Enable sandbox.agent.sudo: false on 20 agentic workflows#41628
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
June 26, 2026 07:14
View session
pelikhan
marked this pull request as ready for review
June 26, 2026 11:25
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens multiple gh-aw agentic workflows by explicitly disabling sudo in the agent sandbox (sandbox.agent.sudo: false), updating workflow frontmatter where needed and regenerating affected compiled lockfiles.
Changes:
- Added
sandbox.agent.sudo: falseacross the targeted workflows (expandingagent: awfshorthand to block form where necessary). - Updated compiled
.lock.ymloutputs accordingly (including rootless AWF install/exec paths and related sandbox/network plumbing changes).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/weekly-issue-summary.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/weekly-issue-summary.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/step-name-alignment.md | Added sandbox.agent.sudo: false to existing agent config. |
| .github/workflows/smoke-pi.md | Added sandbox.agent.sudo: false to existing agent config. |
| .github/workflows/smoke-pi.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/smoke-claude.md | Added sandbox.agent.sudo: false to existing agent config. |
| .github/workflows/research.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/research.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/mcp-inspector.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/hourly-ci-cleaner.md | Added sudo: false to existing expanded sandbox.agent block. |
| .github/workflows/hippo-embed.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/hippo-embed.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/glossary-maintainer.md | Flipped sandbox.agent.sudo from true to false. |
| .github/workflows/firewall.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/firewall.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/firewall-escape.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/firewall-escape.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/design-decision-gate.md | Added sandbox.agent.sudo: false alongside existing sandbox.mcp config. |
| .github/workflows/daily-repo-chronicle.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/daily-news.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/daily-hippo-learn.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/daily-hippo-learn.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/copilot-pr-nlp-analysis.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/ci-coach.md | Added sandbox.agent.sudo: false (new sandbox section). |
| .github/workflows/ci-coach.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
| .github/workflows/avenger.md | Added sudo: false to existing expanded sandbox.agent block. |
| .github/workflows/audit-workflows.md | Added sandbox.agent.sudo: false (new sandbox section). |
| .github/workflows/artifacts-summary.md | Expanded sandbox.agent to include sudo: false. |
| .github/workflows/artifacts-summary.lock.yml | Regenerated compiled workflow reflecting rootless / sandbox updates. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 40/40 changed files
- Comments generated: 12
- Review effort level: Low
Comment on lines
+21
to
+23
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+26
to
+28
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+23
to
+25
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+21
to
+23
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+22
to
+24
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+28
to
+30
| agent: | ||
| id: awf | ||
| sudo: false |
Comment on lines
+30
to
+32
| agent: | ||
| id: awf | ||
| sudo: false |
| esac | ||
| DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0') | ||
| export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.30' | ||
| export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network bridge -p 127.0.0.1:'"${MCP_GATEWAY_PORT}"':'"${MCP_GATEWAY_PORT}"' --name awmg-mcpg --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.30' |
| GH_HOST: github.com | ||
| - name: Install AWF binary | ||
| run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 | ||
| run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 --rootless |
| package-manager-cache: false | ||
| - name: Install AWF binary | ||
| run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 | ||
| run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 --rootless |
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hardens the agent sandbox by disabling sudo across 20 workflows that were missing the
sandbox.agent.sudo: falsesetting.Changes
artifacts-summary,copilot-pr-nlp-analysis,daily-hippo-learn,daily-news,daily-repo-chronicle,firewall-escape,firewall,hippo-embed,mcp-inspector,research,weekly-issue-summary): expandedagent: awfshorthand to block form to accommodate the new field:avenger,hourly-ci-cleaner): addedsudo: falseto existing expandedagent:block (alongsideid: awfandmounts)smoke-claude,smoke-pi,step-name-alignment): addedsudo: falsetoagent:blocks that only hadconfig:glossary-maintainer): flippedsudo: true→sudo: falsedesign-decision-gate): addedagent: sudo: falseto sandbox that previously only configuredmcp:audit-workflows,ci-coach): addedsandbox: agent: sudo: falsefrom scratch