Add runtime mount manager for automatic container mount configuration

[Copilot]

• Explore repository structure and understand runtime management
• Understand current sandbox agent configuration and mounts
• Identify where runtime binaries and caches are located
• Create runtime manager with well-known folder mappings
• Add method to get runtime-specific mounts for detected runtimes
• Integrate runtime mounts into sandbox agent configuration
• Add tests for runtime mount generation
• Update copilot engine to use runtime manager mounts
• Update claude and codex engines to use runtime manager mounts
• Run validation and tests
• Replace npm tests with Go build/test to validate Go runtime mounts
• Add diagnostic step to show Go binary paths

Summary

Successfully implemented the runtime manager to maintain a list of well-known folders that need to be mounted on containers.

Latest Changes (this commit)

Added diagnostic step to smoke-copilot workflow to show Go binary paths:

New Step 5: "Runtime Mount Testing - Show Go Paths"

• Command: which go && go version && go env GOROOT GOPATH GOCACHE
• Displays:
  • Location of go binary (should be in /opt/hostedtoolcache/go)
  • Go version
  • GOROOT (Go installation directory)
  • GOPATH (workspace directory - should be /home/runner/go)
  • GOCACHE (build cache directory - should be /home/runner/.cache/go-build)

Purpose:

• Diagnostic information to verify mounts are working
• Shows where Go is installed and configured
• Helps troubleshoot if build/test steps fail
• Validates that runtime manager mounted all necessary Go directories

This step provides visibility into the Go runtime configuration before running build and test commands, making it easier to diagnose mount-related issues.

Updated smoke-copilot.md and recompiled .lock.yml file.

Original prompt

Update the runtime manager to maintain a list of well known folders that need to be mounted on the containers to make the runtime binaries, caches and other supporting folder usable from within the agent container. The runtime manager should contribute theses mounts when configuring the sandbox agent.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Add a runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. Compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Add a runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. Compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Add a runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. Compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Add runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. The compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Add a runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. Compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Note: Pre-commit validation (make agent-finish) failed in this execution environment due to a permission error creating the Go module cache: mkdir /home/runner/go: permission denied. The changeset file was still added and pushed to the PR branch.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Add a runtime mount manager that contributes host toolcache and runtime cache folders (Node, Python, Go, Ruby, Java, Dotnet, Bun, Deno, UV, Elixir, Haskell) into sandboxed agent containers so runtime binaries and caches are available inside the agent environment. Compiler now auto-adds mounts when runtimes are detected; smoke tests validate runtime commands inside containers.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[pelikhan]

@copilot The mounted should matching 1 to 1 the host file path

[pelikhan]

@copilot update smoke agentic workflows to test running "npm ls" to test that "npm" os available in the container. The runtime manager should mount folders for node.js

[Copilot]

@copilot The mounted should matching 1 to 1 the host file path

Confirmed - all mounts use 1-to-1 host-to-container path mapping. For example, /opt/hostedtoolcache/node:/opt/hostedtoolcache/node:ro mounts the host path to the same container path, ensuring runtime binaries are accessible at their original locations inside the container.

[Copilot]

@copilot update smoke agentic workflows to test running "npm ls" to test that "npm" os available in the container. The runtime manager should mount folders for node.js

Added "Runtime Mount Testing" step to all smoke workflows (smoke-copilot, smoke-claude, smoke-codex). The test executes npm ls to verify npm is available in the container, validating that the runtime manager properly mounted Node.js toolcache and cache folders. Commit: ee0668a

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

Smoke Test: PASS ✅

Last 2 merged PRs:

• Only warn about projects toolset when explicitly specified, not implied by "all" #11350: Only warn about projects toolset when explicitly specified, not implied by "all"
• Add workflow count output to gh aw list command #11355: Add workflow count output to gh aw list command

Test Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP
• ✅ Playwright
• ✅ Runtime Mount
• ✅ File Writing
• ✅ Bash Tool

@pelikhan

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test: Claude - PASS ✅

Last 2 Merged PRs:

• Document campaign orchestrator/worker flow architecture #11336: Document campaign orchestrator/worker flow
• Only warn about projects toolset when explicitly specified, not implied by "all" #11350: Only warn about projects toolset when explicitly specified

Test Results: ✅ GitHub MCP | ✅ GH CLI | ✅ Serena | ✅ Playwright | ✅ Tavily | ✅ Runtime | ✅ File I/O | ✅ Bash

§21258666283

AI generated by Smoke Claude

[Copilot]

Investigate the error messages of npm in https://github.com/githubnext/gh-aw/actions/runs/21262971847 @copilot

Investigated the error. The issue was that make test-js failed with "make: command not found" because make is not available inside the AWF sandboxed container.

Fixed by changing to direct npm command: cd actions/setup/js && npm ci && npm run test:js -- --no-file-parallelism

This uses the same commands the Makefile would run but executes them directly using npm (which is available via the runtime mounts). Updated all smoke workflows. Commit: d875b67

[pelikhan]

@copilot update smoke agentic workflow to try to run golang tools (using the "make build" makefile target) instead of npm (remove actions/setup-node as well). The runtime manager should generate the mounts for the go tooling.

[Copilot]

@copilot update smoke agentic workflow to try to run golang tools (using the "make build" makefile target) instead of npm (remove actions/setup-node as well). The runtime manager should generate the m...

Replaced Node.js tests with Go build and test validation:

• Removed node runtime, setup-node step, and all npm/docs/JS tests
• Added Go build test: go build -o /tmp/gh-aw-test ./cmd/gh-aw
• Added Go unit test: go test ./pkg/console -v -run TestFormatSuccess

These tests validate that the runtime manager properly mounted Go folders:

• /opt/hostedtoolcache/go (Go binaries)
• /home/runner/go (GOPATH)
• /home/runner/.cache/go-build (build cache)

Go runtime already configured (version 1.25) via Serena. Updated all smoke workflows. Commit: da688d5

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ GitHub MCP (last 2 merged PRs): [code-scanning-fix] Fix go/unsafe-quoting: Escape single quotes in JSON data; Replace manual quote escaping with %q format specifier for YAML encoding
✅ safeinputs-gh PR list
✅ Serena activate_project
✅ Playwright title contains GitHub
✅ Tavily search results returned
❌ Go build (proxy.golang.org blocked)
❌ Go test (proxy.golang.org blocked)
✅ File write + cat
Overall: FAIL

AI generated by Smoke Codex

[github-actions]

Smoke Test Results - Run §21268384181

• ✅ GitHub MCP ([code-scanning-fix] Fix go/unsafe-quoting: Escape single quotes in JSON data #11382, Replace manual quote escaping with %q format specifier for YAML encoding #11392)
• ✅ Safe Inputs GH CLI (Convert Astro syntax to GitHub flavored markdown #11403, Replace base64 encoding with %q formatting and add CodeQL suppression #11402)
• ✅ Serena MCP
• ✅ Playwright
• ❌ Go Build (not in PATH)
• ❌ Go Test (not in PATH)
• ✅ File Writing
• ✅ Bash Tool

Status: ❌ FAIL - Go runtime not available

cc @Copilot @pelikhan

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results - Claude

✅ GitHub MCP - PRs #11382, #11392
✅ Safe Inputs GH CLI
✅ Serena MCP
✅ Playwright
❌ Go Build - not in PATH
❌ Go Test - not in PATH
✅ Tavily Search
✅ File Writing
✅ Bash Tool

Status: FAIL

AI generated by Smoke Claude

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[pelikhan]

@copilot add step to smoke copilot agentic workflow that shows the path to the go binaries

[Copilot]

@copilot add step to smoke copilot agentic workflow that shows the path to the go binaries

Added "Runtime Mount Testing - Show Go Paths" step to smoke-copilot workflow. The step runs which go && go version && go env GOROOT GOPATH GOCACHE to display the Go binary location and environment variables, helping verify that the runtime manager properly mounted Go folders. Commit: 5fc6ec2

[juice928]

👋 Hi, I'm an automated AI code review bot. I ran some checks on this PR and found 2 points that might be worth attention (could be false positives, please use your judgment):

1. Adjusting mount permissions to enhance sandbox isolation

   • pkg/workflow/runtime_mounts.go:L57-L136: pkg/workflow/runtime_mounts.go:L57-L136
   • Impact: Using Read-Write permissions for sensitive host directories might allow sandboxed processes to unintentionally modify persistent host caches or configurations.
   • Suggestion: Consider changing these mounts to Read-Only (ro) or using ephemeral volumes to ensure a more secure and isolated environment.

2. Improving path flexibility for different runner environments

   • pkg/workflow/runtime_mounts.go:L57-L136: pkg/workflow/runtime_mounts.go:L57-L136
   • Impact: Hardcoded absolute paths may cause the application to encounter errors when running on self-hosted runners or environments with different directory structures.
   • Suggestion: It would be more robust to dynamically resolve these paths using environment variables like HOME or RUNNER_TOOL_CACHE.

If you find these suggestions disruptive, you can reply "stop" , and I'll automatically skip this repository in the future.