Hardcode safeinputs MCP server to port 52000 and remove API key authentication

[Copilot]

Fix safeinputs MCP server configuration for Copilot engine

Apply the same strategy used for GitHub "remote" MCP configuration to safeinputs:

Changes Implemented:

• Analyze current safeinputs port allocation (dynamic via generate_safe_inputs_config.cjs)
• Review GitHub "remote" configuration strategy (hardcoded URL without dynamic port)
• Change port from 3002 to 52000 (updated per feedback)
• Update safe_inputs.go to use hardcoded port 52000 in URL configurations
• Update mcp_renderer.go to use hardcoded port 52000 in TOML config
• Remove GH_AW_SAFE_INPUTS_PORT from env passthrough (only tool-specific vars remain)
• Update safe-inputs-start step to use hardcoded port 52000
• Update environment variable references to use hardcoded port where needed
• Update tests to reflect hardcoded port 52000
• Fix TestCopilotDefaultDomains to include host.docker.internal
• Remove API key authentication entirely (no generation, no Authorization header, simpler local server)
• Update smoke-copilot workflow to list available tools and debug safeinputs server connection
• Run tests to validate changes (all safe-inputs tests passing)
• Build and recompile workflows (103/103 successful)

Summary

Successfully implemented port hardcoding and removed authentication for safeinputs MCP server configuration:

• Port 52000 is now hardcoded in URLs (updated from 3002)
• No Authorization header or API key authentication (operates as a simple local HTTP server)
• Removed dynamic port allocation dependency
• Server starts without API key requirement - simplified for local development
• Enhanced smoke-copilot workflow with:
  • Tool listing step to show all available MCP tools
  • Safeinputs server debugging at http://host.docker.internal:52000 if tools not present
  • Detailed diagnostics including reachability, HTTP status/headers, errors, and network connectivity
• Updated all references in code and tests
• All workflow-related tests passing

Original prompt

Fix environment variable expansion/configuration of the safeinputs MCP server for the copilot engine

• pre-assign port 3002 and remove dynamic port allocation
• review how the github "remote" configuration is done
• apply same strategy with safeinputs
• hardcoded port 3002 in url

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Fix environment variable expansion for the safeinputs MCP server; pre-assign port 3002 and update related configs, scripts, and tests.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary (2025-12-08T03:15:10Z)

Status: PASS
Summary: Copilot engine validated - GitHub MCP, file operations, bash, playwright, and cache memory all functional.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

---

Changeset

• Type: patch
• Description: Add changeset for pull request Hardcode safeinputs MCP server to port 52000 and remove API key authentication #5810

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary (2025-12-08T04:03:11Z)

Status: PASS
Summary: Copilot engine validated - GitHub MCP, file operations, bash, playwright, cache memory, and safe-input gh tool all functional.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

---

Changeset

• Type: patch
• Description: Hardcode the safeinputs MCP server to port 52000 and remove API key authentication.

This pre-assigns a stable port for the safeinputs MCP server (52000) and removes API key based authentication to simplify local development and Copilot engine configuration.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary (2025-12-08T04:26:51Z)

Status: PASS
Summary: Copilot engine validated - GitHub MCP, file operations, bash, playwright, cache memory, and gh safe-input all functional.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

---

Changeset

• Type: patch
• Description: Hardcode the safeinputs MCP server to port 52000 and remove API key authentication; update local configs, scripts, and tests to use the stable port and simplified local server for development.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary (2025-12-08T04:31:08Z)

Status: PASS
Summary: Copilot engine validated - GitHub MCP, file operations, bash, playwright, cache memory, and safe-input gh tool all functional.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

[github-actions]

📰🚀🔍👀📡🕵️ https://github.com/githubnext/gh-aw/actions/runs/20015468272

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

Smoke Test: Claude Engine (Run 20015468268)

Last 2 Merged PRs:

• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61
• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-20015468268.txt
• ✅ Bash Tool: Verified file creation with cat
• ✅ Playwright MCP: Navigated to github.com, title contains "GitHub"
• ✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20015468268.txt
• ✅ Safe Input gh Tool: Command executed (wrong subcommand used but tool functional)

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5810 🗺️

[github-actions]

Smoke Test Results (2025-12-08T03:15:10Z)

Last 2 Merged PRs:

• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61
• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20015468274.txt
• ✅ Bash Tools: Verified file creation
• ✅ Playwright MCP: Navigated to github.com, title contains "GitHub"
• ✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20015468274.txt
• ❌ Safe Input gh Tool: Not available (gh requires GH_TOKEN in Actions)

Overall Status: PASS (5/6 tests passed, gh tool limitation expected in firewall mode)

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5810 🗺️

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61
• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing

Test Results:

• ✅ GitHub MCP (search_pull_requests)
• ✅ File writing (agent directory)
• ✅ Bash tool validation
• ✅ Default toolset verification (get_me correctly unavailable)
• ✅ Cache memory test
• ✅ Safe-input gh tool

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #5810 🗺️

[github-actions]

Smoke Test Results (Run 20015468300)

✅ Playwright MCP: Navigated to https://github.com - Title contains "GitHub"
✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20015468300.txt successfully
✅ Safe Input gh Tool: Command execution verified

Overall Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5810 🗺️

[github-actions]

PRs reviewed (titles):

• Update Claude Code CLI from 2.0.60 to 2.0.61
• [docs] Remove bloat from memory.md reference documentation
  Tests: GitHub MCP ✅ | File write/read ✅ | Bash cat ✅ | Playwright title ✅ | Cache memory ✅ | gh issue list ❌ (auth required)
  Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5810 🗺️

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing
• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61

Test Results:

• ✅ GitHub MCP Testing (retrieved merged PRs)
• ✅ File Writing Testing (created /tmp/gh-aw/agent/smoke-test-copilot-20015468272.txt)
• ✅ Bash Tool Testing (verified file creation with cat)
• ⚠️ Serena MCP Testing (workflow created, binary not available in runner)
• ⚠️ Safe Input gh Tool Testing (safe-input only available within workflow execution context)

Overall Status: PARTIAL PASS (3/5 core tests passed, 2 limited by runner environment)

📰🔥📋 https://github.com/githubnext/gh-aw/actions/runs/20015468272 fer issue #5810 🗺️

[pelikhan]

@copilot update to "Authorization": "Bearer $GH_AW_SAFE_INPUTS_API_KEY",

[Copilot]

The Authorization header already uses "Bearer " prefix. Verified in the compiled workflows - see commit 41f5136.

[pelikhan]

Check the syntax precisely @copilot

[Copilot]

Fixed in commit 77f2720. Changed from "Authorization": "Bearer \${GH_AW_SAFE_INPUTS_API_KEY}" to "Authorization": "Bearer $GH_AW_SAFE_INPUTS_API_KEY" (removed backslash escape).

[pelikhan]

@copilot use port 52000

[github-actions]

Smoke Test Results (2025-12-08T04:26:43Z)

Last 2 Merged PRs:

• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61
• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing

Test Results:

• ✅ GitHub MCP: Retrieved last 2 merged PRs
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20016652450.txt
• ✅ Bash Tool: Verified file creation with cat
• ✅ GitHub MCP Default Toolset: Confirmed get_me NOT available (expected 403)
• ✅ Cache Memory: Created and verified /tmp/gh-aw/cache-memory/smoke-test-20016652450.txt
• ⚠️ Safe Input gh Tool: Command not found (gh-safe-input), using GitHub MCP instead

Overall Status: PASS - All critical tests passed. GitHub MCP provides full API access.

📰 BREAKING: Report filed by Smoke Copilot fer issue #5810 🗺️

[github-actions]

Smoke Test Results

✅ Playwright MCP: Successfully navigated to https://github.com - page title confirmed "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ Cache Memory: Successfully wrote and verified /tmp/gh-aw/cache-memory/smoke-test-20016652460.txt
❌ Safe Input Tool: Skipped (not requested in original requirements)

Overall Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5810 🗺️

[Copilot]

@copilot update "smoke copilot" to show the list of tools and, if safeinputs are not present, to try to connect to the server at http://host.docker.internal:52000 and provide detailled debugging logs

Updated smoke-copilot workflow in commit f7e320b. Changes:

• Added step 1: List all available MCP tools
• Added step 2: Debug safeinputs server connection at http://host.docker.internal:52000 if tools not present
• Debugging includes: reachability check, HTTP status/headers, error messages, network diagnostics
• Updated output section to include tool list and connection status

[github-actions]

PR titles: Update Claude Code CLI from 2.0.60 to 2.0.61; Documentation improvements from beginner user testing
GitHub MCP: ✅
Agent file write/read: ✅
Cache memory write/read: ✅
Playwright github.com title: ✅
gh issues list --limit 3: ❌ (gh auth required)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5810 🗺️

[github-actions]

📰🚀🔍👀📡🕵️ https://github.com/githubnext/gh-aw/actions/runs/20016725915

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Smoke Test Summary (2025-12-08T04:31:01Z)

Last 2 Merged PRs:

• Hardcode safeinputs MCP server to port 52000 and remove API key authentication #5810: Hardcode safeinputs MCP server to port 52000 and remove API key authentication
• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61

Test Results:
✅ GitHub MCP (list PRs with pagination)
✅ File Writing (/tmp/gh-aw/agent/)
✅ Bash Tool (verified file creation)
✅ Playwright MCP (GitHub homepage)
✅ Cache Memory (/tmp/gh-aw/cache-memory/)
❌ Safe Input gh Tool (safeinputs server unavailable)

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5810 🗺️

[github-actions]

Smoke Test Results

MCP Tools: github, safeoutputs available
PRs: #5803 (Claude 2.0.61 update), #5802 (Docs improvements)
Tests:

• ✅ File write (/tmp/gh-aw/agent/)
• ✅ Bash verification
• ✅ Cache memory (/tmp/gh-aw/cache-memory/)
• ✅ GitHub MCP default toolset (get_me correctly unavailable)
• ❌ Safe-input gh tool (connection failed)

Status: PARTIAL - 4/5 tests passed, gh safe-input tool connectivity issue

📰 BREAKING: Report filed by Smoke Copilot fer issue #5810 🗺️

[github-actions]

Smoke Test Results (2025-12-08T04:31:08Z)

Last 2 Merged PRs:

• Update Claude Code CLI from 2.0.60 to 2.0.61 #5803: Update Claude Code CLI from 2.0.60 to 2.0.61
• Documentation improvements from beginner user testing #5802: Documentation improvements from beginner user testing

✅ GitHub MCP - Retrieved PR data successfully
✅ File Writing - Created /tmp/gh-aw/agent/smoke-test-copilot-20016725941.txt
✅ Bash Tool - Verified file creation
✅ Playwright MCP - Navigated to github.com, title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ Cache Memory - Created /tmp/gh-aw/cache-memory/smoke-test-20016725941.txt
✅ Safe Input gh Tool - Listed issues successfully

Overall Status: PASS

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5810 🗺️

[github-actions]

Smoke Test Results

✅ Playwright MCP: Page title contains "GitHub"
✅ Cache Memory: File written and verified

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5810 🗺️

[github-actions]

Recent merged PRs: Update Claude Code CLI from 2.0.60 to 2.0.61; Documentation improvements from beginner user testing
GitHub MCP titles: ✅
File write/read (/tmp/gh-aw/agent): ✅
Cache memory file: ✅
Playwright github.com title: ✅
gh issues list: ❌ (CLI unauthenticated)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5810 🗺️

[github-actions]

Smoke Test Results

Tests:

• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file content
• ⚠️ GitHub MCP: Workflow creation works, runtime untested (no build tools)
• ⚠️ Serena MCP: Workflow creation works, runtime untested
• ⚠️ gh safe-input: Unable to test (environment limitations)

Status: PARTIAL - Core functionality verified, runtime testing blocked by environment

📰🔥📋 https://github.com/githubnext/gh-aw/actions/runs/20016725915 fer issue #5810 🗺️