[Feature] Propagate host.docker.internal DNS to spawned containers

[Mossaka]

Background

PR #210 proposed configuring Docker's /etc/hosts when --enable-host-access is used, so spawned containers can resolve host.docker.internal.

Problem

When --enable-host-access is used, spawned containers via docker-wrapper need host.docker.internal DNS resolution.

Proposed Changes

1. Pass AWF_ENABLE_HOST_ACCESS environment variable to agent container
2. Modify docker-wrapper.sh to:
   • Allow --add-host host.docker.internal:host-gateway specifically when AWF_ENABLE_HOST_ACCESS=true
   • Inject --add-host host.docker.internal:host-gateway to spawned containers when enabled
3. Security fix: Make AWF_ENABLE_HOST_ACCESS readonly in entrypoint.sh to prevent malicious code from tampering with the variable

Security Note

The environment variable should be declared readonly in entrypoint.sh, preventing malicious code from enabling host access when it wasn't authorized.

---

Issue created from PR #210 during backlog cleanup

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster