fix: restore HTTPS_PROXY and fix smoke-chroot checkout

[Mossaka]

Summary

Fixes two regressions from recent agent-authored PRs that are breaking CI on main.

Fix 1: Restore HTTPS_PROXY (fixes Examples Test, Chroot Edge Cases, Chroot Package Managers)

PR #524 removed both HTTP_PROXY and HTTPS_PROXY from the agent container. This was over-broad:

• HTTP (port 80): Works via iptables DNAT → Squid port 3129 (intercept mode). No HTTP_PROXY needed.
• HTTPS (port 443): Requires CONNECT method through Squid's forward-proxy port 3128. DNAT to the intercept port can't handle TLS. HTTPS_PROXY is required.

Changes:

• Restore HTTPS_PROXY in the agent environment pointing to squid:3128
• Remove HTTPS_PROXY/https_proxy from the EXCLUDED_ENV_VARS set (keep HTTP_PROXY/http_proxy excluded)

Fix 2: Fix Smoke Chroot sparse checkout (fixes Smoke Chroot tsc build)

PR #527 recompiled lock files, but the smoke-chroot workflow got compiled with a sparse checkout (.github/.agents only). The agent job then runs npm ci && npm run build which needs src/, package.json, etc.

Changes:

• Add actions/checkout step to smoke-chroot.md source → compiler skips sparse checkout
• Recompiled smoke-chroot.lock.yml with --action-mode release --action-tag v0.42.0

Fixes #529

Test plan

• 733 unit tests pass
• Build succeeds
• Lint passes (0 errors)
• Examples Test passes on CI
• Chroot Integration Tests pass on CI
• Smoke Chroot passes on CI

🤖 Generated with Claude Code

[github-actions]

Chroot tests failed Smoke Chroot failed - See logs for details.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	82.10%	82.07%	📉 -0.03%
Statements	82.14%	82.10%	📉 -0.04%
Functions	81.95%	81.95%	➡️ +0.00%
Branches	75.44%	75.34%	📉 -0.10%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	82.9% → 82.7% (-0.17%)	82.2% → 82.0% (-0.16%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	1/1	PASS
env	✅	1/1	PASS
uuid	✅	1/1	PASS

Overall: PASS

All Go projects successfully downloaded dependencies and passed their tests.

AI generated by Build Test Go

[github-actions]

Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

All Deno tests passed successfully.

AI generated by Build Test Deno

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• fix: mount /etc/hosts in chroot mode and handle missing resolv.conf #522: fix: mount /etc/hosts in chroot mode and handle missing resolv.conf
• fix: add env capture for Rust and Java in chroot mode #517: fix: add env capture for Rust and Java in chroot mode

Tests:

• ✅ GitHub MCP: Retrieved PR data
• ✅ Playwright: Loaded GitHub homepage (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-21729338588.txt
• ✅ Bash Tool: Verified file content

Overall Status: PASS

cc @Mossaka

AI generated by Smoke Copilot

[github-actions]

Node.js Build Test Results

Project	Install	Tests	Status
clsx	✅	PASS	✅ PASS
execa	✅	PASS	✅ PASS
p-limit	✅	PASS	✅ PASS

Overall: ✅ PASS

All Node.js projects installed dependencies successfully and passed their test suites.

AI generated by Build Test Node.js

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS ✅

All C++ projects built successfully.

AI generated by Build Test C++

[github-actions]

Smoke Test: Claude Engine - PASS ✅

Last 2 merged PRs:

• fix: mount /etc/hosts in chroot mode and handle missing resolv.conf
• fix: recompile lock files with release action mode

Test results:

• ✅ GitHub MCP
• ✅ Playwright (GitHub homepage title verified)
• ✅ File writing (/tmp/gh-aw/agent/smoke-test-claude-21729338577.txt)
• ✅ Bash tool

Status: PASS

AI generated by Smoke Claude

[github-actions]

Build Test: Bun - FAILED ❌

Project	Install	Tests	Status
elysia	❌	-	FAIL
hono	❌	-	FAIL

Overall: FAIL ❌

Error Details

Bun Installation: ✅ Successfully installed v1.3.8

Environment Issue: Bun is crashing in the execution environment with core dumps:

• bun install fails with: error: An internal error occurred (NotDir)
• bun test crashes with: Aborted (core dumped) (exit code 134)

Root Cause: The execution environment appears to be missing critical system resources:

• No /proc/cpuinfo available during installation
• No /proc/version available
• No /etc/os-release available
• Bun crashes when attempting file system operations

This appears to be a compatibility issue between Bun v1.3.8 and the restricted container environment. Bun may require full Linux kernel interfaces (procfs) that are not available in this execution context.

AI generated by Build Test Bun

[Copilot]

Pull request overview

This PR fixes two critical regressions introduced by recent PRs #524 and #527 that broke CI workflows on the main branch.

Changes:

• Restores HTTPS_PROXY environment variable in the agent container to fix HTTPS connectivity (required for CONNECT tunneling through Squid's forward proxy port 3128)
• Removes HTTPS_PROXY/https_proxy from EXCLUDED_ENV_VARS set (keeping only HTTP_PROXY/http_proxy excluded since HTTP uses iptables intercept mode)
• Updates entrypoint.sh logging to clearly distinguish between HTTP intercept mode and HTTPS forward proxy mode
• Fixes smoke-chroot workflow by replacing sparse checkout with full repository checkout
• Updates test assertions to reflect that HTTPS_PROXY is now explicitly set by AWF

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/docker-manager.ts	Restores HTTPS_PROXY setting and removes https_proxy from EXCLUDED_ENV_VARS
src/docker-manager.test.ts	Updates tests to verify HTTPS_PROXY is set and HTTP_PROXY remains excluded
containers/agent/entrypoint.sh	Improves proxy configuration logging to distinguish HTTP intercept mode from HTTPS forward proxy
.github/workflows/smoke-chroot.md	Adds full checkout step before build to ensure src/ directory is available for npm run build
.github/workflows/smoke-chroot.lock.yml	Recompiled workflow with full checkout instead of sparse checkout, removes unnecessary permission fix steps

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The lowercase variant https_proxy should also be added to the EXCLUDED_ENV_VARS set. While HTTPS_PROXY is explicitly set by AWF, if a user runs with --env-all and has https_proxy set on their host, it will leak into the container and could potentially interfere with the explicit HTTPS_PROXY setting. Some tools check both uppercase and lowercase variants, and having both set with different values could cause confusion or incorrect behavior.

Add 'https_proxy' to the EXCLUDED_ENV_VARS set to match the pattern used for HTTP_PROXY/http_proxy.

Suggested change

	'http_proxy', // Lowercase variant
	'http_proxy', // Lowercase variant
	'https_proxy', // Lowercase HTTPS proxy variant

[Copilot]

The test should verify that https_proxy (lowercase) doesn't leak from the host when --env-all is used, similar to how http_proxy is checked. Add an assertion: expect(env.https_proxy).toBeUndefined(); after line 971 to ensure the lowercase variant is also properly excluded.

[github-actions]

Chroot tests failed Smoke Chroot failed - See logs for details.

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports was cancelled. Our correspondents are investigating the incident...

[github-actions]

Chroot tests failed Smoke Chroot was cancelled - See logs for details.

[github-actions]

Chroot tests failed Smoke Chroot was cancelled - See logs for details.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	82.10%	82.07%	📉 -0.03%
Statements	82.14%	82.10%	📉 -0.04%
Functions	81.95%	81.95%	➡️ +0.00%
Branches	75.44%	75.34%	📉 -0.10%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	82.9% → 82.7% (-0.17%)	82.2% → 82.0% (-0.16%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports was cancelled. Our correspondents are investigating the incident...

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• fix: mount /etc/hosts in chroot and fix HTTP blocking test
• fix: recompile lock files with release action mode

✅ GitHub MCP (PR fetch)
✅ Playwright (GitHub page title verified)
✅ File Write (/tmp/gh-aw/agent/smoke-test-claude-21731200162.txt)
✅ Bash (file verified)

Status: PASS

AI generated by Smoke Claude

[github-actions]

Security Review: HTTPS_PROXY Restoration

I've reviewed PR #530 for security implications. The changes primarily fix CI regressions and are generally safe, but there is one security concern that requires clarification:

⚠️ Concern: HTTPS_PROXY Environment Variable Restoration

File: src/docker-manager.ts:329

Change:

// REMOVED from EXCLUDED_ENV_VARS set:
'HTTPS_PROXY',    // Was: "Intercept mode handles routing; explicit proxy is unreachable"
'https_proxy',    // Lowercase variant

// ADDED to agent environment:
HTTPS_PROXY: `(redacted)

Security Implications:

1. Positive: The PR correctly identifies that HTTPS traffic requires CONNECT method through Squid's forward proxy port (3128), not just iptables DNAT. This is technically accurate.

2. Concern: By setting HTTPS_PROXY in the agent container environment, applications will now explicitly send HTTPS traffic through the Squid proxy at port 3128. However, I need clarification on:

   • Does the Squid configuration at port 3128 enforce the same domain ACL restrictions as port 3129 (intercept mode)?
   • Are both ports configured with identical security policies?
   • Could an application bypass restrictions by directly connecting to port 443 instead of respecting HTTPS_PROXY?

Verification Needed:

The iptables rules in containers/agent/setup-iptables.sh should still redirect all port 443 traffic to Squid regardless of HTTPS_PROXY setting. This would provide defense-in-depth. Can you confirm:

1. Port 443 iptables DNAT rules are still active and enforced?
2. Both Squid ports (3128 forward proxy and 3129 intercept) have identical domain filtering?

Recommendation:

If both ports have identical ACL enforcement and iptables still redirects port 443, then this change is safe and fixes a legitimate bug. Otherwise, we need to ensure that:

• Applications can't bypass the proxy by ignoring HTTPS_PROXY
• Direct port 443 connections are still intercepted

---

Other Changes: All other changes (chroot /etc/hosts copying, Bun installation, workflow checkout steps) are non-security related and look good.

cc @Mossaka - Can you confirm the Squid configuration enforces domain filtering on both ports 3128 and 3129?

AI generated by Security Guard

[github-actions]

💫 TO BE CONTINUED... Smoke Claude was cancelled! Our hero faces unexpected challenges...

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.10%	82.12%	📈 +0.02%
Statements	82.14%	82.16%	📈 +0.02%
Functions	81.95%	81.95%	➡️ +0.00%
Branches	75.44%	75.48%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	82.9% → 83.0% (+0.09%)	82.2% → 82.3% (+0.09%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports was cancelled. Our correspondents are investigating the incident...

[github-actions]

Chroot tests failed Smoke Chroot was cancelled - See logs for details.

[github-actions]

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.10%	82.12%	📈 +0.02%
Statements	82.14%	82.16%	📈 +0.02%
Functions	81.95%	81.95%	➡️ +0.00%
Branches	75.44%	75.48%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	82.9% → 83.0% (+0.09%)	82.2% → 82.3% (+0.09%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results: Claude Engine

Last 2 Merged PRs:

• fix: recompile lock files with release action mode #527: fix: recompile lock files with release action mode
• chore: recompile workflow lock files for AWF v0.13.5 #526: chore: recompile workflow lock files for AWF v0.13.5

Test Results:

• ✅ GitHub MCP: Retrieved PRs successfully
• ✅ Playwright: Page title verified ("GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File Write: Created /tmp/gh-aw/agent/smoke-test-claude-21731363138.txt
• ✅ Bash: File verified with content "Smoke test passed for Claude at Thu Feb 5 22:47:02 UTC 2026"

Overall Status: PASS ✅

AI generated by Smoke Claude