Large MCP Payload Access Test Results
Run ID: 24428669732
Status: FAIL
Timestamp: 2026-04-14T23:48:00Z
Test Results
- Expected Secret:
test-secret-aca7c646-2ef8-4655-99e3-6bcd8de02bb2 (from secret.txt)
- Found Secret: NOT FOUND
- Secret Match: NO
- Payload Path:
/tmp/gh-aw/mcp-payloads/srl1CpyCCE0K5pEArQC8S1IH1Iqx7V41uIvBA4zx4W0UkCJoB3g9auEql5/45105d1b4ed5f71c387117579243e4e2/payload.json
- Payload Size: 820,667 bytes (originalSize from MCP metadata)
Failure Details
Two access methods were attempted and both failed:
- Bash/direct file access:
payload.json is owned by root with mode 600 (-rw------- root root). The agent runs as runner (uid=1001) and is denied read access.
- Filesystem MCP server: The MCP server only permits access under
/workspace. Reading the payload path returned: Access denied - path outside allowed directories.
Step-by-Step Trace
| Step |
Result |
Read secret.txt via filesystem MCP |
✅ Success — secret: test-secret-aca7c646-2ef8-4655-99e3-6bcd8de02bb2 |
Read large-test-file.json via filesystem MCP |
✅ MCP returned large-payload response with payloadPath |
Read payload.json via bash (cat) |
❌ Permission denied — file owned by root, mode 600 |
Read payload.json via filesystem MCP tool |
❌ Access denied — path outside allowed directories |
Extract secret_reference from payload |
❌ Not possible — payload unreadable |
| Compare secrets |
❌ Not possible |
Conclusion
The MCP gateway correctly detected the oversized payload (820 KB > 524 KB threshold) and stored it at the expected path under /tmp/gh-aw/mcp-payloads/. However, the payload file was created by the root-owned gateway process with permissions 600, making it unreadable by the runner agent user. Additionally, the filesystem MCP server's allowed-directory restriction to /workspace prevents MCP-mediated access to the payload path. To fix this test, the payload file should be written with world-readable permissions (e.g., 644) or the payload directory should be mounted/accessible to the agent.
Run URL: https://github.com/github/gh-aw-mcpg/actions/runs/24428669732
Generated by Large Payload Tester · ● 462.8K · ◷
Large MCP Payload Access Test Results
Run ID: 24428669732
Status: FAIL
Timestamp: 2026-04-14T23:48:00Z
Test Results
test-secret-aca7c646-2ef8-4655-99e3-6bcd8de02bb2(fromsecret.txt)/tmp/gh-aw/mcp-payloads/srl1CpyCCE0K5pEArQC8S1IH1Iqx7V41uIvBA4zx4W0UkCJoB3g9auEql5/45105d1b4ed5f71c387117579243e4e2/payload.jsonFailure Details
Two access methods were attempted and both failed:
payload.jsonis owned byrootwith mode600(-rw------- root root). The agent runs asrunner(uid=1001) and is denied read access./workspace. Reading the payload path returned:Access denied - path outside allowed directories.Step-by-Step Trace
secret.txtvia filesystem MCPtest-secret-aca7c646-2ef8-4655-99e3-6bcd8de02bb2large-test-file.jsonvia filesystem MCPpayloadPathpayload.jsonvia bash (cat)Permission denied— file owned by root, mode 600payload.jsonvia filesystem MCP toolAccess denied — path outside allowed directoriessecret_referencefrom payloadConclusion
The MCP gateway correctly detected the oversized payload (820 KB > 524 KB threshold) and stored it at the expected path under
/tmp/gh-aw/mcp-payloads/. However, the payload file was created by theroot-owned gateway process with permissions600, making it unreadable by therunneragent user. Additionally, the filesystem MCP server's allowed-directory restriction to/workspaceprevents MCP-mediated access to the payload path. To fix this test, the payload file should be written with world-readable permissions (e.g.,644) or the payload directory should be mounted/accessible to the agent.Run URL: https://github.com/github/gh-aw-mcpg/actions/runs/24428669732