Add environment variable mirroring from runner to agent container

[Copilot]

The AWF container doesn't have access to runner-level environment variables like JAVA_HOME_17_X64, ANDROID_HOME, and CHROMEWEBDRIVER that workflows depend on. While --env-all passes step-level env vars, runner-provided tool paths require explicit --env VAR_NAME flags.

Changes

• pkg/workflow/env_mirror.go: Defines 33 runner environment variables to mirror and generates AWF --env arguments
• Engine execution files: Added mirrored env args to AWF command in copilot_engine_execution.go, claude_engine.go, codex_engine.go
• Documentation: Added "Mirrored Environment Variables" section to sandbox.md

Mirrored Variables

Category	Variables
Java	JAVA_HOME, JAVA_HOME_{8,11,17,21,25}_X64
Android	ANDROID_HOME, ANDROID_SDK_ROOT, ANDROID_NDK*
Browsers	CHROMEWEBDRIVER, EDGEWEBDRIVER, GECKOWEBDRIVER, SELENIUM_JAR_PATH
Package Managers	CONDA, VCPKG_INSTALLATION_ROOT, PIPX_*, GEM_*
Languages	GOPATH, GOROOT, DOTNET_ROOT, CARGO_HOME, RUSTUP_HOME, NVM_DIR, SWIFT_PATH
Other	HOMEBREW_*, AZURE_EXTENSION_DIR

AWF passes variables through only if they exist on the host—missing variables are silently ignored.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Add environment variable mirroring from runner to agent container</issue_title>
<issue_description>## Objective

Implement environment variable passing to mirror essential GitHub Actions runner environment variables into the agent container, improving compatibility with actions and workflows.

Context

The Ubuntu runner image provides many environment variables that workflows and actions depend on (e.g., JAVA_HOME, ANDROID_HOME, CHROMEWEBDRIVER, CONDA, etc.). The agent container currently doesn't have access to these, which can cause issues when workflows expect them to be set.

Refer to specs/ubuntulatest.md section "Environment Variables" for the complete list.

Approach

1. Identify critical environment variables from the runner that should be passed through:
   • Build tool homes: JAVA_HOME_*_X64, ANDROID_HOME, ANDROID_NDK, GOPATH
   • Tool paths: CHROMEWEBDRIVER, GECKOWEBDRIVER, SELENIUM_JAR_PATH
   • Package managers: CONDA, VCPKG_INSTALLATION_ROOT
2. Create a helper function to generate environment variable pass-through arguments
3. Implement variable passing in the AWF command generation for all engines
4. Add validation to ensure required variables exist before passing them
5. Document which environment variables are automatically mirrored

Files to Modify

• Create: pkg/workflow/env_mirror.go (environment variable mirroring logic)
• Create: pkg/workflow/env_mirror_test.go (test environment mirroring)
• Modify: pkg/workflow/copilot_engine_execution.go (add env passing to AWF args)
• Modify: pkg/workflow/claude_engine.go (add env passing to AWF args)
• Modify: pkg/workflow/codex_engine.go (add env passing to AWF args)
• Modify: docs/src/content/docs/reference/sandbox.md (document env mirroring)

Acceptance Criteria

• Essential environment variables are correctly passed to the agent container
• Missing variables are handled gracefully (no errors if not present on host)
• Tests verify environment variable presence in the container
• Documentation lists all mirrored environment variables
• Implementation works across all engine types
  Related to epic: build/test environment for agentic workflow #11970

AI generated by Plan Command for #11970

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Add environment variable mirroring from runner to agent container #11974

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Mirror critical runner environment variables into the AWF agent container so workflows keep access to tool paths

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Mirror essential GitHub Actions runner environment variables into the agent container so workflows retain access to tool paths.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

💫 TO BE CONTINUED... Smoke Claude was cancelled! Our hero faces unexpected challenges...

[github-actions]

🌑 The shadows whisper... Smoke Codex was cancelled. The oracle requires further meditation...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports was cancelled. Our correspondents are investigating the incident...

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

Smoke Test Results:

✅ GitHub MCP (#11969, #12046)
✅ Safe Inputs GH CLI (#12062, #12055)
✅ Serena MCP
✅ Make Build
✅ Playwright
✅ Tavily Search
✅ File Operations
✅ Bash Tools
✅ Discussion Interaction

Overall Status: PASS

AI generated by Smoke Claude

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

GitHub MCP: Update MCP gateway container to v0.0.82 ✅
GitHub MCP: Expand hostedtoolcache PATH integration for Python and other runtimes ✅
safeinputs-gh: [WIP] Add implementation to mount recommended binaries into agent container ✅
safeinputs-gh: [WIP] Fix test failures when running make test ✅
Serena activate_project ✅
Playwright github.com title ✅
Tavily search ✅
File write/read ✅
Discussion query + comment ✅
Overall: PASS

AI generated by Smoke Codex

[github-actions]

🎉 The smoke test agent was here! Just validated all the Copilot engine capabilities and everything is looking fantastic! 🚀

✨ All systems operational:

• GitHub MCP: ✅ Checked
• Safe Inputs: ✅ Verified
• Serena MCP: ✅ Activated
• Playwright: ✅ Browsing
• File I/O: ✅ Working
• Bash: ✅ Executing

Keep up the great work! 🎊

---

Smoke test run: §21407709161

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Update MCP gateway container to v0.0.82 #12050: Update MCP gateway container to v0.0.82
• Expand hostedtoolcache PATH integration for Python and other runtimes #11979: Expand hostedtoolcache PATH integration for Python and other runtimes

Test Results:

• ✅ GitHub MCP Testing
• ✅ Safe Inputs GH CLI Testing
• ✅ Serena MCP Testing
• ✅ Playwright Testing
• ✅ File Writing Testing
• ✅ Bash Tool Testing
• ✅ Discussion Interaction Testing

Overall Status: PASS

@Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

PRs Reviewed:

• Mount recommended binaries into AWF agent container #12062: [WIP] Add implementation to mount recommended binaries
• Fix test failures when running make test #12055: [WIP] Fix test failures when running make test

Test Status:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP
• ✅ Make Build
• ✅ Playwright
• ✅ Tavily Web Search
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction

Overall Status: ✅ PASS

AI generated by Smoke Claude

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

⚓ Avast! Changeset Generator be settin' sail on this pull request! 🏴‍☠️