From b4110ca241069811ab05272459e752da230ac737 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 6 Mar 2026 08:38:52 +0000
Subject: [PATCH 1/3] Initial plan


From 5ff457d25387911971a75b4164279fa403c18f5b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 6 Mar 2026 08:45:06 +0000
Subject: [PATCH 2/3] chore: initial plan for CI optimizations

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../workflows/go-pattern-detector.lock.yml    |  5 +++-
 .github/workflows/scout.lock.yml              | 29 +++++++++++++++----
 .github/workflows/smoke-claude.lock.yml       |  5 +++-
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml
index de502f4d16d..e8dfb271c5a 100644
--- a/.github/workflows/go-pattern-detector.lock.yml
+++ b/.github/workflows/go-pattern-detector.lock.yml
@@ -652,7 +652,10 @@ jobs:
             "mcpServers": {
               "ast-grep": {
                 "type": "stdio",
-                "container": "mcp/ast-grep:latest"
+                "container": "mcp/ast-grep:latest",
+                "tools": [
+                  "*"
+                ]
               },
               "github": {
                 "container": "ghcr.io/github/github-mcp-server:v0.31.0",
diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml
index cf9b66275bc..51861a4bd5c 100644
--- a/.github/workflows/scout.lock.yml
+++ b/.github/workflows/scout.lock.yml
@@ -808,11 +808,21 @@ jobs:
             "mcpServers": {
               "arxiv": {
                 "type": "stdio",
-                "container": "mcp/arxiv-mcp-server"
+                "container": "mcp/arxiv-mcp-server",
+                "tools": [
+                  "search_arxiv",
+                  "get_paper_details",
+                  "get_paper_pdf"
+                ]
               },
               "deepwiki": {
                 "type": "http",
-                "url": "https://mcp.deepwiki.com/sse"
+                "url": "https://mcp.deepwiki.com/sse",
+                "tools": [
+                  "read_wiki_structure",
+                  "read_wiki_contents",
+                  "ask_question"
+                ]
               },
               "github": {
                 "container": "ghcr.io/github/github-mcp-server:v0.31.0",
@@ -824,11 +834,17 @@ jobs:
               },
               "markitdown": {
                 "type": "stdio",
-                "container": "mcp/markitdown"
+                "container": "mcp/markitdown",
+                "tools": [
+                  "*"
+                ]
               },
               "microsoftdocs": {
                 "type": "http",
-                "url": "https://learn.microsoft.com/api/mcp"
+                "url": "https://learn.microsoft.com/api/mcp",
+                "tools": [
+                  "*"
+                ]
               },
               "safeoutputs": {
                 "type": "http",
@@ -842,7 +858,10 @@ jobs:
                 "url": "https://mcp.tavily.com/mcp/",
                 "headers": {
                   "Authorization": "Bearer ${{ secrets.TAVILY_API_KEY }}"
-                }
+                },
+                "tools": [
+                  "*"
+                ]
               }
             },
             "gateway": {
diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml
index 21d3e77b167..80bdc713118 100644
--- a/.github/workflows/smoke-claude.lock.yml
+++ b/.github/workflows/smoke-claude.lock.yml
@@ -2250,7 +2250,10 @@ jobs:
                 "url": "https://mcp.tavily.com/mcp/",
                 "headers": {
                   "Authorization": "Bearer ${{ secrets.TAVILY_API_KEY }}"
-                }
+                },
+                "tools": [
+                  "*"
+                ]
               }
             },
             "gateway": {

From 519cc69cee05cbe5368679d4513615f4230cc17b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 6 Mar 2026 08:51:22 +0000
Subject: [PATCH 3/3] ci: split CLI MCP Inspect GitHub matrix group, pin
 upload-artifact action

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .github/workflows/ci.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 44a21612e51..c08a90acc7c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -174,9 +174,12 @@ jobs:
           - name: "CLI MCP Connectivity"
             packages: "./pkg/cli"
             pattern: "TestMCPInspectPlaywright|TestMCPGateway"
+          - name: "CLI MCP Inspect GitHub"
+            packages: "./pkg/cli"
+            pattern: "TestMCPInspectGitHub"
           - name: "CLI MCP Other"
             packages: "./pkg/cli"
-            pattern: "TestMCPAdd|TestMCPInspectGitHub|TestMCPServer|TestMCPConfig"
+            pattern: "TestMCPAdd|TestMCPServer|TestMCPConfig"
           - name: "CLI Audit Logs & Firewall"
             packages: "./pkg/cli"
             pattern: "TestLogs|TestFirewall|TestNoStopTime|TestLocalWorkflow|^TestAudit|^TestInspect"
@@ -2100,7 +2103,7 @@ jobs:
 
       - name: Upload conformance report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: safe-outputs-conformance-report
           path: conformance-output.txt