Configure Gemini to allow reading /tmp/gh-aw/ outside workspace

[Copilot]

Gemini CLI's read_file tool restricts paths to the workspace and a project temp dir by default. When an MCP tool response is too large, the gateway saves the payload to /tmp/gh-aw/mcp-payloads/ and instructs the agent to read it — but Gemini blocks this with "Path not in workspace".

Changes

• actions/setup/sh/convert_gateway_config_gemini.sh: Adds includeDirectories to the generated .gemini/settings.json, allowing Gemini CLI to read files under /tmp/gh-aw/

{
  "mcpServers": { ... },
  "includeDirectories": ["/tmp/gh-aw/"]
}

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -nolocalimports -importcfg node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript1753493720/001/test-simple-frontmatter.md /home/REDACTED/work/gh-aw/gh-aw/pkg/repoutil/repoutil_test.go 594743/b430/workflow.test w/js/**/*.json' git pull.rebase x_amd64/vet 594743/b430/workflow.test (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha runs/20260221-231503-12440/test-2258653419/.github/workflows -tests /home/REDACTED/work/gh-aw/gh-aw/node_modules/.bin/node (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha 048/001/stability-test.md (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha brave.md -buildtags /home/REDACTED/.dotnet/tools/sh ./../.prettieriggit -ifaceassert -nilfunc sh -c runs/20260221-231503-12440/test-2905638421/.github/workflows -tests 594743/b291/vet.cfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha vaScript1753493720/001/test-frontmatter-with-arrays.md -buildtags 0/x64/bin/node ./../.prettieriggit -ifaceassert -nilfunc node t-ha�� ring732843796/001/test2.md --write 594743/b353/vet.cfg l **/*.json --ignore-path sh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha user.email resolved$ /usr/bin/git iSettings\|gemingit om/goccy/go-yamlrev-parse om/goccy/go-yaml--show-toplevel git rev-�� --show-toplevel om/goccy/go-yamlconfig /usr/bin/git om/goccy/go-yamlgit om/goccy/go-yamlrev-parse 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha '**/*.ts' '**/*.json' --ignore-p-c=4 459260/b024/vet.cfg tions/setup/node_modules/.bin/sh-importcfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ithub/workflows/brave.md -trimpath /usr/bin/git -p github.com/githu-c -lang=go1.25 git rev-�� runs/20260221-231503-12440/test-3545224317 -goversion ache/node/24.13.0/x64/bin/node -c=4 -nolocalimports -importcfg git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git --noprofile (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 5ad3262231945c25e8478fd5baf05154b1d79f/__tests__/data/package-lock.json 5ad3262231945c25e8478fd5baf05154b1d79f/__tests__/data/package-volta.json modules/@npmcli/run-script/lib/node-gyp-bin/sh http.https://gitsh (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build164594743/b394/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil_test.go conf�� re test.go x_amd64/vet om/goccy/go-yamlgit om/goccy/go-yamlrev-parse om/goccy/go-yaml--show-toplevel x_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha 69 -buildtags /usr/bin/sh ./../.prettieriggit -ifaceassert -nilfunc sh -c 1503-12440/test-3545224317 -tests 594743/b348/vet.cfg (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -bool -buildtags Name,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle ./../.prettieriggit -ifaceassert -nilfunc sh -c runs/20260221-231503-12440/test-2905638421/.github/workflows -tests 594743/b296/vet.cfg (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 cfg x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 cfg x_amd64/link as f: contegit (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 cfg x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 k/_actions/actions/setup-node/39-test.run=^Test x_amd64/vet k/_actions/actiogit k/_actions/actiorev-parse k/_actions/actio--show-toplevel x_amd64/vet k/_a�� k/_actions/actions/setup-node/395ad3262231945c25e8478fd5baf05154-errorsas k/_actions/actions/setup-node/395ad3262231945c25e8478fd5baf05154-ifaceassert 0/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha 7605 (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha 7605 (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /sh (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build164594743/b380/cli.test /tmp/go-build164594743/b380/cli.test -test.testlogfile=/tmp/go-build164594743/b380/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true @v1.19.2/testdatprettier @v1.19.2/testdat--write @v1.19.2/testdat**/*.cjs @v1.19.2/testdat**/*.ts @v1.�� @v1.19.2/testdat--ignore-path @v1.19.2/testdat../../../.prettierignore x_amd64/vet http.https://gitsh (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Updates the generated Gemini CLI settings so the agent can read MCP payload files written by the gateway under /tmp/gh-aw/, avoiding “Path not in workspace” errors.

Changes:

• Extend .gemini/settings.json generation to set includeDirectories to ["/tmp/gh-aw/"].

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Granting read access to all of /tmp/gh-aw/ is broader than necessary; it increases the blast radius if any sensitive files end up in that directory. Consider narrowing this to the specific payload directory (e.g. /tmp/gh-aw/mcp-payloads/) and/or gating it behind an explicit env/config toggle so it’s only enabled in environments that need it.

Suggested change

	# Allow Gemini CLI to read files from /tmp/gh-aw/ (e.g. MCP payload files)
	.includeDirectories = ["/tmp/gh-aw/"]
	# Allow Gemini CLI to read MCP payload files from a specific subdirectory
	.includeDirectories = ["/tmp/gh-aw/mcp-payloads/"]

[Copilot]

This overwrites any existing includeDirectories that may already be present in the incoming config. To avoid clobbering user/configured values, merge with the existing array (defaulting to []) and de-duplicate instead of assigning a new array.

Suggested change

	# Allow Gemini CLI to read files from /tmp/gh-aw/ (e.g. MCP payload files)
	.includeDirectories = ["/tmp/gh-aw/"]
	# Allow Gemini CLI to read files from /tmp/gh-aw/ (e.g. MCP payload files),
	# preserving any existing includeDirectories and avoiding duplicates
	.includeDirectories = ((.includeDirectories // []) + ["/tmp/gh-aw/"] | unique)