[WIP] Fix safe outputs MCP container path for consumer repos

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

---

This section details on the original issue you should resolve

<issue_title>v0.80.0: safeoutputs MCP container uses GITHUB_WORKSPACE/actions path that does not exist in consumer repos</issue_title>
<issue_description>## Summary

After upgrading to gh-aw v0.80.0 and recompiling workflows, agent jobs succeed but produce no safe outputs ({"items":[]}). The safe_outputs job is skipped because detection is skipped (no agent output types).

Root cause: PR #39100 moved safe-outputs from the host-side HTTP MCP server (which used ${RUNNER_TEMP}/gh-aw/actions/...) to a containerized stdio MCP server that executes:

node ${GITHUB_WORKSPACE}/actions/setup/js/safe_outputs_mcp_server.cjs

That path exists in the gh-aw repo (which ships actions/setup/js/ at repo root) but not in consumer repos. Consumer repos only receive action scripts via the setup action into ${RUNNER_TEMP}/gh-aw/actions/.

Environment

• gh-aw CLI: v0.80.0
• Repo type: consumer repo (no actions/setup/js/ at workspace root)
• Workflow: any workflow with safe-outputs enabled (add_comment, update_issue, add_labels, …)
• Trigger: centralized slash command via workflow_dispatch (Agentic Commands router)

Reproduction

1. In any repo without an actions/setup/js/ tree at repo root, author a workflow with safe-outputs enabled (Copilot engine).
2. gh aw compile on v0.80.0.
3. Run the workflow (e.g. slash command or issues trigger).
4. Observe agent job MCP gateway logs:

Error: Cannot find module '/home/runner/work/<repo>/<repo>/actions/setup/js/safe_outputs_mcp_server.cjs'
[ERROR] Failed to register tools from safeoutputs ... calling "initialize": EOF

5. Agent completes with empty safe output; detection and safe_outputs jobs are skipped; workflow may still report overall success in the status comment.

Expected

Safe-outputs MCP server starts using staged action files from ${RUNNER_TEMP}/gh-aw/actions/setup/js/safe_outputs_mcp_server.cjs (with the actions directory mounted into the container), and agent can call add_comment / update_issue tools.

Actual

MCP server fails to start; no safe outputs delivered.

Evidence

Relevant compiled fragment (v0.80.0 lock file):

"safeoutputs": {
  "container": "ghcr.io/github/gh-aw-node",
  "mounts": [
    "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw",
    "${RUNNER_TEMP}/gh-aw/safeoutputs:${RUNNER_TEMP}/gh-aw/safeoutputs:rw",
    "/tmp/gh-aw/mcp-logs/safeoutputs:/tmp/gh-aw/mcp-logs/safeoutputs:rw"
  ],
  "entrypointArgs": ["-c", "exec node ${GITHUB_WORKSPACE}/actions/setup/js/safe_outputs_mcp_server.cjs"]
}

Compiler source (main @ v0.80.0): pkg/workflow/mcp_renderer_builtin.go hardcodes the same ${GITHUB_WORKSPACE}/actions/setup/js/... path in renderSafeOutputsTOML / JSON renderer.

Prior working behavior (v0.79.8): host-side Start Safe Outputs MCP HTTP Server step using files copied to ${RUNNER_TEMP}/gh-aw/safeoutputs/ and ${RUNNER_TEMP}/gh-aw/actions/.

Suggested fix

• Change entrypoint to ${RUNNER_TEMP}/gh-aw/actions/setup/js/safe_outputs_mcp_server.cjs.
• Add a mount for ${RUNNER_TEMP}/gh-aw/actions (read-only is fine) into the safeoutputs container.
• Add a compile/CI golden test using a minimal siderepo fixture without actions/ at workspace root to prevent regressions for consumer repos.

Related

• Run safe-outputs MCP in the gh-aw node container #39100 — Run safe-outputs MCP in the gh-aw node container (introduced regression for external repos)
• Resolve triggering safe outputs from centralized workflow_dispatch context #39580 — centralized workflow_dispatch safe-output context fix (included in v0.80.0 but unreachable when MCP fails to start)

Workaround

Pin gh aw to v0.79.8 and recompile until a fix ships (loses v0.80.0 fixes including #39580).</issue_description>

• Closes v0.80.0: safeoutputs MCP container uses GITHUB_WORKSPACE/actions path that does not exist in consumer repos #39670

Comments on the Issue (you are @copilot in this section)