fix(docker-host): pass through loopback TCP DOCKER_HOST for ARC/DinD orchestration by Copilot · Pull Request #4832 · github/gh-aw-firewall

Copilot · 2026-06-12T19:56:38Z

AWF unconditionally deleted any non-unix:// DOCKER_HOST value, breaking ARC RunnerScaleSet pods where DOCKER_HOST=tcp://localhost:2375 is the canonical way to reach the DinD sidecar — causing AWF to fall back to /var/run/docker.sock which doesn't exist in runner containers.

Core fix

src/docker-host.ts — getLocalDockerEnv() now selectively filters DOCKER_HOST: unix:// sockets and loopback TCP endpoints (tcp://localhost:*, tcp://127.0.0.1:*) are passed through unchanged; non-loopback TCP endpoints (e.g. tcp://192.168.1.100:2375) are cleared so the docker CLI falls back to the default local socket, preserving AWF's network isolation model.

Loopback TCP treated as local/valid

src/option-parsers.ts — isLoopbackTcpDockerHost() now uses proper URI parsing (via URL) and requires: scheme tcp://, hostname exactly localhost or 127.0.0.1, a non-empty numeric port, and no path/query/auth components. Malformed values such as tcp://localhost (no port) or tcp://localhost:2375/path are correctly rejected. checkDockerHost() accepts these validated loopback endpoints as valid. isSiblingDaemonSocket() emits dindHint=true for loopback TCP so the split-filesystem prefix warning fires for ARC users.

src/commands/validators/config-assembly.ts — --docker-host flag now accepts loopback TCP URIs in addition to unix://, and the validation error message lists both accepted loopback forms:

# Previously rejected; now valid:
awf --docker-host tcp://localhost:2375 --allow-domains example.com -- curl ...
awf --docker-host tcp://127.0.0.1:2375 --allow-domains example.com -- curl ...

Type documentation

src/types/container-image-options.ts — awfDockerHost JSDoc updated to accurately describe the three-way passthrough decision: unix:// and loopback TCP pass through unchanged; non-loopback TCP is cleared to fall back to the default socket.

Copilot

Pull request overview

This PR updates AWF’s Docker-host handling to support ARC RunnerScaleSet + DinD sidecars where DOCKER_HOST=tcp://localhost:2375 is the standard endpoint, ensuring AWF’s own docker/compose orchestration can reach the sidecar daemon instead of incorrectly falling back to a missing /var/run/docker.sock.

Changes:

Allow loopback TCP Docker hosts (tcp://localhost:*, tcp://127.0.0.1:*) in checkDockerHost() and --docker-host validation.
Stop clearing DOCKER_HOST for AWF’s own docker CLI operations (intended to preserve ARC/DinD loopback TCP).
Update docs and tests to reflect the new accepted Docker host forms and behaviors.

Show a summary per file

File	Description
src/types/container-image-options.ts	Updates `awfDockerHost` JSDoc to document loopback TCP support.
src/option-parsers.ts	Adds loopback TCP detection and treats loopback TCP as a valid Docker host.
src/option-parsers-misc.test.ts	Expands unit tests for loopback TCP validity and DinD hinting behavior.
src/docker-manager-lifecycle.test.ts	Updates lifecycle tests to expect loopback TCP `DOCKER_HOST` passthrough.
src/docker-host.ts	Changes `getLocalDockerEnv()` behavior to preserve `DOCKER_HOST` (no longer clearing TCP).
src/commands/validators/network-options.ts	Updates validator comments/warnings around external Docker hosts and DinD hints.
src/commands/validators/config-assembly.ts	Allows `--docker-host` to accept loopback TCP URIs.
src/commands/validators/config-assembly.test.ts	Updates mocks and adds test coverage for loopback TCP acceptance/rejection.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 8/8 changed files
Comments generated: 4

  if (awfDockerHostOverride !== undefined) {
-    // Explicit CLI override — always use this socket for AWF operations
+    // Explicit CLI override — always use this value for AWF operations
    env.DOCKER_HOST = awfDockerHostOverride;
-  } else {
-    const dockerHost = env.DOCKER_HOST;
-    if (dockerHost && !dockerHost.startsWith('unix://')) {
-      // Non-unix DOCKER_HOST (e.g. tcp://localhost:2375 from a DinD sidecar).
-      // Clear it so AWF's docker commands target the local daemon, not the DinD one.
-      delete env.DOCKER_HOST;
-    }
  }
+  // Otherwise, preserve whatever DOCKER_HOST is set in the environment.


+function isLoopbackTcpDockerHost(dockerHost: string): boolean {
+  if (!dockerHost.startsWith('tcp://')) return false;
+  const rest = dockerHost.slice('tcp://'.length);
+  return rest.startsWith('localhost:') || rest.startsWith('localhost/') ||
+         rest === 'localhost' ||
+         rest.startsWith('127.0.0.1:') || rest.startsWith('127.0.0.1/') ||
+         rest === '127.0.0.1';
+}


+   * When not set, AWF uses the current `DOCKER_HOST` environment variable
+   * unchanged.  Loopback TCP and unix:// values are passed through as-is;
+   * non-loopback TCP endpoints emit a warning and fall back to the default
+   * socket.


lpcox · 2026-06-12T21:37:29Z

@copilot address review feedback

lpcox · 2026-06-12T23:20:08Z

@copilot upgrade and recompile workflows

Copilot · 2026-06-12T23:22:13Z

@copilot upgrade and recompile workflows

Done — ran gh aw upgrade then npx tsx scripts/ci/postprocess-smoke-workflows.ts. Updated files: actions-lock.json (new container pin), and 9 lock files (build-test, smoke-*, doc-maintainer, contribution-check, security-guard, test-coverage-*).

lpcox · 2026-06-12T23:22:38Z

@copilot resolve the merge conflicts in this pull request

…st-deletion-issue # Conflicts: # .github/workflows/smoke-chroot.lock.yml

Copilot · 2026-06-12T23:24:55Z

@copilot resolve the merge conflicts in this pull request

Done — merged origin/main into the branch. The only conflict was in smoke-chroot.lock.yml (the gh-aw-manifest comment line for ghcr.io/github/gh-aw-mcpg:latest); resolved by keeping our version with the pinned SHA digest from the recent gh aw upgrade run.

github-actions · 2026-06-12T23:39:56Z

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 72509be

github-actions · 2026-06-12T23:44:24Z

🧪 Smoke Test: Copilot PAT — PASS

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ 200
File write/read	✅

PR: fix(docker-host): pass through loopback TCP DOCKER_HOST for ARC/DinD orchestration
Author: @Copilot · Assignees: @lpcox, @Copilot
Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Note

🔒 Integrity filter blocked 1 item

The following item was blocked because it doesn't meet the GitHub integrity level.

#4828 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

🔑 PAT report filed by Smoke Copilot PAT

github-actions · 2026-06-12T23:45:03Z

🔬 Smoke Test Results — PASS

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP (200)	✅
File write/read	✅

PR: fix(docker-host): pass through loopback TCP DOCKER_HOST for ARC/DinD orchestration
Author: @Copilot — Assignees: @lpcox @Copilot

Note

🔒 Integrity filter blocked 1 item

The following item was blocked because it doesn't meet the GitHub integrity level.

#4828 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-06-12T23:45:18Z

Smoke test results:

[Test Coverage] container-lifecycle.ts retry/timeout/kill branches ✅
test: regression tests for Copilot SDK model-missing AI credits bug ✅
GitHub page title check ✅
temp file read/write ✅
discussion lookup/comment ✅
npm ci && npm run build ✅
Overall: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-06-12T23:45:30Z

Smoke Test: Copilot BYOK (Direct) Mode — PASS ✅

✅ GitHub MCP connectivity (merged PRs query successful)
✅ github.com HTTP connectivity (HTTP 200)
✅ File write/read test (temp file created & verified)
✅ BYOK inference path active (api-proxy → api.githubcopilot.com)

Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) via api-proxy sidecar
Assignees: @lpcox @Copilot

Overall: PASS

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-06-12T23:46:16Z

feat(api-proxy): implement OTLP fan-out to multiple endpoints: ✅
GitHub.com connectivity: ✅
File write/read test: ✅
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra: ✅
Overall status: PASS
cc @Copilot @lpcox

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)

github-actions · 2026-06-12T23:46:24Z

Chroot Smoke Test Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.16.0	v22.22.3	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ FAILED — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot

github-actions · 2026-06-12T23:46:25Z

feat(api-proxy): implement OTLP fan-out to multiple endpoints
MCP connectivity: ✅
GitHub.com connectivity: ✅
Agent file I/O: ✅
Direct BYOK inference: ✅
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)
Overall: PASS
cc @lpcox

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)

github-actions · 2026-06-12T23:46:54Z

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	all passed	✅ PASS
Go	env	✅	all passed	✅ PASS
Go	uuid	✅	all passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	all passed	✅ PASS
Node.js	execa	✅	all passed	✅ PASS
Node.js	p-limit	✅	all passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #4832 · ◷

github-actions · 2026-06-12T23:47:31Z

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ Timeout (port 6379 unreachable)
PostgreSQL pg_isready	❌ Timeout (port 5432 unreachable)
PostgreSQL SELECT 1	❌ Not attempted

host.docker.internal resolves to 172.17.0.1 but both ports timed out — service containers appear not to be running or are not reachable from this environment.

Overall: FAIL

🔌 Service connectivity validated by Smoke Services

Initial plan

fc2bb0b

Copilot AI assigned Copilot and lpcox Jun 12, 2026

Copilot started work on behalf of lpcox June 12, 2026 19:57 View session

fix: support tcp://localhost DOCKER_HOST for ARC/DinD orchestration

2547ae4

Copilot AI changed the title ~~[WIP] Fix AWF not using tcp:// DOCKER_HOST for container orchestration~~ fix(docker-host): pass through tcp://localhost DOCKER_HOST for ARC/DinD orchestration Jun 12, 2026

Copilot finished work on behalf of lpcox June 12, 2026 20:09

Copilot AI requested a review from lpcox June 12, 2026 20:09

lpcox marked this pull request as ready for review June 12, 2026 21:28

Copilot AI review requested due to automatic review settings June 12, 2026 21:28

Copilot started reviewing on behalf of lpcox June 12, 2026 21:29 View session

Copilot AI temporarily deployed to aoai-model June 12, 2026 21:30 Inactive

Copilot AI reviewed Jun 12, 2026

View reviewed changes