fix: use mcp-scripts for traffic API auth#30
Conversation
Replace sandbox.agent.env approach with mcp-scripts tool. The fetch-traffic MCP script runs outside the sandbox with GH_AW_GITHUB_TOKEN, bypassing the sandbox's token exclusion. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the Traffic Updater agentic workflow to fetch GitHub Traffic API data via a new mcp-scripts tool (executed outside the AWF sandbox) so the workflow can use the traffic API token without manual lockfile edits or relying on sandboxed env injection.
Changes:
- Add
mcp-scripts.fetch-traffictool that callsgh api repos/$GITHUB_REPOSITORY/traffic/viewswithGH_TOKENsourced fromsecrets.GH_AW_GITHUB_TOKEN. - Remove
ghfrom the agent’s allowed bash tools and update Step 2 instructions to call the MCP tool instead. - Extend the compiled workflow to start an MCP Scripts HTTP server, register it with the MCP gateway, and parse/upload MCP Scripts logs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/traffic-updater.md | Defines the new mcp-scripts.fetch-traffic tool and updates instructions to use it. |
| .github/workflows/traffic-updater.lock.yml | Compiled workflow updates to run the MCP Scripts server, wire it into the MCP gateway, and adjust sandbox/tool allowlists accordingly. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| mkdir -p ${RUNNER_TEMP}/gh-aw/mcp-scripts/logs | ||
| cat > ${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json << 'GH_AW_MCP_SCRIPTS_TOOLS_ea355407aff34b08_EOF' | ||
| { | ||
| "serverName": "mcpscripts", | ||
| "version": "1.0.0", | ||
| "logDir": "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs", |
There was a problem hiding this comment.
The generated mcp-scripts server writes logs under ${RUNNER_TEMP}/gh-aw/mcp-scripts/logs (see tools.json logDir), but the artifact upload later collects /tmp/gh-aw/mcp-scripts/logs/. As-is, the uploaded artifact path will likely be empty/missing. Align the server logDir and created directory with the artifact path (or update the artifact path to upload from ${RUNNER_TEMP}) so MCP scripts logs are actually captured.
| mkdir -p ${RUNNER_TEMP}/gh-aw/mcp-scripts/logs | |
| cat > ${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json << 'GH_AW_MCP_SCRIPTS_TOOLS_ea355407aff34b08_EOF' | |
| { | |
| "serverName": "mcpscripts", | |
| "version": "1.0.0", | |
| "logDir": "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs", | |
| mkdir -p /tmp/gh-aw/mcp-scripts/logs | |
| cat > ${RUNNER_TEMP}/gh-aw/mcp-scripts/tools.json << 'GH_AW_MCP_SCRIPTS_TOOLS_ea355407aff34b08_EOF' | |
| { | |
| "serverName": "mcpscripts", | |
| "version": "1.0.0", | |
| "logDir": "/tmp/gh-aw/mcp-scripts/logs", |
| startHttpServer(configPath, { | ||
| port: port, | ||
| stateless: true, | ||
| logDir: "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs" |
There was a problem hiding this comment.
In the generated mcp-server.cjs, apiKey is read from GH_AW_MCP_SCRIPTS_API_KEY but never used/passed into startHttpServer. If the HTTP server is supposed to enforce the Authorization header configured in the MCP gateway, wire this API key into the server options (or remove the unused key generation/header to avoid a false sense of authentication).
| logDir: "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs" | |
| logDir: "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs", | |
| apiKey: apiKey |
|
|
||
| mkdir -p /home/runner/.copilot | ||
| cat << GH_AW_MCP_CONFIG_fd45b3cda1bf069e_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh | ||
| cat << GH_AW_MCP_CONFIG_e84d94fd3aaff811_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh |
There was a problem hiding this comment.
GH_TOKEN (traffic API token) is being passed into the MCP Gateway container via -e GH_TOKEN. The gateway config shown doesn’t appear to need this secret, and propagating it into an extra container increases exposure surface (and the chance of accidental logging). Prefer not passing GH_TOKEN to the MCP gateway unless it is strictly required.
| cat << GH_AW_MCP_CONFIG_e84d94fd3aaff811_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh | |
| cat << GH_AW_MCP_CONFIG_e84d94fd3aaff811_EOF | env -u GH_TOKEN bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh |
Summary
Replaces the previous approaches (manual lock file edits, sandbox.agent.env) with the proper mcp-scripts mechanism for passing the traffic API token.
What changed
mcp-scripts.fetch-traffic— a shell tool that runsgh api repos/$GITHUB_REPOSITORY/traffic/viewsoutside the sandbox, withGH_TOKENset fromGH_AW_GITHUB_TOKENsandbox.agent.envandstrict: false— no longer neededghfrom bash tools — the agent calls the MCP script instead ofghdirectlyfetch-traffictoolWhy
The AWF sandbox explicitly excludes security-sensitive env vars (
GH_TOKEN,COPILOT_GITHUB_TOKEN, etc.) via--exclude-env. MCP scripts run on the runner host outside the sandbox, so they can safely access secrets.