fix: eliminate host binary dependency in setup-iptables for chroot mode

[Copilot]

The Smoke Chroot workflow fails when setup-iptables.sh calls head, which resolves to the host's binary (GLIBC 2.38) before chroot enters, but the container only has GLIBC 2.35.

Changes

• Replace head -n 1 with awk's built-in NR==1 line filtering in containers/agent/setup-iptables.sh

Context

When --enable-chroot is enabled, host binaries are mounted at /host/* before setup-iptables.sh runs (line 115 of entrypoint.sh). Without absolute paths, commands can resolve to incompatible host binaries.

# Before: depends on external head binary
SQUID_IP=$(getent hosts "$SQUID_HOST" | awk '{ print $1 }' | head -n 1)

# After: self-contained in awk
SQUID_IP=$(getent hosts "$SQUID_HOST" | awk 'NR==1 { print $1 }')

This eliminates the GLIBC dependency chain and makes the script more portable across host/container boundary scenarios.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[agentics] Smoke Chroot failed</issue_title>
<issue_description>### Workflow Failure

Workflow: Smoke Chroot
Branch: feat/enable-chroot
Run URL: https://github.com/githubnext/gh-aw-firewall/actions/runs/21500137235
Pull Request: #448

Action Required

Debug this workflow failure using the agentic-workflows agent:

/agent agentic-workflows

When prompted, instruct the agent to debug this workflow failure.

Generated from Smoke Chroot

• expires on Feb 6, 2026, 12:46 AM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [agentics] Smoke Chroot failed #452

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Mossaka]

@copilot please merge origin/main

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.25%	82.25%	➡️ +0.00%
Statements	82.28%	82.28%	➡️ +0.00%
Functions	81.67%	81.67%	➡️ +0.00%
Branches	75.10%	75.10%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results (Claude)

Last 2 Merged PRs:

• docs: audit and update documentation for CLI accuracy #455: docs: audit and update documentation for CLI accuracy
• feat: add CODEOWNERS file for automatic reviewer assignment #457: feat: add CODEOWNERS file for automatic reviewer assignment

Test Results:

• ✅ GitHub MCP: Retrieved PR data successfully
• ❌ Playwright: Module not installed
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-21645059342.txt
• ✅ Bash Tool: Verified file content successfully

Overall: FAIL (Playwright test could not run)

AI generated by Smoke Claude

[github-actions]

❌ Chroot Smoke Test Failed

The --enable-chroot feature is not providing transparent access to host binaries. Version comparison shows mismatches:

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.3	Python 3.13.11	❌ MISMATCH
Node	v20.20.0	v24.13.0	❌ MISMATCH
Go	go1.24.12	go1.24.12	✅ MATCH

Analysis

Expected behavior: When --enable-chroot is enabled, the agent container should access the host's binaries (Python 3.12.3, Node v20.20.0) via chroot mounts.

Actual behavior: The agent container is using its own installed binaries (Python 3.13.11, Node v24.13.0), not the host's.

Possible Causes

1. Chroot not enabled: The workflow may not be running with --enable-chroot flag
2. PATH precedence: Container binaries may be taking precedence over chroot-mounted host binaries
3. Mount configuration: The chroot mounts may not be configured correctly in the agent container

Next Steps

This test failure needs investigation to determine why the chroot feature is not working as expected. The feature should provide transparent host binary access to avoid version mismatches between host and container environments.

AI generated by Smoke Chroot

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• chore: upgrade gh-aw from v0.37.26 to v0.40.0 #480: chore: upgrade gh-aw from v0.37.26 to v0.40.0
• fix(cli): use GHCR images for preset agent-images in chroot mode #459: fix(cli): use GHCR images for preset agent-images in chroot mode

Tests:

• ✅ GitHub MCP (retrieved PRs)
• ✅ Playwright (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File operations (created /tmp/gh-aw/agent/smoke-test-copilot-21645059355.txt)
• ✅ Bash execution (verified file content)

Status: PASS

cc @Mossaka @Copilot

AI generated by Smoke Copilot

[Copilot]

Pull request overview

This PR fixes a binary compatibility issue in chroot mode by eliminating the dependency on the head command in setup-iptables.sh. When --enable-chroot is enabled and host binaries with different GLIBC versions are mounted at /host/*, external commands like head can fail. The fix consolidates line filtering into awk, reducing external dependencies.

Changes:

• Replaced | awk '{ print $1 }' | head -n 1 with awk 'NR==1 { print $1 }' to eliminate the head binary dependency in chroot mode

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The awk command should include an exit statement after printing the first line to match the behavior of head -n 1 and avoid unnecessarily processing remaining input. Change awk 'NR==1 { print $1 }' to awk 'NR==1 { print $1; exit }'. While this is a minor efficiency issue since getent hosts typically returns few lines, it's a best practice and makes the intent clearer.

Suggested change

	SQUID_IP=$(getent hosts "$SQUID_HOST" | awk 'NR==1 { print $1 }')
	SQUID_IP=$(getent hosts "$SQUID_HOST" | awk 'NR==1 { print $1; exit }')