Skip to content

revert: remove docker-wrapper (docker-in-docker not supported) #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 8 commits into from
Closed

revert: remove docker-wrapper (docker-in-docker not supported) #428

Copilot wants to merge 8 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 26, 2026
edited
Loading

This PR reverts the docker-wrapper implementation as Docker-in-Docker support was intentionally removed in v0.9.1 (PR #205). Running docker run inside the agent container is not a supported use case in the current AWF architecture.

Changes Reverted

All changes from the original implementation have been reverted:

  • Removed containers/agent/docker-wrapper.sh - Docker wrapper script that was created to inject --add-host flags
  • Reverted containers/agent/Dockerfile - Removed docker-wrapper installation
  • Reverted containers/agent/entrypoint.sh - Removed AWF_ENABLE_HOST_ACCESS readonly declaration
  • Reverted src/docker-manager.ts - Removed AWF_ENABLE_HOST_ACCESS environment variable passing
  • Reverted src/docker-manager.test.ts - Removed tests for AWF_ENABLE_HOST_ACCESS

Rationale

The original feature request was based on a misunderstanding of the AWF architecture. Docker-in-Docker was intentionally removed to:

The agent container is designed to work without Docker commands available, and spawning containers from within the agent is not supported.

Status

This PR should be closed as the requested feature conflicts with the intentional removal of Docker-in-Docker support.

Original prompt

This section details on the original issue you should resolve

<issue_title>[Feature] Propagate host.docker.internal DNS to spawned containers</issue_title>
<issue_description>## Background

PR #210 proposed configuring Docker's /etc/hosts when --enable-host-access is used, so spawned containers can resolve host.docker.internal.

Problem

When --enable-host-access is used, spawned containers via docker-wrapper need host.docker.internal DNS resolution.

Proposed Changes

  1. Pass AWF_ENABLE_HOST_ACCESS environment variable to agent container
  2. Modify docker-wrapper.sh to:
    • Allow --add-host host.docker.internal:host-gateway specifically when AWF_ENABLE_HOST_ACCESS=true
    • Inject --add-host host.docker.internal:host-gateway to spawned containers when enabled
  3. Security fix: Make AWF_ENABLE_HOST_ACCESS readonly in entrypoint.sh to prevent malicious code from tampering with the variable

Security Note

The environment variable should be declared readonly in entrypoint.sh, preventing malicious code from enabling host access when it wasn't authorized.

Issue created from PR #210 during backlog cleanup</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 6 commits January 26, 2026 22:08
@Mossaka
feat: add docker-wrapper for host.docker.internal DNS propagation
7a4f74c 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
test: add tests for AWF_ENABLE_HOST_ACCESS environment variable
caf2967 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
fix: improve docker-wrapper argument parsing logic
843a0bb 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
fix: correct array indexing and simplify argument injection
a322445 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
fix: use proper 1-based indexing for positional parameters
770ffa9 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
fix: handle global docker options and improve regex matching
ae466fb 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Add DNS propagation for host.docker.internal in spawned containers feat: propagate host.docker.internal to spawned containers Jan 26, 2026
Copilot AI requested a review from Mossaka January 26, 2026 22:18
@Mossaka
Copy link
Collaborator

Mossaka commented Jan 26, 2026

@copilot close this PR since docker run inside the agent is not possible

@Mossaka
revert: remove docker-wrapper (docker-in-docker not supported)
cafa228 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 26, 2026

@copilot close this PR since docker run inside the agent is not possible

You're correct. Docker-in-Docker support was removed in v0.9.1 (PR #205), so spawning containers via docker run inside the agent is not supported.

I've reverted all the changes in commit cafa228. The PR is now ready to be closed.

Copilot AI changed the title feat: propagate host.docker.internal to spawned containers revert: remove docker-wrapper (docker-in-docker not supported) Jan 26, 2026
@Mossaka Mossaka closed this Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] Propagate host.docker.internal DNS to spawned containers

2 participants

@Mossaka