Skip to content

ci(docs): Add agentic workflows for codebase documentation #5649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dingsdax merged 4 commits into from
Mar 12, 2026

Merge branch 'master' into feat/docs-codebase-agentic-workflows

c6e592a
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

ci(docs): Add agentic workflows for codebase documentation #5649

Merge branch 'master' into feat/docs-codebase-agentic-workflows
c6e592a
Select commit
Loading
Failed to load commit list.
GitHub Actions / warden: find-bugs completed Mar 12, 2026 in 4m 20s

1 issue

find-bugs: Found 1 issue (1 high)

High

MCP Gateway receives empty API key and port due to incorrect step output references - `.github/workflows/docs-codebase-refresh.lock.yml:647-648`

The 'Start MCP Gateway' step (lines 647-648) references steps.safe-outputs-start.outputs.api_key and steps.safe-outputs-start.outputs.port, but the 'Start Safe Outputs MCP HTTP Server' step (id: safe-outputs-start) never sets these outputs. The API key and port are actually set by 'Generate Safe Outputs MCP Server Config' step (id: safe-outputs-config) with output names safe_outputs_api_key and safe_outputs_port. This causes the MCP Gateway to receive empty/undefined credentials, potentially causing authentication failures or security bypasses if the safeoutputs server accepts empty Authorization headers.

Also found at:

  • .github/workflows/docs-codebase-update.lock.yml:647-648

Duration: 4m 16s · Tokens: 2.8M in / 27.0k out · Cost: $7.73 (+extraction: $0.00, +merge: $0.00, +fix_gate: $0.00)

Annotations

Check failure on line 648 in .github/workflows/docs-codebase-refresh.lock.yml

See this annotation in the file changed.

@github-actions github-actions / warden: find-bugs

MCP Gateway receives empty API key and port due to incorrect step output references 

The 'Start MCP Gateway' step (lines 647-648) references `steps.safe-outputs-start.outputs.api_key` and `steps.safe-outputs-start.outputs.port`, but the 'Start Safe Outputs MCP HTTP Server' step (id: safe-outputs-start) never sets these outputs. The API key and port are actually set by 'Generate Safe Outputs MCP Server Config' step (id: safe-outputs-config) with output names `safe_outputs_api_key` and `safe_outputs_port`. This causes the MCP Gateway to receive empty/undefined credentials, potentially causing authentication failures or security bypasses if the safeoutputs server accepts empty Authorization headers.

Check failure on line 648 in .github/workflows/docs-codebase-update.lock.yml

See this annotation in the file changed.

@github-actions github-actions / warden: find-bugs

[ZZX-7RN] MCP Gateway receives empty API key and port due to incorrect step output references (additional location) 

The 'Start MCP Gateway' step (lines 647-648) references `steps.safe-outputs-start.outputs.api_key` and `steps.safe-outputs-start.outputs.port`, but the 'Start Safe Outputs MCP HTTP Server' step (id: safe-outputs-start) never sets these outputs. The API key and port are actually set by 'Generate Safe Outputs MCP Server Config' step (id: safe-outputs-config) with output names `safe_outputs_api_key` and `safe_outputs_port`. This causes the MCP Gateway to receive empty/undefined credentials, potentially causing authentication failures or security bypasses if the safeoutputs server accepts empty Authorization headers.
View more details on GitHub Actions