feat: fail fast when DOCKER_HOST points to an external daemon (workflow-scope DinD) (#1909)

Copilot · lpcox · web-flow · commit 8c9668c3d470 · 2026-04-11T09:52:23.000-07:00
* Initial plan * feat: detect workflow-scope DinD (DOCKER_HOST) and fail fast Add checkDockerHost() to src/cli.ts that inspects DOCKER_HOST on startup. If it points at a non-default socket (e.g. tcp://localhost:2375 for a DinD sidecar), AWF exits immediately with a clear error explaining why it is incompatible and pointing at the new docs section. Also add a "Workflow-Scope DinD Incompatibility" section to docs/usage.md documenting the root cause, the error message users will see, and the --enable-dind workaround for agents that genuinely need Docker access. Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/d99ee10d-b3d6-4811-a197-9eb8bb15da2a --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Landon Cox <landon.cox@microsoft.com>
diff --git a/src/cli.ts b/src/cli.ts
@@ -891,6 +891,15 @@ export function applyAgentTimeout(
   logger.info(`Agent timeout set to ${result.minutes} minutes`);
 }
 
+/**
+ * The set of DOCKER_HOST values that point to the local Docker daemon and are
+ * therefore compatible with AWF's network isolation model.
+ */
+const LOCAL_DOCKER_HOST_VALUES = new Set([
+  'unix:///var/run/docker.sock',
+  'unix:///run/docker.sock',
+]);
+
 /**
  * Checks whether DOCKER_HOST is set to an external daemon that is incompatible
  * with AWF.
@@ -903,13 +912,9 @@ export function applyAgentTimeout(
  *  - The iptables DNAT rules set up by awf-iptables-init
  *  - Port-binding expectations between containers
  *
- * Any `unix://` socket (including non-default paths) is accepted because it
- * still refers to a local Docker daemon.  Only remote schemes (`tcp://`,
- * `ssh://`, etc.) are rejected.
- *
  * @param env - Environment variables to inspect (defaults to process.env)
- * @returns `{ valid: true }` when DOCKER_HOST is absent or uses a unix socket;
- *          `{ valid: false, error: string }` for remote daemon schemes.
+ * @returns `{ valid: true }` when DOCKER_HOST is absent or points at the local
+ *          socket; `{ valid: false, error: string }` otherwise.
  */
 export function checkDockerHost(
   env: Record<string, string | undefined> = process.env
@@ -920,7 +925,7 @@ export function checkDockerHost(
     return { valid: true };
   }
 
-  if (dockerHost.startsWith('unix://')) {
+  if (LOCAL_DOCKER_HOST_VALUES.has(dockerHost)) {
     return { valid: true };
   }
 
