fix: prevent Copilot CLI PATH fallback#300
Merged
github-actions[bot] merged 3 commits intoMay 25, 2026
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens Copilot SDK execution by ensuring Waza resolves and installs its bundled GitHub Copilot CLI before constructing the shared SDK client, and by refusing to fall back to an unrelated copilot found on PATH when embedded extraction fails. It also adds a COPILOT_CLI_PATH override with validation and documents the bundled-CLI behavior across the docs.
Changes:
- Resolve Copilot CLI path during shared SDK client construction, validating
COPILOT_CLI_PATHand failing fast if the embedded CLI can’t be installed (no PATH fallback). - Add an embedded CLI installer (
internal/embedded/path.go) that extracts to the user cache and verifies integrity via hashing. - Add unit tests for CLI-path selection/error cases and update docs/README to describe the bundled CLI and override behavior.
Show a summary per file
| File | Description |
|---|---|
| site/src/content/docs/reference/cli.mdx | Documents COPILOT_CLI_PATH and clarifies “no PATH fallback” behavior. |
| site/src/content/docs/quick-start.mdx | Notes the bundled Copilot CLI extraction behavior and when to use COPILOT_CLI_PATH. |
| README.md | Adds bundled Copilot CLI behavior note for users running the copilot-sdk executor. |
| internal/execution/sdkclient.go | Constructs shared Copilot SDK client only after resolving a validated CLI path; refuses PATH fallback on embedded failure. |
| internal/execution/sdkclient_test.go | Adds coverage for embedded CLI path usage, COPILOT_CLI_PATH override, and failure modes. |
| internal/execution/copilot.go | Removes the blank import side-effect for embedded CLI setup (now driven via sdkclient resolution). |
| internal/embedded/path.go | Implements embedded CLI extraction, integrity checking, and atomic install into user cache. |
| docs/INTEGRATION-TESTING.md | Documents bundled CLI behavior for real SDK integration test setup. |
Copilot's findings
- Files reviewed: 8/8 changed files
- Comments generated: 2
Wrap deferred closer.Close() and f.Close() calls in anonymous functions that explicitly discard the error with _ = to satisfy the errcheck linter. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
copilotonPATHwhen embedded extraction failsCOPILOT_CLI_PATHoverrides and document the bundled CLI behaviorCloses #297
Validation
go test ./...cd site && npm run build -- --silentGOOS=windows GOARCH=amd64 go test -c ./internal/embedded -o /tmp/waza-embedded-windows-amd64.test.exeGOOS=windows GOARCH=arm64 go test -c ./internal/embedded -o /tmp/waza-embedded-windows-arm64.test.exe