fix: update test expectations for handler manager and context parameters

pkg/cli/mcp_server_error_codes_test.go

@@ -194,7 +194,7 @@ func TestMCPServer_ErrorCodes_InternalError(t *testing.T) {
 		params := &mcp.CallToolParams{
 			Name: "audit",
 			Arguments: map[string]any{
-				"run_id": int64(1), // Invalid run ID
+				"run_id_or_url": "1", // Invalid run ID (as string)
 			},
 		}
 

pkg/cli/mcp_server_json_integration_test.go

@@ -453,7 +453,7 @@ func TestMCPServer_AllToolsReturnContent(t *testing.T) {
 			name:     "audit",
 			toolName: "audit",
 			args: map[string]any{
-				"run_id": int64(1),
+				"run_id_or_url": "1",
 			},
 			expectJSON:    false, // May return error message
 			mayFailInTest: true,  // Expected to fail with invalid run ID

pkg/cli/run_command_test.go

@@ -3,6 +3,7 @@
 package cli
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"testing"
@@ -135,10 +136,10 @@ func TestProgressFlagSignature(t *testing.T) {
 	// This is a compile-time check more than a runtime check
 
 	// RunWorkflowOnGitHub should NOT accept progress parameter anymore
-	_ = RunWorkflowOnGitHub("test", false, "", "", "", false, false, false, []string{}, false)
+	_ = RunWorkflowOnGitHub(context.Background(), "test", false, "", "", "", false, false, false, []string{}, false)
 
 	// RunWorkflowsOnGitHub should NOT accept progress parameter anymore
-	_ = RunWorkflowsOnGitHub([]string{"test"}, 0, false, "", "", "", false, false, []string{}, false)
+	_ = RunWorkflowsOnGitHub(context.Background(), []string{"test"}, 0, false, "", "", "", false, false, []string{}, false)
 
 	// getLatestWorkflowRunWithRetry should NOT accept progress parameter anymore
 	_, _ = getLatestWorkflowRunWithRetry("test.lock.yml", "", false)
@@ -148,22 +149,22 @@ func TestProgressFlagSignature(t *testing.T) {
 func TestRefFlagSignature(t *testing.T) {
 	// Test that RunWorkflowOnGitHub accepts refOverride parameter
 	// This is a compile-time check that ensures the refOverride parameter exists
-	_ = RunWorkflowOnGitHub("test", false, "", "", "main", false, false, false, []string{}, false)
+	_ = RunWorkflowOnGitHub(context.Background(), "test", false, "", "", "main", false, false, false, []string{}, false)
 
 	// Test that RunWorkflowsOnGitHub accepts refOverride parameter
-	_ = RunWorkflowsOnGitHub([]string{"test"}, 0, false, "", "", "main", false, false, []string{}, false)
+	_ = RunWorkflowsOnGitHub(context.Background(), []string{"test"}, 0, false, "", "", "main", false, false, []string{}, false)
 }
 
 // TestRunWorkflowOnGitHubWithRef tests that the ref parameter is handled correctly
 func TestRunWorkflowOnGitHubWithRef(t *testing.T) {
 	// Test with explicit ref override (should still fail for non-existent workflow, but syntax is valid)
-	err := RunWorkflowOnGitHub("nonexistent-workflow", false, "", "", "main", false, false, false, []string{}, false)
+	err := RunWorkflowOnGitHub(context.Background(), "nonexistent-workflow", false, "", "", "main", false, false, false, []string{}, false)
 	if err == nil {
 		t.Error("RunWorkflowOnGitHub should return error for non-existent workflow even with ref flag")
 	}
 
 	// Test with ref override and repo override
-	err = RunWorkflowOnGitHub("nonexistent-workflow", false, "", "owner/repo", "feature-branch", false, false, false, []string{}, false)
+	err = RunWorkflowOnGitHub(context.Background(), "nonexistent-workflow", false, "", "owner/repo", "feature-branch", false, false, false, []string{}, false)
 	if err == nil {
 		t.Error("RunWorkflowOnGitHub should return error for non-existent workflow with both ref and repo")
 	}
@@ -173,10 +174,10 @@ func TestRunWorkflowOnGitHubWithRef(t *testing.T) {
 func TestInputFlagSignature(t *testing.T) {
 	// Test that RunWorkflowOnGitHub accepts inputs parameter
 	// This is a compile-time check that ensures the inputs parameter exists
-	_ = RunWorkflowOnGitHub("test", false, "", "", "", false, false, false, []string{"key=value"}, false)
+	_ = RunWorkflowOnGitHub(context.Background(), "test", false, "", "", "", false, false, false, []string{"key=value"}, false)
 
 	// Test that RunWorkflowsOnGitHub accepts inputs parameter
-	_ = RunWorkflowsOnGitHub([]string{"test"}, 0, false, "", "", "", false, false, []string{"key=value"}, false)
+	_ = RunWorkflowsOnGitHub(context.Background(), []string{"test"}, 0, false, "", "", "", false, false, []string{"key=value"}, false)
 }
 
 // TestInputValidation tests that input validation works correctly
@@ -231,7 +232,7 @@ func TestInputValidation(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			// Since we can't actually run workflows in tests, we'll just test the validation
 			// by checking if the function would error before attempting to run
-			err := RunWorkflowOnGitHub("nonexistent-workflow", false, "", "owner/repo", "", false, false, false, tt.inputs, false)
+			err := RunWorkflowOnGitHub(context.Background(), "nonexistent-workflow", false, "", "owner/repo", "", false, false, false, tt.inputs, false)
 
 			if tt.shouldError {
 				if err == nil {

pkg/cli/templates/github-agentic-workflows.md

@@ -115,6 +115,9 @@ The YAML frontmatter supports these fields:
 - **`roles:`** - Repository access roles that can trigger workflow (array or "all")
   - Default: `[admin, maintainer, write]`
   - Available roles: `admin`, `maintainer`, `write`, `read`, `all`
+- **`bots:`** - Bot identifiers allowed to trigger workflow regardless of role permissions (array)
+  - Example: `bots: [dependabot[bot], renovate[bot], github-actions[bot]]`
+  - Bot must be active (installed) on repository to trigger workflow
 - **`strict:`** - Enable enhanced validation for production workflows (boolean, defaults to `true`)
   - When omitted, workflows enforce strict mode security constraints
   - Set to `false` to explicitly disable strict mode for development/testing
@@ -251,6 +254,43 @@ The YAML frontmatter supports these fields:
         args: ["--custom-arg", "value"]   # Optional: additional AWF arguments
     ```
 
+- **`sandbox:`** - Sandbox configuration for AI engines (string or object)
+  - String format: `"default"` (no sandbox), `"awf"` (Agent Workflow Firewall), `"srt"` or `"sandbox-runtime"` (Anthropic Sandbox Runtime)
+  - Object format for full configuration:
+    ```yaml
+    sandbox:
+      agent: awf                      # or "srt", or false to disable
+      mcp:                            # MCP Gateway configuration (requires mcp-gateway feature flag)
+        container: ghcr.io/githubnext/mcp-gateway
+        port: 8080
+        api-key: ${{ secrets.MCP_GATEWAY_API_KEY }}
+    ```
+  - **Agent sandbox options**:
+    - `awf`: Agent Workflow Firewall for domain-based access control
+    - `srt`: Anthropic Sandbox Runtime for filesystem and command sandboxing
+    - `false`: Disable agent firewall
+  - **AWF configuration**:
+    ```yaml
+    sandbox:
+      agent:
+        id: awf
+        mounts:
+          - "/host/data:/data:ro"
+          - "/host/bin/tool:/usr/local/bin/tool:ro"
+    ```
+  - **SRT configuration**:
+    ```yaml
+    sandbox:
+      agent:
+        id: srt
+        config:
+          filesystem:
+            allowWrite: [".", "/tmp"]
+            denyRead: ["/etc/secrets"]
+          enableWeakerNestedSandbox: true
+    ```
+  - **MCP Gateway**: Routes MCP server calls through unified HTTP gateway (experimental)
+
 - **`tools:`** - Tool configuration for coding agent
   - `github:` - GitHub API tools
     - `allowed:` - Array of allowed GitHub API functions
@@ -578,6 +618,43 @@ The YAML frontmatter supports these fields:
     ```
     Useful when you need additional permissions or want to perform actions across repositories.
 
+- **`safe-inputs:`** - Define custom lightweight MCP tools as JavaScript, shell, or Python scripts (object)
+  - Tools mounted in MCP server with access to specified secrets
+  - Each tool requires `description` and one of: `script` (JavaScript), `run` (shell), or `py` (Python)
+  - Tool configuration properties:
+    - `description:` - Tool description (required)
+    - `inputs:` - Input parameters with type and description (object)
+    - `script:` - JavaScript implementation (CommonJS format)
+    - `run:` - Shell script implementation
+    - `py:` - Python script implementation
+    - `env:` - Environment variables for secrets (supports `${{ secrets.* }}`)
+    - `timeout:` - Execution timeout in seconds (default: 60)
+  - Example:
+    ```yaml
+    safe-inputs:
+      search-issues:
+        description: "Search GitHub issues using API"
+        inputs:
+          query:
+            type: string
+            description: "Search query"
+            required: true
+          limit:
+            type: number
+            description: "Max results"
+            default: 10
+        script: |
+          const { Octokit } = require('@octokit/rest');
+          const octokit = new Octokit({ auth: process.env.GH_TOKEN });
+          const result = await octokit.search.issuesAndPullRequests({
+            q: inputs.query,
+            per_page: inputs.limit
+          });
+          return result.data.items;
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    ```
+
 - **`slash_command:`** - Command trigger configuration for /mention workflows (replaces deprecated `command:`)
 - **`cache:`** - Cache configuration for workflow dependencies (object or array)
 - **`cache-memory:`** - Memory MCP server with persistent cache storage (boolean or object)

pkg/workflow/safe_outputs_integration_test.go

@@ -517,9 +517,8 @@ func TestConsolidatedSafeOutputsJobIntegration(t *testing.T) {
 				"SHARED_VAR",
 			},
 			expectedStepNames: []string{
-				"create_issue",
-				"create_pull_request",
-				"add_comment",
+				"process_safe_outputs",  // Handler manager consolidates create_issue and add_comment
+				"create_pull_request",   // Create PR is handled separately
 				// Note: "noop" is not included in consolidated job
 			},
 		},