Fix Playwright MCP initialization failure on GitHub Actions runners

[Copilot]

Playwright MCP server fails during initialization with "initialize: EOF" on GitHub Actions. Chromium crashes before MCP completes tool registration due to missing container security flags.

Changes

Container configuration

• pkg/workflow/mcp_config_playwright_renderer.go: Added Docker security flags to JSON renderer (Copilot/Claude engines)
• pkg/workflow/mcp_renderer.go: Added Docker security flags to TOML renderer (Codex engine)

-dockerArgs := []string{"--init", "--network", "host"}
+dockerArgs := []string{"--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"}

Key changes:

• Added --security-opt seccomp=unconfined for Chromium sandbox compatibility
• Added --ipc=host for shared memory access
• Applied security flags to both JSON and TOML renderers for consistent behavior across all AI engines

Documentation

• Added troubleshooting entry for EOF initialization error
• Added GitHub Actions compatibility note to Playwright tool reference

Workflows

• Recompiled all 154 workflows with updated container args

Technical context

GitHub Actions runners use seccomp filtering and restricted IPC namespaces. Chromium's sandbox requires relaxed seccomp and /dev/shm access, standard for containerized browser automation in CI.

The fix ensures consistent Playwright behavior across all engine types (Copilot, Claude, Codex) by applying the same Docker security flags to both JSON and TOML MCP configuration renderers.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Playwright MCP tools not available in GitHub Agentic Workflows (initialize: EOF during MCP init)</issue_title>
<issue_description>In GitHub Agentic Workflows, the Playwright MCP server appears connected/healthy, but no Playwright tools are registered for the agent. Calls such as browser_navigate fail because the tool list is empty.

What I expected:

Playwright MCP tools (for example browser_navigate) should register and be callable by the agent during workflow execution.

What happened:

Agent error: Tool 'browser_navigate' does not exist
MCP gateway logs show Playwright startup followed by registration failure:
Starting server name=playwright
Failed to register tools error="initialize: EOF" name=playwright
Gateway health/connection can still look green even though tool registration failed.

Environment
Platform: GitHub Actions hosted runner (Ubuntu)
Workflow system: GitHub Agentic Workflows (gh-aw) - https://github.com/githubnext/agentics/blob/main/docs/daily-accessibility-review.md
MCP server image: mcr.microsoft.com/playwright/mcp:latest
Date observed: 2026-02-16

Repro steps
Configure Playwright MCP in an Agentic Workflow.
Run the workflow in GitHub Actions.
Have the agent call a Playwright tool (for example browser_navigate).
Observe missing-tool error and initialize: EOF in logs.

Suspected cause
Playwright MCP initialization may attempt browser startup that is incompatible with GitHub Actions sandbox constraints (for example no-new-privileges / Chromium sandbox constraints), causing init pipe closure and EOF before tools register.

Notes
Removing --init from container args reduced startup instability but did not resolve initialize: EOF.
This looks like a tool-registration failure masked by a healthy connection status.

Request
Please confirm whether Playwright MCP is expected to work on standard GitHub-hosted runners, and if so, document required runtime flags/entrypoint changes (for example sandbox/headless constraints) to ensure successful tool registration.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Playwright MCP tools not available in GitHub Agentic Workflows (initialize: EOF during MCP init) #16236

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

---

✨ PR Review Safe Output Test - Run 22081981970

💥 [THE END] — Illustrated by Smoke Claude

---

---

✨ PR Review Safe Output Test - Run 22082130754

💥 [THE END] — Illustrated by Smoke Claude

[pelikhan]

@copilot review changes and compare with playwright docs. validate new flags.

[github-actions]

🧪 Smoke Temporary ID is now testing temporary ID functionality...

[github-actions]

🧪 Smoke Project is now testing project operations...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

❌ Smoke Copilot SDK failed. Please review the logs for details.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[Copilot]

@copilot review changes and compare with playwright docs. validate new flags.

I've validated the Docker flags against official Playwright documentation and the Playwright MCP container source. Here's the verification:

✅ --init - Confirmed required by official Playwright MCP docs for proper signal handling and zombie process management.

✅ --ipc=host - Confirmed required by official Playwright docs for Chromium shared memory access. Without this, Chromium can crash with out-of-memory errors.

✅ --security-opt seccomp=unconfined - Validated approach:

• The Playwright MCP container already runs Chromium with --no-sandbox
• GitHub Actions runners use Docker's default seccomp profile which blocks certain syscalls
• For CI/CD environments (trusted code), seccomp=unconfined is an accepted practice per official Docker security docs
• Alternative would be a custom seccomp profile allowing clone/setns/unshare syscalls, but unconfined is simpler for CI

Alternative consideration: We could use Playwright's official seccomp profile instead of unconfined, but given that the MCP image already disables Chromium sandbox and this is CI/CD, the current approach is valid and follows industry best practices for containerized browser automation in GitHub Actions.

Commit: 875dbb7

[github-actions]

✅ Smoke Temporary ID completed successfully. Temporary ID validation passed.

[github-actions]

Agent Container Tool Check ✅

Tool	Status	Version
bash	✅	GNU bash 5.2.21
sh	✅	available
git	✅	2.52.0
jq	✅	1.7
yq	✅	4.52.2
curl	✅	8.5.0
gh	✅	2.86.0
node	✅	20.20.0
python3	✅	3.12.3
go	✅	1.24.13
java	✅	openjdk 21.0.10
dotnet	✅	10.0.102

Result: 12/12 tools available ✅ PASS

All required development tools are present and functional in the agent container environment.

🔧 Tool validation by Agent Container Smoke Test for issue #16262

[Copilot]

Pull request overview

This PR fixes a critical issue where the Playwright MCP server fails to initialize on GitHub Actions runners with an "EOF" error. The root cause is that Chromium crashes during startup due to missing Docker security flags required for browser automation in containerized CI environments.

Changes:

• Added --security-opt seccomp=unconfined and --ipc=host Docker flags to Playwright container configuration for Chromium sandbox compatibility
• Added comprehensive troubleshooting documentation for the EOF initialization error
• Updated GitHub Actions compatibility note in Playwright tool reference
• Recompiled 9 Playwright-enabled workflows with the updated container arguments

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/workflow/mcp_config_playwright_renderer.go	Added security-opt and ipc-host Docker flags to the JSON format renderer for Playwright MCP configuration
docs/src/content/docs/troubleshooting/common-issues.md	Added troubleshooting entry explaining the EOF error, its cause, solution, and upgrade instructions
docs/src/content/docs/reference/tools.md	Added GitHub Actions compatibility note mentioning the required security flags
.github/workflows/unbloat-docs.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/smoke-copilot.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/smoke-codex.lock.yml	Recompiled with updated Playwright container args (JSON format only; TOML format missing flags)
.github/workflows/smoke-claude.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/slide-deck-maintainer.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/docs-noob-tester.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/daily-multi-device-docs-tester.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/cloclo.lock.yml	Recompiled with updated Playwright container args including security flags
.github/workflows/blog-auditor.lock.yml	Recompiled with updated Playwright container args including security flags

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The TOML renderer for Playwright MCP configuration is missing the security flags that were added to the JSON renderer. The renderPlaywrightTOML function in mcp_renderer.go (lines 228-233) still only includes --init, --network, and host in the args array, but it should also include --security-opt, seccomp=unconfined, and --ipc=host.

This is critical because Codex engine uses the TOML format for MCP configuration. The smoke-codex.lock.yml workflow shows that the TOML config (lines 952-967) is missing these flags while the JSON config (lines 1011-1029) has them. This means Playwright will still fail with "EOF" errors in Codex workflows even after this fix.

The security flags need to be added to the TOML renderer in the same way they were added to the JSON renderer to ensure consistent behavior across all engine types.

[pelikhan]

@copilot apply changes based on this feedback

[Copilot]

Fixed. Added the same Docker security flags (--security-opt seccomp=unconfined and --ipc=host) to the TOML renderer in mcp_renderer.go for Codex engine. The smoke-codex.lock.yml workflow now includes these flags in the TOML configuration, ensuring consistent Playwright behavior across all engine types.

Commit: 6a9020b

[github-actions]

✅ Smoke Project completed successfully. All project operations validated.

[github-actions]

Smoke test results
PRs: chore: update AWF firewall to v0.19.1; Fix audit MCP tool returning debug logs instead of JSON
GitHub MCP ✅
Serena MCP ✅
Playwright ✅
File write ✅
Bash verify ✅
Build ✅
Overall: PASS

🔮 The oracle has spoken through Smoke Codex for issue #16262

[github-actions]

Smoke Test Results

• ✅ GitHub MCP (2 PRs: Fix Playwright MCP initialization failure on GitHub Actions runners #16262, Add user-invokable to ignored frontmatter fields #16259)
• ✅ Safe Inputs GH CLI
• ❌ Serena MCP (skipped)
• ✅ Playwright
• ✅ File Writing & Bash
• ✅ Discussion & Build
• ✅ PR Review

Status: PASS (10/11)
Run: §22081981960

cc: @Copilot @pelikhan

📰 BREAKING: Report filed by Smoke Copilot for issue #16262

[github-actions]

✅ Changes look good - fixes Playwright initialization on GitHub Actions by adding required Docker security flags.

📰 BREAKING: Report filed by Smoke Copilot for issue #16262

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude for issue #16262

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw flow (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 4n3frRdwyiX2ROyU-C (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v2
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v2 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/11bd71901bbe5b1630ceea73d27597364c9af683 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v7
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v7 --jq .object.sha ithub/workflows (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/4dc6199c7b1a012772edbd06daecab0f50c9053c --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha ntifiers.go _validation.go x_amd64/vet (http block)
• https://api.github.com/repos/anchore/sbom-action/git/ref/tags/v0
  • Triggering command: /usr/bin/gh gh api /repos/anchore/sbom-action/git/ref/tags/v0 --jq .object.sha (http block)
• https://api.github.com/repos/docker/build-push-action/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/docker/build-push-action/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/repos/docker/login-action/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha ir.go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq .object.sha (http block)
• https://api.github.com/repos/docker/metadata-action/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha fflib@v1.0.0/difremote.origin.url (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/metadata-action/git/ref/tags/v5 --jq .object.sha (http block)
• https://api.github.com/repos/docker/setup-buildx-action/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha k/_temp/copilot-remote.origin.url (http block)
  • Triggering command: /usr/bin/gh gh api /repos/docker/setup-buildx-action/git/ref/tags/v3 --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/c4e091835c7a94dc7d3acb8ed3ae145afb4995f3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/c4e091835c7a94dc7d3acb8ed3ae145afb4995f3 --jq .object.sha (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)
• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)