From c3ac4b721ba4926d36b1bdda40943c8f55979faf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Mar 2026 16:01:34 +0000 Subject: [PATCH 1/2] Initial plan From e00f58f87b5c96153375dbf1fbc3f832e0d2bb15 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Mar 2026 16:05:10 +0000 Subject: [PATCH 2/2] fix: auto-inject GH_HOST from GITHUB_SERVER_URL when --env-all is used Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/d254ea34-0814-4343-9ede-cac2de6d5d21 --- src/docker-manager.test.ts | 39 ++++++++++++++++++++++++++++++++++++++ src/docker-manager.ts | 17 +++++++++-------- 2 files changed, 48 insertions(+), 8 deletions(-) diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index ff735496..80318b6d 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -1295,6 +1295,45 @@ describe('docker-manager', () => { } }); + it('should auto-inject GH_HOST from GITHUB_SERVER_URL when envAll is true', () => { + const prevServerUrl = process.env.GITHUB_SERVER_URL; + const prevGhHost = process.env.GH_HOST; + process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com'; + delete process.env.GH_HOST; + + try { + const configWithEnvAll = { ...mockConfig, envAll: true }; + const result = generateDockerCompose(configWithEnvAll, mockNetworkConfig); + const env = result.services.agent.environment as Record; + + expect(env.GH_HOST).toBe('mycompany.ghe.com'); + } finally { + if (prevServerUrl !== undefined) process.env.GITHUB_SERVER_URL = prevServerUrl; + else delete process.env.GITHUB_SERVER_URL; + if (prevGhHost !== undefined) process.env.GH_HOST = prevGhHost; + } + }); + + it('should not overwrite explicit GH_HOST from env-all with auto-injected value', () => { + const prevServerUrl = process.env.GITHUB_SERVER_URL; + const prevGhHost = process.env.GH_HOST; + process.env.GITHUB_SERVER_URL = 'https://mycompany.ghe.com'; + process.env.GH_HOST = 'explicit.ghe.com'; + + try { + const configWithEnvAll = { ...mockConfig, envAll: true }; + const result = generateDockerCompose(configWithEnvAll, mockNetworkConfig); + const env = result.services.agent.environment as Record; + + expect(env.GH_HOST).toBe('explicit.ghe.com'); + } finally { + if (prevServerUrl !== undefined) process.env.GITHUB_SERVER_URL = prevServerUrl; + else delete process.env.GITHUB_SERVER_URL; + if (prevGhHost !== undefined) process.env.GH_HOST = prevGhHost; + else delete process.env.GH_HOST; + } + }); + it('should configure DNS to use Google DNS', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); const agent = result.services.agent; diff --git a/src/docker-manager.ts b/src/docker-manager.ts index e09a36ff..3958458c 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -595,14 +595,15 @@ export function generateDockerCompose( // interfere with credential isolation. if (process.env.GITHUB_API_URL) environment.GITHUB_API_URL = process.env.GITHUB_API_URL; - // Auto-inject GH_HOST when GITHUB_SERVER_URL points to a GHES/GHEC instance - // This ensures gh CLI inside the agent container targets the correct GitHub instance - // instead of defaulting to github.com - const ghHost = extractGhHostFromServerUrl(process.env.GITHUB_SERVER_URL); - if (ghHost) { - environment.GH_HOST = ghHost; - logger.debug(`Auto-injected GH_HOST=${ghHost} from GITHUB_SERVER_URL`); - } + } + + // Auto-inject GH_HOST when GITHUB_SERVER_URL points to a GHES/GHEC instance. + // Must run AFTER the env-all block so it applies in both paths. + // The !environment.GH_HOST guard preserves an explicit GH_HOST passed through via --env-all. + const ghHost = extractGhHostFromServerUrl(process.env.GITHUB_SERVER_URL); + if (ghHost && !environment.GH_HOST) { + environment.GH_HOST = ghHost; + logger.debug(`Auto-injected GH_HOST=${ghHost} from GITHUB_SERVER_URL`); } // Forward one-shot-token debug flag if set (used for testing/debugging)