment so that the user can simplify write code without worrying about exports.

Implemented in commit b749805. JavaScript code is now automatically wrapped in a function with module.exports. Input parameters are destructured and available as local variables, so users can write simple code like:

const sum = a + b;
return { sum };

Instead of:

module.exports = async function(params) {
  const { a, b } = params;
  return { sum: a + b };
};

@copilot update dev.md to use codex, add test cases in JavaScript to discover the error.

Updated dev.md to use Codex engine and added JavaScript test cases in commit b749805. The workflow now includes:

• test-js-math tool to test math operations (a + b, a * b)
• test-js-string tool to test string operations (uppercase, length)

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3020

• Status: ✅ success
• Commit: b749805
• Branch: copilot/add-safe-inputs-support
• Duration: ~26 minutes (1564 seconds)
• Triggered by: @pelikhan via workflow_dispatch

Summary

The Dev workflow completed successfully! 🎉 All checks passed for the safe-inputs feature implementation.

Workflow Details:

• Started: 2025-11-30 01:50:39 UTC
• Completed: 2025-11-30 02:16:43 UTC
• Jobs executed: 5

This validates the changes made to add support for the safe-inputs front matter section, including:

• Auto-wrapping of user JavaScript code with destructured inputs
• Large output handling with file storage
• Integration with Codex engine for testing

The workflow successfully validated the implementation with JavaScript test cases. 🚀

🦅 Observed from above by Dev Hawk

[pelikhan]

@copilot add documentation page

[Copilot]

@copilot add documentation page

Added documentation page in commit 55fa0ab at docs/src/content/docs/reference/safe-inputs.md. The page covers:

• Quick start and tool definition
• JavaScript and shell script implementations
• Input parameters and validation
• Environment variables and secrets
• Large output handling
• Importing from shared workflows
• Security considerations
• Comparison with other tool options

[pelikhan]

@copilot format, lint, fix all tests

[Copilot]

@copilot format, lint, fix all tests

Completed in commit 22c6abc. All code formatted, linted, and tests pass.