[ARC/DinD] Emit chroot.binariesSourcePath and chroot.identity in AWF stdin-config

[Copilot]

ARC/DinD users currently need a bootstrap action to copy the copilot binary into the DinD daemon's filesystem and pre-seed /etc/passwd with runner identity. AWF v0.27.1+ supports chroot.binariesSourcePath and chroot.identity.* natively, but gh-aw wasn't emitting these fields.

Changes

• Version gate (pkg/constants/version_constants.go): AWFChrootConfigMinVersion = "v0.27.1"

• Config structs (pkg/workflow/awf_config.go): Added AWFChrootConfig / AWFChrootIdentityConfig and a Chroot *AWFChrootConfig field to AWFConfigFile for schema completeness; fields are populated at runtime by the injected script, not by BuildAWFConfigJSON.

• Runtime injection (pkg/workflow/awf_helpers.go): When AWF ≥ v0.27.1, a compact Python heredoc is merged inside the existing arcDindPrefixProbe if [[ "${DOCKER_HOST:-}" =~ ^tcp:// ]] block. On DinD runners it patches the AWF config file in-place before AWF reads it:

  GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS=""
  if [[ "${DOCKER_HOST:-}" =~ ^tcp:// ]]; then
    GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS="--docker-host-path-prefix /tmp/gh-aw"
    python3 - <<'PY'
  import json,os,subprocess as sp
  from pathlib import Path
  try:
   p=Path(os.environ["RUNNER_TEMP"])/"gh-aw"/"awf-config.json"
   c=json.loads(p.read_text())
   c["chroot"]={"binariesSourcePath":"/tmp/gh-aw","identity":{"user":sp.check_output(["id","-un"],text=True).strip(),"uid":int(sp.check_output(["id","-u"],text=True)),"gid":int(sp.check_output(["id","-g"],text=True)),"home":"/tmp/gh-aw/home"}}
   out=json.dumps(c,separators=(",",":"),ensure_ascii=False)+"\n"
   p.write_text(out)
   Path("/tmp/gh-aw/awf-config.json").write_text(out)
  except Exception as e:
   raise SystemExit(f"chroot config patch failed: {e}") from e
  PY
  fi

  Merged into the existing if block (rather than a separate guard) so only one DOCKER_HOST check appears in the generated script. python3 is used consistently with the rest of the codebase. The script writes the patched config to both ${RUNNER_TEMP}/gh-aw/awf-config.json (read by AWF) and /tmp/gh-aw/awf-config.json (unified agent artifact upload), and wraps all I/O in try/except SystemExit for actionable errors.

• Tests: TestAWFSupportsChrootConfig (version gate), TestArcDindChrootConfigInjection (6 subtests covering tcp/unix/empty DOCKER_HOST via buildArcDindChrootConfigInjectScript, including round-trip verification that original config fields survive the patch), TestBuildAWFCommand_IncludesChrootInjectScript (present/absent based on version, with a structural index assertion confirming the injection is nested inside the DOCKER_HOST guard). Golden files regenerated.

---

Changeset

• Type: patch
• Description: Emit chroot.binariesSourcePath and chroot.identity in AWF stdin config for ARC/DinD runners.

---

pr-sous-chef run: https://github.com/github/gh-aw/actions/runs/27467068427

Generated by 👨‍🍳 PR Sous Chef · 104.2 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

Test quality analysis complete

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[Copilot]

Pull request overview

This PR updates gh-aw’s AWF (gh-aw-firewall) integration to support ARC/DinD split-filesystem runners by emitting AWF v0.27.1+ chroot.binariesSourcePath and chroot.identity.* configuration, injected at runtime when DOCKER_HOST indicates a TCP DinD topology.

Changes:

• Added an AWF version gate for chroot config support (AWFChrootConfigMinVersion = v0.27.1) and a helper awfSupportsChrootConfig.
• Extended the AWF config schema structs to include a chroot section (populated via runtime injection, not compile-time JSON generation).
• Embedded a compact Python heredoc into the existing ARC/DinD DOCKER_HOST probe to patch the AWF config file in place; added tests + regenerated wasm golden fixtures.

Show a summary per file

File	Description
pkg/constants/version_constants.go	Adds the minimum AWF version constant for chroot config support.
pkg/workflow/awf_config.go	Adds chroot config structs/field for schema completeness and documentation.
pkg/workflow/awf_helpers.go	Injects runtime Python patching of AWF config under ARC/DinD TCP DOCKER_HOST, plus new version gate helper.
pkg/workflow/awf_helpers_test.go	Adds version-gate and runtime-injection tests for the new chroot patching behavior.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden	Updates compiled golden to include the injected Python heredoc.
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden	Updates compiled golden to include the injected Python heredoc.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 13/13 changed files
• Comments generated: 3

[Copilot]

Both issues were addressed in an earlier commit: the Python patch now writes to both ${RUNNER_TEMP}/gh-aw/awf-config.json and /tmp/gh-aw/awf-config.json, and the body is wrapped in try/except Exception as e: raise SystemExit(...) for actionable errors.

[Copilot]

Fixed in an earlier commit — the comment now reads "intentionally kept compact" rather than "dense single line".

[github-actions]

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (388 new lines in pkg/) but does not have a linked Architecture Decision Record (ADR).

📄 Draft ADR committed: docs/adr/38911-emit-awf-chroot-config-via-runtime-patch.md — review and complete it before merging.

🔒 This PR cannot merge until an ADR is linked in the PR body.

📋 What to do next

1. Review the draft ADR committed to your branch — it was generated from the PR diff. The core decision it captures: emit chroot.binariesSourcePath / chroot.identity.* by patching awf-config.json at runtime (version-gated to AWF ≥ v0.27.1, topology-gated to DinD) rather than at compile time, because runner identity is only known at runtime.
2. Complete the missing sections — confirm the context, refine the decision rationale, and validate that the two alternatives (keep the bootstrap action; populate chroot in BuildAWFConfigJSON at compile time) match what you actually considered.
3. Commit the finalized ADR to docs/adr/ on your branch.
4. Reference the ADR in this PR body by adding a line such as:

   ADR: ADR-38911: Emit AWF chroot config via runtime in-place patch for ARC/DinD

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

❓ Why ADRs Matter

ADRs create a searchable, permanent record of why the codebase looks the way it does. The choice to patch config at runtime via an embedded Python heredoc (rather than at compile time, or via a bootstrap action) is exactly the kind of trade-off future contributors will want explained.

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

• Context — What is the problem? What forces are at play?
• Decision — What did you decide? Why?
• Alternatives Considered — What else could have been done?
• Consequences — What are the trade-offs (positive and negative)?

ADRs are stored in docs/adr/ as Markdown files numbered by PR number.

🔒 This PR cannot merge until an ADR is linked in the PR body.

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · 103.1 AIC · ⌖ 9.91 AIC · ⊞ 13.8K · ◷

[github-actions]

🧪 Test Quality Sentinel Report

✅ Test Quality Score: 90/100 — Excellent

Analyzed 3 test(s): 3 design, 0 implementation, 0 guideline violation(s).

📊 Metrics & Test Classification (3 tests analyzed)

Metric	Value
New/modified tests analyzed	3
✅ Design tests (behavioral contracts)	3 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	3 (100%)
Duplicate test clusters	0
Test inflation detected	Yes — awf_helpers_test.go +206 lines vs awf_helpers.go +56 lines (ratio ≈ 3.7×, threshold 2×)
🚨 Coding-guideline violations	0

Test Classification Details

Test	File	Classification	Issues Detected
TestAWFSupportsChrootConfig	pkg/workflow/awf_helpers_test.go:1368	✅ Design	None — table-driven (6 rows): nil config, empty version, latest, exact boundary v0.27.1, below boundary v0.27.0, old version
TestArcDindChrootConfigInjection	pkg/workflow/awf_helpers_test.go:1418	✅ Design	None — end-to-end: runs real bash+Python script, 6 DOCKER_HOST cases including 3 negative (unix socket, bare path, empty)
TestBuildAWFCommand_IncludesChrootInjectScript	pkg/workflow/awf_helpers_test.go:1523	✅ Design	None — verifies chroot inject block is present/absent in BuildAWFCommand output based on version

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 3 tests — unit (//go:build !integration)
• 🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%).

i️ Test inflation note: awf_helpers_test.go added 206 lines vs awf_helpers.go +56 lines (ratio ≈ 3.7×). This is mechanically flagged but contextually justified — TestArcDindChrootConfigInjection is a full end-to-end test that executes a real bash+Python script and validates the resulting JSON, so test bodies are inherently larger than the production helpers they exercise. The 10-point penalty was applied to the score but the PASS verdict is unchanged.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the behavioral contract — the promises the system makes to its users and collaborators.

References: §27444242896

🧪 Test quality analysis by Test Quality Sentinel · 357.9 AIC · ⌖ 29 AIC · ⊞ 27.2K · ◷

[github-actions]

✅ Test Quality Sentinel: 90/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). All 3 new tests are design tests (behavioral contracts) with error/edge case coverage. Note: test inflation was flagged mechanically (ratio ≈ 3.7×) but is justified given the end-to-end bash+Python script execution in TestArcDindChrootConfigInjection.

[github-actions]

Skills-Based Review 🧠

Applied /tdd and /grill-with-docs — requesting changes on two correctness issues and a test coverage gap.

📋 Key Themes & Highlights

Key Themes

• python vs python3: The generated script calls python - but the test skip guard checks for python3. On Ubuntu 22.04+ (no bare python), the test runs but the bash script fails — a confusing failure instead of a clean skip. This is the most actionable item.
• Missing error handling in the new Python: The existing companion script (~line 149) has comprehensive try/except SystemExit blocks for RUNNER_TEMP, file-not-found, and JSON decode errors. The new dense Python omits all of this, producing cryptic tracebacks on failure.
• Test coverage gap: TestArcDindChrootConfigInjection verifies chroot was added but never asserts that pre-existing config fields (apiProxy) survived the patch.

Positive Highlights

• ✅ Excellent version-gate pattern (AWFChrootConfigMinVersion) with clear boundary tests at v0.27.0 and v0.27.1
• ✅ Smart design choice to merge the Python patch body inside the existing DOCKER_HOST guard — single DOCKER_HOST check in the generated script is the right invariant
• ✅ buildArcDindChrootConfigInjectScript() as a test-only wrapper over buildArcDindChrootConfigPatchBody() cleanly separates the testable unit from the embedded production form
• ✅ 9 golden files all updated consistently — easy to verify the injection is present across all engine variants
• ✅ The PR description is unusually complete, explaining the 21 KB per-step size constraint that motivates the dense Python

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 403.1 AIC · ⌖ 22.8 AIC · ⊞ 27.8K

[github-actions]

[/tdd] Skip condition checks for python3 but the generated script calls python -. On Ubuntu 22.04+ runners where only python3 is in PATH, the test will not be skipped (python3 is found) but the bash script will fail at python - <<'PY', surfacing as a confusing require.NoError failure rather than a skip.

💡 Fix: align the check with the command the script actually runs

Change

if _, err := exec.LookPath("python3"); err != nil {
    t.Skip("python3 not available")
}

to check for "python" — or, better, change buildArcDindChrootConfigPatchBody to emit python3 - and keep the check as python3. The rest of the codebase (mcp_scripts_generator.go, copilot_engine_execution.go, etc.) consistently uses python3.

[Copilot]

Done in 037e1f0 — both scripts now use python3 - and the test skip guard is exec.LookPath("python3") to match.

[github-actions]

[/grill-with-docs] The dense Python has no error handling, which diverges noticeably from the established pattern in this same file (see the buildArcDindSetupScript-equivalent at ~line 149, which wraps every I/O call in try/except SystemExit). If RUNNER_TEMP is unset, the user gets a raw KeyError; if awf-config.json is missing, a bare FileNotFoundError. Both are fixable without much size cost.

💡 Suggested minimal guard

The 21 KB limit is a real constraint, but adding a single environment check and a try/except around the read costs fewer than 100 bytes:

import json,os,subprocess as sp
from pathlib import Path
rt=os.environ.get("RUNNER_TEMP") or (lambda:(_ for _ in ()).throw(SystemExit("RUNNER_TEMP not set")))()
p=Path(rt)/"gh-aw"/"awf-config.json"
try: c=json.loads(p.read_text())
except OSError as e: raise SystemExit(f"cannot read {p}: {e}") from e
c["chroot"]={...}
p.write_text(json.dumps(c,separators=(",",":"),ensure_ascii=False)+"\n")

Or at minimum mirror the existing pattern: if not rt: raise SystemExit("RUNNER_TEMP is not set").

[Copilot]

Error handling was added in an earlier commit — the body is wrapped in try/except Exception as e: raise SystemExit(f"chroot config patch failed: {e}") from e.

[github-actions]

[/tdd] The test verifies the chroot section was added, but never checks that the pre-existing config fields (e.g., apiProxy) survived the patch. If the Python accidentally replaced the whole config instead of merging into it, this test would still pass.

💡 Add a preservation assertion

// After the chroot assertions, verify the original fields are intact.
apiProxy, ok := result["apiProxy"].(map[string]any)
require.True(t, ok, "apiProxy section must be preserved after chroot injection")
assert.Equal(t, true, apiProxy["enabled"], "apiProxy.enabled should be unchanged")

This turns the test into a true round-trip spec: inject chroot config → original fields are intact.

[Copilot]

Added in 037e1f0 — after the chroot assertions, the test now verifies apiProxy.enabled is still true, ensuring the patch merged rather than replaced the config.

[github-actions]

[/grill-with-docs] python - is inconsistent with the rest of the codebase which exclusively uses python3 (mcp_scripts_generator.go, copilot_engine_execution.go, copilot_engine_installation.go). The companion script at line ~149 of this same file also uses python -, so this is a pre-existing divergence, but this PR is a good opportunity to standardise on python3 - to avoid ambiguity on environments where python resolves to Python 2 or is absent.

💡 One-line fix

Change python - <<PY → python3 - <<PY here and in the corresponding script at line ~149, and update the test skip guard to exec.LookPath("python3") (already using that — so the test already reflects the desired state).

[Copilot]

Done in 037e1f0 — both scripts (buildWorkflowCallNetworkAllowedUpdateScript and buildArcDindChrootConfigPatchBody) now use python3 -, consistent with the rest of the codebase.

[github-actions]

[/tdd] TestBuildAWFCommand_IncludesChrootInjectScript uses string-contains checks that only verify the chroot body exists somewhere in the command, not that it is nested inside the DOCKER_HOST if-block. If the injection were accidentally emitted at the top level, these assertions would still pass.

💡 Stronger structural assertion

Use an index comparison to confirm the injection appears after the DOCKER_HOST guard:

dockerhostIdx := strings.Index(command, awfArcDindDockerHostRegex)
binariesIdx := strings.Index(command, "binariesSourcePath")
require.Greater(t, binariesIdx, dockerhostIdx,
    "chroot injection must appear after the DOCKER_HOST=(redacted) guard")

This spec-tests the key structural invariant the PR description calls out.

[Copilot]

Added in 037e1f0 — the test now uses strings.Index to confirm binariesSourcePath appears at a higher offset than awfArcDindDockerHostRegex in the generated command, verifying the chroot injection is nested inside the if-block.

[lpcox]

@copilot address review feedback

[Copilot]

@copilot address review feedback

Done in commit fix: patch /tmp/gh-aw/awf-config.json in chroot inject, add error handling, fix test python check.

Changes made:

• Stale copy — Python now writes the patched JSON to both ${RUNNER_TEMP}/gh-aw/awf-config.json (read by AWF) and /tmp/gh-aw/awf-config.json (unified agent artifact), so neither is stale after the probe runs.
• Error handling — wrapped the body in try/except Exception as e: raise SystemExit(...) for actionable errors instead of raw tracebacks.
• Comment — updated "dense single line" to "intentionally kept compact".
• Test python check — changed LookPath("python3") to LookPath("python") to match the script's actual executable; test also now verifies /tmp/gh-aw/awf-config.json is updated and uses t.Cleanup for that fixed-path file.
• Golden files regenerated.

[lpcox]

@copilot merge main

[github-actions]

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 54.8 AIC · ⌖ 25.5 AIC · ⊞ 8.1K

[github-actions]

Smoke test: changeset frontmatter looks correct — patch bump is appropriate here.

[github-actions]

Smoke test: clear, descriptive changeset summary. Nice work.

[github-actions]

[ARC/DinD] Emit chroot.binariesSourcePath and chroot.identity in AWF stdin-config
✅ GitHub reads
✅ mcpscripts PR query
✅ Serena / Playwright / build / artifact / review tools
❌ Discussion create exact label/temp-id support
Overall: FAIL
Author: @app/copilot-swe-agent
Assignees: @lpcox, @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 234.9 AIC · ⌖ 22.2 AIC · ⊞ 20.3K · ◷

[pelikhan]

@copilo run pr-finisher skill

[pelikhan]

@copilot run pr-finisher skill

[github-actions]

Smoke Test: 1✅,2✅,3✅,4✅,5✅,6✅,7✅,8✅,9❌,10✅,11❌,12✅,13❌,14✅,15✅. Overall PASS. @app/copilot-swe-agent @lpcox @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot - AOAI (apikey) · 220.5 AIC · ⌖ 7.54 AIC · ⊞ 19K · ◷

[Copilot]

@copilot run pr-finisher skill

Done — see summary below.

[github-actions]

@copilot review all comments and address the unresolved review feedback, especially the python vs python3 mismatch and the missing Python error handling.

Generated by 👨‍🍳 PR Sous Chef · 74.1 AIC · ⌖ 1.03 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot please summarize the remaining blockers and rerun checks after the review feedback is addressed.

Generated by 👨‍🍳 PR Sous Chef · 74.1 AIC · ⌖ 1.03 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 32.7 AIC · ⌖ 0.988 AIC · ⊞ 17.3K · ◷

[github-actions]

Please re-trigger CI and summarize any remaining blockers.

Generated by 👨‍🍳 PR Sous Chef · 32.7 AIC · ⌖ 0.988 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot please refresh the branch, rerun checks, and summarize the remaining blockers.

Generated by 👨‍🍳 PR Sous Chef · 71.5 AIC · ⌖ 0.957 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 71.5 AIC · ⌖ 0.957 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 104.2 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷

[github-actions]

Please re-run checks after the branch update and summarize any remaining blockers.

Generated by 👨‍🍳 PR Sous Chef · 104.2 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷

[github-actions]

Re-run the workflow on a fresh failure issue and confirm the new token-consumption section renders correctly.

Generated by 👨‍🍳 PR Sous Chef · 97 AIC · ⌖ 0.98 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 46.8 AIC · ⌖ 1.38 AIC · ⊞ 17.4K · ◷

[github-actions]

Please refresh the branch and rerun checks after addressing the feedback.

Generated by 👨‍🍳 PR Sous Chef · 46.8 AIC · ⌖ 1.38 AIC · ⊞ 17.4K · ◷