[awf] Agent Container: sandbox fails with E2BIG when prompt + env exceed ARG_MAX

[lpcox]

Problem

When AWF is invoked with --env-all and the assembled prompt is large (100–200+ KB, from many imported skill/reference files), the agent container's execve call is rejected by the Linux kernel with E2BIG ("Argument list too long", exit code 126). The Copilot CLI never launches.

/bin/bash: line 1: /usr/local/bin/node: Argument list too long

Context

Original report: github/gh-aw#26045

Two factors combine to exceed ARG_MAX (~2 MB):

1. The entire assembled prompt is passed as a single argv element via --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" (shell expansion inlines hundreds of KB into argv).
2. --env-all forwards the full GitHub Actions runner environment (~1.5–2 MB of envp).

Root Cause

In containers/agent/entrypoint.sh, the user command is executed directly via exec, which passes the expanded prompt as an argv element. Combined with --env-all forwarding hundreds of GITHUB_* env vars, the combined argv + envp size exceeds the kernel ARG_MAX limit.

The same pattern was already fixed for threat detection (passing via file instead of inline arg), but the agent entrypoint itself doesn't apply this mitigation.

Proposed Solution

1. Pass prompt via file reference instead of inline arg: In containers/agent/entrypoint.sh, detect when --prompt arg length exceeds a threshold (e.g., 64 KB) and write to a temp file, then replace the arg with --prompt-file /tmp/awf-prompt.txt (if the CLI supports it) — or have AWF write the prompt to a volume-mounted file and pass the path.
2. In src/docker-manager.ts: When generating the agent command, detect large prompts and write them to a file in workDir (which is bind-mounted into the container), passing --prompt-file instead of inline --prompt.
3. Filter redundant env vars with --env-all: In src/docker-manager.ts buildAgentEnv() (around line 620), strip low-value high-volume env vars (e.g., RUNNER_*, ACTIONS_CACHE_URL, matrix variables) that contribute to envp size without benefit to the agent.

Generated by Firewall Issue Dispatcher · ● 2.1M · ◷

[github-actions]

👋 Hello! I noticed this issue might be related to existing issues:

• E2BIG: large prompts inlined into argv via --prompt "$(cat ...)" exceed ARG_MAX #1998 (open) — "E2BIG: large prompts inlined into argv via --prompt "$(cat ...)" exceed ARG_MAX" — describes the same root cause: large inlined --prompt argv exceeding ARG_MAX
• [awf] agent/entrypoint: E2BIG when prompt+envp exceed ARG_MAX with --env-all and large inlined prompts #1965 (closed) — "[awf] agent/entrypoint: E2BIG when prompt+envp exceed ARG_MAX with --env-all and large inlined prompts" — essentially the same scenario combining --env-all + large prompt in entrypoint.sh
• bug: --env-all passes oversized environment that can trigger E2BIG (Argument list too long) #1963 (closed) — "bug: --env-all passes oversized environment that can trigger E2BIG" — covers the --env-all / oversized envp side of the same problem

These issues share the core problem: argv + envp exceeding the kernel ARG_MAX limit when using --prompt "$(cat ...)" combined with --env-all. Issue #1998 in particular is currently open and appears to address the same situation.

If one of these already tracks your concern, please consider closing this issue as a duplicate. Otherwise, feel free to clarify how your report differs (e.g., a new reproduction path, different component, or additional context from the upstream report).

This is an automated message from the issue duplication detector.

Generated by Issue Duplication Detector for issue #2007 · ● 235.6K · ◷

[lpcox]

Fixed by #1978 (size-based filtering for --env-all) and prompt rewrite to avoid E2BIG argv failures. Both merged to main.