[awf] ARC-DinD: auto-detection should engage --docker-host-path-prefix for (redacted) socket from sibling daemon pod

[lpcox]

Problem

gh-aw's ARC/DinD auto-detection only triggers --docker-host-path-prefix when DOCKER_HOST matches ^(redacted) On ARC deployments where the runner mounts a sibling daemon pod's socket as (redacted) the regex never fires, bind mounts reference paths the daemon cannot see, and the run fails.

Context

Upstream report: github/gh-aw#33777

Root Cause

In src/option-parsers.ts, resolveDockerHostPathPrefix() checks for DOCKER_HOST matching ^(redacted) (broadened from localhost/127.0.0.1` on 2026-05-13). A unix socket from a sibling pod represents the same DinD split-filesystem condition but does not match the tcp pattern.

Proposed Solution

1. In src/option-parsers.ts resolveDockerHostPathPrefix(), extend detection to also fire when DOCKER_HOST is a (redacted) path that does not match the local machine's docker socket (i.e., it is a mount from a sibling pod, detectable if the socket path is non-standard like /var/run/dind.sockor ifDOCKER_HOST` is set at all and a known ARC env var is present).
2. Alternatively, add an explicit AWF_FORCE_DIND=1 env var to force-enable the prefix without regex.
3. Update the regex to also match (redacted) prefixed values when running in an ARC context (check for ACTIONS_RUNNER_POD_NAME` or similar env var).
4. Add a unit test for the new detection path.

Generated by Firewall Issue Dispatcher · sonnet46 1.2M · ◷

[github-actions]

👋 Hello! I noticed this issue might be related to existing issues:

• [awf] ARC-DinD: --docker-host-path-prefix not auto-engaged when DOCKER_HOST is a unix socket from sibling daemon pod #3906 - [awf] ARC-DinD: --docker-host-path-prefix not auto-engaged when DOCKER_HOST is a unix socket from sibling daemon pod (closed as completed on 2026-05-27) — describes the same root cause: resolveDockerHostPathPrefix() not matching unix-socket DOCKER_HOST from sibling daemon pods
• [awf] ARC/DinD: engage --docker-host-path-prefix when DOCKER_HOST is a unix socket from a sibling daemon pod #3553 - [awf] ARC/DinD: engage --docker-host-path-prefix when DOCKER_HOST is a unix socket from a sibling daemon pod (closed as completed on 2026-05-21) — same problem, proposes a sentinel-file inode probe to detect split-filesystem regardless of DOCKER_HOST scheme

Both closed issues address the identical condition: DOCKER_HOST being a unix socket from a sibling daemon pod that represents a split-filesystem DinD topology, but the TCP regex in resolveDockerHostPathPrefix() never fires.

If the fix from those issues didn't fully resolve the problem (or regressed), this new issue may be worth keeping open with a note about what changed. Otherwise, if the root cause is the same, please consider closing as a duplicate.

This is an automated message from the issue duplication detector.

Generated by Issue Duplication Detector for issue #4023 · sonnet46 730.9K · ◷

[lpcox]

Resolved by #3914 (merged 2026-05-27) which extends resolveDockerHostPathPrefix() to detect sibling daemon unix sockets (any path other than /var/run/docker.sock or /run/docker.sock) and trigger the --docker-host-path-prefix path translation automatically. Also adds AWF_DIND=1 operator escape hatch.