Problem
The compiler generates the agent command with the prompt inlined via shell expansion:
copilot_driver.cjs ... --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"
For workflows with many imports or inlined-imports: true, the assembled prompt can be 100–200+ KB. This shell-expands the entire file into a single argv element. Combined with the container environment, the total argv + envp exceeds the Linux kernel's ~2 MB ARG_MAX limit:
/bin/bash: line 1: /usr/local/bin/node: Argument list too long
Exit code 126 — the agent process never starts.
The environment side was mitigated in gh-aw-firewall#1978 (size-based filtering for --env-all), but the prompt-in-argv side is still unmitigated and is the larger contributor for import-heavy workflows.
Proposed Fix
Switch from shell-expanding the prompt into argv to passing the file path directly:
// Before (prompt inlined into argv — hits ARG_MAX)
copilotCommand = fmt.Sprintf(`%s %s --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"`, ...)
// After (prompt stays on disk — bypasses ARG_MAX entirely)
copilotCommand = fmt.Sprintf(`%s %s --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt`, ...)
The prompt file is already written to /tmp/gh-aw/aw-prompts/prompt.txt and is accessible inside the AWF container (via /tmp bind mount). The engine CLI reads the file after execve succeeds, completely avoiding the ARG_MAX budget.
If --prompt-file is not yet supported by the engine CLI, an alternative is stdin:
cat /tmp/gh-aw/aw-prompts/prompt.txt | copilot_driver.cjs ... --prompt -
Files to Change
The command construction likely lives in the compiler's agent step generation code (e.g., compiler_copilot.go or similar). The change is to replace the --prompt "$(cat ...)" pattern with --prompt-file (or stdin pipe).
Precedent
This was already fixed for the threat detection job, which had the same issue with large agent output being inlined into environment variables. The fix there was to use file-based access instead of inlining.
Related
Problem
The compiler generates the agent command with the prompt inlined via shell expansion:
copilot_driver.cjs ... --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"For workflows with many imports or
inlined-imports: true, the assembled prompt can be 100–200+ KB. This shell-expands the entire file into a singleargvelement. Combined with the container environment, the totalargv + envpexceeds the Linux kernel's ~2 MBARG_MAXlimit:Exit code 126 — the agent process never starts.
The environment side was mitigated in gh-aw-firewall#1978 (size-based filtering for
--env-all), but the prompt-in-argv side is still unmitigated and is the larger contributor for import-heavy workflows.Proposed Fix
Switch from shell-expanding the prompt into argv to passing the file path directly:
The prompt file is already written to
/tmp/gh-aw/aw-prompts/prompt.txtand is accessible inside the AWF container (via/tmpbind mount). The engine CLI reads the file afterexecvesucceeds, completely avoiding the ARG_MAX budget.If
--prompt-fileis not yet supported by the engine CLI, an alternative is stdin:cat /tmp/gh-aw/aw-prompts/prompt.txt | copilot_driver.cjs ... --prompt -Files to Change
The command construction likely lives in the compiler's agent step generation code (e.g.,
compiler_copilot.goor similar). The change is to replace the--prompt "$(cat ...)"pattern with--prompt-file(or stdin pipe).Precedent
This was already fixed for the threat detection job, which had the same issue with large agent output being inlined into environment variables. The fix there was to use file-based access instead of inlining.
Related
Argument list too long(E2BIG) when prompt + env exceed ARG_MAX #26045