Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/awf-config-spec.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ following top-level properties. All are OPTIONAL:
| `container` | object | Container and Docker settings |
| `chroot` | object | Chroot execution overrides for split-filesystem ARC/DinD runners |
| `dind` | object | Bootstrap helpers for ARC/DinD split runner/daemon filesystems |
| `runner` | object | Runner topology declaration (standard vs. ARC/DinD) |
| `environment` | object | Environment variable propagation (see §8) |
| `logging` | object | Logging and diagnostics |
| `rateLimiting` | object | Egress rate limiting |
Expand Down Expand Up @@ -202,6 +203,8 @@ AWF settings MAY be supplied via config files, including stdin (`--config -`).
- `rateLimiting.requestsPerHour` → `--rate-limit-rph`
- `rateLimiting.bytesPerMinute` → `--rate-limit-bytes-pm`
- `platform.type` → *(config-only; maps to `AWF_PLATFORM_TYPE`)*
- `runner.topology` → *(config-only; sets runner deployment model — `standard` or `arc-dind`; when `arc-dind`, enables sysroot staging and emits RUNNER_TOOL_CACHE warnings)*
- `runner.sysrootImage` → *(config-only; sysroot init-container image for `arc-dind` topology; defaults to `<container.imageRegistry>/build-tools:<container.imageTag>`, where `container.imageRegistry` defaults to `ghcr.io/github/gh-aw-firewall`)*

When `container.dockerHostPathPrefix` points at a daemon-visible shared `/tmp` path, the implementation stages the invoking CLI binary together with `/etc/passwd`, `/etc/group`, and the generated chroot `/etc/hosts` under that shared path so chroot mode can bootstrap on split-filesystem ARC/DinD hosts.

Expand Down
Loading