Skip to content

Compiler: enforce ARC/DinD daemon-visible paths and AWF v0.27.20 minimum#42815

Merged
lpcox merged 5 commits into
mainfrom
copilot/gh-aw-compiler-arc-dind-path-redirections
Jul 1, 2026
Merged

Compiler: enforce ARC/DinD daemon-visible paths and AWF v0.27.20 minimum#42815
lpcox merged 5 commits into
mainfrom
copilot/gh-aw-compiler-arc-dind-path-redirections

Conversation

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

runner.topology: arc-dind currently assumes host paths that are not visible to the DinD daemon (/tmp, /usr/local/bin, hosted toolcache), which can break container startup and runtime behavior. This change redirects ARC/DinD runtime-critical paths to ${RUNNER_TEMP}/gh-aw and aligns compiler output with split-filesystem requirements while preserving least-write-surface behavior.

  • ARC/DinD path redirection in AWF command generation

    • Switches ARC/DinD --docker-host-path-prefix to ${RUNNER_TEMP}/gh-aw.
    • Rewrites engine command /tmp/gh-aw/... references to ${RUNNER_TEMP}/gh-aw/... in ARC/DinD mode.
    • Sets HOME=${RUNNER_TEMP}/gh-aw/home in ARC/DinD engine command execution.
    • Uses daemon-visible AWF log/audit dirs for ARC/DinD:
      • ${RUNNER_TEMP}/gh-aw/sandbox/firewall/logs
      • ${RUNNER_TEMP}/gh-aw/sandbox/firewall/audit
    • Uses ${RUNNER_TEMP}/gh-aw/models.json for ARC/DinD model path export.
  • Mount topology: ro base + rw overlays

    • Keeps ${RUNNER_TEMP}/gh-aw mounted read-only.
    • Adds targeted rw overlays for:
      • ${RUNNER_TEMP}/gh-aw/home
      • ${RUNNER_TEMP}/gh-aw/sandbox/agent
    • This preserves prompt/config/binary/log integrity while allowing required runtime writes.
  • Copilot binary/tool-cache relocation for ARC/DinD

    • Uses ${RUNNER_TEMP}/gh-aw/bin/copilot for sandboxed Copilot execution when topology is ARC/DinD.
    • Redirects RUNNER_TOOL_CACHE to ${RUNNER_TEMP}/gh-aw/tool-cache in main job generation for ARC/DinD.
  • Version gate for ARC/DinD safety

    • Bumps default AWF version to v0.27.20.
    • Adds an ARC/DinD-specific minimum AWF version constant (v0.27.20) and validation error when an older effective AWF version is pinned.
# ARC/DinD generated shape (simplified)
export HOME=${RUNNER_TEMP}/gh-aw/home
awf \
  --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" \
  --mount "${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw" \
  --mount "${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw" \
  --proxy-logs-dir "${RUNNER_TEMP}/gh-aw/sandbox/firewall/logs" \
  --audit-dir "${RUNNER_TEMP}/gh-aw/sandbox/firewall/audit"

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Hey @copilot-swe-agent 👋 — thanks for picking up the ARC/DinD compiler path-redirection fix! Routing ${RUNNER_TEMP}/gh-aw through the compiler for daemon-visible paths is exactly the right scope. A couple of things to address before this is ready for review:

  • Add a prose description — the body currently only contains an unchecked TODO checklist. Once the implementation is in place, replace or supplement it with a brief summary of what changed and why (e.g. what breaks without the path redirection, which runner topologies are affected, what the fix does). Reviewers and future git log readers will thank you.
  • Ensure tests land — item 3 on your checklist mentions adding/adjusting focused tests for AWF command generation and runner-topology behaviour. Make sure those make it into the diff before the draft is marked ready; coverage on the path-redirection logic and the minimum AWF version enforcement is particularly important.

If you'd like a hand completing the implementation, you can assign this prompt to your coding agent:

Complete the ARC/DinD compiler path-redirection work in the gh-aw compiler.

Specifically:
1. Update compiler path handling so that, when the runner topology is arc-dind, paths to the gh-aw binary are rewritten to use `${RUNNER_TEMP}/gh-aw` (where the DinD daemon can see them).
2. Add validation / defaults enforcement for the minimum AWF version required under ARC/DinD topologies.
3. Add or adjust unit tests covering:
   a. AWF command generation with arc-dind topology (path should be `${RUNNER_TEMP}/gh-aw`).
   b. AWF command generation with a non-arc-dind topology (path should remain unchanged).
   c. Minimum version validation — valid version passes, too-low version is rejected.
4. Run `make fmt` and the targeted test suite; confirm all required progress-validation checks pass.
5. Update the PR body with a concise description of what changed and why.

Generated by ✅ Contribution Check · 131 AIC · ⌖ 21 AIC · ⊞ 6.3K ·

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix gh-aw compiler to redirect paths for arc-dind topology Compiler: enforce ARC/DinD daemon-visible paths and AWF v0.27.20 minimum Jul 1, 2026
Copilot AI requested a review from lpcox July 1, 2026 17:43
Copilot finished work on behalf of lpcox July 1, 2026 17:43
@lpcox

lpcox commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Config vs CLI flag recommendations

After auditing the AWF config file schema (awf-config.json), here is what can move into the stdin config today and what requires a new AWF feature:

✅ Already supported in config — use these instead of CLI flags

CLI flag Config path Notes
--proxy-logs-dir logging.proxyLogsDir ✓ Use in config
--audit-dir logging.auditDir ✓ Use in config
--docker-host-path-prefix container.dockerHostPathPrefix ✓ Use in config
--runner-topology runner.topology ✓ Use in config
--container-workdir container.containerWorkDir ✓ Use in config
--skip-pull container.skipPull ✓ Use in config
--env-all environment.envAll ✓ Use in config
--exclude-env environment.excludeEnv ✓ Use in config

❌ CLI-only (gap) — requires AWF change

CLI flag Proposed config path Tracking issue
--mount / -v container.mounts github/gh-aw-firewall#5754

Recommended config shape for ARC/DinD

{
  "runner": { "topology": "arc-dind" },
  "container": {
    "dockerHostPathPrefix": "/host",
    "containerWorkDir": "/home/runner/_work/repo/repo"
  },
  "logging": {
    "proxyLogsDir": "${RUNNER_TEMP}/gh-aw/sandbox/firewall/logs",
    "auditDir": "${RUNNER_TEMP}/gh-aw/sandbox/firewall/audit"
  }
}

Until github/gh-aw-firewall#5754 ships, --mount flags must remain as CLI arguments:

awf \
  --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" \
  --mount "${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw" \
  --mount "${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw"

Security note

The HOME override (export HOME=${RUNNER_TEMP}/gh-aw/home) should be set in the user command prefix, not as a mount. This ensures the agent's writable home is under the ro parent mount with a specific rw overlay — preventing safe-outputs config escalation.

…ix to AWF config

Move CLI flags that AWF already supports in its config schema into the
JSON config file instead of passing them as CLI arguments:

- logging.proxyLogsDir replaces --proxy-logs-dir (static path)
- logging.auditDir replaces --audit-dir (static path)
- container.dockerHostPathPrefix set when runner.topology is arc-dind

For ARC/DinD, --proxy-logs-dir and --audit-dir CLI flags remain as
runtime overrides because they use ${RUNNER_TEMP} paths that require
shell expansion (CLI overrides config per AWF precedence rules).

The --mount and --container-workdir flags remain as CLI arguments since
--mount requires gh-aw-firewall#5754 and --container-workdir needs
runtime shell variable expansion.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@lpcox lpcox marked this pull request as ready for review July 1, 2026 18:33
Copilot AI review requested due to automatic review settings July 1, 2026 18:33

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the compiler/runtime generation for runner.topology: arc-dind to use Docker-daemon-visible paths (under ${RUNNER_TEMP}/gh-aw) and enforces a minimum AWF version (v0.27.20) to avoid known split-filesystem mount failures.

Changes:

  • Bump default AWF/firewall version to v0.27.20 and add an arc-dind minimum version gate with validation + tests.
  • Redirect ARC/DinD runtime-critical paths (tool cache, Copilot binary path selection, models path export, and overlay mounts) toward ${RUNNER_TEMP}/gh-aw.
  • Move static proxy/audit logging dirs into the generated AWF config JSON (with ARC/DinD intended to override via CLI), and refresh golden/lock fixtures accordingly.
Show a summary per file
File Description
pkg/workflow/runner_topology_validation.go Add ARC/DinD minimum AWF version enforcement during validation.
pkg/workflow/runner_topology_validation_test.go Test coverage for the new ARC/DinD minimum-version gate.
pkg/constants/version_constants.go Bump default firewall/AWF version and introduce AWFArcDindMinVersion.
pkg/workflow/compiler_yaml_main_job.go Redirect RUNNER_TOOL_CACHE to ${RUNNER_TEMP}/gh-aw/tool-cache for ARC/DinD.
pkg/workflow/compiler_yaml_main_job_test.go Test for ARC/DinD tool-cache redirection behavior.
pkg/workflow/copilot_engine_execution.go Use ${RUNNER_TEMP}/gh-aw/bin/copilot when sandboxed + ARC/DinD.
pkg/workflow/awf_helpers.go Add ARC/DinD path rewriting, overlay mounts, models path export selection, and logging flag/config changes.
pkg/workflow/awf_helpers_test.go Add/adjust tests for ARC/DinD path prefix, models export, and rewriting helpers.
pkg/workflow/awf_config.go Extend AWF config JSON schema emission to include logging and container docker-host-path-prefix.
pkg/workflow/awf_config_test.go Assert logging section + dockerHostPathPrefix presence in generated config JSON.
pkg/workflow/firewall_args_test.go Add ARC/DinD assertions for daemon-visible mounts/paths and Copilot binary relocation.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden Update expected AWF version/image tags and generated command/config shape.
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden Update expected AWF version/image tags and generated command/config shape.
.github/workflows/test-workflow.lock.yml Regenerated lock with updated AWF version/image tags and config JSON shape.
.github/workflows/example-permissions-warning.lock.yml Regenerated lock with updated AWF version/image tags and config JSON shape.
.github/workflows/codex-github-remote-mcp-test.lock.yml Regenerated lock with updated AWF version/image tags and config JSON shape.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 32/278 changed files
  • Comments generated: 4
  • Review effort level: Low

Comment thread pkg/workflow/awf_helpers.go Outdated
Comment on lines +641 to +646
// Logging paths: static values are now in config (logging.proxyLogsDir, logging.auditDir).
// For ARC/DinD, CLI flags with ${RUNNER_TEMP} paths override the config at runtime.
if isArcDindTopology(config.WorkflowData) {
awfArgs = append(awfArgs, "--proxy-logs-dir", awfArcDindProxyLogsDirExpr)
awfArgs = append(awfArgs, "--audit-dir", awfArcDindAuditDirExpr)
}
Comment thread pkg/workflow/awf_config.go Outdated
Comment on lines +559 to +563
// still overrides this at runtime, but setting it in config provides a static baseline.
if isArcDindTopology(config.WorkflowData) {
container.DockerHostPathPrefix = string(constants.TmpGhAwDir)
awfConfigLog.Printf("Container section: dockerHostPathPrefix=%s (arc-dind topology)", constants.TmpGhAwDir)
}
Comment thread pkg/workflow/firewall_args_test.go Outdated
Comment on lines +330 to +332
if !strings.Contains(stepContent, `--proxy-logs-dir '${RUNNER_TEMP}/gh-aw/sandbox/firewall/logs'`) {
t.Error("Expected proxy logs dir to be daemon-visible under ${RUNNER_TEMP}/gh-aw")
}
Comment thread pkg/workflow/firewall_args_test.go Outdated
Comment on lines +333 to +335
if !strings.Contains(stepContent, `--audit-dir '${RUNNER_TEMP}/gh-aw/sandbox/firewall/audit'`) {
t.Error("Expected audit dir to be daemon-visible under ${RUNNER_TEMP}/gh-aw")
}
@lpcox

lpcox commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

@copilot run pr-finisher skill

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category bug
Risk 🔴 High
Score 74 / 100
Action fast_track

Score breakdown: Impact 40 + Urgency 22 + Quality 12

Rationale: Compiler-critical path change fixing ARC/DinD daemon-visible path issues; 30 lock files regenerated. CI partially running (canary-go passing). Copilot reviewer has commented. Needs expedited human review to unblock ARC topology users.

Generated by 🔧 PR Triage Agent · 49.4 AIC · ⌖ 11.7 AIC · ⊞ 1.6K ·

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke Test Gemini\n- GitHub Fetch: ✅\n- Web Fetch: ✅\n- File Write: ✅\n- Bash Execution: ✅\n- Build gh-aw: ❌\n\nOverall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

Smoke Gemini — Powered by Gemini ·
Comment /smoke-gemini to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.54.0
jq 1.7
yq v4.53.3
curl 8.5.0
gh 2.95.0
node v22.23.1
python3 3.11.15 (PyPy 7.3.23)
go 1.24.13
java 10.0.301 (detected via dotnet; java env active)
dotnet 10.0.301

Result: 12/12 tools available ✅

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔧 Tool validation by Agent Container Smoke Test · 14.5 AIC · ⌖ 7.5 AIC · ⊞ 4.7K ·
Comment /smoke-test-tools to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Smoke test results:

  • Test 1 (merged PRs): ✅
  • Test 2 (mcpscripts PR list): ❌
  • Test 3 (Serena find_symbol): ❌
  • Test 4 (Playwright open): ✅
  • Test 5 (web fetch): ✅
  • Test 6 (file create): ✅
  • Test 7 (discussion query): ❌
    Overall: FAIL
    @copilot-swe-agent @lpcox @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot - AOAI (apikey) · 92.6 AIC · ⌖ 16.7 AIC · ⊞ 18.1K ·
Comment /smoke-copilot-aoai-apikey to run again
Add label smoke to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Compiler: enforce ARC/DinD daemon-visible paths and AWF v0.27.20 minimum
1❌ 2❌ 3✅ 4✅
5❌ 6✅ 7❌ 8✅
9✅ 10✅ 11✅ 12✅
13✅ 14❌ 15✅ 16✅
FAIL • author Copilot • assignees lpcox, Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 675.6 AIC · ⌖ 16.2 AIC · ⊞ 19.2K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Comment Memory

Stone tool hums
Bot test drums at night
Smoke dance says maybe

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 675.6 AIC · ⌖ 16.2 AIC · ⊞ 19.2K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke review done. Tools spoke.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 675.6 AIC · ⌖ 16.2 AIC · ⊞ 19.2K
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

gh-aw compiler: ARC/DinD topology requires daemon-visible path redirections

3 participants