[awf] ARC/DinD: preserve chroot identity overrides, add binaries overlay path, and publish glibc DinD companion image

[Copilot]

ARC/DinD chroot runs had two AWF-specific breakages: HOME/USER/LOGNAME overrides were being lost after capsh, and runner-installed CLIs were not reliably visible when /usr came from the daemon filesystem. This PR adjusts chroot identity application order, adds a first-class binaries overlay path, and introduces a glibc DinD image path for ARC guidance.

• Entrypoint identity semantics (post-capsh effective env)

  • Moved chroot identity export behavior into the generated chroot command script so overrides are applied in the effective runtime context.
  • HOME, USER, and LOGNAME now come from chroot.identity.* without being clobbered by pre-switch environment state.

• Config surface: chroot.binariesSourcePath

  • Added chroot.binariesSourcePath to config types, schema, config-file mapping, and config assembly.
  • Added validation for absolute paths (and explicit rejection of /).
  • Wired mount generation to overlay <binariesSourcePath>:/host/usr/local/bin:ro, allowing runner-side binaries (e.g. copilot) to be visible in chroot without pre-run copy hacks.

• ARC/DinD companion image

  • Added containers/dind-ubuntu/Dockerfile for a glibc DinD base with docker-ce, libcap2-bin (capsh), and Node.js preinstalled.
  • Extended release workflow to build/sign/attest/publish ghcr.io/github/gh-aw-firewall/dind-ubuntu.

• Docs/schema updates

  • Updated ARC/DinD and chroot docs to document chroot.binariesSourcePath and the dind-ubuntu recommendation.
  • Synced config spec + schema docs with the new chroot field.

{
  "chroot": {
    "binariesSourcePath": "/tmp/gh-aw/runner-bin",
    "identity": {
      "home": "/tmp/gh-aw/home",
      "user": "runner",
      "uid": 1001,
      "gid": 1001
    }
  }
}

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 31a03fe

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	96.50%	96.54%	📈 +0.04%
Statements	96.42%	96.45%	📈 +0.03%
Functions	98.73%	98.74%	➡️ +0.01%
Branches	90.70%	90.69%	📉 -0.01%

📁 Per-file Coverage Changes (3 files)

File	Lines (Before → After)	Statements (Before → After)
src/services/agent-volumes/system-mounts.ts	100.0% → 92.3% (-7.70%)	100.0% → 92.3% (-7.70%)
src/commands/validators/config-assembly.ts	97.9% → 98.1% (+0.16%)	97.0% → 97.2% (+0.23%)
src/config-writer.ts	89.3% → 90.9% (+1.65%)	89.3% → 90.9% (+1.65%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR improves ARC/DinD chroot reliability by (1) ensuring chroot identity overrides survive the capsh user-switch, (2) adding a config-driven overlay mount for runner-installed binaries into chroot PATH, and (3) introducing and publishing a glibc-based DinD companion image plus related docs/schema updates.

Changes:

• Apply HOME/USER/LOGNAME overrides inside the generated chroot command script (post-capsh) to prevent clobbering.
• Add chroot.binariesSourcePath (config-only) and wire it into mount generation as an overlay to /usr/local/bin inside chroot.
• Add containers/dind-ubuntu image and extend the release workflow to build/sign/attest/publish it; update docs/schema/spec accordingly.

Show a summary per file

File	Description
src/types/runtime-options.ts	Adds chrootBinariesSourcePath to runtime options typing.
src/services/agent-volumes/volume-builder.ts	Passes chrootBinariesSourcePath into system-mount generation.
src/services/agent-volumes/system-mounts.ts	Adds optional /host/usr/local/bin overlay mount from chrootBinariesSourcePath.
src/services/agent-volumes-mounts.test.ts	Extends volume-mount tests to cover the binaries overlay behavior (with/without prefix).
src/schema.test.ts	Adds schema validation coverage for chroot.binariesSourcePath type.
src/config-file.ts	Adds stdin/config-file parsing/mapping for chroot.binariesSourcePath.
src/config-file-validation.test.ts	Adds validation tests for chroot.binariesSourcePath and unknown chroot keys.
src/config-file-mapping.test.ts	Verifies mapping of chroot.binariesSourcePath into CLI/options layer.
src/commands/validators/config-assembly.ts	Adds post-assembly validation for chrootBinariesSourcePath (absolute path, not /).
src/commands/validators/config-assembly.test.ts	Adds unit tests for the new chrootBinariesSourcePath validations.
src/commands/build-config.ts	Threads chrootBinariesSourcePath through config construction.
src/commands/build-config.test.ts	Adds unit test ensuring chrootBinariesSourcePath passthrough.
src/awf-config-schema.json	Adds chroot.binariesSourcePath to the canonical JSON schema.
docs/chroot-mode.md	Documents the additional mount when chroot.binariesSourcePath is set.
docs/awf-config.schema.json	Mirrors schema updates for documentation output.
docs/awf-config-spec.md	Documents the new config-only field and its behavior.
docs/arc-dind.md	Updates ARC/DinD guidance to include binariesSourcePath and the new image recommendation.
containers/dind-ubuntu/Dockerfile	Introduces a new Ubuntu-based DinD companion image definition.
containers/agent/entrypoint.sh	Moves identity exports into the generated script to apply post-capsh effectively.
.github/workflows/release.yml	Adds build/sign/SBOM/attestation/publish steps for dind-ubuntu and includes it in release artifacts.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 20/20 changed files
• Comments generated: 2

[lpcox]

@copilot address review feedback and merge main

[Copilot]

@copilot address review feedback and merge main

Done in 230f9a0:

• containers/dind-ubuntu/Dockerfile: Removed EXPOSE 2375 2376 — the CMD only binds the Unix socket, so the TCP port declarations were misleading.
• src/commands/validators/config-assembly.ts: Added validation to reject : and \n/\r in chrootBinariesSourcePath before it gets interpolated into the Docker volume spec.
• Merged main.

[lpcox]

@copilot run pr-finisher skill

[Copilot]

@copilot run pr-finisher skill

There's no pr-finisher skill available in this repository. Available skills are: agentic-workflows, awf-debug-tools, debug-firewall, debugging-workflows, awf-skill, recompile-workflows, customize-cloud-agent. Could you clarify what you'd like me to do to finish this PR?

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.42%	96.46%	📈 +0.04%
Statements	96.34%	96.38%	📈 +0.04%
Functions	98.74%	98.75%	📈 +0.01%
Branches	90.73%	90.73%	➡️ +0.00%

📁 Per-file Coverage Changes (3 files)

File	Lines (Before → After)	Statements (Before → After)
src/services/agent-volumes/system-mounts.ts	100.0% → 92.3% (-7.70%)	100.0% → 92.3% (-7.70%)
src/commands/validators/config-assembly.ts	97.9% → 98.2% (+0.23%)	97.0% → 97.3% (+0.33%)
src/config-writer.ts	89.3% → 90.9% (+1.65%)	89.3% → 90.9% (+1.65%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

GitHub API: ✅ PASS
GitHub check: ✅ PASS
File verify: ✅ PASS

Total: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke test results:

• Upgrade gh-aw to v0.79.2 (pre-release)
• Refactor container lifecycle into focused Squid log and startup diagnostics modules
• GitHub PR review: ✅
• GitHub query: ✅
• Browser title check: ✅
• File write/readback: ✅
• Build (npm ci && npm run build): ✅
  Overall status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

🔬 Smoke Test Results

PR: [awf] ARC/DinD: preserve chroot identity overrides, add binaries overlay path, and publish glibc DinD companion image
Author: @Copilot | Assignees: @lpcox, @Copilot

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ (200)
File write/read	❌ (template vars unexpanded)

Overall: FAIL — pre-step outputs (SMOKE_*) were not substituted; file path was a raw template expression.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test: Copilot BYOK (Direct) Mode — PASS ✅

1. ✅ GitHub MCP: PR [awf] ARC/DinD: preserve chroot identity overrides, add binaries overlay path, and publish glibc DinD companion image #4587 fetched successfully
2. ✅ github.com: HTTP 200
3. ✅ File I/O: /tmp/gh-aw/agent/smoke-test-copilot-byok.txt OK
4. ✅ BYOK Inference: Direct mode (agent → api-proxy sidecar → api.githubcopilot.com)

Running in direct BYOK mode via COPILOT_PROVIDER_API_KEY with real credentials held by api-proxy sidecar.

PR: #4587 by @Copilot
Assignees: @lpcox, @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.16.0	v22.22.3	❌
Go	go1.22.12	go1.22.12	✅

Result: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	passed	✅ PASS
Go	env	✅	passed	✅ PASS
Go	uuid	✅	passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #4587 · 643.2 AIC · ⊞ 35.5K · ◷

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ Timeout (port 6379 unreachable)
PostgreSQL pg_isready	❌ No response (port 5432 unreachable)
PostgreSQL SELECT 1	❌ Timeout (port 5432 unreachable)

host.docker.internal resolves to 172.17.0.1 but neither service port is reachable from the runner.

Overall: FAIL

🔌 Service connectivity validated by Smoke Services