Skip to content

Enable sandbox.agent.sudo: false on 20 agentic workflows#41628

Merged
pelikhan merged 1 commit into
mainfrom
copilot/enable-sandbox-agent-sudo-false
Jun 26, 2026
Merged

Enable sandbox.agent.sudo: false on 20 agentic workflows#41628
pelikhan merged 1 commit into
mainfrom
copilot/enable-sandbox-agent-sudo-false

Conversation

Copilot AI commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Hardens the agent sandbox by disabling sudo across 20 workflows that were missing the sandbox.agent.sudo: false setting.

Changes

  • 11 workflows (artifacts-summary, copilot-pr-nlp-analysis, daily-hippo-learn, daily-news, daily-repo-chronicle, firewall-escape, firewall, hippo-embed, mcp-inspector, research, weekly-issue-summary): expanded agent: awf shorthand to block form to accommodate the new field:
    sandbox:
      agent:
        id: awf
        sudo: false
  • 2 workflows (avenger, hourly-ci-cleaner): added sudo: false to existing expanded agent: block (alongside id: awf and mounts)
  • 3 workflows (smoke-claude, smoke-pi, step-name-alignment): added sudo: false to agent: blocks that only had config:
  • 1 workflow (glossary-maintainer): flipped sudo: truesudo: false
  • 1 workflow (design-decision-gate): added agent: sudo: false to sandbox that previously only configured mcp:
  • 2 workflows (audit-workflows, ci-coach): added sandbox: agent: sudo: false from scratch

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan June 26, 2026 07:14
@pelikhan
pelikhan marked this pull request as ready for review June 26, 2026 11:25
Copilot AI review requested due to automatic review settings June 26, 2026 11:25
@pelikhan
pelikhan merged commit e613685 into main Jun 26, 2026
@pelikhan
pelikhan deleted the copilot/enable-sandbox-agent-sudo-false branch June 26, 2026 11:25

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens multiple gh-aw agentic workflows by explicitly disabling sudo in the agent sandbox (sandbox.agent.sudo: false), updating workflow frontmatter where needed and regenerating affected compiled lockfiles.

Changes:

  • Added sandbox.agent.sudo: false across the targeted workflows (expanding agent: awf shorthand to block form where necessary).
  • Updated compiled .lock.yml outputs accordingly (including rootless AWF install/exec paths and related sandbox/network plumbing changes).
Show a summary per file
File Description
.github/workflows/weekly-issue-summary.md Expanded sandbox.agent to include sudo: false.
.github/workflows/weekly-issue-summary.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/step-name-alignment.md Added sandbox.agent.sudo: false to existing agent config.
.github/workflows/smoke-pi.md Added sandbox.agent.sudo: false to existing agent config.
.github/workflows/smoke-pi.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/smoke-claude.md Added sandbox.agent.sudo: false to existing agent config.
.github/workflows/research.md Expanded sandbox.agent to include sudo: false.
.github/workflows/research.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/mcp-inspector.md Expanded sandbox.agent to include sudo: false.
.github/workflows/hourly-ci-cleaner.md Added sudo: false to existing expanded sandbox.agent block.
.github/workflows/hippo-embed.md Expanded sandbox.agent to include sudo: false.
.github/workflows/hippo-embed.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/glossary-maintainer.md Flipped sandbox.agent.sudo from true to false.
.github/workflows/firewall.md Expanded sandbox.agent to include sudo: false.
.github/workflows/firewall.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/firewall-escape.md Expanded sandbox.agent to include sudo: false.
.github/workflows/firewall-escape.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/design-decision-gate.md Added sandbox.agent.sudo: false alongside existing sandbox.mcp config.
.github/workflows/daily-repo-chronicle.md Expanded sandbox.agent to include sudo: false.
.github/workflows/daily-news.md Expanded sandbox.agent to include sudo: false.
.github/workflows/daily-hippo-learn.md Expanded sandbox.agent to include sudo: false.
.github/workflows/daily-hippo-learn.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/copilot-pr-nlp-analysis.md Expanded sandbox.agent to include sudo: false.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/ci-coach.md Added sandbox.agent.sudo: false (new sandbox section).
.github/workflows/ci-coach.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.
.github/workflows/avenger.md Added sudo: false to existing expanded sandbox.agent block.
.github/workflows/audit-workflows.md Added sandbox.agent.sudo: false (new sandbox section).
.github/workflows/artifacts-summary.md Expanded sandbox.agent to include sudo: false.
.github/workflows/artifacts-summary.lock.yml Regenerated compiled workflow reflecting rootless / sandbox updates.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 40/40 changed files
  • Comments generated: 12
  • Review effort level: Low

Comment on lines +21 to +23
agent:
id: awf
sudo: false
Comment on lines +26 to +28
agent:
id: awf
sudo: false
Comment on lines +23 to +25
agent:
id: awf
sudo: false
Comment on lines +21 to +23
agent:
id: awf
sudo: false
Comment on lines +22 to +24
agent:
id: awf
sudo: false
Comment on lines +28 to +30
agent:
id: awf
sudo: false
Comment on lines +30 to +32
agent:
id: awf
sudo: false
esac
DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0')
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --name awmg-mcpg --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.30'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network bridge -p 127.0.0.1:'"${MCP_GATEWAY_PORT}"':'"${MCP_GATEWAY_PORT}"' --name awmg-mcpg --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e RUNNER_TEMP -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw -v '"${RUNNER_TEMP}"'/gh-aw/safeoutputs:'"${RUNNER_TEMP}"'/gh-aw/safeoutputs:rw ghcr.io/github/gh-aw-mcpg:v0.3.30'
GH_HOST: github.com
- name: Install AWF binary
run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11
run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 --rootless
package-manager-cache: false
- name: Install AWF binary
run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11
run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.11 --rootless
@github-actions github-actions Bot mentioned this pull request Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants