Skip to content

Audit and document /usr/bin utilities for agent container mounting #11977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 6 commits into from
Closed

Audit and document /usr/bin utilities for agent container mounting #11977

Copilot wants to merge 6 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 27, 2026
edited by agentic-workflows-dev bot
Loading

Agent container currently mounts only 3 utilities (date, gh, yq). Many workflows need access to common utilities like jq, curl, grep, etc. This audit documents which utilities should be mounted.

Changes

Created specs/agent-container-utilities.md with:

  • Usage analysis of 184 workflow files with frequency counts
  • 28 utilities categorized by importance:
    • Essential (6): jq, grep, cat, curl, find, git
    • Common (10): which, mkdir, wc, head, tail, sort, diff, cp, ls, sed, cut
    • Optional (12): file, rm, chmod, zip, unzip, mv, wget, etc.
  • Security risk assessment (Low/Medium/High) for each utility
  • Implementation recommendations with code examples

Key Findings

jq is most critically needed (253 refs, 231 direct invocations). Recommended additions:

// Priority 1 - Essential utilities
awfArgs = append(awfArgs, "--mount", "/usr/bin/jq:/usr/bin/jq:ro")
awfArgs = append(awfArgs, "--mount", "/usr/bin/grep:/usr/bin/grep:ro")
awfArgs = append(awfArgs, "--mount", "/usr/bin/cat:/usr/bin/cat:ro")
awfArgs = append(awfArgs, "--mount", "/usr/bin/curl:/usr/bin/curl:ro")
awfArgs = append(awfArgs, "--mount", "/usr/bin/find:/usr/bin/find:ro")

Network utilities (curl, git, wget) already controlled by existing firewall rules. All mounts use :ro for security.

Original prompt

This section details on the original issue you should resolve

<issue_title>[plan] Audit and document all essential /usr/bin utilities used by workflows</issue_title>
<issue_description>## Objective

Conduct a comprehensive audit of all essential utilities from /usr/bin that are commonly used in agentic workflows and document which ones should be mounted into the agent container.

Context

Currently, only three binaries from /usr/bin are mounted into the agent container:

  • /usr/bin/date
  • /usr/bin/gh (GitHub CLI)
  • /usr/bin/yq

Many workflows may need access to other common utilities like jq, curl, wget, git, tar, zip, etc.

Approach

  1. Review the Ubuntu runner image documentation in specs/ubuntulatest.md to identify commonly available utilities
  2. Analyze existing workflow files (.github/workflows/*.md) to identify which /usr/bin utilities are actually being used
  3. Use grep to search for common utility names across workflow files
  4. Create a prioritized list of utilities that should be mounted, categorized by:
    • Essential (required for most workflows)
    • Common (frequently used)
    • Optional (specialized use cases)
  5. Document findings in a new file specs/agent-container-utilities.md

Files to Create/Modify

  • Create: specs/agent-container-utilities.md (audit results and recommendations)
  • Review: .github/workflows/*.md (identify utility usage patterns)
  • Reference: specs/ubuntulatest.md (available utilities)

Acceptance Criteria

  • Audit identifies at least 15 commonly used utilities from /usr/bin
  • Utilities are categorized by importance (essential/common/optional)
  • Document includes usage frequency analysis from existing workflows
  • Document provides clear mounting recommendations with rationale
  • Document notes any security considerations for each utility
    Related to epic: build/test environment for agentic workflow #11970

AI generated by Plan Command for #11970

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Changeset

  • Type: patch
  • Description: Documented the audit of /usr/bin utilities required by agent workflows and provided recommendations for mounting them in the agent container.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

Copilot AI and others added 2 commits January 27, 2026 00:15
@Mossaka
Start audit of /usr/bin utilities for agent container
13de9d8 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
Add specs/agent-container-utilities.md with comprehensive utility audit
61e1fc1 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Audit and document essential /usr/bin utilities used by workflows Audit and document /usr/bin utilities for agent container mounting Jan 27, 2026
Copilot AI requested a review from Mossaka January 27, 2026 00:23
Mossaka and others added 2 commits January 27, 2026 17:17
@Mossaka
Merge remote-tracking branch 'origin/main' into copilot/audit-usr-bin…
f6bf4e6 
…-utilities

# Conflicts:
#	.github/workflows/jsweep.lock.yml
#	.github/workflows/smoke-copilot.lock.yml
@Mossaka @claude
Regenerate workflows after merge with main
42d0211 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@Mossaka Mossaka added the smoke label Jan 27, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026
edited
Loading

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026
edited by agentic-workflows-dev bot
Loading

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

Smoke Test Results

PRs Tested:

Test Results:

  • ✅ GitHub MCP
  • ✅ Safe Inputs GH CLI
  • ✅ Serena MCP
  • ✅ Playwright
  • ✅ File Writing
  • ✅ Bash Tool
  • ✅ Discussion Interaction

Overall Status: PASS

@Mossaka

AI generated by Smoke Copilot

This was referenced Jan 27, 2026
Closed
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

Smoke Test Results - Claude Engine

PR #11969: Fix AWF command quoting
PR #12046: Add project frontmatter field

✅ GitHub MCP
✅ GH CLI (safeinputs-gh)
✅ Serena MCP
✅ Make Build
✅ Playwright
✅ Tavily Search
✅ File Write
✅ Bash
✅ Discussion Interaction

Status: ✅ PASS

AI generated by Smoke Claude

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

PR titles:
Fix AWF command quoting to ensure agent runs inside firewall container
Add project frontmatter field for automatic project board tracking
Tests: GitHub MCP ✅ | safeinputs-gh ✅ | Serena ✅ | Playwright ✅ | Tavily ✅ | File write ✅ | Bash cat ✅ | Discussion ✅
Overall: PASS

AI generated by Smoke Codex

@Mossaka Mossaka closed this Jan 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

smoke-claude smoke-codex smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[plan] Audit and document all essential /usr/bin utilities used by workflows

2 participants

@Mossaka