fix: add auth field to http_mcp_tool frontmatter schema (#24369)

Copilot · web-flow · commit 99682c62bce6 · 2026-04-03T14:39:21.000-07:00
diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -9657,11 +9657,32 @@
             "type": "string"
           },
           "examples": [["*"], ["store_memory", "retrieve_memory"], ["brave_web_search"]]
+        },
+        "auth": {
+          "$ref": "#/$defs/http_mcp_auth"
         }
       },
       "required": ["url"],
       "additionalProperties": false
     },
+    "http_mcp_auth": {
+      "type": "object",
+      "description": "Upstream authentication configuration for the HTTP MCP server. When configured, the gateway dynamically acquires tokens and injects them as Authorization headers on every outgoing request to this server. Currently only GitHub Actions OIDC is supported.",
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": ["github-oidc"],
+          "description": "Authentication type. Currently only 'github-oidc' is supported, which acquires short-lived JWTs from the GitHub Actions OIDC endpoint."
+        },
+        "audience": {
+          "type": "string",
+          "description": "The intended audience for the OIDC token (the 'aud' claim). If omitted, defaults to the server's url field.",
+          "format": "uri"
+        }
+      },
+      "required": ["type"],
+      "additionalProperties": false
+    },
     "github_token": {
       "type": "string",
       "pattern": "^\\$\\{\\{\\s*(secrets\\.[A-Za-z_][A-Za-z0-9_]*(\\s*\\|\\|\\s*secrets\\.[A-Za-z_][A-Za-z0-9_]*)*|needs\\.[A-Za-z_][A-Za-z0-9_]*\\.outputs\\.[A-Za-z_][A-Za-z0-9_]*)\\s*\\}\\}$",
