refactor: remove --enable-chroot flag, make chroot mode always-on

[Copilot]

AWF should only run in chroot mode. Remove the --enable-chroot flag and eliminate the non-chroot code path entirely.

Core

• Remove enableChroot from WrapperConfig interface and CLI option
• docker-manager.ts: all config.enableChroot conditionals replaced with unconditional chroot behavior — getRealUserHome(), chroot capabilities (SYS_CHROOT, SYS_ADMIN), apparmor:unconfined, selective /host mounts, tmpfs mcp-logs hiding
• Remove the non-chroot selective mounting code path (credential hiding at direct $HOME paths); only the /host$HOME credential hiding remains

Tests

• Remove enableChroot from all test configs across unit and integration tests
• Remove 4 tests that asserted enableChroot: false behavior (capabilities, apparmor, env var, Dockerfile selection)

Docs & Workflows

• Update README.md, docs/chroot-mode.md, docs/usage.md, docs/architecture.md, docs/selective-mounting.md, skill.md, docs-site/ CLI reference, security architecture
• Remove --enable-chroot from all 26 .lock.yml workflow files and test-chroot.sh

Before/After

# Before
sudo awf --enable-chroot --allow-domains api.github.com -- python3 script.py

# After
sudo awf --allow-domains api.github.com -- python3 script.py

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	82.25%	82.32%	📈 +0.07%
Statements	82.30%	82.37%	📈 +0.07%
Functions	82.14%	82.05%	📉 -0.09%
Branches	74.70%	74.30%	📉 -0.40%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.5% → 83.8% (+0.30%)	82.9% → 83.2% (+0.29%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Node.js Build Test Results ✅

All Node.js projects tested successfully!

Project	Install	Tests	Status
clsx	✅	PASS	PASS
execa	✅	PASS	PASS
p-limit	✅	PASS	PASS

Overall: PASS

AI generated by Build Test Node.js

[github-actions]

Build Test: Bun - PASS ✅

Project	Install	Tests	Status
elysia	✅	1/1	PASS ✅
hono	✅	1/1	PASS ✅

Overall: PASS ✅

All Bun projects built and tested successfully.

AI generated by Build Test Bun

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS ✅

All C++ projects built successfully.

AI generated by Build Test C++

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS ✅

Details

hello-world

• Restored successfully
• Build succeeded (0 warnings, 0 errors)
• Output: Hello, World!

json-parse

• Restored successfully with NuGet package (Newtonsoft.Json)
• Build succeeded (0 warnings, 0 errors)
• Successfully parsed JSON and output: Name: AWF Test, Success: True

All .NET projects built and ran successfully through the firewall.

AI generated by Build Test .NET

[github-actions]

Build Test: Deno

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

All Deno tests completed successfully.

AI generated by Build Test Deno

[github-actions]

Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: PASS ✅

All Rust projects built and tested successfully.

AI generated by Build Test Rust

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	1/1	PASS
env	✅	1/1	PASS
uuid	✅	1/1	PASS

Overall: PASS ✅

All Go projects successfully downloaded dependencies and passed tests.

AI generated by Build Test Go

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• fix: hide workDir from agent container to prevent secrets exposure #718: fix: hide workDir from agent container to prevent secrets exposure
• fix(chroot): detect cargo binaries when CARGO_HOME unset #750: fix(chroot): detect cargo binaries when CARGO_HOME unset

✅ GitHub MCP: Retrieved PRs
✅ Playwright: Page title contains "GitHub"
✅ File Write: Created test file
✅ Bash: File verified

Status: PASS

AI generated by Smoke Claude

[github-actions]

Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

All Deno tests completed successfully.

AI generated by Build Test Deno

[github-actions]

Smoke Test Results (Run #21961531948)

Last 2 merged PRs:

• fix: hide workDir from agent container to prevent secrets exposure #718: fix: hide workDir from agent container to prevent secrets exposure
• fix(chroot): detect cargo binaries when CARGO_HOME unset #750: fix(chroot): detect cargo binaries when CARGO_HOME unset

✅ GitHub MCP - 2 PRs retrieved
✅ Playwright - GitHub.com title verified
✅ File creation - smoke-test-copilot-21961531948.txt
✅ Bash tools - file read successful

Status: PASS

cc: @Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

Merged PRs: ✅ fix(chroot): detect cargo binaries when CARGO_HOME unset; fix: add CARGO_HOME/bin to GitHub Actions PATH for rust tests
safeinputs-gh pr list: ✅
Playwright title contains GitHub: ✅
Tavily search: ❌ (tavily MCP not available)
File write: ✅
Bash cat: ✅
Discussion query+comment: ✅
Build (npm ci && npm run build): ✅
Overall: FAIL

AI generated by Smoke Codex

[github-actions]

Chroot Mode Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.12	Python 3.12.3	❌ NO
Node.js	v24.13.0	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall Result: ❌ Tests did not all pass

The chroot mode is accessing host binaries, but Python and Node.js versions differ between the host environment and what's visible inside the chroot container. Go matches correctly.

AI generated by Smoke Chroot

[github-actions]

Java Build Test Results ✅

All Java build tests completed successfully!

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS

All projects compiled successfully and all tests passed.

AI generated by Build Test Java

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Build Test: Rust - FAILED ❌

Error: Rust toolchain not available in runner environment.

Project	Build	Tests	Status
fd	❌	N/A	FAILED - cargo not found
zoxide	❌	N/A	FAILED - cargo not found

Overall: FAIL

Issue

The GitHub Actions runner does not have Rust installed. The workflow requires cargo and rustc to build and test the Rust projects.

Required Action

Add a Rust installation step before running this workflow:

- name: Install Rust
  uses: dtolnay/rust-toolchain@stable

Or use a runner image with Rust pre-installed.

AI generated by Build Test Rust

[github-actions]

Smoke Test Results (Run #21962737181)

Last 2 Merged PRs:

• fix: review recommendations for PR #720 #754: fix: review recommendations for PR feat: port one-shot-token from C to Rust and improve container security #720
• fix: eliminate nested bash layer in chroot command execution for Java/.NET #715: fix: eliminate nested bash layer in chroot command execution for Java/.NET

Test Results:
✅ GitHub MCP - Retrieved PRs
✅ Playwright - Page title verified (contains "GitHub")
✅ File Write - Created test file
✅ Bash - Read file back successfully

Status: PASS

AI generated by Smoke Claude

[github-actions]

Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

All Deno tests passed successfully.

AI generated by Build Test Deno

[github-actions]

✅ Smoke Test PASS

Last 2 merged PRs:

• fix: review recommendations for PR #720 #754: fix: review recommendations for PR feat: port one-shot-token from C to Rust and improve container security #720
• fix: eliminate nested bash layer in chroot command execution for Java/.NET #715: fix: eliminate nested bash layer in chroot command execution for Java/.NET

Tests: ✅ GitHub MCP | ✅ Playwright | ✅ File Write | ✅ Bash

cc @Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS ✅

All C++ projects built successfully.

AI generated by Build Test C++

[github-actions]

Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: PASS ✅

All Bun projects installed successfully and tests passed.

AI generated by Build Test Bun

[github-actions]

Node.js Build Test Results

Project	Install	Tests	Status
clsx	✅	PASS	PASS
execa	✅	PASS	PASS
p-limit	✅	PASS	PASS

Overall: PASS ✅

All Node.js projects successfully installed dependencies and passed tests.

AI generated by Build Test Node.js

[github-actions]

✅ .NET Build Test Results

All .NET projects built and ran successfully!

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS

Test Details

hello-world:

• Restored successfully
• Built with 0 warnings, 0 errors
• Output: Hello, World!

json-parse:

• Restored successfully with Newtonsoft.Json package
• Built with 0 warnings, 0 errors
• Output: JSON parsing and deserialization working correctly

AI generated by Build Test .NET

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	1/1	PASS
env	✅	1/1	PASS
uuid	✅	1/1	PASS

Overall: PASS ✅

All Go projects built and tested successfully.

AI generated by Build Test Go

[github-actions]

✅ Java Build Test Results

All Java projects compiled and tested successfully through the AWF firewall.

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

All Maven dependencies were downloaded through the Squid proxy (172.30.0.10:3128) with proper ~/.m2/settings.xml configuration.

AI generated by Build Test Java

[github-actions]

Smoke test results:
Merged PRs reviewed: fix: review recommendations for PR #720; fix: eliminate nested bash layer in chroot command execution for Java/.NET
GitHub MCP (last 2 merged PRs) ✅
safeinputs-gh pr list ✅
Playwright github.com title ✅
Tavily web search ❌ (tool unavailable)
File write + cat ✅
Discussion comment ✅
Build (npm ci && npm run build) ✅
Overall: FAIL

AI generated by Smoke Codex

[github-actions]

Chroot Test Results

Chroot mode allows running commands with host binaries instead of container binaries. This test verifies that the host versions are accessible from within the containerized environment.

Runtime	Host Version	Chroot Version	Match?
Python	3.12.12	3.12.3	❌ NO
Node.js	v24.13.0	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Result: Test failed - Python and Node.js versions do not match between host and chroot environment. Only Go version matched successfully.

The chroot environment should expose the exact host versions of these runtimes, but version mismatches were detected for Python and Node.js.

AI generated by Smoke Chroot