Add stdio transport mode for safe-inputs MCP server

[Copilot]

Adds a configurable mode field to safe-inputs that allows the MCP server to run within the AWF firewall using stdio transport instead of as a separate HTTP service.

Changes

• Added mode field to safe-inputs configuration with values "http" (default) or "stdio"
• Stdio mode: MCP server started by agent via stdio transport, runs within firewall
  • MCP config: type: "stdio", command: "node", args: ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"]
  • Entry point uses startSafeInputsServer()
  • No HTTP server setup steps generated
• HTTP mode: Maintains existing behavior for backward compatibility
  • MCP config: type: "http", url: "http://host.docker.internal:${PORT}"
  • Entry point uses startHttpServer()
  • Separate HTTP server step with port/API key generation
• Schema updates: JSON schemas allow mode property, pattern regex excludes "mode" from tool names
• Enabled stdio mode for smoke-copilot workflow via shared/gh.md

Usage

---
safe-inputs:
  mode: stdio  # Run within firewall using stdio transport
  gh:
    description: "Execute gh CLI commands"
    inputs:
      args:
        type: string
        required: true
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    run: gh $INPUT_ARGS
---

Omitting mode defaults to "http" for backward compatibility.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login -json GO111MODULE ir GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile env d-artifact.git d-artifact.git /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login action.git GO111MODULE 1/x64/bin/node by/2d2c7a5149acfnode GOMOD -d/gh-aw go env 4b82ac6d18922b48 -d/gh-aw 1593003/b201/vet.cfg GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login .git .git 6f4186579cd7cae5e68b087f4a6313c0443/log.json GOINSECURE GOMOD GOMODCACHE go env f/tags/v6 GO111MODULE (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Add a configurable "mode" to safe inputs where it runs within the awf firewall. In other words, the safeinputs MCP server is started by the agent using the stdio transport and not as a step in the action job.

Enable this mode for "smoke copilot" agentic workflow

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.