Add required "type": "http" field to safe-inputs MCP configuration

[Copilot]

Claude agent fails to start with "Invalid MCP configuration:" error due to missing "type": "http" field in safe-inputs MCP server configuration.

Changes

• pkg/workflow/safe_inputs.go: Remove conditional that only added "type": "http" for Copilot. MCP spec requires this field for HTTP transport regardless of engine.

• pkg/workflow/safe_inputs_http_integration_test.go: Update health check assertions to reflect that /health endpoint doesn't require authentication.

Example

Before (Claude config missing type field):

{
  "safeinputs": {
    "url": "http://localhost:$PORT",
    "headers": { "Authorization": "Bearer $KEY" }
  }
}

After (type field present for all engines):

{
  "safeinputs": {
    "type": "http",
    "url": "http://localhost:$PORT",
    "headers": { "Authorization": "Bearer $KEY" }
  }
}

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/githubnext/gh-aw/actions/artifacts/4789178584/zip
  • Triggering command: /usr/bin/curl curl -L -o safeinputs.zip REDACTED -H Authorization: Bearer -H Accept: application/vnd.github+json (http block)
• https://api.github.com/repos/githubnext/gh-aw/actions/artifacts/4789178626/zip
  • Triggering command: /usr/bin/curl curl -L REDACTED -H Authorization: Bearer -H Accept: application/vnd.github+json -o agent-stdio.zip (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Investigate issue with safeinputs server. See https://github.com/githubnext/gh-aw/actions/runs/20001701919/job/57357936705#step:27:1

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

Smoke Test Summary

• Timestamp: 2025-12-07T12:54:46Z
• Status: PASS
• All tests validated: GitHub MCP, file operations, bash tools, and Playwright browser automation

AI generated by Smoke Copilot No Firewall

---

Changeset

• Type: patch
• Description: Auto-generated changeset for pull request Add required "type": "http" field to safe-inputs MCP configuration #5729 — no PR description provided.

AI generated by Changeset Generator

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Dev Hawk Report - Success

Workflow Run: #3053

• Status: ✅ completed
• Conclusion: ✅ success
• Duration: ~1.5 minutes (95 seconds)
• Commit: 1e62ee4
• Branch: copilot/investigate-safeinputs-server-issue

The Dev workflow completed successfully! 🎉

All checks passed for the changes to safe-inputs MCP configuration and HTTP test updates.

🦅 Observed from above by Dev Hawk

[github-actions]

Smoke Test Results

GitHub MCP: ✅ (#5737: Close entity refactoring, #5727: Add health GET endpoint)
File Writing: ✅ Created test file successfully
Bash Tool: ✅ Verified file contents
Playwright MCP: ✅ GitHub page title verified

Overall Status: PASS

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5729 🗺️

[github-actions]

Smoke Test Results

PR #5726: Store safeinputs MCP server logs in artifact and add health endpoint
PR #5737: Close entity refactoring already complete - validation only

✅ GitHub MCP: Last 2 PRs retrieved
✅ File Writing: Test file created successfully
✅ Bash Tool: File verified with cat
❌ Default Toolset: get_me correctly NOT available (tool not found error expected)

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #5729 🗺️

[github-actions]

Smoke Test Results - Claude Engine (20004506330)

Last 2 Merged PRs:

• Close entity refactoring already complete - validation only #5737: Close entity refactoring already complete - validation only
• Store safeinputs MCP server logs in artifact and add health endpoint #5726: Store safeinputs MCP server logs in artifact and add health endpoint

Test Results:
✅ GitHub MCP - Retrieved recent PRs
✅ File Writing - Created test file successfully
✅ Bash Tool - Verified file contents
✅ Playwright MCP - Navigated to GitHub, title contains "GitHub"

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5729 🗺️

[github-actions]

Smoke Test Results

✅ Playwright MCP: Navigated to https://github.com and verified page title contains "GitHub"

Overall Status: PASS

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5729 🗺️

[github-actions]

Merged PRs: Store safeinputs MCP server logs in artifact and add health endpoint; Add GET health endpoint to MCP HTTP server
GitHub MCP ✅
File write ✅
File verify ✅
Playwright title ✅
Overall: PASS

🔮 The oracle has spoken through Smoke Codex fer issue #5729 🗺️