Remove MCP gateway JSON validation from compile --validate

.github/aw/actions-lock.json

@@ -25,16 +25,11 @@
       "version": "v5.0.2",
       "sha": "8b402f58fbc84540c8b491a91e594a4576fec3d7"
     },
-    "actions/checkout@v5.0.1": {
+    "actions/checkout@v5": {
       "repo": "actions/checkout",
-      "version": "v5.0.1",
+      "version": "v5",
       "sha": "93cb6efe18208431cddfb8368fd83d5badbf9bfd"
     },
-    "actions/checkout@v6": {
-      "repo": "actions/checkout",
-      "version": "v6",
-      "sha": "8e8c483db84b4bee98b60c0593521ed34d9990e8"
-    },
     "actions/checkout@v6.0.2": {
       "repo": "actions/checkout",
       "version": "v6.0.2",

pkg/workflow/claude_mcp.go

@@ -29,14 +29,8 @@ func (e *ClaudeEngine) RenderMCPConfig(yaml *strings.Builder, tools map[string]a
 
 	// Use shared JSON MCP config renderer with unified renderer methods
 	RenderJSONMCPConfig(yaml, tools, mcpTools, workflowData, JSONMCPConfigOptions{
-		ConfigPath:     "/tmp/gh-aw/mcp-config/mcp-servers.json",
-		GatewayConfig:  gatewayConfig,
-		SkipValidation: workflowData == nil || workflowData.CompilerSkipValidation == nil || *workflowData.CompilerSkipValidation,
-		OnWarning: func() {
-			if workflowData != nil && workflowData.CompilerWarningCallback != nil {
-				workflowData.CompilerWarningCallback()
-			}
-		},
+		ConfigPath:    "/tmp/gh-aw/mcp-config/mcp-servers.json",
+		GatewayConfig: gatewayConfig,
 		Renderers: MCPToolRenderers{
 			RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 				renderer := createRenderer(isLast)

pkg/workflow/codex_mcp.go

@@ -113,14 +113,8 @@ func (e *CodexEngine) RenderMCPConfig(yaml *strings.Builder, tools map[string]an
 	}
 
 	RenderJSONMCPConfig(yaml, tools, mcpTools, workflowData, JSONMCPConfigOptions{
-		ConfigPath:     "/tmp/gh-aw/mcp-config/mcp-servers.json",
-		GatewayConfig:  gatewayConfig,
-		SkipValidation: workflowData == nil || workflowData.CompilerSkipValidation == nil || *workflowData.CompilerSkipValidation,
-		OnWarning: func() {
-			if workflowData != nil && workflowData.CompilerWarningCallback != nil {
-				workflowData.CompilerWarningCallback()
-			}
-		},
+		ConfigPath:    "/tmp/gh-aw/mcp-config/mcp-servers.json",
+		GatewayConfig: gatewayConfig,
 		Renderers: MCPToolRenderers{
 			RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 				renderer := createJSONRenderer(isLast)

pkg/workflow/compiler_types.go

@@ -272,70 +272,68 @@ type SkipIfNoMatchConfig struct {
 
 // WorkflowData holds all the data needed to generate a GitHub Actions workflow
 type WorkflowData struct {
-	Name                    string
-	TrialMode               bool           // whether the workflow is running in trial mode
-	TrialLogicalRepo        string         // target repository slug for trial mode (owner/repo)
-	FrontmatterName         string         // name field from frontmatter (for code scanning alert driver default)
-	FrontmatterYAML         string         // raw frontmatter YAML content (rendered as comment in lock file for reference)
-	Description             string         // optional description rendered as comment in lock file
-	Source                  string         // optional source field (owner/repo@ref/path) rendered as comment in lock file
-	TrackerID               string         // optional tracker identifier for created assets (min 8 chars, alphanumeric + hyphens/underscores)
-	ImportedFiles           []string       // list of files imported via imports field (rendered as comment in lock file)
-	IncludedFiles           []string       // list of files included via @include directives (rendered as comment in lock file)
-	ImportInputs            map[string]any // input values from imports with inputs (for github.aw.inputs.* substitution)
-	On                      string
-	Permissions             string
-	Network                 string // top-level network permissions configuration
-	Concurrency             string // workflow-level concurrency configuration
-	RunName                 string
-	Env                     string
-	If                      string
-	TimeoutMinutes          string
-	CustomSteps             string
-	PostSteps               string // steps to run after AI execution
-	RunsOn                  string
-	Environment             string // environment setting for the main job
-	Container               string // container setting for the main job
-	Services                string // services setting for the main job
-	Tools                   map[string]any
-	ParsedTools             *Tools // Structured tools configuration (NEW: parsed from Tools map)
-	MarkdownContent         string
-	AI                      string        // "claude" or "codex" (for backwards compatibility)
-	EngineConfig            *EngineConfig // Extended engine configuration
-	AgentFile               string        // Path to custom agent file (from imports)
-	StopTime                string
-	SkipIfMatch             *SkipIfMatchConfig   // skip-if-match configuration with query and max threshold
-	SkipIfNoMatch           *SkipIfNoMatchConfig // skip-if-no-match configuration with query and min threshold
-	ManualApproval          string               // environment name for manual approval from on: section
-	Command                 []string             // for /command trigger support - multiple command names
-	CommandEvents           []string             // events where command should be active (nil = all events)
-	CommandOtherEvents      map[string]any       // for merging command with other events
-	AIReaction              string               // AI reaction type like "eyes", "heart", etc.
-	LockForAgent            bool                 // whether to lock the issue during agent workflow execution
-	Jobs                    map[string]any       // custom job configurations with dependencies
-	Cache                   string               // cache configuration
-	NeedsTextOutput         bool                 // whether the workflow uses ${{ needs.task.outputs.text }}
-	NetworkPermissions      *NetworkPermissions  // parsed network permissions
-	SandboxConfig           *SandboxConfig       // parsed sandbox configuration (AWF or SRT)
-	SafeOutputs             *SafeOutputsConfig   // output configuration for automatic output routes
-	SafeInputs              *SafeInputsConfig    // safe-inputs configuration for custom MCP tools
-	Roles                   []string             // permission levels required to trigger workflow
-	Bots                    []string             // allow list of bot identifiers that can trigger workflow
-	CacheMemoryConfig       *CacheMemoryConfig   // parsed cache-memory configuration
-	RepoMemoryConfig        *RepoMemoryConfig    // parsed repo-memory configuration
-	Runtimes                map[string]any       // runtime version overrides from frontmatter
-	ToolsTimeout            int                  // timeout in seconds for tool/MCP operations (0 = use engine default)
-	GitHubToken             string               // top-level github-token expression from frontmatter
-	ToolsStartupTimeout     int                  // timeout in seconds for MCP server startup (0 = use engine default)
-	Features                map[string]any       // feature flags and configuration options from frontmatter (supports bool and string values)
-	ActionCache             *ActionCache         // cache for action pin resolutions
-	ActionResolver          *ActionResolver      // resolver for action pins
-	StrictMode              bool                 // strict mode for action pinning
-	SecretMasking           *SecretMaskingConfig // secret masking configuration
-	CompilerSkipValidation  *bool                // compiler's skipValidation flag (passed from compiler to engines for MCP gateway schema validation)
-	CompilerWarningCallback func()               // callback to increment compiler warning count (passed from compiler to engines for MCP gateway schema validation warnings)
-	ParsedFrontmatter       *FrontmatterConfig   // cached parsed frontmatter configuration (for performance optimization)
-	ActionPinWarnings       map[string]bool      // cache of already-warned action pin failures (key: "repo@version")
+	Name                string
+	TrialMode           bool           // whether the workflow is running in trial mode
+	TrialLogicalRepo    string         // target repository slug for trial mode (owner/repo)
+	FrontmatterName     string         // name field from frontmatter (for code scanning alert driver default)
+	FrontmatterYAML     string         // raw frontmatter YAML content (rendered as comment in lock file for reference)
+	Description         string         // optional description rendered as comment in lock file
+	Source              string         // optional source field (owner/repo@ref/path) rendered as comment in lock file
+	TrackerID           string         // optional tracker identifier for created assets (min 8 chars, alphanumeric + hyphens/underscores)
+	ImportedFiles       []string       // list of files imported via imports field (rendered as comment in lock file)
+	IncludedFiles       []string       // list of files included via @include directives (rendered as comment in lock file)
+	ImportInputs        map[string]any // input values from imports with inputs (for github.aw.inputs.* substitution)
+	On                  string
+	Permissions         string
+	Network             string // top-level network permissions configuration
+	Concurrency         string // workflow-level concurrency configuration
+	RunName             string
+	Env                 string
+	If                  string
+	TimeoutMinutes      string
+	CustomSteps         string
+	PostSteps           string // steps to run after AI execution
+	RunsOn              string
+	Environment         string // environment setting for the main job
+	Container           string // container setting for the main job
+	Services            string // services setting for the main job
+	Tools               map[string]any
+	ParsedTools         *Tools // Structured tools configuration (NEW: parsed from Tools map)
+	MarkdownContent     string
+	AI                  string        // "claude" or "codex" (for backwards compatibility)
+	EngineConfig        *EngineConfig // Extended engine configuration
+	AgentFile           string        // Path to custom agent file (from imports)
+	StopTime            string
+	SkipIfMatch         *SkipIfMatchConfig   // skip-if-match configuration with query and max threshold
+	SkipIfNoMatch       *SkipIfNoMatchConfig // skip-if-no-match configuration with query and min threshold
+	ManualApproval      string               // environment name for manual approval from on: section
+	Command             []string             // for /command trigger support - multiple command names
+	CommandEvents       []string             // events where command should be active (nil = all events)
+	CommandOtherEvents  map[string]any       // for merging command with other events
+	AIReaction          string               // AI reaction type like "eyes", "heart", etc.
+	LockForAgent        bool                 // whether to lock the issue during agent workflow execution
+	Jobs                map[string]any       // custom job configurations with dependencies
+	Cache               string               // cache configuration
+	NeedsTextOutput     bool                 // whether the workflow uses ${{ needs.task.outputs.text }}
+	NetworkPermissions  *NetworkPermissions  // parsed network permissions
+	SandboxConfig       *SandboxConfig       // parsed sandbox configuration (AWF or SRT)
+	SafeOutputs         *SafeOutputsConfig   // output configuration for automatic output routes
+	SafeInputs          *SafeInputsConfig    // safe-inputs configuration for custom MCP tools
+	Roles               []string             // permission levels required to trigger workflow
+	Bots                []string             // allow list of bot identifiers that can trigger workflow
+	CacheMemoryConfig   *CacheMemoryConfig   // parsed cache-memory configuration
+	RepoMemoryConfig    *RepoMemoryConfig    // parsed repo-memory configuration
+	Runtimes            map[string]any       // runtime version overrides from frontmatter
+	ToolsTimeout        int                  // timeout in seconds for tool/MCP operations (0 = use engine default)
+	GitHubToken         string               // top-level github-token expression from frontmatter
+	ToolsStartupTimeout int                  // timeout in seconds for MCP server startup (0 = use engine default)
+	Features            map[string]any       // feature flags and configuration options from frontmatter (supports bool and string values)
+	ActionCache         *ActionCache         // cache for action pin resolutions
+	ActionResolver      *ActionResolver      // resolver for action pins
+	StrictMode          bool                 // strict mode for action pinning
+	SecretMasking       *SecretMaskingConfig // secret masking configuration
+	ParsedFrontmatter   *FrontmatterConfig   // cached parsed frontmatter configuration (for performance optimization)
+	ActionPinWarnings   map[string]bool      // cache of already-warned action pin failures (key: "repo@version")
 }
 
 // BaseSafeOutputConfig holds common configuration fields for all safe output types

pkg/workflow/copilot_mcp.go

@@ -32,14 +32,8 @@ func (e *CopilotEngine) RenderMCPConfig(yaml *strings.Builder, tools map[string]
 
 	// Use shared JSON MCP config renderer with unified renderer methods
 	options := JSONMCPConfigOptions{
-		ConfigPath:     "/home/runner/.copilot/mcp-config.json",
-		GatewayConfig:  gatewayConfig,
-		SkipValidation: workflowData == nil || workflowData.CompilerSkipValidation == nil || *workflowData.CompilerSkipValidation,
-		OnWarning: func() {
-			if workflowData != nil && workflowData.CompilerWarningCallback != nil {
-				workflowData.CompilerWarningCallback()
-			}
-		},
+		ConfigPath:    "/home/runner/.copilot/mcp-config.json",
+		GatewayConfig: gatewayConfig,
 		Renderers: MCPToolRenderers{
 			RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 				renderer := createRenderer(isLast)

pkg/workflow/custom_engine.go

@@ -176,14 +176,8 @@ func (e *CustomEngine) RenderMCPConfig(yaml *strings.Builder, tools map[string]a
 
 	// Use shared JSON MCP config renderer with unified renderer methods
 	RenderJSONMCPConfig(yaml, tools, mcpTools, workflowData, JSONMCPConfigOptions{
-		ConfigPath:     "/tmp/gh-aw/mcp-config/mcp-servers.json",
-		GatewayConfig:  buildMCPGatewayConfig(workflowData),
-		SkipValidation: workflowData == nil || workflowData.CompilerSkipValidation == nil || *workflowData.CompilerSkipValidation,
-		OnWarning: func() {
-			if workflowData != nil && workflowData.CompilerWarningCallback != nil {
-				workflowData.CompilerWarningCallback()
-			}
-		},
+		ConfigPath:    "/tmp/gh-aw/mcp-config/mcp-servers.json",
+		GatewayConfig: buildMCPGatewayConfig(workflowData),
 		Renderers: MCPToolRenderers{
 			RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 				renderer := createRenderer(isLast)

pkg/workflow/data/action_pins.json

@@ -25,16 +25,11 @@
       "version": "v5.0.2",
       "sha": "8b402f58fbc84540c8b491a91e594a4576fec3d7"
     },
-    "actions/checkout@v5.0.1": {
+    "actions/checkout@v5": {
       "repo": "actions/checkout",
-      "version": "v5.0.1",
+      "version": "v5",
       "sha": "93cb6efe18208431cddfb8368fd83d5badbf9bfd"
     },
-    "actions/checkout@v6": {
-      "repo": "actions/checkout",
-      "version": "v6",
-      "sha": "8e8c483db84b4bee98b60c0593521ed34d9990e8"
-    },
     "actions/checkout@v6.0.2": {
       "repo": "actions/checkout",
       "version": "v6.0.2",

pkg/workflow/engine_helpers_shared_test.go

@@ -521,8 +521,7 @@ func TestRenderJSONMCPConfig(t *testing.T) {
 			},
 			mcpTools: []string{"github", "playwright"},
 			options: JSONMCPConfigOptions{
-				ConfigPath:     "/tmp/test-config.json",
-				SkipValidation: true, // Skip validation in tests
+				ConfigPath: "/tmp/test-config.json",
 				Renderers: MCPToolRenderers{
 					RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 						yaml.WriteString("              \"github\": { \"test\": true }")
@@ -561,8 +560,7 @@ func TestRenderJSONMCPConfig(t *testing.T) {
 			},
 			mcpTools: []string{"github", "cache-memory"},
 			options: JSONMCPConfigOptions{
-				ConfigPath:     "/tmp/filtered-config.json",
-				SkipValidation: true, // Skip validation in tests
+				ConfigPath: "/tmp/filtered-config.json",
 				Renderers: MCPToolRenderers{
 					RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 						yaml.WriteString("              \"github\": { \"filtered\": true }")
@@ -598,8 +596,7 @@ func TestRenderJSONMCPConfig(t *testing.T) {
 			},
 			mcpTools: []string{"github"},
 			options: JSONMCPConfigOptions{
-				ConfigPath:     "/tmp/debug-config.json",
-				SkipValidation: true, // Skip validation in tests
+				ConfigPath: "/tmp/debug-config.json",
 				Renderers: MCPToolRenderers{
 					RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 						yaml.WriteString("              \"github\": {}\n")
@@ -629,8 +626,7 @@ func TestRenderJSONMCPConfig(t *testing.T) {
 			tools:    map[string]any{},
 			mcpTools: []string{"web-fetch"},
 			options: JSONMCPConfigOptions{
-				ConfigPath:     "/tmp/web-fetch-config.json",
-				SkipValidation: true, // Skip validation in tests
+				ConfigPath: "/tmp/web-fetch-config.json",
 				Renderers: MCPToolRenderers{
 					RenderGitHub:           func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {},
 					RenderPlaywright:       func(yaml *strings.Builder, playwrightTool any, isLast bool) {},
@@ -691,8 +687,7 @@ func TestRenderJSONMCPConfig_IsLastHandling(t *testing.T) {
 	var isLastValues []bool
 
 	options := JSONMCPConfigOptions{
-		ConfigPath:     "/tmp/test.json",
-		SkipValidation: true, // Skip validation in tests
+		ConfigPath: "/tmp/test.json",
 		Renderers: MCPToolRenderers{
 			RenderGitHub: func(yaml *strings.Builder, githubTool any, isLast bool, workflowData *WorkflowData) {
 				callOrder = append(callOrder, "github")