Summary
After upgrading to gh-aw v0.80.0+ (containerized safeoutputs MCP, PR #39100) and recompiling workflows, the agent job can succeed while safe_outputs fails on create_pull_request with:
No patch file found - cannot create pull request without changes
The safeoutputs MCP reports patch/bundle generation success, but patch and bundle files are never visible on the host runner filesystem, so ingestion and the safe_outputs job have nothing to apply.
This is distinct from the safe.directory / dubious-ownership failure mode fixed in v0.80.3: branch pinning and patch generation can both succeed inside the MCP container while the handoff to host /tmp/gh-aw still fails.
Environment
- gh-aw CLI: v0.80.3 (also reproducible on
main as of 2026-06-18)
- Repo type: consumer repo (no
actions/setup/js/ at workspace root; scripts come from setup action under ${RUNNER_TEMP}/gh-aw/)
- Workflow: any workflow using
create-pull-request safe output with non-trivial spec changes (patch typically >4 KB)
Symptom timeline
- Agent calls
create_pull_request via safeoutputs MCP → MCP returns success with patch and bundle paths under /tmp/gh-aw/aw-*.patch and aw-*.bundle.
- Agent job
Ingest agent output (collect_ndjson_output.cjs) logs:
No patch or bundle files found in: /tmp/gh-aw
agent artifact upload includes aw-*.patch / aw-*.bundle globs with if-no-files-found: ignore → no patch/bundle files uploaded.safe_outputs Process Safe Outputs logs:
Patch file path: (not set)
Apply transport mode: patch (bundle file present: false)
✗ create_pull_request failed: No patch file found - cannot create pull request without changes
Root cause
The safeoutputs MCP session container is launched with mounts (from MCP gateway logs):
-v ${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw
-v ${RUNNER_TEMP}/gh-aw/safeoutputs:${RUNNER_TEMP}/gh-aw/safeoutputs:rw
-v /tmp/gh-aw/mcp-logs/safeoutputs:/tmp/gh-aw/mcp-logs/safeoutputs:rw
/tmp/gh-aw is not bind-mounted into the container.
Patch/bundle are written to /tmp/gh-aw/aw-<branch>.patch and .bundle inside the container filesystem. The session container is --rm; when it exits, those files are destroyed. The host runner's /tmp/gh-aw never receives them.
Downstream, collect_ndjson_output.cjs scans host /tmp/gh-aw for ^aw-.+\.(patch|bundle)$ and finds nothing. agent_output.json contains create_pull_request metadata (title, body, branch) but no transport artifacts.
Expected vs actual
pkg/constants/constants.go defines:
const DefaultTmpGhAwMount = "/tmp/gh-aw:/tmp/gh-aw:rw"
Other MCP server configs include DefaultTmpGhAwMount, but renderSafeOutputsMCPConfigWithOptions in pkg/workflow/mcp_renderer_builtin.go emits only workspace + safeoutputs config + MCP log mounts — not DefaultTmpGhAwMount.
Compiled consumer workflows therefore contain something like:
"mounts": [
"${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw",
"${RUNNER_TEMP}/gh-aw/safeoutputs:${RUNNER_TEMP}/gh-aw/safeoutputs:rw",
"/tmp/gh-aw/mcp-logs/safeoutputs:/tmp/gh-aw/mcp-logs/safeoutputs:rw"
]gh-aw's own smoke workflows include /tmp/gh-aw:/tmp/gh-aw:rw for safeoutputs; consumer compiled output does not.
Minimal repro steps
- Use a consumer repo with a workflow that has
create-pull-request safe output and allowed-files under openspec/** (or similar multi-file change).
- Compile with gh-aw v0.80.3:
gh aw compile
- Trigger the workflow (e.g. label-gated content PR flow).
- Confirm agent completes; inspect agent job logs for successful MCP
create_pull_request response with patch paths.
- Confirm
Ingest agent output logs No patch or bundle files found in: /tmp/gh-aw.
- Confirm
safe_outputs fails with No patch file found.
Suggested fix
Add constants.DefaultTmpGhAwMount to the safeoutputs MCP mounts array in renderSafeOutputsMCPConfigWithOptions (both TOML and JSON render paths), matching other MCP servers.
Secondary note (not this bug)
Once the mount is fixed, workflows with max_patch_size: 4096 may still reject patches larger than 4 KB at the handler layer. That is a separate constraint; this report is about files never reaching the host at all.
Related
Summary
After upgrading to gh-aw v0.80.0+ (containerized safeoutputs MCP, PR #39100) and recompiling workflows, the agent job can succeed while
safe_outputsfails oncreate_pull_requestwith:The safeoutputs MCP reports patch/bundle generation success, but patch and bundle files are never visible on the host runner filesystem, so ingestion and the
safe_outputsjob have nothing to apply.This is distinct from the
safe.directory/ dubious-ownership failure mode fixed in v0.80.3: branch pinning and patch generation can both succeed inside the MCP container while the handoff to host/tmp/gh-awstill fails.Environment
mainas of 2026-06-18)actions/setup/js/at workspace root; scripts come from setup action under${RUNNER_TEMP}/gh-aw/)create-pull-requestsafe output with non-trivial spec changes (patch typically >4 KB)Symptom timeline
create_pull_requestvia safeoutputs MCP → MCP returns success with patch and bundle paths under/tmp/gh-aw/aw-*.patchandaw-*.bundle.Ingest agent output(collect_ndjson_output.cjs) logs:agentartifact upload includesaw-*.patch/aw-*.bundleglobs withif-no-files-found: ignore→ no patch/bundle files uploaded.safe_outputsProcess Safe Outputslogs:Root cause
The safeoutputs MCP session container is launched with mounts (from MCP gateway logs):
/tmp/gh-awis not bind-mounted into the container.Patch/bundle are written to
/tmp/gh-aw/aw-<branch>.patchand.bundleinside the container filesystem. The session container is--rm; when it exits, those files are destroyed. The host runner's/tmp/gh-awnever receives them.Downstream,
collect_ndjson_output.cjsscans host/tmp/gh-awfor^aw-.+\.(patch|bundle)$and finds nothing.agent_output.jsoncontainscreate_pull_requestmetadata (title, body, branch) but no transport artifacts.Expected vs actual
pkg/constants/constants.godefines:Other MCP server configs include
DefaultTmpGhAwMount, butrenderSafeOutputsMCPConfigWithOptionsinpkg/workflow/mcp_renderer_builtin.goemits only workspace + safeoutputs config + MCP log mounts — notDefaultTmpGhAwMount.Compiled consumer workflows therefore contain something like:
gh-aw's own smoke workflows include
/tmp/gh-aw:/tmp/gh-aw:rwfor safeoutputs; consumer compiled output does not.Minimal repro steps
create-pull-requestsafe output andallowed-filesunderopenspec/**(or similar multi-file change).gh aw compilecreate_pull_requestresponse with patch paths.Ingest agent outputlogsNo patch or bundle files found in: /tmp/gh-aw.safe_outputsfails withNo patch file found.Suggested fix
Add
constants.DefaultTmpGhAwMountto the safeoutputs MCPmountsarray inrenderSafeOutputsMCPConfigWithOptions(both TOML and JSON render paths), matching other MCP servers.Secondary note (not this bug)
Once the mount is fixed, workflows with
max_patch_size: 4096may still reject patches larger than 4 KB at the handler layer. That is a separate constraint; this report is about files never reaching the host at all.Related
validateItem()strippingpatch_path/bundle_pathwhen files are on disk)safe.directory/ dubious ownership (fixed v0.80.3; branch pinning can succeed while this mount bug still fails PR creation)