Fix MCP gateway config validation failure caused by undeclared payloadSizeThreshold field

[Copilot]

The Safe Output Health Monitor workflow was consistently failing at "Start MCP Gateway" because the gateway container (v0.1.6) validates its JSON config against the schema at tag v0.41.1, which has additionalProperties: false on gatewayConfig — but the compiled config was emitting payloadSizeThreshold (and conditionally payloadPathPrefix), neither of which existed in that schema.

Changes

• pkg/workflow/mcp_renderer.go: Remove emission of payloadSizeThreshold and payloadPathPrefix from the gateway JSON config block. Both values are already forwarded to the container via env vars (MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD, MCP_GATEWAY_PAYLOAD_PATH_PREFIX), so gateway behavior is unchanged.

  // Before — caused schema validation failure:
  "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}",
  "payloadSizeThreshold": 524288
  
  // After — schema-compliant:
  "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"

• Both schema files (docs/public/schemas/ and pkg/workflow/schemas/): Add payloadSizeThreshold and payloadPathPrefix to gatewayConfig so the schema reflects intent and future gateway versions can validate these fields from config rather than only env vars.

• pkg/workflow/codex_engine_test.go: Update expected rendered output to match.

• All 162 .lock.yml files recompiled to remove the offending field.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ota=5% yHigh=170M x_amd64/vet mcp-�� js/**/*.json' --ignore-path ../../../.prettierignore --local 64/pkg/tool/linux_amd64/vet user.email (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ota=5% yHigh=170M x_amd64/vet conf�� js/**/*.json' --ignore-path ../../../.prettierignore --local 64/pkg/tool/linux_amd64/vet user.email (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha ath ../../../.pr--log-target (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[aw] Safe Output Health Monitor failed</issue_title>
<issue_description>### Workflow Failure

Workflow: Safe Output Health Monitor
Branch: main
Run: https://github.com/github/gh-aw/actions/runs/22513007907

Action Required

Option 1: Assign this issue to Copilot

Assign this issue to Copilot using the agentic-workflows sub-agent to automatically debug and fix the workflow failure.

Option 2: Manually invoke the agent

Debug this workflow failure using your favorite Agent CLI and the agentic-workflows prompt.

• Start your agent
• Load the agentic-workflows prompt from .github/agents/agentic-workflows.agent.md or https://github.com/github/gh-aw/blob/main/.github/agents/agentic-workflows.agent.md
• Type debug the agentic workflow safe-output-health failure in https://github.com/github/gh-aw/actions/runs/22513007907

Generated from Safe Output Health Monitor

• expires on Mar 7, 2026, 4:09 AM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [aw] Safe Output Health Monitor failed #18790

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

---

✨ PR Review Safe Output Test - Run 22521531658

💥 [THE END] — Illustrated by Smoke Claude

---

Changeset

• Type: patch
• Description: Aligns the MCP gateway schema with the rendered config so the gateway no longer emits schema-undeclared payload fields and validation passes.

Generated by Changeset Generator for issue #18791

Warning

⚠️ Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• codeload.github.com
• github.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "codeload.github.com"
    - "github.com"

See Network Configuration for more information.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	20.20.0
python3	✅	3.12.3
go	✅	1.24.13
java	✅	21.0.10 (Temurin)
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test

[github-actions]

Smoke Test Results — §22521531657

Test	Result
GitHub MCP	✅
Safe Inputs GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Haiku Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (11/12 — Serena MCP unavailable in this env)

CC @pelikhan @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

This PR cleanly fixes the MCP gateway config validation failure. The root cause (emitting undeclared fields payloadSizeThreshold/payloadPathPrefix against a schema with additionalProperties: false) is correctly addressed by removing them from the rendered JSON. The forward-looking schema update in both schema files documents intent for future gateway versions. All 162 lock files recompiled correctly.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Good fix — removing payloadSizeThreshold and payloadPathPrefix from the inline JSON config avoids schema validation failures with gateway container v0.1.6. These values are still passed via env vars so gateway behavior is preserved. Clean approach!

[github-actions]

Adding payloadSizeThreshold and payloadPathPrefix to the schema is a great forward-looking change — it documents intent and will allow future gateway versions to accept these fields from JSON config rather than only env vars. 👍

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[Copilot]

Pull request overview

Fixes MCP gateway startup failures by ensuring the rendered gateway JSON config does not include fields rejected by the gateway container’s strict schema validation.

Changes:

• Stop emitting payloadSizeThreshold / payloadPathPrefix in the rendered gateway JSON config (they remain passed via env vars).
• Extend the MCP gateway JSON schema (both docs/public and pkg/workflow) to include payloadSizeThreshold and payloadPathPrefix.
• Update rendered-output expectations and recompile workflow lockfiles to match the schema-compliant gateway JSON block.

Reviewed changes

Copilot reviewed 166 out of 166 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/workflow/mcp_renderer.go	Removes payloadPathPrefix / payloadSizeThreshold from the emitted gateway JSON block to avoid schema validation failures.
pkg/workflow/codex_engine_test.go	Updates expected rendered output to match the new gateway JSON rendering (no trailing comma / no removed fields).
pkg/workflow/schemas/mcp-gateway-config.schema.json	Adds payloadSizeThreshold / payloadPathPrefix to gatewayConfig so schema reflects intended/possible config fields.
docs/public/schemas/mcp-gateway-config.schema.json	Mirrors the schema additions for published documentation consumers.
.github/workflows/*.lock.yml	Regenerated lockfiles to remove the offending gateway JSON fields and keep compiled workflows consistent.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude