Bug

The Playwright MCP server fails with EACCES: permission denied when trying to write screenshot/log files to /tmp/gh-aw/mcp-logs/playwright/.

Root Cause

In pkg/workflow/mcp_setup_generator.go:535, the compiled workflow creates the playwright output directory on the host:

mkdir -p /tmp/gh-aw/mcp-logs/playwright

This inherits the runner's default umask (typically 0022), creating the directory with 755 permissions. However, the Playwright Docker container (mcr.microsoft.com/playwright/mcp) runs as a non-root user and cannot write to this directory.

The parent directory /tmp/gh-aw/mcp-logs is correctly set to 0777 by AWF's docker-manager.ts, but this doesn't propagate to subdirectories created by the workflow.

Reproduction

Any workflow using tools: playwright will hit this:

tools:
  playwright:

The agent logs show repeated failures like:

EACCES: permission denied, open '/tmp/gh-aw/mcp-logs/playwright/page-2026-04-08T21-45-41-884Z.yml'

Fix

Add chmod 777 after the mkdir in mcp_setup_generator.go:

if slices.Contains(mcpTools, "playwright") {
    yaml.WriteString("          mkdir -p /tmp/gh-aw/mcp-logs/playwright\n")
    yaml.WriteString("          chmod 777 /tmp/gh-aw/mcp-logs/playwright\n")
}

I have a local fix with passing tests — happy to open a PR.