Add host.docker.internal to Codex default domains for MCP gateway access

[Copilot]

• Understand the issue: Codex agent cannot resolve host.docker.internal to connect to MCP Gateway
• Identify root cause: CodexDefaultDomains missing host.docker.internal (unlike Copilot/Claude defaults)
• Add host.docker.internal to CodexDefaultDomains in pkg/workflow/domains.go
• Update TestCodexDefaultDomains test to expect the new domain
• Update TestGetCodexAllowedDomains test to include host.docker.internal in expected output
• Fix GitHub MCP remote mode domain extraction:
  • Add GitHubCopilotMCPDomain constant in pkg/constants/constants.go
  • Detect mode: remote in extractHTTPMCPDomains and add api.githubcopilot.com
  • Add tests for remote/local mode domain extraction
• Disable Codex CLI internal sandbox:
  • Add --sandbox danger-full-access flag to Codex CLI invocation
  • This allows file writes and shell commands when running inside AWF
• Fix noop.test.cjs: update test to expect core.info instead of core.error
• Run unit tests to verify changes - PASSED
• Build and recompile workflows
• Run code review - No issues
• Run security scan (CodeQL) - No vulnerabilities found

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Codex agent unable to use MCP tools due to host.docker.internal DNS resolution failure</issue_title>
<issue_description>## Summary

Workflow runs with the Codex engine are showing as successful (green checkmark) but the agent cannot actually use any MCP tools due to DNS resolution failures when connecting to host.docker.internal.

Evidence

Workflow Run: https://github.com/githubnext/gh-aw/actions/runs/21005890162

Discovery Process

Using gh aw audit to investigate the run:

./gh-aw audit https://github.com/githubnext/gh-aw/actions/runs/21005890162 --parse -v

The audit report shows the workflow completed successfully with 0 errors, but examining the agent logs reveals critical MCP server failures.

Root Cause

All 6 MCP servers failed to start from the Codex client with DNS resolution errors:

ERROR rmcp::transport::worker: worker quit with fatal: Transport channel closed, when Client(reqwest::Error { kind: Request, url: "http://host.docker.internal/mcp/<server>", source: hyper_util::client::legacy::Error(Connect, ConnectError("dns error", Custom { kind: Uncategorized, error: "failed to lookup address information: Name does not resolve" })) })

Failed MCP Servers:

• safeinputs
• playwright
• serena
• tavily
• github
• safeoutputs

MCP Gateway Status

The MCP Gateway itself is working correctly:

• Successfully started: Loaded 6 MCP server(s): [safeoutputs serena tavily github playwright safeinputs]
• All servers connected and responded to tools/list requests
• Gateway listening on 0.0.0.0:80

The Problem

The Codex agent running inside the Docker container cannot resolve host.docker.internal to connect to the MCP Gateway. This causes all MCP tool calls to fail silently.

Additional Context

OAuth Warnings:
The logs also show repeated warnings about keyring access failures:

WARN codex_rmcp_client::oauth: failed to read OAuth tokens from keyring: Platform secure storage failure: zbus error: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files

This suggests the system cannot access org.freedesktop.secrets for secure storage.

Impact

• Workflows appear successful but MCP functionality is completely broken
• Silent failure makes debugging difficult without examining detailed logs
• Affects all Codex engine workflows that rely on MCP tools

Reproduction

1. Run any Codex workflow that uses MCP servers
2. Use gh aw audit <run-id> to download logs
3. Search for "mcp:.*failed" in agent-stdio.log:

   grep -E "mcp:.*failed" .github/aw/logs/run-<id>/agent-stdio.log

Suggested Fix

Investigate Docker networking configuration to ensure host.docker.internal DNS resolution works correctly inside the Codex agent container. This may involve:

• Verifying Docker network settings
• Checking if --add-host flags are needed
• Ensuring the container has proper DNS configuration</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Codex agent unable to use MCP tools due to host.docker.internal DNS resolution failure #9998

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Changeset

• Type: patch
• Description: Add host.docker.internal to Codex default domains; fix MCP gateway domain extraction for remote mode; update related tests and add Codex CLI sandbox flag to allow full access when running inside AWF. Fixes Codex agent unable to use MCP tools due to host.docker.internal DNS resolution failure #9998

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• PR Update firewall to v0.9.0 with SSL Bump and URL path filtering support #9985: Update firewall to v0.9.0 with SSL Bump and URL path filtering support
• PR Add Makefile targets for Astro docs build and update technical-doc-writer agent #9984: Add Makefile targets for Astro docs build and update technical-doc-writer agent

Test Results:

• ✅ GitHub MCP: Retrieved PR data
• ❌ Serena Go: Command not found
• ✅ Playwright: Navigated to GitHub (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file content

Status: FAIL (serena-go unavailable)

cc @Mossaka

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results

PRs:

• Add workflow: githubnext/agentics/weekly-research #8: Add workflow: githubnext/agentics/weekly-research
• Remove ai-inference, opencode, genaiscript agentic engines for now #10: Remove ai-inference, opencode, genaiscript agentic engines

Tests:

• ✅ GitHub MCP (list PRs)
• ❌ Serena Go (tool not available)
• ✅ Playwright (navigation)
• ✅ Tavily Search (5 results)
• ✅ File Write
• ✅ Bash

Status: PARTIAL PASS (5/6 tests passed, Serena Go unavailable)

AI generated by Smoke Claude

[Mossaka]

@copilot

The codex test tried to connect to an MCP server and got:

❌ Connection failed: failed to connect to HTTP MCP server: 
   calling "initialize": rejected by transport: 
   sending "initialize": Post "https://api.githubcopilot.com/mcp/": 
   dial tcp: lookup api.githubcopilot.com: no such host

Codex's reqwest library has DNS resolution issues

Can you think of a solution to workaround of it without compromising the security posture of awf and the gateway?

[Copilot]

@copilot

The codex test tried to connect to an MCP server and got:
...

Fixed in 558cd2d. The issue was that when using tools.github.mode: remote, the api.githubcopilot.com domain wasn't being added to the AWF firewall allowlist because:

1. The raw frontmatter only has mode: remote - no explicit URL
2. The URL is set internally during MCP config generation
3. extractHTTPMCPDomains couldn't find the URL to extract the domain

Solution: Enhanced extractHTTPMCPDomains to detect GitHub MCP mode: remote and automatically add api.githubcopilot.com to the allowed domains using a new GitHubCopilotMCPDomain constant.

This maintains the security posture - only the specific remote MCP domain is allowed, not arbitrary domains.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[Mossaka]

@copilot fix this run failure: https://github.com/githubnext/gh-aw/actions/runs/21048249052/job/60528124113?pr=9999

[github-actions]

PRs: Add JSON output and DEBUG logging to OpenCode engine; Remove incorrect PATH setup for OpenCode npm global installation
GitHub MCP ✅
Serena-go ❌
Playwright ✅
Tavily ✅
File write ✅
Bash cat ✅
Overall: FAIL

AI generated by Smoke Codex

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Add JSON output and DEBUG logging to OpenCode engine #10138: Add JSON output and DEBUG logging to OpenCode engine
• Remove incorrect PATH setup for OpenCode npm global installation #10136: Remove incorrect PATH setup for OpenCode npm global installation

Test Results:

• ✅ GitHub MCP: Retrieved merged PRs successfully
• ❌ Serena Go: Command not found
• ✅ Playwright: Navigated to GitHub (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: File read/verified successfully

Overall Status: FAIL (1/5 tests failed)

cc @Mossaka

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results - Claude Engine

Recent PRs:

• Add JSON output and DEBUG logging to OpenCode engine #10138: Add JSON output and DEBUG logging to OpenCode engine
• [CI Failure Doctor] JS validation regression after PR #10125 - 43 tests failing #10137: Bump devalue from 5.5.0 to 5.6.2 in /docs

Test Results:

• ✅ GitHub MCP (list PRs)
• ❌ Serena Go (command not found)
• ✅ Playwright (page loaded, title verified)
• ✅ Tavily Web Search (5 results returned)
• ✅ File Creation & Bash Tools
• ✅ Safe Outputs (this comment)

Status: PARTIAL PASS (5/6)

AI generated by Smoke Claude

[Copilot]

@copilot fix this run failure: https://github.com/githubnext/gh-aw/actions/runs/21048249052/job/60528124113?pr=9999

Fixed in 8665727. The noop.test.cjs test was expecting core.error to be called, but the loadAgentOutput function was changed to use core.info for missing files (per #10128). Updated the test to match the new behavior.

Note: The other test failures (handle_agent_failure.test.cjs, create_pr_review_comment.test.cjs) are pre-existing issues unrelated to this PR's changes.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results (Run #21049334863)

Last 2 Merged PRs:

• Add JSON output and DEBUG logging to OpenCode engine #10138: Add JSON output and DEBUG logging to OpenCode engine
• Remove incorrect PATH setup for OpenCode npm global installation #10136: Remove incorrect PATH setup for OpenCode npm global installation

Test Results:

• ✅ GitHub MCP: Retrieved last 2 merged PRs
• ❌ Serena Go: go command not available
• ✅ Playwright: Navigated to github.com, title verified ("GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-21049334863.txt
• ✅ Bash Tool: File read successful

Overall Status: FAIL (1 test failed)

cc @Mossaka

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• Add JSON output and DEBUG logging to OpenCode engine
• Remove incorrect PATH setup for OpenCode npm global installation

✅ GitHub MCP
✅ Playwright
✅ Tavily Web Search
✅ File Writing
✅ Bash Tool
❌ Serena Go (tool not available)

Status: PASS (5/6 tests passed)

AI generated by Smoke Claude

[github-actions]

Merged PRs:
Add JSON output and DEBUG logging to OpenCode engine
Remove incorrect PATH setup for OpenCode npm global installation
Tests: MCP ✅ | Serena-go ❌ | Playwright ✅ | Tavily ✅ | File ✅
Overall: FAIL

AI generated by Smoke Codex