[aw-daily] GAP-1: production-gotchas.md missing MCP gateway port 8080 AWF firewall gotcha

[github-actions]

Gap Details

Type: missing (priority 1)
File: skills/aw-author/references/production-gotchas.md
Section: MCP Server Constraints

Current Content

production-gotchas.md documents MCP server startup failures (stdout constraint, JSON escaping) but does not document the MCP gateway port change from 80 to 8080 and the resulting AWF firewall blockage.

Expected Change

Add a gotcha entry documenting:

Gotcha: MCP Gateway Port 8080 — AWF Firewall Blocks Traffic

• A prior gh-aw change (PR #27058) moved the MCP gateway from port 80 to port 8080 (non-privileged)
• AWF --enable-host-access only whitelists ports 80 and 443 by default — traffic on 8080 is blocked
• Symptom: MCP tools completely unavailable AND safe-output calls silently time out; no obvious error in workflow logs — check agent-artifacts/mcp-logs/ for connection refused on port 8080
• Affected versions: gh-aw between the port change and v0.25.25
• Fix: gh aw upgrade to v0.25.25+ (adds --allow-host-ports 80,443,8080 to AWF command)
• Custom port: Respects sandbox.mcp.port configuration if set

Source

• github/gh-aw@a77850e

Acceptance Criteria

• Gotcha entry added to production-gotchas.md MCP Server Constraints section
• Includes symptom (silent MCP+safe-output failures), affected versions, and fix (gh aw upgrade)
• Notes custom sandbox.mcp.port behavior

Note: This gap was identified and implemented in PR docs(references): daily intelligence update 2026-04-19.

Generated by Daily Intelligence Pipeline · ● 2.5M · ◷