Large MCP Payload Access Test Results
Run ID: 24612649144
Status: FAIL
Timestamp: 2026-04-18T19:57:50Z
Test Results
- Expected Secret: test-secret-7ae6690f-86dc-4c22-a419-6a4fbbc540bf
- Found Secret: NOT FOUND
- Secret Match: NO
- Payload Path:
/tmp/gh-aw/mcp-payloads/FIAcWWJZoyZwMRDPKfw0uhmgNHw4D43bwHzu0bygelzBomJI6piWgQycn/21f8e28c39ec9094d3691c031c988194/payload.json
- Payload Size: 820,667 bytes
Failure Details
Step 1 — Read secret.txt: ✅ Success
Secret value: test-secret-7ae6690f-86dc-4c22-a419-6a4fbbc540bf
Step 2 — Read large-test-file.json via filesystem MCP: ✅ Success (triggered large-payload path)
MCP server correctly returned a payloadPath pointing to the stored payload file.
Step 3 — Read payload from payloadPath: ❌ FAIL — Permission Denied
The payload file at the path above is owned by root:root with permissions rw------- (600).
The agent runs as runner (uid=1001) and cannot read root-owned files without group/other permissions.
-rw------- 1 root root 820667 Apr 18 19:57 payload.json
Sudo is also unavailable (no new privileges flag set in the container).
Conclusion
The large-payload mechanism correctly stored the response to disk, but the agent cannot read the payload.json file due to a permissions mismatch. The MCP gateway writes the payload file as root with mode 0600, making it inaccessible to the non-root agent process. The fix would be to either write the file with world-readable permissions (0644) or ensure the payload directory is owned/writable by the agent user.
Run URL: https://github.com/github/gh-aw-mcpg/actions/runs/24612649144
Generated by Large Payload Tester · ● 917.8K · ◷
Large MCP Payload Access Test Results
Run ID: 24612649144
Status: FAIL
Timestamp: 2026-04-18T19:57:50Z
Test Results
/tmp/gh-aw/mcp-payloads/FIAcWWJZoyZwMRDPKfw0uhmgNHw4D43bwHzu0bygelzBomJI6piWgQycn/21f8e28c39ec9094d3691c031c988194/payload.jsonFailure Details
Step 1 — Read
secret.txt: ✅ SuccessSecret value:
test-secret-7ae6690f-86dc-4c22-a419-6a4fbbc540bfStep 2 — Read
large-test-file.jsonvia filesystem MCP: ✅ Success (triggered large-payload path)MCP server correctly returned a
payloadPathpointing to the stored payload file.Step 3 — Read payload from
payloadPath: ❌ FAIL — Permission DeniedThe payload file at the path above is owned by
root:rootwith permissionsrw-------(600).The agent runs as
runner(uid=1001) and cannot read root-owned files without group/other permissions.Sudo is also unavailable (
no new privilegesflag set in the container).Conclusion
The large-payload mechanism correctly stored the response to disk, but the agent cannot read the
payload.jsonfile due to a permissions mismatch. The MCP gateway writes the payload file asrootwith mode0600, making it inaccessible to the non-root agent process. The fix would be to either write the file with world-readable permissions (0644) or ensure the payload directory is owned/writable by the agent user.Run URL: https://github.com/github/gh-aw-mcpg/actions/runs/24612649144