Threat detection AWF run missing --copilot-api-target and GHE domains on data residency

[lpcox]

Summary

The compiled lock file contains two AWF (Agent Workflow Firewall) invocations in the "Execute GitHub Copilot CLI" step: the main agent run and a post-agent threat detection run. On GHE Cloud with data residency, the main agent run succeeds, but the threat detection run fails because it is missing the --copilot-api-target flag and the GHE-specific domains in its --allow-domains list.

This causes the overall step to fail with exit code 1, even though the agent itself completed successfully.

Environment

• gh-aw: v0.60.0 (compiled with gh aw compile)
• Platform: GHE Cloud with data residency (EU)
• Domain: contoso-aw.ghe.com
• Run: https://contoso-aw.ghe.com/platform/aw-test/actions/runs/22325726

What Happens

The "Execute GitHub Copilot CLI" step runs two AWF invocations back-to-back:

1. Main agent AWF run — ✅ Succeeds (exit code 0)

sudo -E awf ... \
  --allow-domains "...,copilot-api.contoso-aw.ghe.com,..." \
  --copilot-api-target copilot-api.contoso-aw.ghe.com \
  -- /bin/bash -c '/usr/local/bin/copilot ... --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"'

This invocation has the correct --copilot-api-target and includes copilot-api.contoso-aw.ghe.com in the allowed domains. The Copilot CLI runs, calls tools (glob, list_issues, issue_read), and exits cleanly.

2. Threat detection AWF run — ❌ Fails (exit code 1)

sudo -E awf ... \
  --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org,telemetry.enterprise.githubcopilot.com" \
  -- /bin/bash -c '/usr/local/bin/copilot ... --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log

This invocation is missing:

• --copilot-api-target copilot-api.contoso-aw.ghe.com — not present at all
• copilot-api.contoso-aw.ghe.com — not in --allow-domains
• api.contoso-aw.ghe.com — not in --allow-domains

It only has github.com-oriented domains. On GHE Cloud DR, the Copilot CLI needs to reach copilot-api.contoso-aw.ghe.com for inference, so this second run fails.

Root Cause

The compiler generates the GHE-specific AWF flags (--copilot-api-target, DR domains in --allow-domains) for the main agent AWF invocation but does not propagate them to the threat detection AWF invocation within the same step.

Suggested Fixes

1. Propagate GHE config to threat detection: When compiling for a GHE instance, ensure the threat detection AWF invocation receives the same --copilot-api-target and --allow-domains as the main agent invocation.

2. Make threat detection non-fatal: If the threat detection step is optional / best-effort, consider not failing the entire step when it exits non-zero (e.g., || true or a separate continue-on-error step).

3. Skip threat detection on GHE: If threat detection only works with github.com Copilot endpoints, skip it on GHE instances rather than running it with incorrect configuration and failing.

Related Issues

• Compiler does not inject GH_HOST or telemetry domain for GHE Cloud data residency (*.ghe.com) #21407 — Original compiler gaps (GH_HOST, telemetry domain)
• configure_gh_for_ghe.sh fails when GH_TOKEN is set — use GH_HOST env var instead of gh auth login #21524 — configure_gh_for_ghe.sh fails with GH_TOKEN (fixed in this run's version)