Skip to content

fix: emit sbx credential refresh step before agent execution#45146

Merged
lpcox merged 1 commit into
mainfrom
fix/docker-sbx-credential-refresh
Jul 13, 2026
Merged

fix: emit sbx credential refresh step before agent execution#45146
lpcox merged 1 commit into
mainfrom
fix/docker-sbx-credential-refresh

Conversation

@lpcox

@lpcox lpcox commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fixes intermittent "user is not authenticated to Docker" errors that occur when AWF calls sbx create during agent execution. Docker Hub OAuth tokens obtained by sbx login during the daemon-setup step can expire or be invalidated between workflow steps. This PR emits a credential-refresh step immediately before agent execution for all sbx-runtime workflows.

Changes

pkg/workflow/compiler_yaml_ai_execution.go

  • In generateAgentRunSteps, added a conditional block: when isDockerSbxRuntime(data) is true, emits the new credential-refresh step after the CLI proxy step and before agent execution.

pkg/workflow/docker_sbx_install.go

  • Added generateDockerSbxCredentialRefreshStep() — returns a GitHubActionStep that emits a GitHub Actions step named "Refresh sbx credentials".
  • The step maps DOCKER_PAT and DOCKER_USERNAME secrets to env vars (DOCKER_PAT_VAL, DOCKER_USERNAME_VAL) and calls sbx login --username "$DOCKER_USERNAME_VAL" --password-stdin via printf.
  • Secrets are passed through env vars rather than inline expressions to prevent raw ${{ secrets.* }} from appearing in shell commands.

pkg/workflow/docker_sbx_test.go

  • Unit test for generateDockerSbxCredentialRefreshStep(): verifies step name, sbx login presence, correct env var mapping, and that raw secret expressions are absent from the run: body.
  • Integration assertion in the compiled lock YAML test: verifies the step is present in the output and positioned after the pre-flight smoke test but before agentic_execution.

Root Cause

Docker Hub OAuth tokens have a limited TTL. When a workflow has multiple steps between sbx login (daemon setup) and sbx create (agent execution), the token can expire, causing authentication failures at runtime.

Behaviour

Scenario Before After
sbx runtime, token expired sbx create fails with auth error fresh sbx login runs immediately before execution
non-sbx runtime no change no change (guarded by isDockerSbxRuntime)

Testing

  • New unit test: TestGenerateDockerSbxInstallSteps/credential_refresh_step
  • Extended integration test: step ordering assertions in compiled lock YAML

Generated by PR Description Updater for #45146 · 27.4 AIC · ⌖ 8 AIC · ⊞ 4.7K ·

Docker Hub OAuth tokens obtained by `sbx login` during the daemon-setup
step can expire or be invalidated by the policy-reset cycle. By the time
AWF calls `sbx create`, the sbx daemon no longer has valid Docker Hub
credentials, causing 'user is not authenticated to Docker' errors.

Add a `generateDockerSbxCredentialRefreshStep()` that runs `sbx login`
immediately before the agent execution step, ensuring the daemon has
fresh credentials when AWF creates the microVM sandbox.

The step is emitted in `compiler_yaml_ai_execution.go` (the common
compilation path for all engines) so it applies to Copilot, Claude,
Codex, and any future engine using docker-sbx runtime.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 13, 2026 00:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Docker sbx credential refresh immediately before agent execution, preventing stale authentication failures.

Changes:

  • Emits a conditional sbx login refresh step.
  • Passes Docker credentials through environment variables.
  • Tests step generation and execution ordering.
Show a summary per file
File Description
pkg/workflow/docker_sbx_install.go Generates the credential refresh step.
pkg/workflow/compiler_yaml_ai_execution.go Inserts refresh before engine execution.
pkg/workflow/docker_sbx_test.go Verifies content and ordering.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 3/3 changed files
  • Comments generated: 0
  • Review effort level: Medium

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🌑 The shadows whisper... Smoke Codex failed to deliver outputs. The oracle requires further meditation...

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot Small failed. Please review the logs for details.

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test Results

  • GitHub MCP Testing: ✅
  • Web Fetch Testing: ✅
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅
  • Build gh-aw: ❌ (Network failure: dial tcp: lookup proxy.golang.org: server misbehaving)

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

Smoke Gemini — Powered by Gemini · 16.9 AIC · ⌖ 1.57 AIC · ⊞ 9.3K ·
Comment /smoke-gemini to run again

@github-actions

Copy link
Copy Markdown
Contributor

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.54.0
jq 1.7
yq 4.53.3
curl 8.5.0
gh 2.96.0
node 22.23.1
python3 3.11.15 (PyPy 7.3.23)
go 1.24.13
java 10.0.301
dotnet 10.0.301

Result: 12/12 tools available ✅

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔧 Tool validation by Agent Container Smoke Test · 12.4 AIC · ⌖ 7.84 AIC · ⊞ 4.6K ·
Comment /smoke-test-tools to run again

@github-actions

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection engine failed to produce results.

Review the workflow run logs for details.

Pull request created: #45150

Generated by Changeset Generator · 1.15 AIC · ⊞ 14.5K

@github-actions

Copy link
Copy Markdown
Contributor

Smoke test for PR: fix: emit sbx credential refresh step before agent execution
✅ GitHub PRs
✅ Serena
✅ Playwright
❌ Web-fetch
✅ File write/read
✅ Bash verify
✅ Build
✅ Comment memory
✅ Cache memory
✅ Issue field
Overall: FAIL

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · 4.25 AIC · ⌖ 0.522 AIC · ⊞ 12.7K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Smoke lights the console
Builds hum through the quiet cache
Git waits, still and plain

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · 4.25 AIC · ⌖ 0.522 AIC · ⊞ 12.7K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

💨 Smoke Test: Claude — Run 29215927006

Core #1-12: ✅ All passed
PR Review #13-15,17,18: ✅ Passed
#16 Resolve thread: ⚠️ skipped (no unresolved threads)
#19 Close PR: ⚠️ skipped (no safe test PR)

Overall: PARTIAL — all executed tests passed. 💥

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 75.3 AIC · ⌖ 31.3 AIC · ⊞ 8.4K ·
Comment /smoke-claude to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 75.3 AIC · ⌖ 31.3 AIC · ⊞ 8.4K
Comment /smoke-claude to run again

// Refresh sbx credentials immediately before AWF execution. Docker Hub OAuth
// tokens obtained during the daemon-setup step can expire between workflow steps,
// causing "user is not authenticated to Docker" errors when AWF calls `sbx create`.
if isDockerSbxRuntime(data) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice — gating the credential refresh on isDockerSbxRuntime keeps this cleanly scoped to the docker-sbx runtime. 👍

// sbx daemon with Docker Hub immediately before AWF runs the agent. OAuth tokens
// obtained by `sbx login` during the daemon-setup step can expire or be invalidated
// by the policy-reset cycle, so a fresh login right before execution prevents
// "user is not authenticated to Docker" errors when AWF calls `sbx create`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clear doc comment explaining why the token can expire — helpful context for future maintainers.

@github-actions

Copy link
Copy Markdown
Contributor

PR: fix: emit sbx credential refresh step before agent execution
Merged: feat: implement private-to-public-flows: allow as a tools.github frontmatter field
Merged: fix: bump pinned gVisor release from 20250623.0 to 20250707.0
1✅ 2✅ 3✅ 4✅
5✅ 6✅ 7✅ 8✅
9✅ 10✅ 11✅ 12✅
13✅ 14❌ 15✅ 16✅
Overall: FAIL
Author: @lpcox | Assignees: none

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 91.3 AIC · ⌖ 3.11 AIC · ⊞ 19K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Tests whisper in loops
Bots trace dawn through guarded branches
Green sparks wake the queue

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 91.3 AIC · ⌖ 3.11 AIC · ⊞ 19K ·
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke validation review comments attached.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 91.3 AIC · ⌖ 3.11 AIC · ⊞ 19K
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Hey @lpcox 👋 — great fix for the docker-sbx credential staleness issue! The approach of injecting a sbx login refresh step immediately before agent execution is clean and surgical — and the end-to-end validation via gh-aw-firewall#6153 with all 4 smoke workflows passing gives strong confidence.

The PR is well-structured: focused change, clear Problem/Solution/Testing breakdown, tests included for both the new step generation and step ordering. This looks ready for review. 🚀

Generated by ✅ Contribution Check · 115.3 AIC · ⌖ 9.07 AIC · ⊞ 6.2K ·

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants