Agent sandbox git identity missing: first commit fails, then agent self-configures #20033
Description
Problem
In sandboxed agent runs, the first git commit can fail because git identity is missing inside the container context, even though the workflow later runs a host-side Configure Git credentials step.
Concrete example (recent)
- Workflow:
Daily Documentation Updater - Run: https://github.com/github/gh-aw/actions/runs/22813709662
- Created:
2026-03-08T04:17:51Z
From agent-artifacts/agent-stdio.log in that run, the agent receives:
Author identity unknown*** Please tell me who you are.fatal: unable to auto-detect email address
Then, in the same run, the agent executes:
git config user.email "claude-code@anthropic.com"git config user.name "Claude Code"- and retries commit.
This confirms first-commit failure + in-agent self-heal behavior.
Why this likely happens
awf --env-all forwards environment variables, but host git config --global ... writes to ~/.gitconfig on the host runner. That file-based config is not guaranteed to be visible inside the sandbox container before the agent attempts commits.
Expected behavior
Agent should be able to make its first commit without manual self-configuration.
Proposed fix
Set commit identity as environment variables for the agent execution step:
GIT_AUTHOR_NAME=github-actions[bot]GIT_AUTHOR_EMAIL=github-actions[bot]@users.noreply.github.comGIT_COMMITTER_NAME=github-actions[bot]GIT_COMMITTER_EMAIL=github-actions[bot]@users.noreply.github.com
Keep existing host-side Configure Git credentials as defense-in-depth.
Acceptance criteria
- In sandbox mode, first
git commitsucceeds without agent-issuedgit configcommands. - No regression for non-sandbox/host operations.
- Existing credential hardening steps remain in place.