fix: loosen checkDockerHost to accept any unix:// socket; fix misleading test name

[Copilot]

checkDockerHost() rejected non-default unix sockets (e.g. unix:///tmp/custom-docker.sock) with an "external daemon" error — inaccurate, since those still point to a local daemon.

Changes

• src/cli.ts: Replace hardcoded LOCAL_DOCKER_HOST_VALUES set with a startsWith('unix://') check. Only remote schemes (tcp://, ssh://) are now rejected. The "external daemon" error message is now accurate.

  // Before: only these two paths were accepted
  const LOCAL_DOCKER_HOST_VALUES = new Set([
    'unix:///var/run/docker.sock',
    'unix:///run/docker.sock',
  ]);
  
  // After: any unix socket is accepted
  if (dockerHost.startsWith('unix://')) {
    return { valid: true };
  }

• src/cli.test.ts:

  • Rename 'should return invalid for a TLS TCP daemon' → 'should return invalid for a TCP daemon on a non-default port' (TLS is controlled by env vars, not port number)
  • Update non-standard unix socket test to expect valid: true, consistent with the loosened check

[Copilot]

Pull request overview

Loosens checkDockerHost() to treat any unix:// socket as local (and therefore compatible), while rejecting remote Docker daemon schemes and documenting the workflow-scope DinD incompatibility.

Changes:

• Add checkDockerHost() to validate DOCKER_HOST and fail fast on remote daemon schemes.
• Add unit tests covering unset/undefined, default unix sockets, custom unix sockets, and TCP daemons.
• Document why workflow-scope DinD (via DOCKER_HOST=tcp://...) is incompatible and provide a workaround.

Show a summary per file

File	Description
src/cli.ts	Adds checkDockerHost() and enforces it during CLI startup to reject remote daemons.
src/cli.test.ts	Adds/updates tests to match the relaxed unix-socket acceptance and TCP rejection.
docs/usage.md	Adds a new section explaining workflow-scope DinD incompatibility and the --enable-dind workaround.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 2

[Copilot]

The error text says “AWF requires the local Docker daemon (default socket)”, but checkDockerHost() explicitly accepts any unix:// socket (including non-default paths). This message is misleading for users with a custom local socket; consider changing it to refer to a local unix socket (or “local Docker socket”) rather than the default socket specifically.

Suggested change

	'AWF requires the local Docker daemon (default socket). ' +
	'AWF requires a local Docker unix socket. ' +

[Copilot]

This documentation example repeats “local Docker daemon (default socket)”, but the new behavior accepts non-default unix:// sockets too. Updating this wording to “local Docker daemon via a unix socket” (or similar) would keep the docs consistent with the relaxed check.

Suggested change

	local Docker daemon (default socket). Workflow-scope DinD is incompatible with AWF's
	local Docker daemon via a unix socket. Workflow-scope DinD is incompatible with AWF's

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	85.85%	85.87%	📈 +0.02%
Statements	85.76%	85.77%	➡️ +0.01%
Functions	87.54%	87.58%	📈 +0.04%
Branches	78.56%	78.53%	📉 -0.03%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
src/cli.ts	62.2% → 62.3% (+0.03%)	62.8% → 62.8% (+0.01%)
src/docker-manager.ts	86.3% → 86.6% (+0.36%)	85.9% → 86.2% (+0.35%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit fbf9a2f

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	85.33%	85.35%	📈 +0.02%
Statements	85.18%	85.20%	📈 +0.02%
Functions	87.45%	87.50%	📈 +0.05%
Branches	77.69%	77.67%	📉 -0.02%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
src/cli.ts	61.0% → 61.0% (+0.04%)	61.4% → 61.5% (+0.04%)
src/docker-manager.ts	85.9% → 86.2% (+0.32%)	85.5% → 85.8% (+0.31%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: fix: remove duplicate paragraph and revert cron in firewall-issue-dispatcher #1913 "fix: remove duplicate paragraph and revert cron in firewall-issue-dispatcher", fix: restore create-issue step and improve URL format in firewall-issue-dispatcher #1910 "fix: restore create-issue step and improve URL format in firewall-issue-dispatcher"
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-24286910024.txt created
• ✅ Bash: file contents verified

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test Results

PR: fix: loosen checkDockerHost to accept any unix:// socket; fix misleading test name
Author: @app/copilot-swe-agent | Assignees: @lpcox, @Copilot

Test	Result
GitHub MCP (list merged PRs)	✅
GitHub.com connectivity	✅
File write/read	✅

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke test results:

• fix: remove duplicate paragraph and revert cron in firewall-issue-dispatcher
• fix: restore create-issue step and improve URL format in firewall-issue-dispatcher
• GitHub MCP (last 2 merged PRs): ✅
• safeinputs-gh PR query: ❌
• Playwright title contains "GitHub": ✅
• Tavily web search: ❌
• File write + bash cat verify: ✅
• Build (npm ci && npm run build): ✅
  Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot.

Tested by Smoke Chroot

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

Check	Status	Details
Redis PING (host.docker.internal:6379)	✅ PASS	+PONG
PostgreSQL ready (host.docker.internal:5432)	✅ PASS	accepting connections
SELECT 1 on smoketest DB	✅ PASS	returned 1

All checks passed. (Note: redis-cli was not available; Redis was verified via raw TCP with nc.)

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	passed	✅ PASS
Go	env	✅	passed	✅ PASS
Go	uuid	✅	passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note (Java): Initial Maven run failed because ~/.m2/ was owned by root (no write access for the runner user). Fixed by setting <localRepository>/tmp/gh-aw/agent/m2repo</localRepository> in settings.xml. Both gson and caffeine then compiled and tested successfully.

Generated by Build Test Suite for issue #1912 · ● 633.4K · ◷