Summary
The --mount / -v CLI option for custom volume mounts has no equivalent in the AWF config file schema (awf-config.json). This forces the gh-aw compiler to pass security-sensitive mount specifications as CLI arguments rather than through the stdin config.
For ARC/DinD workflows, the mount strategy is security-critical (ro base + rw overlays to protect safe-outputs config and audit logs from agent tampering). Passing these via config enables:
- Validation via JSON Schema before execution
- Centralized configuration (one place to audit)
- Consistent with the principle that security-sensitive params should use config/env, not positional CLI args
Proposed Schema Addition
{
"container": {
"mounts": {
"type": "array",
"items": {
"type": "string",
"pattern": "^[^:]+:[^:]+(:(ro|rw))?$"
},
"description": "Custom volume mounts for the agent container. Format: 'host_path:container_path[:ro|rw]'. In chroot mode, container paths are automatically prefixed with /host."
}
}
}
Context
The gh-aw compiler for topology: arc-dind needs to specify:
--mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro"
--mount "${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw"
--mount "${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw"
These should instead be:
{
"container": {
"mounts": [
"${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro",
"${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw",
"${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw"
]
}
}
Other options already in config
For reference, these related options are already available in config and do NOT need changes:
logging.proxyLogsDir (maps to --proxy-logs-dir)
logging.auditDir (maps to --audit-dir)
container.containerWorkDir (maps to --container-workdir)
environment.envAll / environment.excludeEnv
Related
Summary
The
--mount/-vCLI option for custom volume mounts has no equivalent in the AWF config file schema (awf-config.json). This forces the gh-aw compiler to pass security-sensitive mount specifications as CLI arguments rather than through the stdin config.For ARC/DinD workflows, the mount strategy is security-critical (ro base + rw overlays to protect safe-outputs config and audit logs from agent tampering). Passing these via config enables:
Proposed Schema Addition
{ "container": { "mounts": { "type": "array", "items": { "type": "string", "pattern": "^[^:]+:[^:]+(:(ro|rw))?$" }, "description": "Custom volume mounts for the agent container. Format: 'host_path:container_path[:ro|rw]'. In chroot mode, container paths are automatically prefixed with /host." } } }Context
The gh-aw compiler for
topology: arc-dindneeds to specify:These should instead be:
{ "container": { "mounts": [ "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro", "${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw", "${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw" ] } }Other options already in config
For reference, these related options are already available in config and do NOT need changes:
logging.proxyLogsDir(maps to--proxy-logs-dir)logging.auditDir(maps to--audit-dir)container.containerWorkDir(maps to--container-workdir)environment.envAll/environment.excludeEnvRelated