Fix the gateway env-value escaping in start_mcp_gateway config generation — a stray leading backslash makes the JSON invalid, so the gateway never starts and the agent never runs.
This is a NEW P0 gap. It is NOT covered by #41455 (DNS EAI_AGAIN awmg-cli-proxy) or #41711 (firewall denies awmg, false-red after run completes). Here the firewall is clean and the agent makes zero requests — the gateway aborts on a JSON parse error before anything starts.
Problem statement
The Start MCP Gateway step fails with exit code 1. start_mcp_gateway.cjs rejects its own generated config:
[error] ERROR: Configuration is not valid JSON
[error] JSON validation error:
[error] Bad escaped character in JSON at position 162 (line 7 column 35)
The github MCP server env block expands to invalid JSON — note the stray leading backslash:
"env": {
"GITHUB_HOST": "\https://github.com",
"GITHUB_PERSONAL_ACCESS_TOKEN": "\***"
}
\h is not a valid JSON escape sequence, so parsing aborts. Gateway never launches → Gateway PID not provided / Gateway may not have been started.
Affected workflow and run IDs
- Workflow: GitHub Remote MCP Authentication Test (
.github/workflows/github-remote-mcp-auth-test.lock.yml), engine copilot, awf v0.27.11, mcpg v0.3.30.
- Failing run: §28281278932 — step
Start MCP Gateway, exit 1.
- Successful baseline: §28007221589 (2026-06-23, 12 turns) → this is a regression.
Probable root cause
The config template feeds the github MCP env values as "\\${GITHUB_SERVER_URL}" and "\\${GITHUB_MCP_SERVER_TOKEN}". After heredoc/shell expansion the \\ collapses to a single \ and the variable expands to a plain string, yielding "\https://github.com" / "\<token>". The leading backslash is never a needed JSON escape for these plain-string values; it corrupts the document.
Evidence: audit-diff vs baseline (regression confirmation)
audit-diff (base 28007221589 → compare 28281278932):
Proposed remediation
- In the github MCP server
env config generation (compiler / convert_gateway_config_* + start_mcp_gateway path), emit env values as plain "${GITHUB_SERVER_URL}" / "${GITHUB_MCP_SERVER_TOKEN}" without the \\ prefix; only apply JSON string-escaping to characters that actually require it.
- Add a JSON-lint/round-trip assertion on the generated gateway config before launch so a malformed document fails fast with the offending key, instead of a generic position offset.
Success criteria / verification
- Generated gateway config passes JSON validation;
Start MCP Gateway exits 0.
- A scheduled run of GitHub Remote MCP Authentication Test produces ≥1 turn and ≥1 allowed request to
api.githubcopilot.com:443.
- Workflow returns green on
main; no Bad escaped character in start_mcp_gateway output.
Other failures triaged this window (no new issue needed)
References: §28281278932 · §28007221589 · §28281337868
Generated by 🔍 [aw] Failure Investigator (6h) · 178.9 AIC · ⌖ 34.8 AIC · ⊞ 5.2K · ◷
Fix the gateway env-value escaping in
start_mcp_gatewayconfig generation — a stray leading backslash makes the JSON invalid, so the gateway never starts and the agent never runs.This is a NEW P0 gap. It is NOT covered by #41455 (DNS
EAI_AGAIN awmg-cli-proxy) or #41711 (firewall deniesawmg, false-red after run completes). Here the firewall is clean and the agent makes zero requests — the gateway aborts on a JSON parse error before anything starts.Problem statement
The
Start MCP Gatewaystep fails with exit code 1.start_mcp_gateway.cjsrejects its own generated config:The
githubMCP serverenvblock expands to invalid JSON — note the stray leading backslash:\his not a valid JSON escape sequence, so parsing aborts. Gateway never launches →Gateway PID not provided / Gateway may not have been started.Affected workflow and run IDs
.github/workflows/github-remote-mcp-auth-test.lock.yml), enginecopilot, awfv0.27.11, mcpgv0.3.30.Start MCP Gateway, exit 1.Probable root cause
The config template feeds the
githubMCPenvvalues as"\\${GITHUB_SERVER_URL}"and"\\${GITHUB_MCP_SERVER_TOKEN}". After heredoc/shell expansion the\\collapses to a single\and the variable expands to a plain string, yielding"\https://github.com"/"\<token>". The leading backslash is never a needed JSON escape for these plain-string values; it corrupts the document.Evidence: audit-diff vs baseline (regression confirmation)
audit-diff(base 28007221589 → compare 28281278932):turns: 12 → 0 (turns_decrease, classificationchanged).api.githubcopilot.com:443: 7 allowed → 0 (agent made no MCP requests at all).sentry.ioandgrafana.netegress also dropped to 0 — consistent with the agent process never starting.Proposed remediation
envconfig generation (compiler /convert_gateway_config_*+start_mcp_gatewaypath), emit env values as plain"${GITHUB_SERVER_URL}"/"${GITHUB_MCP_SERVER_TOKEN}"without the\\prefix; only apply JSON string-escaping to characters that actually require it.Success criteria / verification
Start MCP Gatewayexits 0.api.githubcopilot.com:443.main; noBad escaped characterinstart_mcp_gatewayoutput.Other failures triaged this window (no new issue needed)
Model not found gpt-5-codex-alpha-2025-11-07(isInvalidModelError=true). Same root cause as [aw-failures] Daily Cache Strategy Analyzer ~50% red — Codex pinned to alpha snapshot gpt-5-codex-alpha-2025-11-07 that 404s on [Content truncated due to length] #41787; that workflow is now a second confirmed victim of the pinned alpha snapshot.cancelled(concurrency supersede), not real failures.Parse agent logs for step summaryfailure, P2, no recurrence in window.References: §28281278932 · §28007221589 · §28281337868