Skip to content

Fix shell escaping for environment variable expansion in AWF #12146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Mossaka wants to merge 12 commits into from
Closed

Fix shell escaping for environment variable expansion in AWF #12146

Mossaka wants to merge 12 commits into from

Conversation

@Mossaka
Copy link
Collaborator

@Mossaka Mossaka commented Jan 28, 2026
edited by agentic-workflows-dev bot
Loading

Summary

  • Fixes environment variable expansion inside AWF containers by pre-wrapping values in double quotes
  • This ensures GOROOT, GH_AW_TOOL_BINS, and other mirrored env vars expand properly at runtime
  • Fixes the PATH priority mechanism for tools from actions/setup-*

Test plan

  • Unit tests pass
  • Smoke tests verify Go version from actions/setup-go is used

🤖 Generated with Claude Code

Changeset

  • Type: patch
  • Description: Fix AWF environment variable expansion by quoting mirrored vars and restore setup-* PATH ordering.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

Copilot AI and others added 11 commits January 27, 2026 17:25
Initial plan
417bb7f
@Mossaka
Initial plan for mounting binaries in agent container
eb68b0a 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
Add utility binary mounts to AWF container for workflows
953648c 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
Fix test logic for utility mount read-only verification
4d14f8f 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
e9a3cb9
@Mossaka
Merge branch 'main' into copilot/mount-recommended-binaries
24af4ea
@Mossaka
Merge origin/main and regenerate lock files
f10605a 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
Merge remote-tracking branch 'origin/main' into copilot/mount-recomme…
dc0b246 
…nded-binaries

# Conflicts:
#	.github/workflows/agent-performance-analyzer.lock.yml
#	.github/workflows/agent-persona-explorer.lock.yml
#	.github/workflows/ai-moderator.lock.yml
#	.github/workflows/archie.lock.yml
#	.github/workflows/artifacts-summary.lock.yml
#	.github/workflows/auto-triage-issues.lock.yml
#	.github/workflows/brave.lock.yml
#	.github/workflows/breaking-change-checker.lock.yml
#	.github/workflows/chroma-issue-indexer.lock.yml
#	.github/workflows/ci-coach.lock.yml
#	.github/workflows/ci-doctor.lock.yml
#	.github/workflows/cli-consistency-checker.lock.yml
#	.github/workflows/code-scanning-fixer.lock.yml
#	.github/workflows/code-simplifier.lock.yml
#	.github/workflows/copilot-cli-deep-research.lock.yml
#	.github/workflows/copilot-pr-merged-report.lock.yml
#	.github/workflows/copilot-pr-nlp-analysis.lock.yml
#	.github/workflows/copilot-pr-prompt-analysis.lock.yml
#	.github/workflows/craft.lock.yml
#	.github/workflows/daily-assign-issue-to-user.lock.yml
#	.github/workflows/daily-cli-performance.lock.yml
#	.github/workflows/daily-compiler-quality.lock.yml
#	.github/workflows/daily-copilot-token-report.lock.yml
#	.github/workflows/daily-file-diet.lock.yml
#	.github/workflows/daily-firewall-report.lock.yml
#	.github/workflows/daily-malicious-code-scan.lock.yml
#	.github/workflows/daily-news.lock.yml
#	.github/workflows/daily-regulatory.lock.yml
#	.github/workflows/daily-repo-chronicle.lock.yml
#	.github/workflows/daily-secrets-analysis.lock.yml
#	.github/workflows/daily-semgrep-scan.lock.yml
#	.github/workflows/daily-team-status.lock.yml
#	.github/workflows/daily-testify-uber-super-expert.lock.yml
#	.github/workflows/daily-workflow-updater.lock.yml
#	.github/workflows/delight.lock.yml
#	.github/workflows/dependabot-bundler.lock.yml
#	.github/workflows/dependabot-go-checker.lock.yml
#	.github/workflows/dev-hawk.lock.yml
#	.github/workflows/dev.lock.yml
#	.github/workflows/dictation-prompt.lock.yml
#	.github/workflows/discussion-task-miner.lock.yml
#	.github/workflows/docs-noob-tester.lock.yml
#	.github/workflows/example-custom-error-patterns.lock.yml
#	.github/workflows/example-permissions-warning.lock.yml
#	.github/workflows/firewall-escape.lock.yml
#	.github/workflows/firewall.lock.yml
#	.github/workflows/github-remote-mcp-auth-test.lock.yml
#	.github/workflows/glossary-maintainer.lock.yml
#	.github/workflows/grumpy-reviewer.lock.yml
#	.github/workflows/hourly-ci-cleaner.lock.yml
#	.github/workflows/issue-monster.lock.yml
#	.github/workflows/issue-triage-agent.lock.yml
#	.github/workflows/jsweep.lock.yml
#	.github/workflows/layout-spec-maintainer.lock.yml
#	.github/workflows/mcp-inspector.lock.yml
#	.github/workflows/mergefest.lock.yml
#	.github/workflows/metrics-collector.lock.yml
#	.github/workflows/notion-issue-summary.lock.yml
#	.github/workflows/org-health-report.lock.yml
#	.github/workflows/pdf-summary.lock.yml
#	.github/workflows/plan.lock.yml
#	.github/workflows/poem-bot.lock.yml
#	.github/workflows/portfolio-analyst.lock.yml
#	.github/workflows/pr-nitpick-reviewer.lock.yml
#	.github/workflows/pr-triage-agent.lock.yml
#	.github/workflows/python-data-charts.lock.yml
#	.github/workflows/q.lock.yml
#	.github/workflows/release.lock.yml
#	.github/workflows/repo-audit-analyzer.lock.yml
#	.github/workflows/repo-tree-map.lock.yml
#	.github/workflows/repository-quality-improver.lock.yml
#	.github/workflows/research.lock.yml
#	.github/workflows/secret-scanning-triage.lock.yml
#	.github/workflows/security-alert-burndown.campaign.g.lock.yml
#	.github/workflows/security-alert-burndown.campaign.lock.yml
#	.github/workflows/security-alert-burndown.lock.yml
#	.github/workflows/security-compliance.lock.yml
#	.github/workflows/security-fix-pr.lock.yml
#	.github/workflows/security-guard.lock.yml
#	.github/workflows/security-review.lock.yml
#	.github/workflows/slide-deck-maintainer.lock.yml
#	.github/workflows/smoke-copilot.lock.yml
#	.github/workflows/stale-repo-identifier.lock.yml
#	.github/workflows/sub-issue-closer.lock.yml
#	.github/workflows/super-linter.lock.yml
#	.github/workflows/technical-doc-writer.lock.yml
#	.github/workflows/terminal-stylist.lock.yml
#	.github/workflows/tidy.lock.yml
#	.github/workflows/ubuntu-image-analyzer.lock.yml
#	.github/workflows/video-analyzer.lock.yml
#	.github/workflows/weekly-issue-summary.lock.yml
#	.github/workflows/workflow-generator.lock.yml
#	.github/workflows/workflow-health-manager.lock.yml
#	.github/workflows/workflow-normalizer.lock.yml
#	.github/workflows/workflow-skill-extractor.lock.yml
@Mossaka @claude
Merge main and regenerate agentic workflows
7d0aa49 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@Mossaka
Merge remote-tracking branch 'origin/main' into copilot/mount-recomme…
4af0008 
…nded-binaries
@Mossaka @claude
Fix shell escaping for environment variable expansion in AWF
4420a03 
Pre-wrap environment variable values in double quotes so they're
properly expanded inside AWF containers. This fixes the PATH priority
mechanism for tools from actions/setup-*.

Changes:
- env_mirror.go: Wrap mirrored env vars in double quotes
- engine_helpers.go: Wrap GH_AW_TOOL_BINS in double quotes
- Updated tests to expect the new format
- Regenerated all lock files

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@Mossaka Mossaka added the smoke label Jan 28, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited by agentic-workflows-dev bot
Loading

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

✅ Smoke test PASS

Tests: 7/7 passed

  • ✅ GitHub MCP
  • ✅ Safe Inputs GH CLI
  • ✅ Serena MCP
  • ✅ Playwright
  • ✅ File Write/Read
  • ✅ Discussion Interaction

Last 2 Merged PRs:

cc @Mossaka

AI generated by Smoke Copilot

@Mossaka Mossaka closed this Jan 28, 2026
@Mossaka Mossaka deleted the copilot/mount-recommended-binaries branch January 28, 2026 01:25
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

Recent merged PRs:
Mount recommended binaries into AWF agent container
Remove hardcoded safeoutputs tool list from agent prompt
GitHub MCP merged PRs ✅
safeinputs-gh PR list ✅
Serena activate ✅
Playwright GitHub title ✅
Tavily search ✅
File write+cat ✅
Discussion query+comment ✅ | Overall: PASS

AI generated by Smoke Codex

@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

Smoke Test Results

PRs: #12062, #12132

✅ GitHub MCP
✅ Safe Inputs GH CLI
✅ Serena MCP
✅ Make Build
✅ Playwright
✅ Tavily Web Search
✅ File Writing
✅ Bash Tool
✅ Discussion Interaction

Overall Status: PASS

AI generated by Smoke Claude

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

smoke-claude smoke-codex smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mossaka