Merge pull request #154 from actions/dependabot/github_actions/actions-minor-06987af645

chore(deps): bump the actions-minor group across 1 directory with 3 updates

.github/workflows/check-dist.yml

@@ -28,11 +28,11 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         id: setup-node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
@@ -43,7 +43,7 @@ jobs:
 
       - name: Build dist/ Directory
         id: build
-        run: npm run bundle
+        run: npm run package
 
       # This will fail the workflow if the `dist/` directory is different than
       # expected.
@@ -66,7 +66,7 @@ jobs:
       - if: ${{ failure() && steps.diff.outcome == 'failure' }}
         name: Upload Artifact
         id: upload
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: dist
           path: dist/

.github/workflows/ci.yml

@@ -20,11 +20,11 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         id: setup-node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
@@ -54,22 +54,53 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+
+      - name: Start Mock Inference Server
+        id: mock-server
+        run: |
+          node script/mock-inference-server.mjs &
+          echo "pid=$!" >> $GITHUB_OUTPUT
+          # Wait for server to be ready
+          for i in {1..10}; do
+            if curl -s http://localhost:3456/health > /dev/null; then
+              echo "Mock server is ready"
+              break
+            fi
+            sleep 1
+          done
 
       - name: Test Local Action
         id: test-action
-        continue-on-error: true
         uses: ./
         with:
           prompt: hello
+          endpoint: http://localhost:3456
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Print Output
         id: output
-        continue-on-error: true
         run: echo "${{ steps.test-action.outputs.response }}"
 
+      - name: Verify Output
+        run: |
+          response="${{ steps.test-action.outputs.response }}"
+          if [[ -z "$response" ]]; then
+            echo "Error: No response received"
+            exit 1
+          fi
+          echo "Response received: $response"
+
+      - name: Stop Mock Server
+        if: always()
+        run: kill ${{ steps.mock-server.outputs.pid }} || true
+
   test-action-prompt-file:
     name: GitHub Actions Test with Prompt File
     runs-on: ubuntu-latest
@@ -77,7 +108,26 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+
+      - name: Start Mock Inference Server
+        id: mock-server
+        run: |
+          node script/mock-inference-server.mjs &
+          echo "pid=$!" >> $GITHUB_OUTPUT
+          # Wait for server to be ready
+          for i in {1..10}; do
+            if curl -s http://localhost:3456/health > /dev/null; then
+              echo "Mock server is ready"
+              break
+            fi
+            sleep 1
+          done
 
       - name: Create Prompt File
         run: echo "hello" > prompt.txt
@@ -87,16 +137,33 @@ jobs:
 
       - name: Test Local Action with Prompt File
         id: test-action-prompt-file
-        continue-on-error: true
         uses: ./
         with:
           prompt-file: prompt.txt
           system-prompt-file: system-prompt.txt
+          endpoint: http://localhost:3456
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Print Output
-        continue-on-error: true
         run: |
           echo "Response saved to: ${{ steps.test-action-prompt-file.outputs.response-file }}"
           cat "${{ steps.test-action-prompt-file.outputs.response-file }}"
+
+      - name: Verify Output
+        run: |
+          response_file="${{ steps.test-action-prompt-file.outputs.response-file }}"
+          if [[ ! -f "$response_file" ]]; then
+            echo "Error: Response file not found"
+            exit 1
+          fi
+          content=$(cat "$response_file")
+          if [[ -z "$content" ]]; then
+            echo "Error: Response file is empty"
+            exit 1
+          fi
+          echo "Response file content: $content"
+
+      - name: Stop Mock Server
+        if: always()
+        run: kill ${{ steps.mock-server.outputs.pid }} || true

.github/workflows/codeql-analysis.yml

@@ -25,24 +25,24 @@ jobs:
       fail-fast: false
       matrix:
         language:
-          - TypeScript
+          - TypeScript, actions
 
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
         id: initialize
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           source-root: src
 
       - name: Autobuild
         id: autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
         id: analyze
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4

.github/workflows/licensed.yml

@@ -27,11 +27,11 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         id: setup-node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
@@ -42,11 +42,11 @@ jobs:
 
       - name: Setup Ruby
         id: setup-ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6
         with:
           ruby-version: ruby
 
-      - uses: licensee/setup-licensed@v1.3.2
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8
         with:
           version: 4.x
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/linter.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -38,7 +38,7 @@ jobs:
 
       - name: Lint Codebase
         id: super-linter
-        uses: super-linter/super-linter/slim@5119dcd8011e92182ce8219d9e9efc82f16fddb6
+        uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9
         env:
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: dist/**/*

.github/workflows/release-new-action-version.yml

@@ -16,6 +16,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
-        uses: actions/publish-action@v0.3.0
+        uses: actions/publish-action@v0.4.0
         with:
           source-tag: ${{ env.TAG_NAME }}

.licenses/npm/@hono/node-server.dep.yml

@@ -0,0 +1,11 @@
+---
+name: "@hono/node-server"
+version: 1.19.7
+type: npm
+summary: Node.js Adapter for Hono
+homepage: https://github.com/honojs/node-server
+license: mit
+licenses:
+- sources: README.md
+  text: MIT
+notices: []

.licenses/npm/@modelcontextprotocol/sdk.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@modelcontextprotocol/sdk"
-version: 1.15.1
+version: 1.25.2
 type: npm
 summary: Model Context Protocol implementation for TypeScript
 homepage: https://modelcontextprotocol.io

.licenses/npm/@types/tmp.dep.yml

@@ -0,0 +1,32 @@
+---
+name: "@types/tmp"
+version: 0.2.6
+type: npm
+summary: TypeScript definitions for tmp
+homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp
+license: mit
+licenses:
+- sources: LICENSE
+  text: |2
+        MIT License
+
+        Copyright (c) Microsoft Corporation.
+
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE
+notices: []

.licenses/npm/ajv-formats.dep.yml

@@ -0,0 +1,34 @@
+---
+name: ajv-formats
+version: 3.0.1
+type: npm
+summary: Format validation for Ajv v7+
+homepage: https://github.com/ajv-validator/ajv-formats#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2020 Evgeny Poberezkin
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: "[MIT](https://github.com/ajv-validator/ajv-formats/blob/master/LICENSE)"
+notices: []

.licenses/npm/ajv.dep.yml

@@ -1,16 +1,16 @@
 ---
 name: ajv
-version: 6.12.6
+version: 8.17.1
 type: npm
 summary: Another JSON Schema Validator
-homepage: https://github.com/ajv-validator/ajv
+homepage: https://ajv.js.org
 license: mit
 licenses:
 - sources: LICENSE
   text: |+
     The MIT License (MIT)
 
-    Copyright (c) 2015-2017 Evgeny Poberezkin
+    Copyright (c) 2015-2021 Evgeny Poberezkin
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -31,6 +31,6 @@ licenses:
     SOFTWARE.
 
 - sources: README.md
-  text: "[MIT](https://github.com/ajv-validator/ajv/blob/master/LICENSE)"
+  text: "[MIT](./LICENSE)"
 notices: []
 ...

.licenses/npm/body-parser.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: body-parser
-version: 2.2.0
+version: 2.2.1
 type: npm
 summary: Node.js body parsing middleware
 homepage:
@@ -35,15 +35,13 @@ licenses:
   text: |-
     [MIT](LICENSE)
 
-    [ci-image]: https://badgen.net/github/checks/expressjs/body-parser/master?label=ci
+    [ci-image]: https://img.shields.io/github/actions/workflow/status/expressjs/body-parser/ci.yml?branch=master&label=ci
     [ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml
-    [coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/body-parser/master
+    [coveralls-image]: https://img.shields.io/coverallsCoverage/github/expressjs/body-parser?branch=master
     [coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master
-    [node-version-image]: https://badgen.net/npm/node/body-parser
-    [node-version-url]: https://nodejs.org/en/download
-    [npm-downloads-image]: https://badgen.net/npm/dm/body-parser
+    [npm-downloads-image]: https://img.shields.io/npm/dm/body-parser
     [npm-url]: https://npmjs.org/package/body-parser
-    [npm-version-image]: https://badgen.net/npm/v/body-parser
+    [npm-version-image]: https://img.shields.io/npm/v/body-parser
     [ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/body-parser/badge
     [ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser
 notices: []

.licenses/npm/debug.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: debug
-version: 4.4.1
+version: 4.4.3
 type: npm
 summary: Lightweight debugging utility for Node.js and the browser
 homepage:

.licenses/npm/express.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: express
-version: 5.1.0
+version: 5.2.1
 type: npm
 summary: Fast, unopinionated, minimalist web framework
 homepage: https://expressjs.com/
@@ -36,15 +36,16 @@ licenses:
   text: |-
     [MIT](LICENSE)
 
-    [coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
+    [coveralls-image]: https://img.shields.io/coverallsCoverage/github/expressjs/express?branch=master
     [coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
-    [github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=CI
+    [github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/expressjs/express/ci.yml?branch=master&label=ci
     [github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
-    [npm-downloads-image]: https://badgen.net/npm/dm/express
+    [npm-downloads-image]: https://img.shields.io/npm/dm/express
     [npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
     [npm-url]: https://npmjs.org/package/express
-    [npm-version-image]: https://badgen.net/npm/v/express
+    [npm-version-image]: https://img.shields.io/npm/v/express
     [ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/express/badge
     [ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/express
-    [Code of Conduct]: https://github.com/expressjs/express/blob/master/Code-Of-Conduct.md
+    [Code of Conduct]: https://github.com/expressjs/.github/blob/HEAD/CODE_OF_CONDUCT.md
+    [Contributing Guide]: https://github.com/expressjs/.github/blob/HEAD/CONTRIBUTING.md
 notices: []

.licenses/npm/fast-json-stable-stringify.dep.yml

@@ -1,35 +0,0 @@
----
-name: fast-json-stable-stringify
-version: 2.1.0
-type: npm
-summary: deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify
-  without jsonify
-homepage: https://github.com/epoberezkin/fast-json-stable-stringify
-license: other
-licenses:
-- sources: LICENSE
-  text: |
-    This software is released under the MIT license:
-
-    Copyright (c) 2017 Evgeny Poberezkin
-    Copyright (c) 2013 James Halliday
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy of
-    this software and associated documentation files (the "Software"), to deal in
-    the Software without restriction, including without limitation the rights to
-    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-    the Software, and to permit persons to whom the Software is furnished to do so,
-    subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-    COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-    IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-    CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-- sources: README.md
-  text: "[MIT](https://github.com/epoberezkin/fast-json-stable-stringify/blob/master/LICENSE)"
-notices: []

.licenses/npm/fast-uri.dep.yml

@@ -0,0 +1,45 @@
+---
+name: fast-uri
+version: 3.1.0
+type: npm
+summary: Dependency-free RFC 3986 URI toolbox
+homepage: https://github.com/fastify/fast-uri
+license: other
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright (c) 2011-2021, Gary Court until https://github.com/garycourt/uri-js/commit/a1acf730b4bba3f1097c9f52e7d9d3aba8cdcaae
+    Copyright (c) 2021-present The Fastify team
+    All rights reserved.
+
+    The Fastify team members are listed at https://github.com/fastify/fastify#team.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+        * Redistributions of source code must retain the above copyright
+          notice, this list of conditions and the following disclaimer.
+        * Redistributions in binary form must reproduce the above copyright
+          notice, this list of conditions and the following disclaimer in the
+          documentation and/or other materials provided with the distribution.
+        * The names of any contributors may not be used to endorse or promote
+          products derived from this software without specific prior written
+          permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY
+    DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+    ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+                                      *   *   *
+
+    The complete list of contributors can be found at:
+    - https://github.com/garycourt/uri-js/graphs/contributors
+- sources: README.md
+  text: Licensed under [BSD-3-Clause](./LICENSE).
+notices: []

.licenses/npm/hono.dep.yml

@@ -0,0 +1,34 @@
+---
+name: hono
+version: 4.11.3
+type: npm
+summary: Web framework built on Web Standards
+homepage: https://hono.dev
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2021 - present, Yusuke Wada and Hono contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: Distributed under the MIT License. See [LICENSE](LICENSE) for more information.
+notices: []

.licenses/npm/http-errors.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: http-errors
-version: 2.0.0
+version: 2.0.1
 type: npm
 summary: Create HTTP error objects
 homepage:

.licenses/npm/iconv-lite.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: iconv-lite
-version: 0.6.3
+version: 0.7.0
 type: npm
 summary: Convert character encodings in pure javascript.
-homepage: https://github.com/ashtuchkin/iconv-lite
+homepage: https://github.com/pillarjs/iconv-lite
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/jose.dep.yml

@@ -0,0 +1,33 @@
+---
+name: jose
+version: 6.1.3
+type: npm
+summary: JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno,
+  Bun, and other Web-interoperable runtimes
+homepage: https://github.com/panva/jose
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2018 Filip Skokan
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/js-yaml.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: js-yaml
-version: 4.1.0
+version: 4.1.1
 type: npm
 summary: YAML 1.2 parser and serializer
 homepage:

.licenses/npm/json-schema-traverse.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: json-schema-traverse
-version: 0.4.1
+version: 1.0.0
 type: npm
 summary: Traverse JSON Schema passing each schema object to callback
 homepage: https://github.com/epoberezkin/json-schema-traverse#readme

.licenses/npm/json-schema-typed.dep.yml

@@ -0,0 +1,73 @@
+---
+name: json-schema-typed
+version: 8.0.2
+type: npm
+summary: JSON Schema TypeScript definitions with complete inline documentation.
+homepage: https://github.com/RemyRylan/json-schema-typed/tree/main/dist/node
+license: other
+licenses:
+- sources: LICENSE.md
+  text: |
+    BSD 2-Clause License
+
+    Original source code is copyright (c) 2019-2025 Remy Rylan
+    <https://github.com/RemyRylan>
+
+    All JSON Schema documentation and descriptions are copyright (c):
+
+    2009 [draft-0] IETF Trust <https://www.ietf.org/>, Kris Zyp <kris@sitepen.com>,
+    and SitePen (USA) <https://www.sitepen.com/>.
+
+    2009 [draft-1] IETF Trust <https://www.ietf.org/>, Kris Zyp <kris@sitepen.com>,
+    and SitePen (USA) <https://www.sitepen.com/>.
+
+    2010 [draft-2] IETF Trust <https://www.ietf.org/>, Kris Zyp <kris@sitepen.com>,
+    and SitePen (USA) <https://www.sitepen.com/>.
+
+    2010 [draft-3] IETF Trust <https://www.ietf.org/>, Kris Zyp <kris@sitepen.com>,
+    Gary Court <gary.court@gmail.com>, and SitePen (USA) <https://www.sitepen.com/>.
+
+    2013 [draft-4] IETF Trust <https://www.ietf.org/>), Francis Galiegue
+    <fgaliegue@gmail.com>, Kris Zyp <kris@sitepen.com>, Gary Court
+    <gary.court@gmail.com>, and SitePen (USA) <https://www.sitepen.com/>.
+
+    2018 [draft-7] IETF Trust <https://www.ietf.org/>, Austin Wright <aaa@bzfx.net>,
+    Henry Andrews <henry@cloudflare.com>, Geraint Luff <luffgd@gmail.com>, and
+    Cloudflare, Inc. <https://www.cloudflare.com/>.
+
+    2019 [draft-2019-09] IETF Trust <https://www.ietf.org/>, Austin Wright
+    <aaa@bzfx.net>, Henry Andrews <andrews_henry@yahoo.com>, Ben Hutton
+    <bh7@sanger.ac.uk>, and Greg Dennis <gregsdennis@yahoo.com>.
+
+    2020 [draft-2020-12] IETF Trust <https://www.ietf.org/>, Austin Wright
+    <aaa@bzfx.net>, Henry Andrews <andrews_henry@yahoo.com>, Ben Hutton
+    <ben@jsonschema.dev>, and Greg Dennis <gregsdennis@yahoo.com>.
+
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without modification,
+    are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice, this
+       list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright notice,
+       this list of conditions and the following disclaimer in the documentation
+       and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+    ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- sources: README.md
+  text: |-
+    [BSD-2-Clause][license]
+
+    [license]: https://github.com/RemyRylan/json-schema-typed/blob/main/dist/node/LICENSE.md
+notices: []

.licenses/npm/openai.dep.yml

@@ -0,0 +1,212 @@
+---
+name: openai
+version: 5.11.0
+type: npm
+summary: The official TypeScript library for the OpenAI API
+homepage:
+license: apache-2.0
+licenses:
+- sources: LICENSE
+  text: |2
+                                     Apache License
+                               Version 2.0, January 2004
+                            http://www.apache.org/licenses/
+
+       TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+       1. Definitions.
+
+          "License" shall mean the terms and conditions for use, reproduction,
+          and distribution as defined by Sections 1 through 9 of this document.
+
+          "Licensor" shall mean the copyright owner or entity authorized by
+          the copyright owner that is granting the License.
+
+          "Legal Entity" shall mean the union of the acting entity and all
+          other entities that control, are controlled by, or are under common
+          control with that entity. For the purposes of this definition,
+          "control" means (i) the power, direct or indirect, to cause the
+          direction or management of such entity, whether by contract or
+          otherwise, or (ii) ownership of fifty percent (50%) or more of the
+          outstanding shares, or (iii) beneficial ownership of such entity.
+
+          "You" (or "Your") shall mean an individual or Legal Entity
+          exercising permissions granted by this License.
+
+          "Source" form shall mean the preferred form for making modifications,
+          including but not limited to software source code, documentation
+          source, and configuration files.
+
+          "Object" form shall mean any form resulting from mechanical
+          transformation or translation of a Source form, including but
+          not limited to compiled object code, generated documentation,
+          and conversions to other media types.
+
+          "Work" shall mean the work of authorship, whether in Source or
+          Object form, made available under the License, as indicated by a
+          copyright notice that is included in or attached to the work
+          (an example is provided in the Appendix below).
+
+          "Derivative Works" shall mean any work, whether in Source or Object
+          form, that is based on (or derived from) the Work and for which the
+          editorial revisions, annotations, elaborations, or other modifications
+          represent, as a whole, an original work of authorship. For the purposes
+          of this License, Derivative Works shall not include works that remain
+          separable from, or merely link (or bind by name) to the interfaces of,
+          the Work and Derivative Works thereof.
+
+          "Contribution" shall mean any work of authorship, including
+          the original version of the Work and any modifications or additions
+          to that Work or Derivative Works thereof, that is intentionally
+          submitted to Licensor for inclusion in the Work by the copyright owner
+          or by an individual or Legal Entity authorized to submit on behalf of
+          the copyright owner. For the purposes of this definition, "submitted"
+          means any form of electronic, verbal, or written communication sent
+          to the Licensor or its representatives, including but not limited to
+          communication on electronic mailing lists, source code control systems,
+          and issue tracking systems that are managed by, or on behalf of, the
+          Licensor for the purpose of discussing and improving the Work, but
+          excluding communication that is conspicuously marked or otherwise
+          designated in writing by the copyright owner as "Not a Contribution."
+
+          "Contributor" shall mean Licensor and any individual or Legal Entity
+          on behalf of whom a Contribution has been received by Licensor and
+          subsequently incorporated within the Work.
+
+       2. Grant of Copyright License. Subject to the terms and conditions of
+          this License, each Contributor hereby grants to You a perpetual,
+          worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+          copyright license to reproduce, prepare Derivative Works of,
+          publicly display, publicly perform, sublicense, and distribute the
+          Work and such Derivative Works in Source or Object form.
+
+       3. Grant of Patent License. Subject to the terms and conditions of
+          this License, each Contributor hereby grants to You a perpetual,
+          worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+          (except as stated in this section) patent license to make, have made,
+          use, offer to sell, sell, import, and otherwise transfer the Work,
+          where such license applies only to those patent claims licensable
+          by such Contributor that are necessarily infringed by their
+          Contribution(s) alone or by combination of their Contribution(s)
+          with the Work to which such Contribution(s) was submitted. If You
+          institute patent litigation against any entity (including a
+          cross-claim or counterclaim in a lawsuit) alleging that the Work
+          or a Contribution incorporated within the Work constitutes direct
+          or contributory patent infringement, then any patent licenses
+          granted to You under this License for that Work shall terminate
+          as of the date such litigation is filed.
+
+       4. Redistribution. You may reproduce and distribute copies of the
+          Work or Derivative Works thereof in any medium, with or without
+          modifications, and in Source or Object form, provided that You
+          meet the following conditions:
+
+          (a) You must give any other recipients of the Work or
+              Derivative Works a copy of this License; and
+
+          (b) You must cause any modified files to carry prominent notices
+              stating that You changed the files; and
+
+          (c) You must retain, in the Source form of any Derivative Works
+              that You distribute, all copyright, patent, trademark, and
+              attribution notices from the Source form of the Work,
+              excluding those notices that do not pertain to any part of
+              the Derivative Works; and
+
+          (d) If the Work includes a "NOTICE" text file as part of its
+              distribution, then any Derivative Works that You distribute must
+              include a readable copy of the attribution notices contained
+              within such NOTICE file, excluding those notices that do not
+              pertain to any part of the Derivative Works, in at least one
+              of the following places: within a NOTICE text file distributed
+              as part of the Derivative Works; within the Source form or
+              documentation, if provided along with the Derivative Works; or,
+              within a display generated by the Derivative Works, if and
+              wherever such third-party notices normally appear. The contents
+              of the NOTICE file are for informational purposes only and
+              do not modify the License. You may add Your own attribution
+              notices within Derivative Works that You distribute, alongside
+              or as an addendum to the NOTICE text from the Work, provided
+              that such additional attribution notices cannot be construed
+              as modifying the License.
+
+          You may add Your own copyright statement to Your modifications and
+          may provide additional or different license terms and conditions
+          for use, reproduction, or distribution of Your modifications, or
+          for any such Derivative Works as a whole, provided Your use,
+          reproduction, and distribution of the Work otherwise complies with
+          the conditions stated in this License.
+
+       5. Submission of Contributions. Unless You explicitly state otherwise,
+          any Contribution intentionally submitted for inclusion in the Work
+          by You to the Licensor shall be under the terms and conditions of
+          this License, without any additional terms or conditions.
+          Notwithstanding the above, nothing herein shall supersede or modify
+          the terms of any separate license agreement you may have executed
+          with Licensor regarding such Contributions.
+
+       6. Trademarks. This License does not grant permission to use the trade
+          names, trademarks, service marks, or product names of the Licensor,
+          except as required for reasonable and customary use in describing the
+          origin of the Work and reproducing the content of the NOTICE file.
+
+       7. Disclaimer of Warranty. Unless required by applicable law or
+          agreed to in writing, Licensor provides the Work (and each
+          Contributor provides its Contributions) on an "AS IS" BASIS,
+          WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+          implied, including, without limitation, any warranties or conditions
+          of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+          PARTICULAR PURPOSE. You are solely responsible for determining the
+          appropriateness of using or redistributing the Work and assume any
+          risks associated with Your exercise of permissions under this License.
+
+       8. Limitation of Liability. In no event and under no legal theory,
+          whether in tort (including negligence), contract, or otherwise,
+          unless required by applicable law (such as deliberate and grossly
+          negligent acts) or agreed to in writing, shall any Contributor be
+          liable to You for damages, including any direct, indirect, special,
+          incidental, or consequential damages of any character arising as a
+          result of this License or out of the use or inability to use the
+          Work (including but not limited to damages for loss of goodwill,
+          work stoppage, computer failure or malfunction, or any and all
+          other commercial damages or losses), even if such Contributor
+          has been advised of the possibility of such damages.
+
+       9. Accepting Warranty or Additional Liability. While redistributing
+          the Work or Derivative Works thereof, You may choose to offer,
+          and charge a fee for, acceptance of support, warranty, indemnity,
+          or other liability obligations and/or rights consistent with this
+          License. However, in accepting such obligations, You may act only
+          on Your own behalf and on Your sole responsibility, not on behalf
+          of any other Contributor, and only if You agree to indemnify,
+          defend, and hold each Contributor harmless for any liability
+          incurred by, or claims asserted against, such Contributor by reason
+          of your accepting any such warranty or additional liability.
+
+       END OF TERMS AND CONDITIONS
+
+       APPENDIX: How to apply the Apache License to your work.
+
+          To apply the Apache License to your work, attach the following
+          boilerplate notice, with the fields enclosed by brackets "[]"
+          replaced with your own identifying information. (Don't include
+          the brackets!)  The text should be enclosed in the appropriate
+          comment syntax for the file format. We also recommend that a
+          file or class name and description of purpose be included on the
+          same "printed page" as the copyright notice for easier
+          identification within third-party archives.
+
+       Copyright 2025 OpenAI
+
+       Licensed under the Apache License, Version 2.0 (the "License");
+       you may not use this file except in compliance with the License.
+       You may obtain a copy of the License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+       Unless required by applicable law or agreed to in writing, software
+       distributed under the License is distributed on an "AS IS" BASIS,
+       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+       See the License for the specific language governing permissions and
+       limitations under the License.
+notices: []

.licenses/npm/punycode.dep.yml

@@ -1,34 +0,0 @@
----
-name: punycode
-version: 2.3.1
-type: npm
-summary: A robust Punycode converter that fully complies to RFC 3492 and RFC 5891,
-  and works on nearly all JavaScript platforms.
-homepage: https://mths.be/punycode
-license: mit
-licenses:
-- sources: LICENSE-MIT.txt
-  text: |
-    Copyright Mathias Bynens <https://mathiasbynens.be/>
-
-    Permission is hereby granted, free of charge, to any person obtaining
-    a copy of this software and associated documentation files (the
-    "Software"), to deal in the Software without restriction, including
-    without limitation the rights to use, copy, modify, merge, publish,
-    distribute, sublicense, and/or sell copies of the Software, and to
-    permit persons to whom the Software is furnished to do so, subject to
-    the following conditions:
-
-    The above copyright notice and this permission notice shall be
-    included in all copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-    EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-    NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-    LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-    OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-    WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-- sources: README.md
-  text: Punycode.js is available under the [MIT](https://mths.be/mit) license.
-notices: []

.licenses/npm/qs.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: qs
-version: 6.14.0
+version: 6.14.1
 type: npm
 summary: A querystring parser that supports nesting and arrays, with a depth limit
 homepage: https://github.com/ljharb/qs

.licenses/npm/raw-body.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: raw-body
-version: 3.0.0
+version: 3.0.2
 type: npm
 summary: Get and validate the raw body of a readable stream.
 homepage:

.licenses/npm/require-from-string.dep.yml

@@ -1,18 +1,16 @@
 ---
-name: statuses
-version: 2.0.1
+name: require-from-string
+version: 2.0.2
 type: npm
-summary: HTTP status utility
+summary: Require module from string
 homepage:
 license: mit
 licenses:
-- sources: LICENSE
-  text: |2
-
+- sources: license
+  text: |
     The MIT License (MIT)
 
-    Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-    Copyright (c) 2016 Douglas Christopher Wilson <doug@somethingdoug.com>
+    Copyright (c) Vsevolod Strukchinsky <floatdrop@gmail.com> (github.com/floatdrop)
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -31,17 +29,6 @@ licenses:
     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     THE SOFTWARE.
-- sources: README.md
-  text: |-
-    [MIT](LICENSE)
-
-    [ci-image]: https://badgen.net/github/checks/jshttp/statuses/master?label=ci
-    [ci-url]: https://github.com/jshttp/statuses/actions?query=workflow%3Aci
-    [coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/statuses/master
-    [coveralls-url]: https://coveralls.io/r/jshttp/statuses?branch=master
-    [node-version-image]: https://badgen.net/npm/node/statuses
-    [node-version-url]: https://nodejs.org/en/download
-    [npm-downloads-image]: https://badgen.net/npm/dm/statuses
-    [npm-url]: https://npmjs.org/package/statuses
-    [npm-version-image]: https://badgen.net/npm/v/statuses
+- sources: readme.md
+  text: MIT © [Vsevolod Strukchinsky](http://github.com/floatdrop)
 notices: []

.licenses/npm/tmp.dep.yml

@@ -0,0 +1,32 @@
+---
+name: tmp
+version: 0.2.5
+type: npm
+summary: Temporary file and directory creator
+homepage: http://github.com/raszi/node-tmp
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2014 KARASZI István
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/uri-js.dep.yml

@@ -1,29 +0,0 @@
----
-name: uri-js
-version: 4.4.1
-type: npm
-summary: An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving
-  library for JavaScript.
-homepage: https://github.com/garycourt/uri-js
-license: other
-licenses:
-- sources: LICENSE
-  text: "Copyright 2011 Gary Court. All rights reserved.\n\nRedistribution and use
-    in source and binary forms, with or without modification, are permitted provided
-    that the following conditions are met:\n\n1.\tRedistributions of source code must
-    retain the above copyright notice, this list of conditions and the following disclaimer.\n\n2.\tRedistributions
-    in binary form must reproduce the above copyright notice, this list of conditions
-    and the following disclaimer in the documentation and/or other materials provided
-    with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY GARY COURT \"AS IS\" AND
-    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-    IN NO EVENT SHALL GARY COURT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-    OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-    IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
-    IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
-    OF SUCH DAMAGE.\n\nThe views and conclusions contained in the software and documentation
-    are those of the authors and should not be interpreted as representing official
-    policies, either expressed or implied, of Gary Court.\n"
-notices: []

.licenses/npm/zod-to-json-schema.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: zod-to-json-schema
-version: 3.24.6
+version: 3.25.0
 type: npm
 summary: Converts Zod schemas to Json Schemas
 homepage:

.node-version

@@ -1 +1 @@
-20.9.0
+24.4.0

README.md

@@ -65,6 +65,9 @@ steps:
         var3: |
           Lorem Ipsum
           Hello World
+      file_input: |
+        var4: ./path/to/long-text.txt
+        var5: ./path/to/config.json
 ```
 
 #### Simple prompt.yml example
@@ -116,7 +119,36 @@ jsonSchema: |-
 ```
 
 Variables in prompt.yml files are templated using `{{variable}}` format and are
-supplied via the `input` parameter in YAML format.
+supplied via the `input` parameter in YAML format. Additionally, you can
+provide file-based variables via `file_input`, where each key maps to a file
+path.
+
+### Prompt.yml with model parameters
+
+You can specify model parameters directly in your `.prompt.yml` files using the
+`modelParameters` key:
+
+```yaml
+messages:
+  - role: system
+    content: Be as concise as possible
+  - role: user
+    content: 'Compare {{a}} and {{b}}, please'
+model: openai/gpt-4o
+modelParameters:
+  maxCompletionTokens: 500
+  temperature: 0.7
+```
+
+| Key                   | Type   | Description                                           |
+| --------------------- | ------ | ----------------------------------------------------- |
+| `maxCompletionTokens` | number | The maximum number of tokens to generate              |
+| `maxTokens`           | number | The maximum number of tokens to generate (deprecated) |
+| `temperature`         | number | The sampling temperature to use (0-1)                 |
+| `topP`                | number | The nucleus sampling parameter to use (0-1)           |
+
+> ![Note]
+> Parameters set in `modelParameters` take precedence over the corresponding action inputs.
 
 ### Using a system prompt file
 
@@ -151,12 +183,73 @@ steps:
       cat "${{ steps.inference.outputs.response-file }}"
 ```
 
+### Using custom headers
+
+You can include custom HTTP headers in your API requests, which is useful for integrating with API Management platforms, adding tracking information, or routing requests through custom gateways.
+
+#### YAML format (recommended for multiple headers)
+
+```yaml
+steps:
+  - name: AI Inference with Azure APIM
+    id: inference
+    uses: actions/ai-inference@v1
+    with:
+      prompt: 'Analyze this code for security issues...'
+      endpoint: ${{ secrets.APIM_ENDPOINT }}
+      token: ${{ secrets.APIM_KEY }}
+      custom-headers: |
+        Ocp-Apim-Subscription-Key: ${{ secrets.APIM_SUBSCRIPTION_KEY }}
+        serviceName: code-review-workflow
+        env: production
+        team: security
+        computer: github-actions
+```
+
+#### JSON format (alternative for compact syntax)
+
+```yaml
+steps:
+  - name: AI Inference with Custom Headers
+    id: inference
+    uses: actions/ai-inference@v1
+    with:
+      prompt: 'Hello!'
+      custom-headers: '{"X-Custom-Header": "value", "X-Team": "engineering", "X-Request-ID": "${{ github.run_id }}"}'
+```
+
+#### Use cases for custom headers
+
+- **API Management**: Integrate with Azure APIM, AWS API Gateway, Kong, or other API management platforms
+- **Request tracking**: Add correlation IDs, request IDs, or workflow identifiers
+- **Rate limiting**: Include quota or tier information for custom rate limiting
+- **Multi-tenancy**: Identify teams, services, or environments
+- **Observability**: Add metadata for logging, monitoring, and debugging
+- **Routing**: Control request routing through custom gateways or load balancers
+
+**Header name requirements**: Header names must follow the HTTP token syntax defined in RFC 7230 (which permits underscores). For maximum compatibility with intermediaries and tooling, we recommend using only alphanumeric characters and hyphens.
+
+**Security note**: Always use GitHub secrets for sensitive header values like API keys, tokens, or passwords. The action automatically masks common sensitive headers (containing `key`, `token`, `secret`, `password`, or `authorization`) in logs.
+
 ### GitHub MCP Integration (Model Context Protocol)
 
 This action now supports **read-only** integration with the GitHub-hosted Model
 Context Protocol (MCP) server, which provides access to GitHub tools like
 repository management, issue tracking, and pull request operations.
 
+#### Authentication
+
+You can authenticate the MCP server with **either**:
+
+1. **Personal Access Token (PAT)** – user-scoped token
+2. **GitHub App Installation Token** (`ghs_…`) – short-lived, app-scoped token
+   > The built-in `GITHUB_TOKEN` is **not** accepted by the MCP server.
+   > Using a **GitHub App installation token** is recommended in most CI environments because it is short-lived and least-privilege by design.
+
+#### Enabling MCP in the action
+
+Set `enable-github-mcp: true` and provide a token via `github-mcp-token`.
+
 ```yaml
 steps:
   - name: AI Inference with GitHub Tools
@@ -165,7 +258,7 @@ steps:
     with:
       prompt: 'List my open pull requests and create a summary'
       enable-github-mcp: true
-      token: ${{ secrets.USER_PAT }}
+      token: ${{ secrets.USER_PAT }} # or a ghs_ installation token
 ```
 
 If you want, you can use separate tokens for the AI inference endpoint
@@ -180,9 +273,28 @@ steps:
       prompt: 'List my open pull requests and create a summary'
       enable-github-mcp: true
       token: ${{ secrets.GITHUB_TOKEN }}
-      github-mcp-token: ${{ secrets.USER_PAT }}
+      github-mcp-token: ${{ secrets.USER_PAT }} # or a ghs_ installation token
 ```
 
+#### Configuring GitHub MCP Toolsets
+
+By default, the GitHub MCP server provides a standard set of tools (`context`, `repos`, `issues`, `pull_requests`, `users`). You can customize which toolsets are available by specifying the `github-mcp-toolsets` parameter:
+
+```yaml
+steps:
+  - name: AI Inference with Custom Toolsets
+    id: inference
+    uses: actions/ai-inference@v2
+    with:
+      prompt: 'Analyze recent workflow runs and check security alerts'
+      enable-github-mcp: true
+      token: ${{ secrets.USER_PAT }}
+      github-mcp-toolsets: 'repos,issues,pull_requests,actions,code_security'
+```
+
+**Available toolsets:**
+See: [Tool configuration](https://github.com/github/github-mcp-server/blob/main/README.md#tool-configuration)
+
 When MCP is enabled, the AI model will have access to GitHub tools and can
 perform actions like searching issues and PRs.
 
@@ -191,19 +303,24 @@ perform actions like searching issues and PRs.
 Various inputs are defined in [`action.yml`](action.yml) to let you configure
 the action:
 
-| Name                 | Description                                                                                                                                                   | Default                              |
-| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ |
-| `token`              | Token to use for inference. Typically the GITHUB_TOKEN secret                                                                                                 | `github.token`                       |
-| `prompt`             | The prompt to send to the model                                                                                                                               | N/A                                  |
-| `prompt-file`        | Path to a file containing the prompt (supports .txt and .prompt.yml formats). If both `prompt` and `prompt-file` are provided, `prompt-file` takes precedence | `""`                                 |
-| `input`              | Template variables in YAML format for .prompt.yml files (e.g., `var1: value1` on separate lines)                                                              | `""`                                 |
-| `system-prompt`      | The system prompt to send to the model                                                                                                                        | `"You are a helpful assistant"`      |
-| `system-prompt-file` | Path to a file containing the system prompt. If both `system-prompt` and `system-prompt-file` are provided, `system-prompt-file` takes precedence             | `""`                                 |
-| `model`              | The model to use for inference. Must be available in the [GitHub Models](https://github.com/marketplace?type=models) catalog                                  | `openai/gpt-4o`                      |
-| `endpoint`           | The endpoint to use for inference. If you're running this as part of an org, you should probably use the org-specific Models endpoint                         | `https://models.github.ai/inference` |
-| `max-tokens`         | The max number of tokens to generate                                                                                                                          | 200                                  |
-| `enable-github-mcp`  | Enable Model Context Protocol integration with GitHub tools                                                                                                   | `false`                              |
-| `github-mcp-token`   | Token to use for GitHub MCP server (defaults to the main token if not specified). Use a separate PAT for tighter security                                     | `""`                                 |
+| Name                    | Description                                                                                                                                                                                                        | Default                              |
+| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
+| `token`                 | Token to use for inference. Typically the GITHUB_TOKEN secret                                                                                                                                                      | `github.token`                       |
+| `prompt`                | The prompt to send to the model                                                                                                                                                                                    | N/A                                  |
+| `prompt-file`           | Path to a file containing the prompt (supports .txt and .prompt.yml formats). If both `prompt` and `prompt-file` are provided, `prompt-file` takes precedence                                                      | `""`                                 |
+| `input`                 | Template variables in YAML format for .prompt.yml files (e.g., `var1: value1` on separate lines)                                                                                                                   | `""`                                 |
+| `file_input`            | Template variables in YAML where values are file paths. The file contents are read and used for templating                                                                                                         | `""`                                 |
+| `system-prompt`         | The system prompt to send to the model                                                                                                                                                                             | `"You are a helpful assistant"`      |
+| `system-prompt-file`    | Path to a file containing the system prompt. If both `system-prompt` and `system-prompt-file` are provided, `system-prompt-file` takes precedence                                                                  | `""`                                 |
+| `model`                 | The model to use for inference. Must be available in the [GitHub Models](https://github.com/marketplace?type=models) catalog                                                                                       | `openai/gpt-4o`                      |
+| `endpoint`              | The endpoint to use for inference. If you're running this as part of an org, you should probably use the org-specific Models endpoint                                                                              | `https://models.github.ai/inference` |
+| `max-tokens`            | The maximum number of tokens to generate (deprecated, use `max-completion-tokens` instead)                                                                                                                         | 200                                  |
+| `max-completion-tokens` | The maximum number of tokens to generate                                                                                                                                                                           | `""`                                 |
+| `temperature`           | The sampling temperature to use (0-1)                                                                                                                                                                              | `""`                                 |
+| `top-p`                 | The nucleus sampling parameter to use (0-1)                                                                                                                                                                        | `""`                                 |
+| `enable-github-mcp`     | Enable Model Context Protocol integration with GitHub tools                                                                                                                                                        | `false`                              |
+| `github-mcp-token`      | Token to use for GitHub MCP server (defaults to the main token if not specified).                                                                                                                                  | `""`                                 |
+| `custom-headers`        | Custom HTTP headers to include in API requests. Supports both YAML format (`header1: value1`) and JSON format (`{"header1": "value1"}`). Useful for API Management platforms, rate limiting, and request tracking. | `""`                                 |
 
 ## Outputs
 

__fixtures__/core.ts

@@ -9,3 +9,4 @@ export const getBooleanInput = vi.fn<typeof core.getBooleanInput>()
 export const setOutput = vi.fn<typeof core.setOutput>()
 export const setFailed = vi.fn<typeof core.setFailed>()
 export const warning = vi.fn<typeof core.warning>()
+export const setSecret = vi.fn<typeof core.setSecret>()

__tests__/helpers-inference.test.ts

@@ -106,7 +106,10 @@ describe('helpers.ts - inference request building', () => {
         undefined,
         undefined,
         'gpt-4',
+        undefined,
+        undefined,
         100,
+        undefined,
         'https://api.test.com',
         'test-token',
       )
@@ -117,7 +120,10 @@ describe('helpers.ts - inference request building', () => {
           {role: 'user', content: 'User message'},
         ],
         modelName: 'gpt-4',
+        temperature: undefined,
+        topP: undefined,
         maxTokens: 100,
+        maxCompletionTokens: undefined,
         endpoint: 'https://api.test.com',
         token: 'test-token',
         responseFormat: {
@@ -136,7 +142,10 @@ describe('helpers.ts - inference request building', () => {
         'System prompt',
         'User prompt',
         'gpt-4',
+        undefined,
+        undefined,
         100,
+        undefined,
         'https://api.test.com',
         'test-token',
       )
@@ -147,7 +156,10 @@ describe('helpers.ts - inference request building', () => {
           {role: 'user', content: 'User prompt'},
         ],
         modelName: 'gpt-4',
+        temperature: undefined,
+        topP: undefined,
         maxTokens: 100,
+        maxCompletionTokens: undefined,
         endpoint: 'https://api.test.com',
         token: 'test-token',
         responseFormat: undefined,

__tests__/helpers.test.ts

@@ -11,7 +11,7 @@ vi.mock('fs', () => ({
 
 vi.mock('@actions/core', () => core)
 
-const {loadContentFromFileOrInput} = await import('../src/helpers.js')
+const {loadContentFromFileOrInput, parseCustomHeaders} = await import('../src/helpers.js')
 
 describe('helpers.ts', () => {
   beforeEach(() => {
@@ -132,4 +132,241 @@ describe('helpers.ts', () => {
       expect(result).toBe(defaultValue)
     })
   })
+
+  describe('parseCustomHeaders', () => {
+    beforeEach(() => {
+      vi.clearAllMocks()
+    })
+
+    it('parses YAML format headers correctly', () => {
+      const yamlInput = `header1: value1
+header2: value2
+X-Custom-Header: custom-value`
+
+      const result = parseCustomHeaders(yamlInput)
+
+      expect(result).toEqual({
+        header1: 'value1',
+        header2: 'value2',
+        'X-Custom-Header': 'custom-value',
+      })
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: header1: value1')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: header2: value2')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Custom-Header: custom-value')
+    })
+
+    it('parses JSON format headers correctly', () => {
+      const jsonInput = '{"header1": "value1", "header2": "value2", "X-Team": "engineering"}'
+
+      const result = parseCustomHeaders(jsonInput)
+
+      expect(result).toEqual({
+        header1: 'value1',
+        header2: 'value2',
+        'X-Team': 'engineering',
+      })
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: header1: value1')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: header2: value2')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Team: engineering')
+    })
+
+    it('returns empty object for empty input', () => {
+      expect(parseCustomHeaders('')).toEqual({})
+      expect(parseCustomHeaders('  ')).toEqual({})
+      expect(core.warning).not.toHaveBeenCalled()
+    })
+
+    it('masks sensitive header values in logs', () => {
+      const yamlInput = `Ocp-Apim-Subscription-Key: secret123
+X-Api-Token: token456
+Authorization: Bearer abc123
+serviceName: my-service
+password: pass123`
+
+      const result = parseCustomHeaders(yamlInput)
+
+      expect(result).toEqual({
+        'Ocp-Apim-Subscription-Key': 'secret123',
+        'X-Api-Token': 'token456',
+        Authorization: 'Bearer abc123',
+        serviceName: 'my-service',
+        password: 'pass123',
+      })
+
+      // Sensitive headers should be masked
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: X-Api-Token: ***MASKED***')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: Authorization: ***MASKED***')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: password: ***MASKED***')
+
+      // Non-sensitive headers should not be masked
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: serviceName: my-service')
+    })
+
+    it('validates header names and skips invalid ones', () => {
+      const yamlInput = `valid-header: value1
+invalid header: value2
+invalid_underscore: value3
+invalid@header: value4
+valid123: value5`
+
+      const result = parseCustomHeaders(yamlInput)
+
+      expect(result).toEqual({
+        'valid-header': 'value1',
+        invalid_underscore: 'value3',
+        valid123: 'value5',
+      })
+
+      expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Skipping invalid header name: invalid header'))
+      expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Skipping invalid header name: invalid@header'))
+    })
+
+    it('warns and returns empty object for invalid JSON', () => {
+      const invalidJson = '{invalid json}'
+
+      const result = parseCustomHeaders(invalidJson)
+
+      expect(result).toEqual({})
+      expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Failed to parse custom headers'))
+    })
+
+    it('warns and returns empty object for invalid YAML', () => {
+      const invalidYaml = 'invalid: yaml: structure: bad'
+
+      const result = parseCustomHeaders(invalidYaml)
+
+      expect(result).toEqual({})
+      expect(core.warning).toHaveBeenCalledWith(expect.stringContaining('Failed to parse custom headers'))
+    })
+
+    it('warns and returns empty object for JSON array', () => {
+      const jsonArray = '["header1", "header2"]'
+
+      const result = parseCustomHeaders(jsonArray)
+
+      expect(result).toEqual({})
+      expect(core.warning).toHaveBeenCalledWith('Custom headers JSON must be an object, not null or an array')
+    })
+
+    it('warns and returns empty object for null value', () => {
+      // The string 'null' is valid YAML and gets parsed as null
+      const nullValue = 'null'
+
+      const result = parseCustomHeaders(nullValue)
+
+      expect(result).toEqual({})
+      expect(core.warning).toHaveBeenCalledWith('Custom headers YAML must be an object')
+    })
+
+    it('warns and returns empty object for YAML array', () => {
+      const yamlArray = `- header1
+- header2`
+
+      const result = parseCustomHeaders(yamlArray)
+
+      expect(result).toEqual({})
+      expect(core.warning).toHaveBeenCalledWith('Custom headers YAML must be an object')
+    })
+
+    it('converts non-string values to strings', () => {
+      const jsonInput = '{"numericHeader": 123, "boolHeader": true, "nullHeader": null}'
+
+      const result = parseCustomHeaders(jsonInput)
+
+      expect(result).toEqual({
+        numericHeader: '123',
+        boolHeader: 'true',
+        nullHeader: 'null',
+      })
+    })
+
+    it('rejects header values with newline characters (LF)', () => {
+      const jsonInput = '{"X-Custom-Header": "value\\nwith\\nnewline", "header1": "safe-value"}'
+
+      const result = parseCustomHeaders(jsonInput)
+
+      // Only the safe header should be accepted
+      expect(result).toEqual({
+        header1: 'safe-value',
+      })
+
+      expect(core.warning).toHaveBeenCalledWith(
+        'Skipping header "X-Custom-Header" because its value contains newline characters, which are not allowed in HTTP header values.',
+      )
+    })
+
+    it('rejects header values with carriage return characters (CR)', () => {
+      const jsonInput = '{"X-Injected": "value\\rwith\\rcarriage", "X-Safe": "safe-value"}'
+
+      const result = parseCustomHeaders(jsonInput)
+
+      // Only the safe header should be accepted
+      expect(result).toEqual({
+        'X-Safe': 'safe-value',
+      })
+
+      expect(core.warning).toHaveBeenCalledWith(
+        'Skipping header "X-Injected" because its value contains newline characters, which are not allowed in HTTP header values.',
+      )
+    })
+
+    it('rejects header values with CRLF sequences', () => {
+      const jsonInput = '{"X-Attack": "value\\r\\nInjected-Header: malicious", "X-Valid": "normal"}'
+
+      const result = parseCustomHeaders(jsonInput)
+
+      // Only the valid header should be accepted
+      expect(result).toEqual({
+        'X-Valid': 'normal',
+      })
+
+      expect(core.warning).toHaveBeenCalledWith(
+        'Skipping header "X-Attack" because its value contains newline characters, which are not allowed in HTTP header values.',
+      )
+    })
+
+    it('rejects multiline YAML values for security', () => {
+      const yamlInput = `header1: value1
+header2: |
+  multiline
+  value
+  here`
+
+      const result = parseCustomHeaders(yamlInput)
+
+      // header2 should be rejected because it contains newlines
+      expect(result).toEqual({
+        header1: 'value1',
+      })
+
+      expect(core.warning).toHaveBeenCalledWith(
+        'Skipping header "header2" because its value contains newline characters, which are not allowed in HTTP header values.',
+      )
+    })
+
+    it('handles complex real-world Azure APIM example', () => {
+      const apimHeaders = `Ocp-Apim-Subscription-Key: my-subscription-key-123
+serviceName: terraform-plan-workflow
+env: prod
+team: infrastructure
+computer: github-actions
+systemID: terraform-ci`
+
+      const result = parseCustomHeaders(apimHeaders)
+
+      expect(result).toEqual({
+        'Ocp-Apim-Subscription-Key': 'my-subscription-key-123',
+        serviceName: 'terraform-plan-workflow',
+        env: 'prod',
+        team: 'infrastructure',
+        computer: 'github-actions',
+        systemID: 'terraform-ci',
+      })
+
+      // Only the subscription key should be masked
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: Ocp-Apim-Subscription-Key: ***MASKED***')
+      expect(core.debug).toHaveBeenCalledWith('Custom header added: serviceName: terraform-plan-workflow')
+    })
+  })
 })

__tests__/inference.test.ts

@@ -2,17 +2,15 @@ import {vi, type MockedFunction, beforeEach, expect, describe, it} from 'vitest'
 import * as core from '../__fixtures__/core.js'
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-const mockPost = vi.fn() as MockedFunction<any>
-const mockPath = vi.fn(() => ({post: mockPost}))
-const mockClient = vi.fn(() => ({path: mockPath}))
-
-vi.mock('@azure-rest/ai-inference', () => ({
-  default: mockClient,
-  isUnexpected: vi.fn(() => false),
+const mockCreate = vi.fn() as MockedFunction<any>
+const mockCompletions = {create: mockCreate}
+const mockChat = {completions: mockCompletions}
+const mockOpenAIClient = vi.fn(() => ({
+  chat: mockChat,
 }))
 
-vi.mock('@azure/core-auth', () => ({
-  AzureKeyCredential: vi.fn(),
+vi.mock('openai', () => ({
+  default: mockOpenAIClient,
 }))
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -29,11 +27,11 @@ const {simpleInference, mcpInference} = await import('../src/inference.js')
 describe('inference.ts', () => {
   const mockRequest = {
     messages: [
-      {role: 'system', content: 'You are a test assistant'},
-      {role: 'user', content: 'Hello, AI!'},
+      {role: 'system' as const, content: 'You are a test assistant'},
+      {role: 'user' as const, content: 'Hello, AI!'},
     ],
     modelName: 'gpt-4',
-    maxTokens: 100,
+    maxCompletionTokens: 100,
     endpoint: 'https://api.test.com',
     token: 'test-token',
   }
@@ -45,63 +43,143 @@ describe('inference.ts', () => {
   describe('simpleInference', () => {
     it('performs simple inference without tools', async () => {
       const mockResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Hello, user!',
-              },
+        choices: [
+          {
+            message: {
+              content: 'Hello, user!',
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValue(mockResponse)
+      mockCreate.mockResolvedValue(mockResponse)
 
       const result = await simpleInference(mockRequest)
 
       expect(result).toBe('Hello, user!')
       expect(core.info).toHaveBeenCalledWith('Running simple inference without tools')
-      expect(core.info).toHaveBeenCalledWith('Model response: Hello, user!')
+      expect(core.debug).toHaveBeenCalledWith('Model response: Hello, user!')
 
       // Verify the request structure
-      expect(mockPost).toHaveBeenCalledWith({
-        body: {
-          messages: [
-            {
-              role: 'system',
-              content: 'You are a test assistant',
+      expect(mockCreate).toHaveBeenCalledWith({
+        messages: [
+          {
+            role: 'system',
+            content: 'You are a test assistant',
+          },
+          {
+            role: 'user',
+            content: 'Hello, AI!',
+          },
+        ],
+        max_completion_tokens: 100,
+        model: 'gpt-4',
+      })
+
+      // Verify OpenAI client was initialized with empty custom headers
+      expect(mockOpenAIClient).toHaveBeenCalledWith({
+        apiKey: 'test-token',
+        baseURL: 'https://api.test.com',
+        defaultHeaders: {},
+      })
+    })
+
+    it('includes custom headers in OpenAI client', async () => {
+      const requestWithHeaders = {
+        ...mockRequest,
+        customHeaders: {
+          'X-Custom-Header': 'custom-value',
+          'Ocp-Apim-Subscription-Key': 'secret123',
+        },
+      }
+
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: 'Response with headers',
             },
-            {
-              role: 'user',
-              content: 'Hello, AI!',
-            },
-          ],
-          max_tokens: 100,
-          model: 'gpt-4',
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValue(mockResponse)
+
+      const result = await simpleInference(requestWithHeaders)
+
+      expect(result).toBe('Response with headers')
+
+      // Verify OpenAI client was initialized with custom headers
+      expect(mockOpenAIClient).toHaveBeenCalledWith({
+        apiKey: 'test-token',
+        baseURL: 'https://api.test.com',
+        defaultHeaders: {
+          'X-Custom-Header': 'custom-value',
+          'Ocp-Apim-Subscription-Key': 'secret123',
         },
       })
     })
 
     it('handles null response content', async () => {
       const mockResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: null,
-              },
+        choices: [
+          {
+            message: {
+              content: null,
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValue(mockResponse)
+      mockCreate.mockResolvedValue(mockResponse)
 
       const result = await simpleInference(mockRequest)
 
       expect(result).toBeNull()
-      expect(core.info).toHaveBeenCalledWith('Model response: No response content')
+      expect(core.debug).toHaveBeenCalledWith('Model response: No response content')
+    })
+
+    it('includes response format when specified', async () => {
+      const requestWithResponseFormat = {
+        ...mockRequest,
+        responseFormat: {
+          type: 'json_schema' as const,
+          json_schema: {type: 'object'},
+        },
+      }
+
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: '{"result": "success"}',
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValue(mockResponse)
+
+      const result = await simpleInference(requestWithResponseFormat)
+
+      expect(result).toBe('{"result": "success"}')
+
+      // Verify response format was included in the request
+      expect(mockCreate).toHaveBeenCalledWith({
+        messages: [
+          {
+            role: 'system',
+            content: 'You are a test assistant',
+          },
+          {
+            role: 'user',
+            content: 'Hello, AI!',
+          },
+        ],
+        max_completion_tokens: 100,
+        model: 'gpt-4',
+        response_format: requestWithResponseFormat.responseFormat,
+      })
     })
   })
 
@@ -123,19 +201,17 @@ describe('inference.ts', () => {
 
     it('performs inference without tool calls', async () => {
       const mockResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Hello, user!',
-                tool_calls: null,
-              },
+        choices: [
+          {
+            message: {
+              content: 'Hello, user!',
+              tool_calls: null,
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValue(mockResponse)
+      mockCreate.mockResolvedValue(mockResponse)
 
       const result = await mcpInference(mockRequest, mockMcpClient)
 
@@ -146,12 +222,57 @@ describe('inference.ts', () => {
 
       // The MCP inference loop will always add the assistant message, even when there are no tool calls
       // So we don't check the exact messages, just that tools were included
-      expect(mockPost).toHaveBeenCalledTimes(1)
+      expect(mockCreate).toHaveBeenCalledTimes(1)
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const callArgs = mockPost.mock.calls[0][0] as any
-      expect(callArgs.body.tools).toEqual(mockMcpClient.tools)
-      expect(callArgs.body.model).toBe('gpt-4')
-      expect(callArgs.body.max_tokens).toBe(100)
+      const callArgs = mockCreate.mock.calls[0][0] as any
+      expect(callArgs.tools).toEqual(mockMcpClient.tools)
+      expect(callArgs.response_format).toBeUndefined()
+      expect(callArgs.model).toBe('gpt-4')
+      expect(callArgs.max_completion_tokens).toBe(100)
+
+      // Verify OpenAI client was initialized with empty custom headers
+      expect(mockOpenAIClient).toHaveBeenCalledWith({
+        apiKey: 'test-token',
+        baseURL: 'https://api.test.com',
+        defaultHeaders: {},
+      })
+    })
+
+    it('includes custom headers in MCP inference', async () => {
+      const requestWithHeaders = {
+        ...mockRequest,
+        customHeaders: {
+          serviceName: 'test-service',
+          'X-Team': 'engineering',
+        },
+      }
+
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: 'MCP response with headers',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValue(mockResponse)
+
+      const result = await mcpInference(requestWithHeaders, mockMcpClient)
+
+      expect(result).toBe('MCP response with headers')
+
+      // Verify OpenAI client was initialized with custom headers
+      expect(mockOpenAIClient).toHaveBeenCalledWith({
+        apiKey: 'test-token',
+        baseURL: 'https://api.test.com',
+        defaultHeaders: {
+          serviceName: 'test-service',
+          'X-Team': 'engineering',
+        },
+      })
     })
 
     it('executes tool calls and continues conversation', async () => {
@@ -176,33 +297,29 @@ describe('inference.ts', () => {
 
       // First response with tool calls
       const firstResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'I need to use a tool.',
-                tool_calls: toolCalls,
-              },
+        choices: [
+          {
+            message: {
+              content: 'I need to use a tool.',
+              tool_calls: toolCalls,
             },
-          ],
-        },
+          },
+        ],
       }
 
       // Second response after tool execution
       const secondResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Here is the final answer.',
-                tool_calls: null,
-              },
+        choices: [
+          {
+            message: {
+              content: 'Here is the final answer.',
+              tool_calls: null,
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValueOnce(firstResponse).mockResolvedValueOnce(secondResponse)
+      mockCreate.mockResolvedValueOnce(firstResponse).mockResolvedValueOnce(secondResponse)
 
       mockExecuteToolCalls.mockResolvedValue(toolResults)
 
@@ -210,15 +327,15 @@ describe('inference.ts', () => {
 
       expect(result).toBe('Here is the final answer.')
       expect(mockExecuteToolCalls).toHaveBeenCalledWith(mockMcpClient.client, toolCalls)
-      expect(mockPost).toHaveBeenCalledTimes(2)
+      expect(mockCreate).toHaveBeenCalledTimes(2)
 
       // Verify the second call includes the conversation history
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const secondCall = mockPost.mock.calls[1][0] as any
-      expect(secondCall.body.messages).toHaveLength(5) // system, user, assistant, tool, assistant
-      expect(secondCall.body.messages[2].role).toBe('assistant')
-      expect(secondCall.body.messages[2].tool_calls).toEqual(toolCalls)
-      expect(secondCall.body.messages[3]).toEqual(toolResults[0])
+      const secondCall = mockCreate.mock.calls[1][0] as any
+      expect(secondCall.messages).toHaveLength(5) // system, user, assistant, tool, assistant
+      expect(secondCall.messages[2].role).toBe('assistant')
+      expect(secondCall.messages[2].tool_calls).toEqual(toolCalls)
+      expect(secondCall.messages[3]).toEqual(toolResults[0])
     })
 
     it('handles maximum iteration limit', async () => {
@@ -243,43 +360,39 @@ describe('inference.ts', () => {
 
       // Always respond with tool calls to trigger infinite loop
       const responseWithToolCalls = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Using tool again.',
-                tool_calls: toolCalls,
-              },
+        choices: [
+          {
+            message: {
+              content: 'Using tool again.',
+              tool_calls: toolCalls,
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValue(responseWithToolCalls)
+      mockCreate.mockResolvedValue(responseWithToolCalls)
       mockExecuteToolCalls.mockResolvedValue(toolResults)
 
       const result = await mcpInference(mockRequest, mockMcpClient)
 
-      expect(mockPost).toHaveBeenCalledTimes(5) // Max iterations reached
+      expect(mockCreate).toHaveBeenCalledTimes(5) // Max iterations reached
       expect(core.warning).toHaveBeenCalledWith('GitHub MCP inference loop exceeded maximum iterations (5)')
       expect(result).toBe('Using tool again.') // Last assistant message
     })
 
     it('handles empty tool calls array', async () => {
       const mockResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Hello, user!',
-                tool_calls: [],
-              },
+        choices: [
+          {
+            message: {
+              content: 'Hello, user!',
+              tool_calls: [],
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValue(mockResponse)
+      mockCreate.mockResolvedValue(mockResponse)
 
       const result = await mcpInference(mockRequest, mockMcpClient)
 
@@ -297,32 +410,28 @@ describe('inference.ts', () => {
       ]
 
       const firstResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'First message',
-                tool_calls: toolCalls,
-              },
+        choices: [
+          {
+            message: {
+              content: 'First message',
+              tool_calls: toolCalls,
             },
-          ],
-        },
+          },
+        ],
       }
 
       const secondResponse = {
-        body: {
-          choices: [
-            {
-              message: {
-                content: 'Second message',
-                tool_calls: toolCalls,
-              },
+        choices: [
+          {
+            message: {
+              content: 'Second message',
+              tool_calls: toolCalls,
             },
-          ],
-        },
+          },
+        ],
       }
 
-      mockPost.mockResolvedValueOnce(firstResponse).mockResolvedValue(secondResponse)
+      mockCreate.mockResolvedValueOnce(firstResponse).mockResolvedValue(secondResponse)
 
       mockExecuteToolCalls.mockResolvedValue([
         {
@@ -337,5 +446,251 @@ describe('inference.ts', () => {
 
       expect(result).toBe('Second message')
     })
+
+    it('makes additional loop with response format when no tool calls are made', async () => {
+      const requestWithResponseFormat = {
+        ...mockRequest,
+        responseFormat: {
+          type: 'json_schema' as const,
+          json_schema: {type: 'object'},
+        },
+      }
+
+      // First response without tool calls
+      const firstResponse = {
+        choices: [
+          {
+            message: {
+              content: 'First response',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      // Second response with response format applied
+      const secondResponse = {
+        choices: [
+          {
+            message: {
+              content: '{"result": "formatted response"}',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValueOnce(firstResponse).mockResolvedValueOnce(secondResponse)
+
+      const result = await mcpInference(requestWithResponseFormat, mockMcpClient)
+
+      expect(result).toBe('{"result": "formatted response"}')
+      expect(mockCreate).toHaveBeenCalledTimes(2)
+      expect(core.info).toHaveBeenCalledWith('Making one more MCP loop with the requested response format...')
+
+      // First call should have tools but no response format
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const firstCall = mockCreate.mock.calls[0][0] as any
+      expect(firstCall.tools).toEqual(mockMcpClient.tools)
+      expect(firstCall.response_format).toBeUndefined()
+
+      // Second call should have response format but no tools
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const secondCall = mockCreate.mock.calls[1][0] as any
+      expect(secondCall.tools).toBeUndefined()
+      expect(secondCall.response_format).toEqual(requestWithResponseFormat.responseFormat)
+
+      // Second call should include the user message requesting JSON format
+      expect(secondCall.messages).toHaveLength(5) // system, user, assistant, user, assistant
+      expect(secondCall.messages[3].role).toBe('user')
+      expect(secondCall.messages[3].content).toContain('Please provide your response in the exact')
+    })
+
+    it('uses response format only on final iteration after tool calls', async () => {
+      const requestWithResponseFormat = {
+        ...mockRequest,
+        responseFormat: {
+          type: 'json_schema' as const,
+          json_schema: {type: 'object'},
+        },
+      }
+
+      const toolCalls = [
+        {
+          id: 'call-123',
+          function: {
+            name: 'test-tool',
+            arguments: '{"param": "value"}',
+          },
+        },
+      ]
+
+      const toolResults = [
+        {
+          tool_call_id: 'call-123',
+          role: 'tool',
+          name: 'test-tool',
+          content: 'Tool result',
+        },
+      ]
+
+      // First response with tool calls
+      const firstResponse = {
+        choices: [
+          {
+            message: {
+              content: 'Using tool',
+              tool_calls: toolCalls,
+            },
+          },
+        ],
+      }
+
+      // Second response without tool calls, but should trigger final message loop
+      const secondResponse = {
+        choices: [
+          {
+            message: {
+              content: 'Intermediate result',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      // Third response with response format
+      const thirdResponse = {
+        choices: [
+          {
+            message: {
+              content: '{"final": "result"}',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      mockCreate
+        .mockResolvedValueOnce(firstResponse)
+        .mockResolvedValueOnce(secondResponse)
+        .mockResolvedValueOnce(thirdResponse)
+
+      mockExecuteToolCalls.mockResolvedValue(toolResults)
+
+      const result = await mcpInference(requestWithResponseFormat, mockMcpClient)
+
+      expect(result).toBe('{"final": "result"}')
+      expect(mockCreate).toHaveBeenCalledTimes(3)
+
+      // First call: tools but no response format
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const firstCall = mockCreate.mock.calls[0][0] as any
+      expect(firstCall.tools).toEqual(mockMcpClient.tools)
+      expect(firstCall.response_format).toBeUndefined()
+
+      // Second call: tools but no response format (after tool execution)
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const secondCall = mockCreate.mock.calls[1][0] as any
+      expect(secondCall.tools).toEqual(mockMcpClient.tools)
+      expect(secondCall.response_format).toBeUndefined()
+
+      // Third call: response format but no tools (final message)
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const thirdCall = mockCreate.mock.calls[2][0] as any
+      expect(thirdCall.tools).toBeUndefined()
+      expect(thirdCall.response_format).toEqual(requestWithResponseFormat.responseFormat)
+    })
+
+    it('returns immediately when response format is set and finalMessage is already true', async () => {
+      const requestWithResponseFormat = {
+        ...mockRequest,
+        responseFormat: {
+          type: 'json_schema' as const,
+          json_schema: {type: 'object'},
+        },
+      }
+
+      // Response without tool calls on what would be the final message iteration
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: '{"immediate": "result"}',
+              tool_calls: null,
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValue(mockResponse)
+
+      // We need to test a scenario where finalMessage would already be true
+      // This happens when we're already in the final iteration
+      const result = await mcpInference(requestWithResponseFormat, mockMcpClient)
+
+      // The function should make two calls: one normal, then one with response format
+      expect(mockCreate).toHaveBeenCalledTimes(2)
+      expect(result).toBe('{"immediate": "result"}')
+    })
+  })
+
+  describe('token param routing', () => {
+    it('sends max_tokens when only maxTokens is set', async () => {
+      const requestWithMaxTokens = {
+        ...mockRequest,
+        maxCompletionTokens: undefined,
+        maxTokens: 100,
+      }
+
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: 'Direct max_tokens response',
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValueOnce(mockResponse)
+
+      const result = await simpleInference(requestWithMaxTokens)
+
+      expect(result).toBe('Direct max_tokens response')
+      expect(mockCreate).toHaveBeenCalledTimes(1)
+
+      // Should have sent max_tokens directly
+      expect(mockCreate.mock.calls[0][0]).toHaveProperty('max_tokens', 100)
+      expect(mockCreate.mock.calls[0][0]).not.toHaveProperty('max_completion_tokens')
+    })
+
+    it('sends neither token param when both are undefined', async () => {
+      const requestWithNoTokens = {
+        ...mockRequest,
+        maxCompletionTokens: undefined,
+        maxTokens: undefined,
+      }
+
+      const mockResponse = {
+        choices: [
+          {
+            message: {
+              content: 'No token limit response',
+            },
+          },
+        ],
+      }
+
+      mockCreate.mockResolvedValueOnce(mockResponse)
+
+      const result = await simpleInference(requestWithNoTokens)
+
+      expect(result).toBe('No token limit response')
+      expect(mockCreate).toHaveBeenCalledTimes(1)
+
+      const params = mockCreate.mock.calls[0][0]
+      expect(params).not.toHaveProperty('max_tokens')
+      expect(params).not.toHaveProperty('max_completion_tokens')
+    })
   })
 })

__tests__/main-prompt-integration.test.ts

@@ -34,6 +34,12 @@ vi.mock('../src/mcp.js', () => ({
 
 vi.mock('@actions/core', () => core)
 
+// Mock process.exit to prevent it from actually exiting during tests
+const mockProcessExit = vi.spyOn(process, 'exit').mockImplementation(() => {
+  // Prevent actual exit, but don't throw - just return
+  return undefined as never
+})
+
 // The module being tested should be imported dynamically. This ensures that the
 // mocks are used in place of any actual dependencies.
 const {run} = await import('../src/main.js')
@@ -41,6 +47,7 @@ const {run} = await import('../src/main.js')
 describe('main.ts - prompt.yml integration', () => {
   beforeEach(() => {
     vi.clearAllMocks()
+    mockProcessExit.mockClear()
 
     // Mock environment variables
     process.env['GITHUB_TOKEN'] = 'test-token'
@@ -103,8 +110,12 @@ model: openai/gpt-4o
       }
     })
 
+    // Expect the run function to complete successfully
     await run()
 
+    // Verify process.exit was called with code 0 (success)
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
+
     // Verify simpleInference was called with the correct message structure
     expect(mockSimpleInference).toHaveBeenCalledWith(
       expect.objectContaining({
@@ -130,6 +141,52 @@ model: openai/gpt-4o
     expect(core.setOutput).toHaveBeenCalledWith('response-file', expect.any(String))
   })
 
+  it('supports file_input variables to load file contents', async () => {
+    mockExistsSync.mockReturnValue(true)
+
+    // First call: reading the prompt file. Second call: reading file_input referenced file contents.
+    const externalFilePath = 'vars.txt'
+    mockReadFileSync.mockImplementation((path: string) => {
+      if (path === 'test.prompt.yml') {
+        return `messages:\n  - role: user\n    content: 'Here is the data: {{blob}}'\nmodel: openai/gpt-4o\n`
+      }
+      if (path === externalFilePath) {
+        return 'FILE_CONTENTS'
+      }
+      return ''
+    })
+
+    core.getInput.mockImplementation((name: string) => {
+      switch (name) {
+        case 'prompt-file':
+          return 'test.prompt.yml'
+        case 'file_input':
+          return `blob: ${externalFilePath}`
+        case 'model':
+          return 'openai/gpt-4o'
+        case 'max-tokens':
+          return '200'
+        case 'endpoint':
+          return 'https://models.github.ai/inference'
+        case 'enable-github-mcp':
+          return 'false'
+        default:
+          return ''
+      }
+    })
+
+    await run()
+
+    expect(mockSimpleInference).toHaveBeenCalledWith(
+      expect.objectContaining({
+        messages: [{role: 'user', content: 'Here is the data: FILE_CONTENTS'}],
+      }),
+    )
+
+    // Verify process.exit was called with code 0 (success)
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
+  })
+
   it('should fall back to legacy format when not using prompt YAML', async () => {
     mockExistsSync.mockReturnValue(false)
     core.getInput.mockImplementation((name: string) => {
@@ -172,5 +229,8 @@ model: openai/gpt-4o
         token: 'test-token',
       }),
     )
+
+    // Verify process.exit was called with code 0 (success)
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 })

__tests__/main.test.ts

@@ -66,7 +66,7 @@ function mockInputs(inputs: Record<string, string> = {}): void {
  */
 function verifyStandardResponse(): void {
   expect(core.setOutput).toHaveBeenNthCalledWith(1, 'response', 'Hello, user!')
-  expect(core.setOutput).toHaveBeenNthCalledWith(2, 'response-file', expect.stringContaining('modelResponse.txt'))
+  expect(core.setOutput).toHaveBeenNthCalledWith(2, 'response-file', expect.stringContaining('modelResponse-'))
 }
 
 vi.mock('fs', () => ({
@@ -75,6 +75,15 @@ vi.mock('fs', () => ({
   writeFileSync: mockWriteFileSync,
 }))
 
+// Mocks for tmp module to control temporary file creation
+const mockFileSync = vi.fn().mockReturnValue({
+  name: '/secure/temp/dir/modelResponse-abc123.txt',
+})
+
+vi.mock('tmp', () => ({
+  fileSync: mockFileSync,
+}))
+
 // Mock MCP and inference modules
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const mockConnectToGitHubMCP = vi.fn() as MockedFunction<any>
@@ -94,6 +103,12 @@ vi.mock('../src/inference.js', () => ({
 
 vi.mock('@actions/core', () => core)
 
+// Mock process.exit to prevent it from actually exiting during tests
+const mockProcessExit = vi.spyOn(process, 'exit').mockImplementation(() => {
+  // Prevent actual exit, but don't throw - just return
+  return undefined as never
+})
+
 // The module being tested should be imported dynamically. This ensures that the
 // mocks are used in place of any actual dependencies.
 const {run} = await import('../src/main.js')
@@ -102,6 +117,7 @@ describe('main.ts', () => {
   // Reset all mocks before each test
   beforeEach(() => {
     vi.clearAllMocks()
+    mockProcessExit.mockClear()
 
     // Remove any existing GITHUB_TOKEN
     delete process.env.GITHUB_TOKEN
@@ -120,7 +136,9 @@ describe('main.ts', () => {
     await run()
 
     expect(core.setOutput).toHaveBeenCalled()
+    expect(core.setSecret).toHaveBeenCalledWith('fake-token')
     verifyStandardResponse()
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 
   it('Sets a failed status when no prompt is set', async () => {
@@ -131,7 +149,8 @@ describe('main.ts', () => {
 
     await run()
 
-    expect(core.setFailed).toHaveBeenNthCalledWith(1, 'Neither prompt-file nor prompt was set')
+    expect(core.setFailed).toHaveBeenCalledWith('Neither prompt-file nor prompt was set')
+    expect(mockProcessExit).toHaveBeenCalledWith(1)
   })
 
   it('uses simple inference when MCP is disabled', async () => {
@@ -150,13 +169,18 @@ describe('main.ts', () => {
       ],
       modelName: 'gpt-4',
       maxTokens: 100,
+      maxCompletionTokens: undefined,
       endpoint: 'https://api.test.com',
       token: 'fake-token',
       responseFormat: undefined,
+      temperature: undefined,
+      topP: undefined,
+      customHeaders: {},
     })
     expect(mockConnectToGitHubMCP).not.toHaveBeenCalled()
     expect(mockMcpInference).not.toHaveBeenCalled()
     verifyStandardResponse()
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 
   it('uses MCP inference when enabled and connection succeeds', async () => {
@@ -176,7 +200,8 @@ describe('main.ts', () => {
 
     await run()
 
-    expect(mockConnectToGitHubMCP).toHaveBeenCalledWith('fake-token')
+    expect(core.setSecret).toHaveBeenCalledWith('fake-token')
+    expect(mockConnectToGitHubMCP).toHaveBeenCalledWith('fake-token', '')
     expect(mockMcpInference).toHaveBeenCalledWith(
       expect.objectContaining({
         messages: [
@@ -189,6 +214,7 @@ describe('main.ts', () => {
     )
     expect(mockSimpleInference).not.toHaveBeenCalled()
     verifyStandardResponse()
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 
   it('falls back to simple inference when MCP connection fails', async () => {
@@ -202,11 +228,12 @@ describe('main.ts', () => {
 
     await run()
 
-    expect(mockConnectToGitHubMCP).toHaveBeenCalledWith('fake-token')
+    expect(mockConnectToGitHubMCP).toHaveBeenCalledWith('fake-token', '')
     expect(mockSimpleInference).toHaveBeenCalled()
     expect(mockMcpInference).not.toHaveBeenCalled()
     expect(core.warning).toHaveBeenCalledWith('MCP connection failed, falling back to simple inference')
     verifyStandardResponse()
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 
   it('properly integrates with loadContentFromFileOrInput', async () => {
@@ -235,11 +262,16 @@ describe('main.ts', () => {
       ],
       modelName: 'gpt-4',
       maxTokens: 100,
+      maxCompletionTokens: undefined,
       endpoint: 'https://api.test.com',
       token: 'fake-token',
       responseFormat: undefined,
+      temperature: undefined,
+      topP: undefined,
+      customHeaders: {},
     })
     verifyStandardResponse()
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 
   it('handles non-existent prompt-file with an error', async () => {
@@ -254,5 +286,27 @@ describe('main.ts', () => {
     await run()
 
     expect(core.setFailed).toHaveBeenCalledWith(`File for prompt-file was not found: ${promptFile}`)
+    expect(mockProcessExit).toHaveBeenCalledWith(1)
+  })
+
+  it('creates temporary files that persist for downstream steps', async () => {
+    mockInputs({
+      prompt: 'Test prompt',
+      'system-prompt': 'You are a test assistant.',
+    })
+
+    await run()
+
+    // Verify temp file is created with keep: true so it persists
+    expect(mockFileSync).toHaveBeenCalledWith({
+      prefix: 'modelResponse-',
+      postfix: '.txt',
+      keep: true,
+    })
+
+    expect(core.setOutput).toHaveBeenNthCalledWith(2, 'response-file', '/secure/temp/dir/modelResponse-abc123.txt')
+    expect(mockWriteFileSync).toHaveBeenCalledWith('/secure/temp/dir/modelResponse-abc123.txt', 'Hello, user!', 'utf-8')
+
+    expect(mockProcessExit).toHaveBeenCalledWith(0)
   })
 })

__tests__/mcp.test.ts

@@ -113,6 +113,40 @@ describe('mcp.ts', () => {
       expect(result?.tools).toHaveLength(0)
       expect(core.info).toHaveBeenCalledWith('Retrieved 0 tools from GitHub MCP server')
     })
+
+    it('uses default toolsets when toolsets parameter is not provided', async () => {
+      const token = 'test-token'
+
+      mockConnect.mockResolvedValue(undefined)
+      mockListTools.mockResolvedValue({tools: []})
+
+      await connectToGitHubMCP(token)
+
+      expect(core.info).toHaveBeenCalledWith('Using default GitHub MCP toolsets')
+    })
+
+    it('uses custom toolsets when toolsets parameter is provided', async () => {
+      const token = 'test-token'
+      const toolsets = 'repos,issues,pull_requests,actions'
+
+      mockConnect.mockResolvedValue(undefined)
+      mockListTools.mockResolvedValue({tools: []})
+
+      await connectToGitHubMCP(token, toolsets)
+
+      expect(core.info).toHaveBeenCalledWith('Using GitHub MCP toolsets: repos,issues,pull_requests,actions')
+    })
+
+    it('ignores empty toolsets parameter', async () => {
+      const token = 'test-token'
+
+      mockConnect.mockResolvedValue(undefined)
+      mockListTools.mockResolvedValue({tools: []})
+
+      await connectToGitHubMCP(token, '   ')
+
+      expect(core.info).toHaveBeenCalledWith('Using default GitHub MCP toolsets')
+    })
   })
 
   describe('executeToolCall', () => {
@@ -143,8 +177,8 @@ describe('mcp.ts', () => {
         name: 'test-tool',
         content: JSON.stringify(toolResult.content),
       })
-      expect(core.info).toHaveBeenCalledWith('Executing GitHub MCP tool: test-tool with args: {"param": "value"}')
-      expect(core.info).toHaveBeenCalledWith('GitHub MCP tool test-tool executed successfully')
+      expect(core.debug).toHaveBeenCalledWith('Executing GitHub MCP tool: test-tool with args: {"param": "value"}')
+      expect(core.debug).toHaveBeenCalledWith('GitHub MCP tool test-tool executed successfully')
     })
 
     it('handles tool execution errors gracefully', async () => {

__tests__/prompt.test.ts

@@ -1,7 +1,13 @@
 import {describe, it, expect} from 'vitest'
 import * as path from 'path'
 import {fileURLToPath} from 'url'
-import {parseTemplateVariables, replaceTemplateVariables, loadPromptFile, isPromptYamlFile} from '../src/prompt'
+import {
+  parseTemplateVariables,
+  replaceTemplateVariables,
+  loadPromptFile,
+  isPromptYamlFile,
+  parseFileTemplateVariables,
+} from '../src/prompt'
 
 const __filename = fileURLToPath(import.meta.url)
 const __dirname = path.dirname(__filename)
@@ -10,8 +16,8 @@ describe('prompt.ts', () => {
   describe('parseTemplateVariables', () => {
     it('should parse simple YAML variables', () => {
       const input = `
-a: hello
-b: world
+ a: hello
+ b: world
       `
       const result = parseTemplateVariables(input)
       expect(result).toEqual({a: 'hello', b: 'world'})
@@ -19,10 +25,10 @@ b: world
 
     it('should parse multiline variables', () => {
       const input = `
-var1: hello
-var2: |
-  This is a
-  multiline string
+ var1: hello
+ var2: |
+   This is a
+   multiline string
       `
       const result = parseTemplateVariables(input)
       expect(result.var1).toBe('hello')
@@ -117,4 +123,29 @@ var2: |
       expect(() => loadPromptFile('non-existent.prompt.yml')).toThrow('Prompt file not found')
     })
   })
+
+  describe('parseFileTemplateVariables', () => {
+    it('reads file contents for variables', () => {
+      const configPath = path.join(__dirname, '../__fixtures__/prompts/json-schema.prompt.yml')
+      const data = parseFileTemplateVariables(`sample: ${configPath}`)
+      expect(data.sample).toContain('messages:')
+      expect(data.sample).toContain('responseFormat:')
+    })
+
+    it('errors on missing files', () => {
+      expect(() => parseFileTemplateVariables('x: ./does-not-exist.txt')).toThrow('was not found')
+    })
+
+    it('errors on non-string file paths', () => {
+      expect(() => parseFileTemplateVariables('x: 123')).toThrow(
+        "File template variable 'x' must be a string file path",
+      )
+      expect(() => parseFileTemplateVariables('x: true')).toThrow(
+        "File template variable 'x' must be a string file path",
+      )
+      expect(() => parseFileTemplateVariables('x: { nested: "object" }')).toThrow(
+        "File template variable 'x' must be a string file path",
+      )
+    })
+  })
 })

action.yml

@@ -22,6 +22,10 @@ inputs:
     description: Template variables in YAML format for .prompt.yml files
     required: false
     default: ''
+  file_input:
+    description: Template variables in YAML format mapping variable names to file paths. The file contents will be used for templating.
+    required: false
+    default: ''
   model:
     description: The model to use
     required: false
@@ -39,9 +43,21 @@ inputs:
     required: false
     default: ''
   max-tokens:
-    description: The maximum number of tokens to generate
+    description: The maximum number of tokens to generate (deprecated)
     required: false
     default: '200'
+  max-completion-tokens:
+    description: The maximum number of tokens to generate
+    required: false
+    default: ''
+  temperature:
+    description: The sampling temperature to use (0-1)
+    required: false
+    default: ''
+  top-p:
+    description: The nucleus sampling parameter to use (0-1)
+    required: false
+    default: ''
   token:
     description: The token to use
     required: false
@@ -51,7 +67,15 @@ inputs:
     required: false
     default: 'false'
   github-mcp-token:
-    description: The token to use for GitHub MCP server (defaults to GITHUB_TOKEN if not specified)
+    description: The token to use for GitHub MCP server (defaults to the main token if not specified). This must be a PAT for MCP to work.
+    required: false
+    default: ''
+  github-mcp-toolsets:
+    description: 'Comma-separated list of toolsets to enable for GitHub MCP (e.g., "repos,issues,pull_requests,actions"). Use "all" for all toolsets, "default" for default set. If not specified, uses default toolsets (context,repos,issues,pull_requests,users).'
+    required: false
+    default: ''
+  custom-headers:
+    description: 'Custom HTTP headers to include in API requests. Supports both YAML format (header1: value1) and JSON format ({"header1": "value1"}). Useful for API Management platforms, rate limiting, and request tracking.'
     required: false
     default: ''
 
@@ -63,5 +87,5 @@ outputs:
     description: The file path where the response is saved
 
 runs:
-  using: node20
+  using: node24
   main: dist/index.js

eslint.config.mjs

@@ -19,7 +19,7 @@ const compat = new FlatCompat({
 
 export default [
   {
-    ignores: ['**/coverage', '**/dist', '**/linter', '**/node_modules'],
+    ignores: ['**/coverage', '**/dist', '**/linter', '**/node_modules', 'script/**'],
   },
   ...compat.extends(
     'eslint:recommended',
@@ -46,7 +46,7 @@ export default [
 
       parserOptions: {
         project: ['tsconfig.eslint.json'],
-        tsconfigRootDir: '.',
+        tsconfigRootDir: __dirname,
       },
     },
 

package.json

@@ -6,7 +6,7 @@
     ".": "./dist/index.js"
   },
   "engines": {
-    "node": ">=20"
+    "node": ">=24"
   },
   "scripts": {
     "bundle": "npm run format:write && npm run package",
@@ -23,35 +23,35 @@
   "license": "MIT",
   "prettier": "@github/prettier-config",
   "dependencies": {
-    "@actions/core": "^1.11.1",
-    "@modelcontextprotocol/sdk": "^1.15.1",
-    "js-yaml": "^4.1.0",
-    "pkce-challenge": "^5.0.0"
+    "@actions/core": "^3.0.0",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "@types/tmp": "^0.2.6",
+    "js-yaml": "^4.1.1",
+    "openai": "^6.28.0",
+    "pkce-challenge": "^5.0.0",
+    "tmp": "^0.2.4"
   },
   "devDependencies": {
-    "@azure-rest/ai-inference": "latest",
-    "@azure/core-auth": "latest",
-    "@azure/core-sse": "latest",
     "@eslint/compat": "^1.3.0",
     "@github/local-action": "^5.1.0",
     "@github/prettier-config": "^0.0.6",
     "@rollup/plugin-commonjs": "^28.0.5",
     "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^16.0.1",
-    "@rollup/plugin-typescript": "^12.1.2",
+    "@rollup/plugin-node-resolve": "^16.0.3",
+    "@rollup/plugin-typescript": "^12.3.0",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^22.15.31",
-    "@typescript-eslint/eslint-plugin": "^8.34.0",
+    "@types/node": "^24.12.0",
+    "@typescript-eslint/eslint-plugin": "^8.57.0",
     "@typescript-eslint/parser": "^8.32.1",
     "eslint": "^9.29.0",
-    "eslint-config-prettier": "^10.1.5",
-    "eslint-import-resolver-typescript": "^4.4.3",
-    "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-prettier": "^5.4.1",
-    "prettier": "^3.5.3",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-prettier": "^5.5.5",
+    "prettier": "^3.8.1",
     "prettier-eslint": "^16.4.2",
-    "rollup": "^4.43.0",
-    "typescript": "^5.8.3",
+    "rollup": "^4.59.0",
+    "typescript": "^5.9.3",
     "vitest": "^3"
   },
   "optionalDependencies": {

script/mock-inference-server.mjs

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+/**
+ * A simple mock OpenAI-compatible inference server for CI testing.
+ * This returns predictable responses without needing real API credentials.
+ */
+
+import http from 'http'
+
+const PORT = process.env.MOCK_SERVER_PORT || 3456
+
+const server = http.createServer((req, res) => {
+  let body = ''
+
+  req.on('data', chunk => {
+    body += chunk.toString()
+  })
+
+  req.on('end', () => {
+    console.log(`[Mock Server] ${req.method} ${req.url}`)
+
+    // Handle chat completions endpoint
+    if (req.url === '/chat/completions' && req.method === 'POST') {
+      const request = JSON.parse(body)
+      const userMessage = request.messages?.find(m => m.role === 'user')?.content || 'No prompt'
+
+      const response = {
+        id: 'mock-completion-id',
+        object: 'chat.completion',
+        created: Date.now(),
+        model: request.model || 'mock-model',
+        choices: [
+          {
+            index: 0,
+            message: {
+              role: 'assistant',
+              content: `Mock response to: "${userMessage.slice(0, 50)}..."`,
+            },
+            finish_reason: 'stop',
+          },
+        ],
+        usage: {
+          prompt_tokens: 10,
+          completion_tokens: 20,
+          total_tokens: 30,
+        },
+      }
+
+      res.writeHead(200, {'Content-Type': 'application/json'})
+      res.end(JSON.stringify(response))
+      return
+    }
+
+    // Health check endpoint
+    if (req.url === '/health' || req.url === '/') {
+      res.writeHead(200, {'Content-Type': 'application/json'})
+      res.end(JSON.stringify({status: 'ok'}))
+      return
+    }
+
+    // 404 for unknown routes
+    res.writeHead(404, {'Content-Type': 'application/json'})
+    res.end(JSON.stringify({error: 'Not found'}))
+  })
+})
+
+server.listen(PORT, () => {
+  console.log(`[Mock Server] Listening on http://localhost:${PORT}`)
+  console.log('[Mock Server] Endpoints:')
+  console.log('  POST /chat/completions - Mock chat completion')
+  console.log('  GET  /health           - Health check')
+})

src/helpers.ts

@@ -1,6 +1,6 @@
 import * as core from '@actions/core'
-import {GetChatCompletionsDefaultResponse} from '@azure-rest/ai-inference'
 import * as fs from 'fs'
+import * as yaml from 'js-yaml'
 import {PromptConfig} from './prompt.js'
 import {InferenceRequest} from './inference.js'
 
@@ -29,36 +29,6 @@ export function loadContentFromFileOrInput(filePathInput: string, contentInput:
   }
 }
 
-/**
- * Helper function to handle unexpected responses from AI service
- * @param response - The response object from the AI service
- * @throws Error with appropriate error message based on response content
- */
-export function handleUnexpectedResponse(response: GetChatCompletionsDefaultResponse): never {
-  // Extract x-ms-error-code from headers if available
-  const errorCode = response.headers['x-ms-error-code']
-  const errorCodeMsg = errorCode ? ` (error code: ${errorCode})` : ''
-
-  // Check if response body exists and contains error details
-  if (response.body && response.body.error) {
-    throw response.body.error
-  }
-
-  // Handle case where response body is missing
-  if (!response.body) {
-    throw new Error(
-      `Failed to get response from AI service (status: ${response.status})${errorCodeMsg}. ` +
-        'Please check network connection and endpoint configuration.',
-    )
-  }
-
-  // Handle other error cases
-  throw new Error(
-    `AI service returned error response (status: ${response.status})${errorCodeMsg}: ` +
-      (typeof response.body === 'string' ? response.body : JSON.stringify(response.body)),
-  )
-}
-
 /**
  * Build messages array from either prompt config or legacy format
  */
@@ -66,11 +36,11 @@ export function buildMessages(
   promptConfig?: PromptConfig,
   systemPrompt?: string,
   prompt?: string,
-): Array<{role: string; content: string}> {
+): Array<{role: 'system' | 'user' | 'assistant' | 'tool'; content: string}> {
   if (promptConfig?.messages && promptConfig.messages.length > 0) {
     // Use new message format
     return promptConfig.messages.map(msg => ({
-      role: msg.role,
+      role: msg.role as 'system' | 'user' | 'assistant' | 'tool',
       content: msg.content,
     }))
   } else {
@@ -105,6 +75,84 @@ export function buildResponseFormat(
   return undefined
 }
 
+/**
+ * Parse custom headers from YAML or JSON format
+ * @param input - String in YAML or JSON format containing headers
+ * @returns Record of header names to values, or empty object if invalid
+ */
+export function parseCustomHeaders(input: string): Record<string, string> {
+  if (!input || input.trim() === '') {
+    return {}
+  }
+
+  const trimmedInput = input.trim()
+
+  try {
+    // Try JSON first (check if it starts with { or [)
+    if (trimmedInput.startsWith('{') || trimmedInput.startsWith('[')) {
+      const parsed = JSON.parse(trimmedInput)
+      if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+        core.warning('Custom headers JSON must be an object, not null or an array')
+        return {}
+      }
+      return validateAndMaskHeaders(parsed as Record<string, unknown>)
+    }
+
+    // Try YAML
+    const parsed = yaml.load(trimmedInput)
+    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+      core.warning('Custom headers YAML must be an object')
+      return {}
+    }
+    return validateAndMaskHeaders(parsed as Record<string, unknown>)
+  } catch (error) {
+    core.warning(`Failed to parse custom headers: ${error instanceof Error ? error.message : 'Unknown error'}`)
+    return {}
+  }
+}
+
+/**
+ * Validate header names and mask sensitive values in logs
+ * @param headers - Raw headers object
+ * @returns Validated headers with string values
+ */
+function validateAndMaskHeaders(headers: Record<string, unknown>): Record<string, string> {
+  const validHeaders: Record<string, string> = {}
+  const sensitivePatterns = ['key', 'token', 'secret', 'password', 'authorization']
+
+  for (const [name, value] of Object.entries(headers)) {
+    // Validate header name (RFC 7230: token = 1*tchar)
+    // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
+    if (!/^[A-Za-z0-9!#$%&'*+\-.^_`|~]+$/.test(name)) {
+      core.warning(`Skipping invalid header name: ${name} (contains invalid characters)`)
+      continue
+    }
+
+    // Convert value to string
+    const stringValue = String(value)
+
+    // Validate header value to prevent CRLF/header injection
+    if (stringValue.includes('\r') || stringValue.includes('\n')) {
+      core.warning(
+        `Skipping header "${name}" because its value contains newline characters, which are not allowed in HTTP header values.`,
+      )
+      continue
+    }
+    validHeaders[name] = stringValue
+
+    // Mask sensitive headers in logs
+    const lowerName = name.toLowerCase()
+    const isSensitive = sensitivePatterns.some(pattern => lowerName.includes(pattern))
+    if (isSensitive) {
+      core.debug(`Custom header added: ${name}: ***MASKED***`)
+    } else {
+      core.debug(`Custom header added: ${name}: ${stringValue}`)
+    }
+  }
+
+  return validHeaders
+}
+
 /**
  * Build complete InferenceRequest from prompt config and inputs
  */
@@ -113,9 +161,13 @@ export function buildInferenceRequest(
   systemPrompt: string | undefined,
   prompt: string | undefined,
   modelName: string,
-  maxTokens: number,
+  temperature: number | undefined,
+  topP: number | undefined,
+  maxTokens: number | undefined, // Deprecated
+  maxCompletionTokens: number | undefined,
   endpoint: string,
   token: string,
+  customHeaders?: Record<string, string>,
 ): InferenceRequest {
   const messages = buildMessages(promptConfig, systemPrompt, prompt)
   const responseFormat = buildResponseFormat(promptConfig)
@@ -123,9 +175,13 @@ export function buildInferenceRequest(
   return {
     messages,
     modelName,
-    maxTokens,
+    temperature,
+    topP,
+    maxTokens, // Deprecated
+    maxCompletionTokens,
     endpoint,
     token,
     responseFormat,
+    customHeaders,
   }
 }

src/inference.ts

@@ -1,30 +1,25 @@
 import * as core from '@actions/core'
-import ModelClient, {isUnexpected} from '@azure-rest/ai-inference'
-import {AzureKeyCredential} from '@azure/core-auth'
-import {GitHubMCPClient, executeToolCalls, MCPTool, ToolCall} from './mcp.js'
-import {handleUnexpectedResponse} from './helpers.js'
+import OpenAI from 'openai'
+import {GitHubMCPClient, executeToolCalls, ToolCall} from './mcp.js'
 
 interface ChatMessage {
-  role: string
+  role: 'system' | 'user' | 'assistant' | 'tool'
   content: string | null
   tool_calls?: ToolCall[]
-}
-
-interface ChatCompletionsRequestBody {
-  messages: ChatMessage[]
-  max_tokens: number
-  model: string
-  response_format?: {type: 'json_schema'; json_schema: unknown}
-  tools?: MCPTool[]
+  tool_call_id?: string
 }
 
 export interface InferenceRequest {
-  messages: Array<{role: string; content: string}>
+  messages: Array<{role: 'system' | 'user' | 'assistant' | 'tool'; content: string}>
   modelName: string
-  maxTokens: number
+  maxTokens?: number // Deprecated
+  maxCompletionTokens?: number
   endpoint: string
   token: string
+  temperature?: number
+  topP?: number
   responseFormat?: {type: 'json_schema'; json_schema: unknown} // Processed response format for the API
+  customHeaders?: Record<string, string> // Custom HTTP headers to include in API requests
 }
 
 export interface InferenceResponse {
@@ -39,39 +34,50 @@ export interface InferenceResponse {
   }>
 }
 
+/**
+ * Build according to what input was passed, default to max_tokens.
+ * Only one of max_tokens or max_completion_tokens will be set.
+ */
+function buildMaxTokensParam(request: InferenceRequest): {max_tokens?: number; max_completion_tokens?: number} {
+  if (request.maxCompletionTokens != null) {
+    return {max_completion_tokens: request.maxCompletionTokens}
+  }
+  if (request.maxTokens != null) {
+    return {max_tokens: request.maxTokens}
+  }
+  return {}
+}
+
 /**
  * Simple one-shot inference without tools
  */
 export async function simpleInference(request: InferenceRequest): Promise<string | null> {
   core.info('Running simple inference without tools')
 
-  const client = ModelClient(request.endpoint, new AzureKeyCredential(request.token), {
-    userAgentOptions: {userAgentPrefix: 'github-actions-ai-inference'},
+  const client = new OpenAI({
+    apiKey: request.token,
+    baseURL: request.endpoint,
+    defaultHeaders: request.customHeaders || {},
   })
 
-  const requestBody: ChatCompletionsRequestBody = {
-    messages: request.messages,
-    max_tokens: request.maxTokens,
+  const chatCompletionRequest: OpenAI.Chat.Completions.ChatCompletionCreateParams = {
+    messages: request.messages as OpenAI.Chat.Completions.ChatCompletionMessageParam[],
     model: request.modelName,
+    temperature: request.temperature,
+    top_p: request.topP,
+    ...buildMaxTokensParam(request), // Note: solution around models using different underlying max tokens properties
   }
 
   // Add response format if specified
   if (request.responseFormat) {
-    requestBody.response_format = request.responseFormat
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    chatCompletionRequest.response_format = request.responseFormat as any
   }
 
-  const response = await client.path('/chat/completions').post({
-    body: requestBody,
-  })
-
-  if (isUnexpected(response)) {
-    handleUnexpectedResponse(response)
-  }
-
-  const modelResponse = response.body.choices[0].message.content
-  core.info(`Model response: ${modelResponse || 'No response content'}`)
-
-  return modelResponse
+  const response = await chatCompletion(client, chatCompletionRequest, 'simpleInference')
+  const modelResponse = response.choices[0]?.message?.content
+  core.debug(`Model response: ${modelResponse || 'No response content'}`)
+  return modelResponse || null
 }
 
 /**
@@ -83,8 +89,10 @@ export async function mcpInference(
 ): Promise<string | null> {
   core.info('Running GitHub MCP inference with tools')
 
-  const client = ModelClient(request.endpoint, new AzureKeyCredential(request.token), {
-    userAgentOptions: {userAgentPrefix: 'github-actions-ai-inference'},
+  const client = new OpenAI({
+    apiKey: request.token,
+    baseURL: request.endpoint,
+    defaultHeaders: request.customHeaders || {},
   })
 
   // Start with the pre-processed messages
@@ -92,57 +100,69 @@ export async function mcpInference(
 
   let iterationCount = 0
   const maxIterations = 5 // Prevent infinite loops
+  // We want to use response_format (e.g. JSON) on the last iteration only, so the model can output
+  // the final result in the expected format without interfering with tool calls
+  let finalMessage = false
 
   while (iterationCount < maxIterations) {
     iterationCount++
     core.info(`MCP inference iteration ${iterationCount}`)
 
-    const requestBody: ChatCompletionsRequestBody = {
-      messages: messages,
-      max_tokens: request.maxTokens,
+    const chatCompletionRequest: OpenAI.Chat.Completions.ChatCompletionCreateParams = {
+      messages: messages as OpenAI.Chat.Completions.ChatCompletionMessageParam[],
       model: request.modelName,
-      tools: githubMcpClient.tools,
+      temperature: request.temperature,
+      top_p: request.topP,
+      ...buildMaxTokensParam(request), // Note: solution around models using different underlying max tokens properties
     }
 
-    // Add response format if specified (only on first iteration to avoid conflicts)
-    if (iterationCount === 1 && request.responseFormat) {
-      requestBody.response_format = request.responseFormat
+    // Add response format if specified (only on final iteration to avoid conflicts with tool calls)
+    if (finalMessage && request.responseFormat) {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      chatCompletionRequest.response_format = request.responseFormat as any
+    } else {
+      chatCompletionRequest.tools = githubMcpClient.tools as OpenAI.Chat.Completions.ChatCompletionTool[]
     }
 
-    const response = await client.path('/chat/completions').post({
-      body: requestBody,
-    })
+    try {
+      const response = await chatCompletion(client, chatCompletionRequest, `mcpInference iteration ${iterationCount}`)
 
-    if (isUnexpected(response)) {
-      handleUnexpectedResponse(response)
+      const assistantMessage = response.choices[0]?.message
+      const modelResponse = assistantMessage?.content
+      const toolCalls = assistantMessage?.tool_calls
+
+      core.debug(`Model response: ${modelResponse || 'No response content'}`)
+
+      messages.push({
+        role: 'assistant',
+        content: modelResponse || '',
+        ...(toolCalls && {tool_calls: toolCalls as ToolCall[]}),
+      })
+
+      if (!toolCalls || toolCalls.length === 0) {
+        core.info('No tool calls requested, ending GitHub MCP inference loop')
+
+        if (request.responseFormat && !finalMessage) {
+          core.info('Making one more MCP loop with the requested response format...')
+          messages.push({
+            role: 'user',
+            content: `Please provide your response in the exact ${request.responseFormat.type} format specified.`,
+          })
+          finalMessage = true
+          continue
+        } else {
+          return modelResponse || null
+        }
+      }
+
+      core.info(`Model requested ${toolCalls.length} tool calls`)
+      const toolResults = await executeToolCalls(githubMcpClient.client, toolCalls as ToolCall[])
+      messages.push(...toolResults)
+      core.info('Tool results added, continuing conversation...')
+    } catch (error) {
+      core.error(`OpenAI API error: ${error}`)
+      throw error
     }
-
-    const assistantMessage = response.body.choices[0].message
-    const modelResponse = assistantMessage.content
-    const toolCalls = assistantMessage.tool_calls
-
-    core.info(`Model response: ${modelResponse || 'No response content'}`)
-
-    messages.push({
-      role: 'assistant',
-      content: modelResponse || '',
-      ...(toolCalls && {tool_calls: toolCalls}),
-    })
-
-    if (!toolCalls || toolCalls.length === 0) {
-      core.info('No tool calls requested, ending GitHub MCP inference loop')
-      return modelResponse
-    }
-
-    core.info(`Model requested ${toolCalls.length} tool calls`)
-
-    // Execute all tool calls via GitHub MCP
-    const toolResults = await executeToolCalls(githubMcpClient.client, toolCalls)
-
-    // Add tool results to the conversation
-    messages.push(...toolResults)
-
-    core.info('Tool results added, continuing conversation...')
   }
 
   core.warning(`GitHub MCP inference loop exceeded maximum iterations (${maxIterations})`)
@@ -155,3 +175,41 @@ export async function mcpInference(
 
   return lastAssistantMessage?.content || null
 }
+
+/**
+ * Wrapper around OpenAI chat.completions.create with defensive handling for cases where
+ * the SDK returns a raw string (e.g., unexpected content-type or streaming body) instead of
+ * a parsed object. Ensures an object with a 'choices' array is returned or throws a descriptive error.
+ */
+async function chatCompletion(
+  client: OpenAI,
+  params: OpenAI.Chat.Completions.ChatCompletionCreateParams,
+  context: string,
+): Promise<OpenAI.Chat.Completions.ChatCompletion> {
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    let response: any = await client.chat.completions.create(params)
+    core.debug(`${context}: raw response typeof=${typeof response}`)
+
+    if (typeof response === 'string') {
+      // Attempt to parse if we unexpectedly received a string
+      try {
+        response = JSON.parse(response)
+      } catch (e) {
+        throw new Error(
+          `${context}: Chat completion response was a string and not valid JSON (${(e as Error).message})`,
+        )
+      }
+    }
+
+    if (!response || typeof response !== 'object' || !('choices' in response)) {
+      throw new Error(`${context}: Unexpected response shape (no choices)`)
+    }
+
+    return response as OpenAI.Chat.Completions.ChatCompletion
+  } catch (err) {
+    // Re-throw after logging for upstream handling
+    core.error(`${context}: chatCompletion failed: ${err}`)
+    throw err
+  }
+}

src/main.ts

@@ -1,13 +1,16 @@
 import * as core from '@actions/core'
 import * as fs from 'fs'
-import * as os from 'os'
-import * as path from 'path'
+import * as tmp from 'tmp'
 import {connectToGitHubMCP} from './mcp.js'
 import {simpleInference, mcpInference} from './inference.js'
-import {loadContentFromFileOrInput, buildInferenceRequest} from './helpers.js'
-import {loadPromptFile, parseTemplateVariables, isPromptYamlFile, PromptConfig} from './prompt.js'
-
-const RESPONSE_FILE = 'modelResponse.txt'
+import {loadContentFromFileOrInput, buildInferenceRequest, parseCustomHeaders} from './helpers.js'
+import {
+  loadPromptFile,
+  parseTemplateVariables,
+  isPromptYamlFile,
+  PromptConfig,
+  parseFileTemplateVariables,
+} from './prompt.js'
 
 /**
  * The main function for the action.
@@ -18,6 +21,7 @@ export async function run(): Promise<void> {
   try {
     const promptFilePath = core.getInput('prompt-file')
     const inputVariables = core.getInput('input')
+    const fileInputVariables = core.getInput('file_input')
 
     let promptConfig: PromptConfig | undefined = undefined
     let systemPrompt: string | undefined = undefined
@@ -27,8 +31,10 @@ export async function run(): Promise<void> {
     if (promptFilePath && isPromptYamlFile(promptFilePath)) {
       core.info('Using prompt YAML file format')
 
-      // Parse template variables
-      const templateVariables = parseTemplateVariables(inputVariables)
+      // Parse template variables from both string inputs and file-based inputs
+      const stringVars = parseTemplateVariables(inputVariables)
+      const fileVars = parseFileTemplateVariables(fileInputVariables)
+      const templateVariables = {...stringVars, ...fileVars}
 
       // Load and process prompt file
       promptConfig = loadPromptFile(promptFilePath, templateVariables)
@@ -42,27 +48,53 @@ export async function run(): Promise<void> {
 
     // Get common parameters
     const modelName = promptConfig?.model || core.getInput('model')
-    const maxTokens = parseInt(core.getInput('max-tokens'), 10)
+
+    // Parse token limit inputs
+    const maxCompletionTokensInput =
+      promptConfig?.modelParameters?.maxCompletionTokens ?? core.getInput('max-completion-tokens')
+    const maxCompletionTokens = maxCompletionTokensInput ? Number(maxCompletionTokensInput) : undefined
+
+    const maxTokensInput = promptConfig?.modelParameters?.maxTokens ?? core.getInput('max-tokens')
+    const maxTokens = maxCompletionTokens != null ? undefined : maxTokensInput ? Number(maxTokensInput) : undefined
 
     const token = process.env['GITHUB_TOKEN'] || core.getInput('token')
     if (token === undefined) {
       throw new Error('GITHUB_TOKEN is not set')
     }
+    core.setSecret(token)
 
     // Get GitHub MCP token (use dedicated token if provided, otherwise fall back to main token)
     const githubMcpToken = core.getInput('github-mcp-token') || token
+    core.setSecret(githubMcpToken)
+
+    const githubMcpToolsets = core.getInput('github-mcp-toolsets')
 
     const endpoint = core.getInput('endpoint')
 
+    // Get temperature and topP (prompt YAML modelParameters takes precedence over action inputs)
+    const temperatureInput = core.getInput('temperature')
+    const topPInput = core.getInput('top-p')
+    const temperature =
+      promptConfig?.modelParameters?.temperature ?? (temperatureInput ? parseFloat(temperatureInput) : undefined)
+    const topP = promptConfig?.modelParameters?.topP ?? (topPInput ? parseFloat(topPInput) : undefined)
+
+    // Parse custom headers
+    const customHeadersInput = core.getInput('custom-headers')
+    const customHeaders = parseCustomHeaders(customHeadersInput)
+
     // Build the inference request with pre-processed messages and response format
     const inferenceRequest = buildInferenceRequest(
       promptConfig,
       systemPrompt,
       prompt,
       modelName,
+      temperature,
+      topP,
       maxTokens,
+      maxCompletionTokens,
       endpoint,
       token,
+      customHeaders,
     )
 
     const enableMcp = core.getBooleanInput('enable-github-mcp') || false
@@ -70,7 +102,7 @@ export async function run(): Promise<void> {
     let modelResponse: string | null = null
 
     if (enableMcp) {
-      const mcpClient = await connectToGitHubMCP(githubMcpToken)
+      const mcpClient = await connectToGitHubMCP(githubMcpToken, githubMcpToolsets)
 
       if (mcpClient) {
         modelResponse = await mcpInference(inferenceRequest, mcpClient)
@@ -84,22 +116,30 @@ export async function run(): Promise<void> {
 
     core.setOutput('response', modelResponse || '')
 
-    const responseFilePath = path.join(tempDir(), RESPONSE_FILE)
-    core.setOutput('response-file', responseFilePath)
+    // Create a temporary file for the response that persists for downstream steps.
+    // We use keep: true to prevent automatic cleanup - the file will be cleaned up
+    // by the runner when the job completes.
+    const responseFile = tmp.fileSync({
+      prefix: 'modelResponse-',
+      postfix: '.txt',
+      keep: true,
+    })
+
+    core.setOutput('response-file', responseFile.name)
 
     if (modelResponse && modelResponse !== '') {
-      fs.writeFileSync(responseFilePath, modelResponse, 'utf-8')
+      fs.writeFileSync(responseFile.name, modelResponse, 'utf-8')
     }
   } catch (error) {
     if (error instanceof Error) {
       core.setFailed(error.message)
     } else {
-      core.setFailed('An unexpected error occurred')
+      core.setFailed(`An unexpected error occurred: ${JSON.stringify(error, null, 2)}`)
     }
+    // Force exit to prevent hanging on open connections
+    process.exit(1)
   }
-}
 
-function tempDir(): string {
-  const tempDirectory = process.env['RUNNER_TEMP'] || os.tmpdir()
-  return tempDirectory
+  // Force exit to prevent hanging on open connections
+  process.exit(0)
 }

src/mcp.ts

@@ -35,17 +35,27 @@ export interface GitHubMCPClient {
 /**
  * Connect to the GitHub MCP server and retrieve available tools
  */
-export async function connectToGitHubMCP(token: string): Promise<GitHubMCPClient | null> {
+export async function connectToGitHubMCP(token: string, toolsets?: string): Promise<GitHubMCPClient | null> {
   const githubMcpUrl = 'https://api.githubcopilot.com/mcp/'
 
   core.info('Connecting to GitHub MCP server...')
 
+  const headers: Record<string, string> = {
+    Authorization: `Bearer ${token}`,
+    'X-MCP-Readonly': 'true',
+  }
+
+  // Add toolsets header if specified
+  if (toolsets && toolsets.trim() !== '') {
+    headers['X-MCP-Toolsets'] = toolsets
+    core.info(`Using GitHub MCP toolsets: ${toolsets}`)
+  } else {
+    core.info('Using default GitHub MCP toolsets')
+  }
+
   const transport = new StreamableHTTPClientTransport(new URL(githubMcpUrl), {
     requestInit: {
-      headers: {
-        Authorization: `Bearer ${token}`,
-        'X-MCP-Readonly': 'true',
-      },
+      headers,
     },
   })
 
@@ -86,7 +96,7 @@ export async function connectToGitHubMCP(token: string): Promise<GitHubMCPClient
  * Execute a single tool call via GitHub MCP
  */
 export async function executeToolCall(githubMcpClient: Client, toolCall: ToolCall): Promise<ToolResult> {
-  core.info(`Executing GitHub MCP tool: ${toolCall.function.name} with args: ${toolCall.function.arguments}`)
+  core.debug(`Executing GitHub MCP tool: ${toolCall.function.name} with args: ${toolCall.function.arguments}`)
 
   try {
     const args = JSON.parse(toolCall.function.arguments)
@@ -96,7 +106,7 @@ export async function executeToolCall(githubMcpClient: Client, toolCall: ToolCal
       arguments: args,
     })
 
-    core.info(`GitHub MCP tool ${toolCall.function.name} executed successfully`)
+    core.debug(`GitHub MCP tool ${toolCall.function.name} executed successfully`)
 
     return {
       tool_call_id: toolCall.id,

src/prompt.ts

@@ -7,9 +7,17 @@ export interface PromptMessage {
   content: string
 }
 
+export interface ModelParameters {
+  maxTokens?: number // Deprecated
+  maxCompletionTokens?: number
+  temperature?: number
+  topP?: number
+}
+
 export interface PromptConfig {
   messages: PromptMessage[]
   model?: string
+  modelParameters?: ModelParameters
   responseFormat?: 'text' | 'json_schema'
   jsonSchema?: string
 }
@@ -37,6 +45,47 @@ export function parseTemplateVariables(input: string): TemplateVariables {
   }
 }
 
+/**
+ * Parse file-based template variables from YAML input string. The YAML should map
+ * variable names to file paths. File contents are read and returned as variables.
+ */
+export function parseFileTemplateVariables(fileInput: string): TemplateVariables {
+  if (!fileInput.trim()) {
+    return {}
+  }
+
+  try {
+    const parsed = yaml.load(fileInput) as Record<string, unknown>
+    if (typeof parsed !== 'object' || parsed === null) {
+      throw new Error('File template variables must be a YAML object')
+    }
+
+    const result: TemplateVariables = {}
+    for (const [key, value] of Object.entries(parsed)) {
+      if (typeof value !== 'string') {
+        throw new Error(`File template variable '${key}' must be a string file path`)
+      }
+      const filePath = value
+      if (!fs.existsSync(filePath)) {
+        throw new Error(`File for template variable '${key}' was not found: ${filePath}`)
+      }
+      try {
+        result[key] = fs.readFileSync(filePath, 'utf-8')
+      } catch (err) {
+        throw new Error(
+          `Failed to read file for template variable '${key}' at path '${filePath}': ${err instanceof Error ? err.message : 'Unknown error'}`,
+        )
+      }
+    }
+
+    return result
+  } catch (error) {
+    throw new Error(
+      `Failed to parse file template variables: ${error instanceof Error ? error.message : 'Unknown error'}`,
+    )
+  }
+}
+
 /**
  * Replace template variables in text using {{variable}} syntax
  */
@@ -60,11 +109,8 @@ export function loadPromptFile(filePath: string, templateVariables: TemplateVari
 
   const fileContent = fs.readFileSync(filePath, 'utf-8')
 
-  // Apply template variable substitution
-  const processedContent = replaceTemplateVariables(fileContent, templateVariables)
-
   try {
-    const config = yaml.load(processedContent) as PromptConfig
+    const config = yaml.load(fileContent) as PromptConfig
 
     if (!config.messages || !Array.isArray(config.messages)) {
       throw new Error('Prompt file must contain a "messages" array')
@@ -80,6 +126,14 @@ export function loadPromptFile(filePath: string, templateVariables: TemplateVari
       }
     }
 
+    // Prepare messages by replacing template variables with actual content
+    config.messages = config.messages.map(msg => {
+      return {
+        ...msg,
+        content: replaceTemplateVariables(msg.content, templateVariables),
+      }
+    })
+
     return config
   } catch (error) {
     throw new Error(`Failed to parse prompt file: ${error instanceof Error ? error.message : 'Unknown error'}`)