Honor Unix DOCKER_HOST sockets for DinD mounts on ARC runners

[Copilot]

Bug Fix

What was the bug?

ARC DinD runners can expose Docker through a shared Unix socket without using the default hardcoded path. AWF was still assuming /var/run/docker.sock for DinD socket exposure, so MCP gateway startup could fail even when DOCKER_HOST already pointed at a valid Unix socket.

How did you fix it?

• Socket path resolution

  • Resolve the DinD socket mount from awfDockerHost first, then DOCKER_HOST, when either uses a unix:// URI.
  • Fall back to /var/run/docker.sock only when no valid Unix socket is configured.
  • Keep /run/docker.sock mounted only for the standard default socket case.

• Agent Docker client alignment

  • When --enable-dind is used with --docker-host unix:///path/to/docker.sock, set the agent container's DOCKER_HOST to that same Unix socket so in-agent docker commands target the mounted socket by default.
  • This covers the common case where the host process does not already have DOCKER_HOST set, avoiding a mismatch between the mounted DinD socket and the agent's Docker client default.

• Invalid config handling

  • Warn and fall back cleanly when DOCKER_HOST contains a malformed Unix socket URI.
  • Ignore non-Unix DOCKER_HOST values for DinD socket mounting instead of treating them as bind-mount paths.

• Coverage and docs

  • Add focused tests for custom Unix socket detection, override precedence, malformed Unix socket fallback, and the --docker-host + --enable-dind case when host DOCKER_HOST is unset.
  • Document that --docker-host also controls the DinD socket exposed to the agent when --enable-dind is enabled, and that AWF sets the agent's DOCKER_HOST to match.

const dockerHost = config.awfDockerHost ?? process.env.DOCKER_HOST;

if (dockerHost?.startsWith('unix://')) {
  const socketPath = dockerHost.slice('unix://'.length);
  // mount the configured Unix socket into the agent chroot
}

if (config.enableDind && config.awfDockerHost?.startsWith('unix://')) {
  environment.DOCKER_HOST = config.awfDockerHost;
}

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit b8a97af

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	87.37%	87.45%	📈 +0.08%
Statements	87.34%	87.41%	📈 +0.07%
Functions	82.70%	82.74%	📈 +0.04%
Branches	79.43%	79.58%	📈 +0.15%

📁 Per-file Coverage Changes (3 files)

File	Lines (Before → After)	Statements (Before → After)
src/services/agent-volumes.ts	91.6% → 90.8% (-0.75%)	91.8% → 91.0% (-0.76%)
src/services/agent-environment.ts	98.5% → 98.6% (+0.02%)	97.8% → 97.9% (+0.03%)
src/container-lifecycle.ts	87.1% → 88.2% (+1.14%)	87.5% → 88.6% (+1.11%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR fixes Docker-in-Docker (DinD) socket mounting for ARC/Kubernetes runners by deriving the bind-mounted Unix socket from configured Docker host settings instead of always assuming /var/run/docker.sock, improving compatibility with runners that expose Docker via a non-standard shared socket path.

Changes:

• Added Unix-socket resolution logic for DinD mounts (with fallback + warnings for malformed unix:// values).
• Updated agent volume mounting to only include /run/docker.sock when using the default socket path.
• Added unit tests for custom Unix DOCKER_HOST, override precedence, and malformed Unix socket fallback; documented the ARC DinD sidecar pattern.

Show a summary per file

File	Description
src/services/agent-volumes.ts	Adds resolveDockerSocketPath() and updates DinD volume mounts to honor unix:// socket paths (with fallback behavior).
src/services/agent-volumes.test.ts	Adds tests covering custom Unix socket mounts, precedence, and invalid Unix socket fallback behavior.
docs/environment.md	Documents ARC/Kubernetes runner pattern using a shared Unix Docker socket with --enable-dind.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

src/services/agent-volumes.ts:36

• socketPath is used verbatim in a docker volume spec (${dockerSocketPath}:/host${dockerSocketPath}:rw). If DOCKER_HOST contains trailing whitespace or unexpected characters like : or newlines, this can produce an invalid/misparsed mount string (and : could be interpreted as additional mount fields). It would be safer to trim() the extracted path and reject paths containing :/control characters before returning it.

  const socketPath = dockerHost.slice('unix://'.length);
  if (socketPath.startsWith('/') && socketPath !== '/' && socketPath.trim() !== '') {
    return socketPath;
  }

• Files reviewed: 3/3 changed files
• Comments generated: 3

[lpcox]

@copilot address the review feedback

[Copilot]

@copilot address the review feedback

Addressed in 4fc1383 with a follow-up test cleanup in b5bd01c.

[lpcox]

Review: PR #2841 — Honor Unix DOCKER_HOST sockets for DinD mounts

Verdict: ✅ Approve — clean, self-contained, no security concerns.

What I checked

1. resolveDockerSocketPath() validation — Correctly rejects TCP DOCKER_HOST values and falls back to /var/run/docker.sock. Only Unix socket paths are honored. Relative and empty paths are rejected with a warning.

2. /dev/null overlays untouched — The else block (DinD disabled) that mounts /dev/null over Docker sockets is completely unchanged. Security model preserved.

3. Fallback behavior — When DOCKER_HOST is missing, invalid, or TCP, defaults to /var/run/docker.sock. The /run/docker.sock symlink mount is correctly made conditional on default path only.

4. awfDockerHost precedence — --docker-host flag correctly takes priority over DOCKER_HOST env var.

5. Test coverage — Good: Unix socket exposure, flag precedence, invalid paths, agent DOCKER_HOST override. Minor gap: no explicit test for TCP DOCKER_HOST + enableDind (should fall back to default), but the logic is straightforward.

Staging note

This is the smallest and most self-contained of the three ARC/DinD PRs. Recommend merging first before #2843 and #2839 to minimize rebase conflicts.

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP connectivity	❌ (401 – GitHub MCP unauthenticated in this environment)
GitHub.com HTTP connectivity	✅ (pre-step confirmed)
File write/read	✅ (BYOK smoke test passed at Sun May 10 17:49:37 UTC 2026)
BYOK inference (api-proxy → api.githubcopilot.com)	✅ (prompt received and responded)

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.

Overall: PASS (MCP auth failure is environment-level, not AWF/BYOK issue)

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test Results

❌ GitHub MCP Testing - gh CLI auth failed
✅ Playwright Testing - GitHub page title verified
✅ File Writing Testing - test file created
✅ Bash Tool Testing - file verified

Overall: FAIL (1/4 tests failed)

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test Results

Test	Status
GitHub MCP connectivity	❌ 401 Bad credentials
GitHub.com HTTP connectivity	⚠️ Template vars not expanded
File write/read (smoke-test-copilot-25632715944.txt)	✅ Content verified

Overall: FAIL — GitHub MCP returned 401 Bad credentials.

cc @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test: Codex

Restore --ignore-scripts for engine CLI installs in lock files, add regression guard, install Claude native binary explicitly, and harden Smoke Codex safe-output targeting
api-proxy: set COPILOT_PROVIDER_WIRE_API=responses for GPT-5-family Copilot BYOK runs
GitHub PR review ✅ | safeinputs-gh ❌ | Playwright ✅ | Tavily ❌
File/bash ✅ | Discussion ❌ | Build ✅
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Chroot Smoke Test Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌
Node.js	v24.14.1	v20.20.2	❌
Go	go1.22.12	go1.22.12	✅

Result: ❌ Not all versions matched — Go matches, but Python and Node.js differ between host and chroot environments.

Tested by Smoke Chroot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2841 · ● 557K · ◷

[github-actions]

Smoke Test Results

Check	Result
Redis PING	❌ Timeout (no response)
PostgreSQL pg_isready	❌ No response
PostgreSQL SELECT 1	❌ Skipped (pg_isready failed)

Overall: FAIL — host.docker.internal is not reachable from this runner. Service containers may not be configured or this is a non-Docker runner environment.

🔌 Service connectivity validated by Smoke Services