Remove pre-defined GitHub tools list and use readonly MCP server by default

[Copilot]

Problem

The system previously maintained a hardcoded list of 67 GitHub MCP tools in pkg/constants/constants.go that were automatically added to every workflow's allowed list. This approach had several issues:

• Maintenance burden: The list had to be manually updated whenever new GitHub MCP tools became available
• Always outdated: Users couldn't access new MCP server capabilities until the code was updated and released
• Verbose output: Every compiled workflow contained 67 lines of allowed tool specifications
• Coupling: Tool availability was coupled to the gh-aw codebase instead of the MCP server

Solution

This PR removes the hardcoded tool list and instead delegates to the GitHub MCP server's read-only mode:

# Before: Explicit list of 67 tools
tools:
  github:
    allowed:
      - download_workflow_run_artifact
      - get_job_logs
      - get_workflow_run
      # ... 64 more tools

# After: Automatic read-only mode (no config needed)
tools:
  github:
    # Implicitly sets read-only: true

When no explicit allowed list or read-only setting is provided, the compiler now automatically enables read-only mode by setting read-only: true. This results in:

1. Wildcard access: Claude engine uses mcp__github instead of enumerating specific tools
2. Environment flag: Sets GITHUB_READ_ONLY=1 for the GitHub MCP server container
3. Server-controlled: The MCP server determines which read-only tools are available

Implementation Details

Code Changes

• pkg/constants/constants.go: Removed DefaultGitHubTools constant (~70 lines)
• pkg/workflow/compiler.go: Modified applyDefaultTools() to set read-only: true by default
• pkg/workflow/claude_engine.go: Updated to use wildcard mcp__github for GitHub tools without explicit allowed list
• pkg/workflow/constants_integration_test.go: Removed obsolete test file
• pkg/workflow/claude_engine_tools_test.go: Updated test expectations for wildcard behavior
• docs/src/content/docs/reference/tools.md: Updated documentation to reflect new behavior

Behavior Matrix

Configuration	Allowed Tools	Read-Only Flag	Behavior
No tools config	mcp__github (wildcard)	GITHUB_READ_ONLY=1	All read-only tools available
allowed: [list_issues, ...]	Specific tools only	Not set	User-controlled tool access
read-only: true	mcp__github (wildcard)	GITHUB_READ_ONLY=1	All read-only tools available

Benefits

1. No maintenance: Tool availability is determined by the MCP server, not hardcoded lists
2. Always current: Users automatically get new read-only tools as the GitHub MCP server is updated
3. Secure by default: Read-only mode is now enabled by default for GitHub tools
4. Cleaner output: Compiled workflows use a single wildcard entry instead of 67 tool names
5. Better separation of concerns: The MCP server controls what tools are available in read-only mode

Testing

• ✅ All unit tests passing
• ✅ All 64 workflows successfully recompiled
• ✅ Manual testing verified three scenarios:
  • Default behavior (no config) → read-only mode with wildcard access
  • Explicit allowed list → specific tools only
  • Explicit read-only flag → read-only mode with wildcard access

Migration

This change is backward compatible. Existing workflows with explicit allowed lists continue to work exactly as before. Only workflows relying on the implicit default behavior will see the change from specific tools to wildcard access, but functionally they get access to the same (or more) read-only tools.

Users who want to discover available read-only tools can use:

gh aw mcp inspect <workflow-name> --server github

Fixes the issue described in the problem statement.

Original prompt

Remove the pre-defined list of github tools and instead use the readonly github MCP server by default.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.