[plan] Add configuration option for custom binary and library mounts #12378
Description
Objective
Allow workflow authors to specify additional binaries and libraries to mount into the agent container via frontmatter configuration.
Context
While default mounts (date, gh, yq) work for many workflows, some workflows need specialized tools:
- Database clients (psql, mysql, redis-cli)
- Cloud CLIs (aws, gcloud, azure)
- Build tools (make, cmake, gcc)
- Container tools (docker, kubectl, helm)
Workflow authors should be able to declare these dependencies explicitly.
Approach
- Add new frontmatter field
sandbox.mountswith structure:sandbox: mounts: binaries: - /usr/bin/docker - /usr/bin/kubectl libraries: - /usr/lib/x86_64-linux-gnu/libssl.so.3 directories: - /usr/share/ca-certificates
- Parse configuration in
pkg/workflow/frontmatter_types.go - Validate that requested paths exist on host
- Generate Docker mount arguments during engine execution
- Document configuration in workflow reference docs
Files to Create/Modify
- Modify:
pkg/workflow/frontmatter_types.go(add SandboxConfig.Mounts) - Modify:
pkg/parser/schemas/frontmatter_schema.json(add schema) - Modify:
pkg/workflow/copilot_engine_execution.go(apply custom mounts) - Modify:
pkg/workflow/claude_engine.go(apply custom mounts) - Modify:
pkg/workflow/codex_engine.go(apply custom mounts) - Create:
pkg/workflow/custom_mounts_test.go(test custom mounts) - Update:
docs/src/content/docs/reference/sandbox.md(document feature)
Acceptance Criteria
- Frontmatter schema supports declaring custom mounts
- Parser validates mount paths exist before workflow execution
- Custom mounts applied correctly across all engines
- Tests verify binary/library/directory mounting
- Documentation includes examples for common use cases
- Error messages helpful when requested paths don't exist
Related
Extends mounting capabilities beyond defaults defined in #11971 and #11972
Related to #11970
AI generated by Plan Command for #11970