Remove start_serena_server.sh and Serena local mode (supply chain risk)#19072
Remove start_serena_server.sh and Serena local mode (supply chain risk)#19072
start_serena_server.sh and Serena local mode (supply chain risk)#19072Conversation
…isk) The script used unpinned uvx from git+https://github.com/oraios/serena without version pinning. As confirmed by @pelikhan, only Docker container mode is supported for Serena - the local mode using uvx is dead code. - Delete actions/setup/sh/start_serena_server.sh - Remove generateSerenaLocalModeSteps() from mcp_serena_config.go - Remove the call to it in mcp_setup_generator.go - Update test assertions in importable_tools_test.go Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
start_serena_server.sh (supply chain risk)
|
@copilot review front matter and remove option to start Serena locally |
Remove all support for the 'local' mode in the Serena tool configuration. Only Docker container mode is supported for starting Serena. - Remove Mode field from SerenaToolConfig (tools_types.go, tools_parser.go) - Delete mcp_serena_config.go (was empty after removing isSerenaInLocalMode) - Simplify renderSerenaMCPConfigWithOptions to always use docker (mcp_config_serena_renderer.go) - Simplify renderSerenaTOML to always use docker (mcp_renderer.go) - Simplify collectDockerImages - always add Serena container image (docker.go) - Remove GH_AW_SERENA_PORT env var injection (mcp_environment.go) - Remove detectSerenaLanguageRuntimes and local mode detection (runtime_detection.go) - Remove Serena local mode strict validation (strict_mode_validation.go) - Update JSON schema to only allow 'docker' mode enum - Update docs to remove mention of 'local' mode - Remove all tests for local mode behavior Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 3eae720. Removed the
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
start_serena_server.sh (supply chain risk)start_serena_server.sh and Serena local mode (supply chain risk)
|
@copilot add codemod that updates local to docker |
Adds `serena-local-to-docker` codemod that replaces `mode: local` with `mode: docker` in tools.serena frontmatter configurations. The local mode executed serena from an unpinned git repository (supply chain risk) and has been removed; this codemod allows `gh aw fix` to automatically update existing workflow files. - New codemod in codemod_serena_local_mode.go with 7 test cases - Registered in GetAllCodemods() and fix_codemods_test.go counts updated Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 0159ec1. Added |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
|
✅ #19072 · ✅ #19079 · ❌ Serena MCP · ✅ Playwright · ✅ Web Fetch · ✅ File Write · ✅ Bash · ✅ Discussion · ✅ Build · ✅ Create Discussion · ✅ Workflow Dispatch · ✅ PR Review Overall: cc
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR removes Serena local mode (supply chain risk mitigation). The codemod for migrating mode: local to mode: docker is well-structured. Minor concern about string-based replacement precision noted inline.
📰 BREAKING: Report filed by Smoke Copilot
|
|
||
| modeValue, hasMode := serenaMap["mode"] | ||
| if !hasMode { | ||
| return content, false, nil |
There was a problem hiding this comment.
The content-based string replacement approach is straightforward and effective for this migration. One consideration: if a workflow has multiple serena: blocks or if mode: local appears in a comment or string value unrelated to serena config, the regex could match false positives. The frontmatter check above helps guard against this, but the actual replacement relies solely on string matching. Consider adding a more precise regex that requires the mode: line to be within a serena configuration context (e.g., checking indentation).
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Commit pushed:
|
Smoke Test Results — Run §22547662764Overall: PARTIAL (1 failed, 1 skipped) Core tests #1–10: PR review tests #11–17:
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal! The supply chain security improvements in this PR look solid — removing start_serena_server.sh and the local mode eliminates the unpinned uvx-from-git risk. The new codemod cleanly migrates any existing mode: local configurations to mode: docker.
💥 [THE END] — Illustrated by Smoke Claude
There was a problem hiding this comment.
Pull request overview
Removes the insecure Serena “local/uvx” execution path (which executed unpinned code at runtime) and standardizes Serena support on container-only (“docker”) mode, with schema/docs updates and an automatic migration codemod.
Changes:
- Removed Serena local mode support across workflow compilation/rendering (including deleting the
start_serena_server.shscript and local-mode code paths). - Updated schema + documentation so Serena
modeonly allows"docker", and removed tests that exercised local-mode behavior. - Added a
serena-local-to-dockercodemod sogh aw fixcan migrate existing workflows frommode: localtomode: docker.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/tools_types.go | Removes SerenaToolConfig.Mode field so local mode can’t be represented in typed config. |
| pkg/workflow/tools_parser.go | Stops parsing tools.serena.mode, aligning parser with container-only support. |
| pkg/workflow/strict_mode_validation.go | Removes strict-mode rejection logic for mode: local (schema now enforces docker-only). |
| pkg/workflow/strict_mode_serena_test.go | Deletes strict-mode test coverage for rejecting Serena local mode. |
| pkg/workflow/runtime_detection.go | Removes uv/language runtime detection for Serena local mode. |
| pkg/workflow/mcp_setup_generator.go | Removes generation of Serena local startup steps. |
| pkg/workflow/mcp_serena_config.go | Deletes local-mode helper/step generator code entirely. |
| pkg/workflow/mcp_renderer.go | Removes local-mode branching in Serena TOML rendering (always container config). |
| pkg/workflow/mcp_environment.go | Removes injection of Serena local-mode port env var. |
| pkg/workflow/mcp_config_serena_renderer.go | Updates Serena MCP config rendering docs/logic to docker-only behavior. |
| pkg/workflow/mcp_config_comprehensive_test.go | Removes local-mode Serena MCP config expectations; keeps docker-mode coverage. |
| pkg/workflow/importable_tools_test.go | Removes import/compile tests that depended on Serena local-mode behavior. |
| pkg/workflow/docker_predownload_test.go | Removes docker-image collection test case for Serena local mode. |
| pkg/workflow/docker.go | Always includes Serena container image when Serena tool is present. |
| pkg/parser/schemas/main_workflow_schema.json | Restricts tools.serena.mode enum to ["docker"] and updates description. |
| pkg/cli/fix_codemods_test.go | Updates codemod count/order expectations to include the new Serena codemod. |
| pkg/cli/fix_codemods.go | Registers the new serena-local-to-docker codemod in GetAllCodemods(). |
| pkg/cli/codemod_serena_local_mode_test.go | Adds unit tests for Serena local→docker migration behavior. |
| pkg/cli/codemod_serena_local_mode.go | Implements the serena-local-to-docker codemod. |
| docs/src/content/docs/reference/frontmatter-full.md | Removes documentation implying Serena “local” mode is supported. |
| actions/setup/sh/start_serena_server.sh | Deletes the unpinned uvx --from git+https://... startup script (supply-chain vector). |
| .changeset/patch-remove-serena-local-mode.md | Adds changeset entry documenting the security-driven removal + migration codemod. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // Supports two modes: | ||
| // - "docker" (default): Uses Docker container with stdio transport (ghcr.io/github/serena-mcp-server:latest) | ||
| // - "local": Uses local uvx with HTTP transport on fixed port | ||
| // Uses Docker container with stdio transport (ghcr.io/github/serena-mcp-server:latest) |
There was a problem hiding this comment.
This updated function docstring hard-codes the example image to ghcr.io/github/serena-mcp-server:latest, but the implementation selects a container dynamically via selectSerenaContainer() (which can return other images). Please revise the comment to reflect the actual behavior (e.g., "uses a Serena MCP server container selected based on languages").
| // Uses Docker container with stdio transport (ghcr.io/github/serena-mcp-server:latest) | |
| // Uses a Serena MCP server container (selected based on requested languages) with stdio transport |
| trimmedValue := strings.TrimSpace(valueSection) | ||
| if trimmedValue != oldValue { | ||
| return line, false | ||
| } | ||
|
|
||
| // Preserve the whitespace between the colon and the value | ||
| spaceBeforeValue := valueSection[:strings.Index(valueSection, trimmedValue)] | ||
| newLine := leadingSpace + key + ":" + spaceBeforeValue + newValue |
There was a problem hiding this comment.
The codemod only replaces unquoted mode: local. If a workflow uses quoted YAML like mode: "local" / mode: 'local' (common given docs show quoted strings), findAndReplaceValueInLine() won't match and the migration silently won't apply, leaving the workflow failing schema validation. Consider normalizing the value by stripping optional quotes before comparing, and preserve the original quoting style when writing the replacement.
| trimmedValue := strings.TrimSpace(valueSection) | |
| if trimmedValue != oldValue { | |
| return line, false | |
| } | |
| // Preserve the whitespace between the colon and the value | |
| spaceBeforeValue := valueSection[:strings.Index(valueSection, trimmedValue)] | |
| newLine := leadingSpace + key + ":" + spaceBeforeValue + newValue | |
| rawValue := strings.TrimSpace(valueSection) | |
| // Detect optional surrounding quotes and normalize value for comparison. | |
| normalizedValue := rawValue | |
| var quoteChar byte | |
| if len(rawValue) >= 2 { | |
| first := rawValue[0] | |
| last := rawValue[len(rawValue)-1] | |
| if (first == '"' || first == '\'') && first == last { | |
| quoteChar = first | |
| normalizedValue = rawValue[1 : len(rawValue)-1] | |
| } | |
| } | |
| if normalizedValue != oldValue { | |
| return line, false | |
| } | |
| // Preserve the whitespace between the colon and the value by finding | |
| // the index of the first non-space character in the value section. | |
| spaceIdx := 0 | |
| for spaceIdx < len(valueSection) && (valueSection[spaceIdx] == ' ' || valueSection[spaceIdx] == '\t') { | |
| spaceIdx++ | |
| } | |
| spaceBeforeValue := valueSection[:spaceIdx] | |
| // Preserve original quoting style, if any, when writing the new value. | |
| replacementValue := newValue | |
| if quoteChar != 0 { | |
| replacementValue = string(quoteChar) + newValue + string(quoteChar) | |
| } | |
| newLine := leadingSpace + key + ":" + spaceBeforeValue + replacementValue |
| @@ -276,58 +276,44 @@ func (r *MCPConfigRendererUnified) RenderSerenaMCP(yaml *strings.Builder, serena | |||
| func (r *MCPConfigRendererUnified) renderSerenaTOML(yaml *strings.Builder, serenaTool any) { | |||
There was a problem hiding this comment.
The doc comment for renderSerenaTOML (immediately above this function) still describes a "local" mode, but the implementation now always renders the Docker/container configuration. Please update/remove the stale local-mode documentation so comments match behavior.
See below for a potential fix:
// using a Docker container with stdio transport. It selects an appropriate
// Serena container image based on the requested languages and configures
// workspace mounts using GITHUB_WORKSPACE.
actions/setup/sh/start_serena_server.shfetched and executed code from the tip ofgithub.com/oraios/serenaat runtime with no version pin — a direct supply chain attack vector. Only Docker container mode is supported for Serena; the local/uvx mode was dead code and has been removed entirely.Changes
actions/setup/sh/start_serena_server.sh— the unpinneduvx --from git+https://github.com/oraios/serenascriptgenerateSerenaLocalModeSteps()frommcp_serena_config.goand its call inmcp_setup_generator.goModefield fromSerenaToolConfig(tools_types.go,tools_parser.go) — local mode is no longer a valid optionisSerenaInLocalMode()helper and all local-mode code paths: HTTP transport config inmcp_config_serena_renderer.goandmcp_renderer.go,GH_AW_SERENA_PORTenv var injection inmcp_environment.go, uvx/language runtime detection inruntime_detection.go, and strict-mode rejection instrict_mode_validation.gocollectDockerImagesindocker.go— always adds the Serena container image (no local-mode exception)main_workflow_schema.json) — Serenamodeenum restricted to["docker"]onlyfrontmatter-full.md) — removed mention of"local"modeserena-local-to-dockercodemod (pkg/cli/codemod_serena_local_mode.go) — automatically replacestools.serena.mode: localwithtools.serena.mode: dockerin existing workflow files whengh aw fixis run; preserves inline comments and only targets thetools.serenablockOriginal prompt
This section details on the original issue you should resolve
<issue_title>🚨 [SECURITY] Security Red Team Findings - 2026-03-01 (Weekly Full Scan)</issue_title>
<issue_description>### Scan Overview
The weekly full security red team scan (Sunday, 2026-03-01) completed analysis of 459 files across
actions/setup/jsandactions/setup/shusing all 6 rotating techniques. 1 supply chain risk was identified requiring human review..cjs.shFinding 1: Unpinned External Supply Chain Dependency
Severity: Medium-High
Category: SUPPLY_CHAIN_RISK
File:
actions/setup/sh/start_serena_server.sh:24Code
Remediation Tasks
@pelikhanPlease review and act on the following:Task 1: Verify that
github.com/oraios/serenais an intentionally chosen and trusted third-party dependencyoraiosorganization and repository are trusted for use in CI/CD workflowsTask 2: Pin to a specific version tag or commit SHA
git+https://github.com/oraios/serenawith a pinned reference such asgit+https://github.com/oraios/serena@v1.2.3or a specific commit SHAuvx --from git+https://github.com/oraios/serena@(SHA) serena start-mcp-serverTask 3: Assess whether the
DEBUG="*"environment variable is safe to use in CI/tmp/gh-aw/serena/logs/server.logdoes not expose secrets or tokensDEBUG="*"in production or scoping it to specific debug namespacesTask 4: Review PR Warn on malformed
#aw_*references in body text #19035 to confirm the addition ofstart_serena_server.shwas intentional#aw_*reference warnings)All-Clear Items
View Passing Checks (Pattern Analysis)
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
✨ PR Review Safe Output Test - Run 22547662764
Changeset
tools.serena.mode: localtodockerso existing workflows continue to work.Warning
The following domains were blocked by the firewall during workflow execution:
codeload.github.comgithub.comTo allow these domains, add them to the
network.allowedlist in your workflow frontmatter:See Network Configuration for more information.