chore: bump smoke-codex mcpg to v0.2.26 for debugging by lpcox · Pull Request #2123 · github/gh-aw-firewall

lpcox · 2026-04-20T17:25:49Z

Bumps mcpg from v0.2.22 to v0.2.26 in smoke-codex.lock.yml to debug Codex MCP tool discovery issues. Codex is using exec_command (bash) instead of MCP tools for safe outputs, possibly due to mcpg version.

Update ghcr.io/github/gh-aw-mcpg from v0.2.22 to v0.2.26 in the smoke-codex lock file to debug Codex MCP tool discovery issues. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Copilot

Pull request overview

Bumps the ghcr.io/github/gh-aw-mcpg container version used by the Smoke Codex locked workflow to help debug Codex MCP tool discovery behavior.

Changes:

Update gh-aw-mcpg image references from v0.2.22 to v0.2.26 throughout the workflow (manifest, documented container list, image prefetch, gateway command, CLI proxy).

Show a summary per file

File	Description
`.github/workflows/smoke-codex.lock.yml`	Updates the `gh-aw-mcpg` image tag/digest used by the Smoke Codex locked workflow.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 1/1 changed files
Comments generated: 1

Copilot · 2026-04-20T17:28:30Z

@@ -1,5 +1,5 @@
 # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"73c8ff39b7e3ed578d57badefb71fc04dd5c5b2c12fc03b8d418ea44727bc627","compiler_version":"v0.68.7","strict":true,"agent_id":"codex"}
-# gh-aw-manifest: {"version":1,"secrets":["CODEX_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN","OPENAI_API_KEY","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"53b83947a5a98c8d113130e565377fae1a50d02f","version":"v6.3.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f52802884d655622f0a2dfd6d6a2250983c95523","version":"v0.68.7"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23","digest":"sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23@sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23","digest":"sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23@sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23","digest":"sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23@sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23","digest":"sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23@sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.22","digest":"sha256:5345f80d8bae180f8ec836719ca8d8ae1de60aef1bede758a4731af0af979b2f","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.2.22@sha256:5345f80d8bae180f8ec836719ca8d8ae1de60aef1bede758a4731af0af979b2f"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0","digest":"sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28","pinned_image":"ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"},{"image":"mcr.microsoft.com/playwright/mcp","digest":"sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2","pinned_image":"mcr.microsoft.com/playwright/mcp@sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}
+# gh-aw-manifest: {"version":1,"secrets":["CODEX_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN","OPENAI_API_KEY","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"53b83947a5a98c8d113130e565377fae1a50d02f","version":"v6.3.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f52802884d655622f0a2dfd6d6a2250983c95523","version":"v0.68.7"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23","digest":"sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23@sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23","digest":"sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23@sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23","digest":"sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23@sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23","digest":"sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23@sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.26","digest":"sha256:5345f80d8bae180f8ec836719ca8d8ae1de60aef1bede758a4731af0af979b2f","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.2.26@sha256:41c20d3a366498e883648bbf0c5a23d5c0102ae931e0eaa7b79bbf8e1afab29c"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0","digest":"sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28","pinned_image":"ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"},{"image":"mcr.microsoft.com/playwright/mcp","digest":"sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2","pinned_image":"mcr.microsoft.com/playwright/mcp@sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}


The gh-aw manifest metadata has an inconsistent digest for the updated ghcr.io/github/gh-aw-mcpg:v0.2.26 container: digest is still the old sha (5345f80…) while pinned_image points to @sha256:41c20…. This can cause lock-file validation or image prefetching to use the wrong artifact. Update the manifest digest to match the pinned image (or re-run the workflow lockfile generation step, e.g. gh aw compile, so all pinned digests stay consistent).

Suggested change

# gh-aw-manifest: {"version":1,"secrets":["CODEX_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN","OPENAI_API_KEY","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"53b83947a5a98c8d113130e565377fae1a50d02f","version":"v6.3.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f52802884d655622f0a2dfd6d6a2250983c95523","version":"v0.68.7"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23","digest":"sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23@sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23","digest":"sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23@sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23","digest":"sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23@sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23","digest":"sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23@sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.26","digest":"sha256:5345f80d8bae180f8ec836719ca8d8ae1de60aef1bede758a4731af0af979b2f","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.2.26@sha256:41c20d3a366498e883648bbf0c5a23d5c0102ae931e0eaa7b79bbf8e1afab29c"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0","digest":"sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28","pinned_image":"ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"},{"image":"mcr.microsoft.com/playwright/mcp","digest":"sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2","pinned_image":"mcr.microsoft.com/playwright/mcp@sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}

# gh-aw-manifest: {"version":1,"secrets":["CODEX_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN","OPENAI_API_KEY","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"53b83947a5a98c8d113130e565377fae1a50d02f","version":"v6.3.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f52802884d655622f0a2dfd6d6a2250983c95523","version":"v0.68.7"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23","digest":"sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.23@sha256:d91d8c6263597d38da4c9fb3599ea7fed26fc6fcfebe5e92beb9711980bb25ea"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23","digest":"sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.23@sha256:6d8d7841a56bcb2a53fae629f9a6b9c77e80fe04af44cf753d13a6003d812120"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23","digest":"sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.23@sha256:113837034dd2cd4c96d8f00f27c910eef3e44384c13bcca2f282b6ca8b457a03"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23","digest":"sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.23@sha256:989d478749707bd1e81a78bb995f0bc9b96421b1c8c087b6999a860cf05f2845"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.26","digest":"sha256:41c20d3a366498e883648bbf0c5a23d5c0102ae931e0eaa7b79bbf8e1afab29c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.2.26@sha256:41c20d3a366498e883648bbf0c5a23d5c0102ae931e0eaa7b79bbf8e1afab29c"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0","digest":"sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28","pinned_image":"ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"},{"image":"mcr.microsoft.com/playwright/mcp","digest":"sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2","pinned_image":"mcr.microsoft.com/playwright/mcp@sha256:7b82f29c6ef83480a97f612d53ac3fd5f30a32df3fea1e06923d4204d3532bb2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}

The compiled config.toml had backend MCP server definitions (container=, guard-policies, entrypointArgs) in mcpg gateway format that Codex doesn't understand. Codex expects 'command'+'args' (stdio) or 'url' (HTTP/SSE) fields. This caused dynamic_tool_count=0 at startup — Codex had zero MCP tools available. Fix: Before running Codex, rewrite config.toml to replace the backend server definitions with a single gateway SSE entry pointing to the already-running MCP gateway at host.docker.internal:$MCP_GATEWAY_PORT. This gives Codex access to all 31 aggregated tools (playwright, safeoutputs, etc.) through the gateway. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Adds diagnostic step to verify: - OpenAI API key validity (curl /v1/models) - AWF_GATEWAY_TOKEN matches MCP_GATEWAY_API_KEY - Gateway auth works from host (127.0.0.1) - Gateway auth works via host.docker.internal Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

OpenCode was not connecting to the MCP gateway for safe-output tools. The agent ran successfully (LLM calls worked) but never called add_comment because it had no MCP server configured. Add 'mcp.safeoutputs' config to opencode.jsonc pointing to the MCP gateway at host.docker.internal:<port> with proper auth header. This matches how Codex connects to the gateway via HTTP MCP. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

The MCP gateway runs in routed mode with paths like /mcp/<server>. OpenCode was connecting to the root URL (port 80) which returned 404. Fix the URL to include the server-specific route path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…Code Three fixes: 1. Add 'external_directory: allow' - prevents auto-reject of file creation in /tmp when running in non-interactive 'run' mode 2. Add 'mcp: allow' - explicitly allow MCP tool calls 3. Add 'instructions' with explicit guidance to use safeoutputs MCP tools (add_comment) instead of gh CLI for GitHub writes The model was completing after one turn of bash calls without ever calling the MCP safe-output tools (add_comment). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

The OpenCode agent config field is 'permission' (singular) not 'permissions' (plural). The wrong key was silently moved to 'options' by the normalize() function, so external_directory permission was never applied. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

github-actions · 2026-04-20T22:39:43Z

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP (`list_pull_requests`)	❌ gh CLI returned 404 (proxy unavailable)
GitHub.com connectivity (HTTP 200/301)	✅ HTTP 200
File write/read	❌ Template vars unresolved (`${{ steps.smoke-data.outputs.* }}`)
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅ Responding in BYOK offline mode (`COPILOT_OFFLINE=true`)

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.

Overall: FAIL — MCP and file tests could not be verified due to infrastructure issues (gh CLI 404, unresolved template variables).

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-04-20T22:40:02Z

🔬 Smoke Test Results

Test	Status
GitHub MCP connectivity	❌ (gh CLI returned 404)
GitHub.com HTTP	⚠️ (pre-step output not captured)
File write/read	✅ (`smoke-test-copilot-24693917070.txt` verified)

Overall: FAIL — MCP and HTTP checks could not be verified.

CC: @lpcox

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-04-20T22:40:05Z

OpenCode Smoke Test Results

Last 2 Merged PRs: Unable to fetch due to API error ❌
File Write: ✅
Bash Commands: ✅
Build (npm ci & build): ✅

Overall Status: FAIL

Some tests passed but PR listing failed due to API error (404).

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

models.dev

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "models.dev"

See Network Configuration for more information.

🌐 Transmitted by Smoke OpenCode

github-actions · 2026-04-20T22:40:27Z

Smoke Test Results

❌ GitHub MCP (gh CLI): HTTP 404 on graphql API
✅ Playwright: Page title verified
✅ File Writing: Test file created
✅ Bash Tool: File verification passed

Overall: FAIL (1/4 tests failed)

💥 [THE END] — Illustrated by Smoke Claude

github-actions · 2026-04-20T22:40:52Z

Smoke Test (run 24693917130)
PR titles:

chore: recompile all workflows with gh-aw upgrade
Handle permission-blocked safe-output writes in Smoke Codex workflow

GitHub MCP merged PR review: ✅
safeinputs-gh PR query: ❌
Playwright github.com title check: ✅
Tavily MCP search: ❌
File write /tmp/gh-aw/agent/...txt: ✅
Bash cat readback: ✅
Discussion query + mystical comment: ❌
npm ci && npm run build: ✅
Overall: FAIL

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-04-20T22:40:57Z

Smoke Test Results: GitHub Actions Services Connectivity ✅

Service	Check	Result
Redis `host.docker.internal:6379`	PING	✅ `PONG`
PostgreSQL `host.docker.internal:5432`	`pg_isready`	✅ accepting connections
PostgreSQL `smoketest` db	`SELECT 1` as `postgres`	✅ returned `1`

All checks passed. (redis-cli was unavailable; Redis was verified via raw socket RESP protocol.)

🔌 Service connectivity validated by Smoke Services

github-actions · 2026-04-20T22:42:35Z

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2123 · ● 766.2K · ◷

chore: bump smoke-codex mcpg to v0.2.26

6afe537

Update ghcr.io/github/gh-aw-mcpg from v0.2.22 to v0.2.26 in the smoke-codex lock file to debug Codex MCP tool discovery issues. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Copilot AI review requested due to automatic review settings April 20, 2026 17:25

lpcox requested a review from Mossaka as a code owner April 20, 2026 17:25

Copilot started reviewing on behalf of lpcox April 20, 2026 17:26 View session

Copilot AI reviewed Apr 20, 2026

View reviewed changes

github-actions bot added the smoke-copilot label Apr 20, 2026