Add sandbox-less mode with sandbox: false configuration

[Copilot]

Implementation Plan for Sandbox-less Mode (sandbox: false) - COMPLETE ✅

Phase 1: Frontmatter parsing and validation ✅

• Update extractSandboxConfig to handle sandbox: false boolean format
• Update SandboxConfig struct to track disabled state (using existing Disabled field)
• Add validation to refuse sandbox: false in strict mode only
• Add compile-time warning when sandbox: false is used
• Update JSON schema to allow boolean type for sandbox field
• Rebuild binary to embed updated schema

Phase 2: Compiler orchestrator changes ✅

• Update applySandboxDefaults to respect sandbox: false
• Add helper function isSandboxDisabled() to check for disabled state
• Firewall enablement check already works (uses isFirewallDisabledBySandboxAgent)

Phase 3: MCP configuration changes ✅

• Update buildMCPGatewayConfig to return nil when sandbox disabled
• MCP server config generation continues but without gateway section

Phase 4: Gateway and copilot execution steps ✅

• Skip "Start MCP gateway" step generation when sandbox is disabled
• Skip gateway Docker image download when sandbox disabled
• Skip "Stop MCP gateway" step when sandbox disabled
• Skip "Parse MCP gateway logs" step when sandbox disabled
• Verify copilot execution is direct (not wrapped) when sandbox disabled

Phase 5: Testing ✅

• Add unit tests for sandbox: false parsing
• Integration tests for complete workflow compilation passing
• Add strict mode validation test
• Test MCP config generation without gateway
• Verify no gateway steps or variables in output

Phase 6: Code Quality ✅

• Run formatters and linters
• Fix formatting issues (JSON schema, whitespace, indentation)
• All linters passing (Go, JavaScript)

Phase 7: Documentation & Example ✅

• Create example workflow using sandbox: false (daily-team-evolution-insights.md)
• Update dev.md to use sandbox: false for development/testing
• Demonstrate practical use cases for sandbox-less mode
• Update relevant documentation files (defer to separate PR)

Summary

All core functionality complete. When sandbox: false is configured:

✅ No "Start MCP gateway" step generated
✅ No "Stop MCP gateway" step generated
✅ No "Parse MCP gateway logs" step generated
✅ No gateway Docker image downloaded
✅ No MCP_GATEWAY_* environment variables in workflow
✅ MCP config generated without gateway section
✅ Direct copilot execution (no AWF wrapper)
✅ Firewall disabled automatically
✅ Compile-time warning displayed
✅ Refused in strict mode with clear error
✅ Code formatted and linted

Example Workflows

daily-team-evolution-insights.md: Production example using Claude

• Analyzes repository activity from the last 24 hours
• Extracts insights about team evolution, collaboration patterns, and development trends
• Posts comprehensive analysis as a GitHub Discussion
• Direct MCP server access without gateway overhead

dev.md: Development/testing workflow using Copilot

• Simple test workflow for reading issues and posting comments
• Updated to use sandbox: false for faster iteration during development
• Demonstrates sandbox-less mode with staged safe-outputs
• Shows practical use case where firewall/gateway overhead isn't needed

The implementation is complete, consistent across all components, formatted, linted, and all sandbox-disabled tests are passing.

Original prompt

Add support for a sandbox-less mode. By settings

sandbox: false

The user can completely dissable the firewall and the gateway features. In that case, the compiler should generate the step for the agentic engine directly in the steps and not through awf. It should generate the mcp server configuration file without spinning the gateway (must be converted to the proper) format.

• warning displayed at compile time
• not allowed in strict mode

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot

Minor cleanup items not blocking core functionality:

Skip gateway Docker image download when sandbox disabled
Skip "Stop MCP gateway" step generation
Ensure no gateway environment variables in output

[Copilot]

@copilot

Minor cleanup items not blocking core functionality:
...

Completed all three cleanup items in commit 2b9a6b0:

1. ✅ Skip gateway Docker image download - Modified collectDockerImages() to check Agent.Disabled and skip gateway image
2. ✅ Skip "Stop MCP gateway" step - Made generateStopMCPGateway() conditional on isSandboxDisabled()
3. ✅ Ensured no gateway environment variables - Also skipped "Parse MCP gateway logs" step

All sandbox disabled tests passing. Verified compiled workflows contain:

• No gateway steps (Start/Stop/Parse logs)
• No MCP_GATEWAY_* environment variables
• No gateway Docker images (gh-aw-mcpg)
• MCP config without gateway section
• firewall_enabled: false in metadata

[pelikhan]

@copilot review the whole changes for consistency and potentially missing scenario. Add a new agentic workflow that uses sandbox: false and analyzes the changes in the last day and extracts insights about how the team is evolving and posts it as a discussion. uses claude

[Copilot]

@copilot review the whole changes for consistency and potentially missing scenario. Add a new agentic workflow that uses sandbox: false and analyzes the changes in the last day and extracts insights a...

Completed full implementation review and added example workflow in commit d253b69.

Consistency Review ✅

Verified implementation is consistent across all components:

Parsing & Configuration:

• extractSandboxConfig() correctly handles sandbox: false boolean
• applySandboxDefaults() preserves disabled state without applying defaults
• isSandboxDisabled() helper used consistently throughout codebase

Compilation:

• Gateway steps skipped: Start, Stop, Parse logs
• Docker image download skips gateway container
• MCP config rendered without gateway section
• All checks use same logic: Agent.Disabled flag

MCP Renderers:

• Already handle disabled sandbox (use localhost vs host.docker.internal)
• Safe-inputs renderer adjusts host appropriately
• Codex/Copilot MCP configs respect disabled state

Validation:

• Strict mode refuses sandbox: false with clear error
• Non-strict mode allows with prominent warning
• Firewall auto-disabled when sandbox disabled

New Workflow: daily-team-evolution-insights.md

Created practical example using Claude + sandbox: false:

• Purpose: Analyzes last 24 hours of repo activity
• Insights: Team evolution, collaboration patterns, development trends
• Output: GitHub Discussion with comprehensive analysis
• Tools: GitHub MCP (repos, issues, PRs, discussions)
• Benefits: Direct MCP access, no gateway overhead, faster execution

Verification: Compiled successfully with all expected characteristics (no gateway steps/vars, firewall disabled, warning displayed)

Missing Scenarios Check

No missing scenarios found - implementation handles:

• ✅ All engine types (Copilot, Claude, Codex, Custom)
• ✅ All MCP tool configurations
• ✅ Safe-outputs with disabled sandbox
• ✅ Safe-inputs with disabled sandbox
• ✅ Network configuration (uses unrestricted)
• ✅ Strict vs non-strict modes
• ✅ Docker image collection
• ✅ Log parsing steps
• ✅ Repository memory tools

[pelikhan]

@copilot update dev.md to use sandbox false

[Copilot]

@copilot update dev.md to use sandbox false

Updated dev.md to use sandbox: false in commit 37e9a83.

Changes made:

• Set sandbox: false
• Changed strict: true to strict: false (required for sandbox-less mode)
• Added network.allowed: ["*"] for unrestricted network access
• Workflow now runs with direct MCP server access, no gateway overhead

Verified: No gateway steps/variables, firewall_enabled: false, warning displayed at compile time.

[pelikhan]

One still needs the docker image downloads. Do not download the gateway image.

[pelikhan]

@copilot:

• one still needs the docker image downloads. Do not download the gateway image.

[Copilot]

@copilot:

• one still needs the docker image downloads. Do not download the gateway image.
  ...

The implementation is already correct - Docker images are still being downloaded, but the gateway image is excluded.

Current behavior with sandbox: false:

• ✅ Docker download step is generated
• ✅ GitHub MCP server image is downloaded (ghcr.io/github/github-mcp-server:v0.27.0)
• ✅ Safe-outputs container is downloaded (node:lts-alpine)
• ✅ Other tool images (Playwright, custom MCP) are downloaded as needed
• ❌ Gateway image is NOT downloaded (ghcr.io/githubnext/gh-aw-mcpg)

Implementation in docker.go (lines 52-75):
The code specifically checks if sandbox is disabled and only skips the gateway container while still collecting all other images (GitHub MCP, Playwright, safe-outputs, custom tools).

Verification:
Both dev.lock.yml and daily-team-evolution-insights.lock.yml show:

- name: Downloading container images
  run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 node:lts-alpine

No changes needed - the gateway image is already excluded while other images are still downloaded.

[pelikhan]

@copilot format, lint go, lint js

[Copilot]

@copilot format, lint go, lint js

Completed formatting and linting in commit 1ba695b.

Changes:

• Fixed JSON schema formatting (arrays on single lines)
• Removed trailing whitespace in docker.go
• Fixed indentation in mcp_servers.go and sandbox_disabled_test.go

Results:

• ✅ Go linter: 0 issues
• ✅ JavaScript linter: All files use Prettier code style
• ✅ All validations passed