refactor: remove --allow-full-filesystem-access flag

[Mossaka]

Summary

• Remove the --allow-full-filesystem-access CLI flag that disabled selective mounting security
• Make credential hiding unconditional (remove if/else guards around selective mounting)
• Delete 2 unit tests and 2 integration tests that exercised the removed flag
• Clean up all documentation references (usage guide, selective-mounting docs, CLI reference)

Motivation

The flag was an escape hatch that mounted the entire host filesystem with read-write access (/:/host:rw), defeating AWF's credential exfiltration protection. It is no longer needed because:

• gh-aw never passes this flag (not in awf_helpers.go)
• No CI workflows or smoke tests use it (only 2 dedicated integration tests)
• It was already hidden from --help in PR feat: group --help flags by category, hide dev-only options #1035
• The --mount flag covers the use case of mounting specific directories
• It contradicts the security model (defeats credential hiding)

Files changed (12)

File	Change
src/cli.ts	Remove option definition and config property
src/types.ts	Remove allowFullFilesystemAccess field from WrapperConfig
src/docker-manager.ts	Remove if/else branch, make credential hiding unconditional
src/docker-manager.test.ts	Delete 2 allowFullFilesystemAccess test cases
tests/fixtures/awf-runner.ts	Remove from AwfOptions interface and both if blocks
tests/integration/credential-hiding.test.ts	Delete Test 10 and Test 11
docs/usage.md	Remove flag from CLI options
docs/selective-mounting.md	Remove "Full Filesystem Access" section and references
docs-site/.../cli-reference.md	Remove table row and detail section
docs/test-analysis/*.md	Clean up references

Test plan

• npx tsc --noEmit — compiles with no errors
• npm test — all 798 unit tests pass
• node dist/cli.js --help — flag absent from output
• node dist/cli.js --allow-full-filesystem-access -- echo test — errors as unknown option
• CI integration tests pass

🤖 Generated with Claude Code

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.39%	82.48%	📈 +0.09%
Statements	82.32%	82.41%	📈 +0.09%
Functions	82.74%	82.74%	➡️ +0.00%
Branches	74.55%	74.55%	➡️ +0.00%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	83.6% → 83.9% (+0.35%)	82.8% → 83.2% (+0.33%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

🧪 Build Test: Bun Results

Project	Install	Tests	Status
elysia	✅	1/1	✅ PASS
hono	✅	1/1	✅ PASS

Overall: ✅ PASS

• Bun version: 1.3.9
• All tests passed across both projects

Generated by Build Test Bun for issue #1056

[github-actions]

🦕 Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

Test output details

oak:

running 1 test from ./test.ts
oak test ... ok (0ms)
ok | 1 passed | 0 failed (2ms)
```

**std:**
```
running 1 test from ./test.ts
std test ... ok (0ms)
ok | 1 passed | 0 failed (2ms)

Generated by Build Test Deno for issue #1056

[github-actions]

Smoke test results:
Merged PRs: docs: add integration test coverage guide with gap analysis; feat: group --help flags by category, hide dev-only options
GitHub MCP review ✅
safeinputs-gh pr list ✅
Playwright title ✅
Tavily search ❌ (tool unavailable)
File write + cat ✅
Discussion comment ✅
Build ✅
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1056

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	PASS	✅ PASS
env	✅	PASS	✅ PASS
uuid	✅	PASS	✅ PASS

Overall: ✅ PASS

Generated by Build Test Go for issue #1056

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS

Generated by Build Test C++ for issue #1056

[github-actions]

🦀 Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: ✅ PASS

Generated by Build Test Rust for issue #1056

[Copilot]

Pull request overview

This PR removes the --allow-full-filesystem-access CLI flag that allowed disabling AWF's selective mounting security feature. The flag was an escape hatch that mounted the entire host filesystem with read-write access (/:/host:rw), defeating credential exfiltration protection. With this removal, credential hiding via selective mounting becomes the only supported mode, strengthening the security posture.

Changes:

• Removed the --allow-full-filesystem-access CLI option and type definitions
• Made credential hiding unconditional by removing if/else branches in docker-manager
• Deleted 4 tests (2 unit, 2 integration) that exercised the removed flag
• Cleaned up documentation references across usage guides, selective-mounting docs, CLI reference, and test analysis docs
• Added 92 lines of new block-domains integration tests and test fixture support for envAll/cliEnv (not mentioned in PR description)

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/cli.ts	Removed --allow-full-filesystem-access option definition and removed allowFullFilesystemAccess from config object
src/types.ts	Removed allowFullFilesystemAccess field and its extensive documentation block from WrapperConfig interface
src/docker-manager.ts	Removed if/else branching - credential hiding via /dev/null mounts is now unconditional; updated comments
src/docker-manager.test.ts	Deleted 2 duplicate unit tests that verified blanket mount behavior with the flag
tests/fixtures/awf-runner.ts	Removed allowFullFilesystemAccess from interface; added blockDomains, envAll, and cliEnv support
tests/integration/credential-hiding.test.ts	Deleted Test 10 (security warnings) and Test 11 (Docker config not hidden) that tested the flag
tests/integration/blocked-domains.test.ts	Added 92 lines of new block-domains integration tests (6 test cases)
docs/usage.md	Removed 6 lines describing the flag and its security warnings
docs/selective-mounting.md	Removed "Full Filesystem Access" section (14 lines) and updated comments
docs-site/.../cli-reference.md	Removed CLI table row and 26-line detail section for the flag
docs/test-analysis/test-infra.md	Removed allowFullFilesystemAccess from interface documentation
docs/test-analysis/protocol-security.md	Removed 3 references to full filesystem access tests
docs/test-analysis/chroot.md	Removed 2 gap notes about missing flag tests

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description does not mention adding these 92 lines of new block-domains integration tests. This appears to be a separate feature enhancement bundled with the flag removal. Consider splitting this into a separate PR or updating the PR description to document this addition.

These tests add coverage for the existing --block-domains feature:

• Blocking specific subdomains while allowing parent
• Block precedence over allow
• Wildcard patterns in block lists
• Multiple blocked domains
• Debug output verification

[Copilot]

The PR description does not mention adding support for envAll and cliEnv fields to the AwfOptions interface and both run methods. These appear to be separate enhancements for environment variable handling in tests, bundled with the flag removal. Consider updating the PR description to document these additions or splitting them into a separate PR.

These additions enable tests to:

• Pass --env-all flag via envAll boolean
• Pass explicit -e KEY=VALUE flags via cliEnv object

[github-actions]

🤖 Smoke test results for Copilot engine — run 22415315431

✅ GitHub MCP — Last 2 merged PRs:

• docs: add integration test coverage guide with gap analysis #1036 "docs: add integration test coverage guide with gap analysis"
• feat: group --help flags by category, hide dev-only options #1035 "feat: group --help flags by category, hide dev-only options"

✅ Playwright — github.com title contains "GitHub"
✅ File write — /tmp/gh-aw/agent/smoke-test-copilot-22415315431.txt created and verified
✅ Bash — cat confirmed file contents

Overall: PASS | Author: @Mossaka | No assignees

📰 BREAKING: Report filed by Smoke Copilot for issue #1056

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS

Run output

hello-world:

Hello, World!
```

**json-parse:**
```
{
  "Name": "AWF Test",
  "Version": 1,
  "Success": true
}
Name: AWF Test, Success: True

Generated by Build Test .NET for issue #1056

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: docs: add integration test coverage guide with gap analysis #1036 docs: add integration test coverage guide with gap analysis; feat: group --help flags by category, hide dev-only options #1035 feat: group --help flags by category, hide dev-only options
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File Write: /tmp/gh-aw/agent/smoke-test-claude-22415315472.txt created
• ✅ Bash: File contents verified via cat

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1056

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: PASS ✅

Both projects compiled and all tests passed successfully using Maven with proxy configuration.

Generated by Build Test Java for issue #1056

[github-actions]

🟢 Node.js Build Test Results

Project	Install	Tests	Status
clsx	✅	All passed	PASS
execa	✅	All passed	PASS
p-limit	✅	All passed	PASS

Overall: PASS ✅

Generated by Build Test Node.js for issue #1056

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.12	Python 3.12.3	❌ NO
Node.js	v24.13.1	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ Not all versions match — Python minor version differs (3.12.12 vs 3.12.3) and Node.js major version differs (v24 vs v20).

Tested by Smoke Chroot for issue #1056

[github-actions]

Smoke Test Results

• ✅ GitHub MCP: docs: add integration test coverage guide with gap analysis #1036 "docs: add integration test coverage guide with gap analysis", feat: group --help flags by category, hide dev-only options #1035 "feat: group --help flags by category, hide dev-only options"
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-22416738853.txt created
• ✅ Bash verify: file contents confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1056

[github-actions]

C++ Build Test Results

Project	CMake	Build	Status
fmt	✅	✅	PASS
json	✅	✅	PASS

Overall: PASS

Generated by Build Test C++ for issue #1056

[github-actions]

🤖 Smoke Test Results

• ✅ GitHub MCP: docs: add integration test coverage guide with gap analysis #1036 "docs: add integration test coverage guide with gap analysis" by @Mossaka, feat: group --help flags by category, hide dev-only options #1035 "feat: group --help flags by category, hide dev-only options" by @Mossaka
• ✅ Playwright: GitHub page title verified ("GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ File write: /tmp/gh-aw/agent/smoke-test-copilot-22416738899.txt created and read back
• ✅ Bash: File contents verified

Overall: PASS | PR author: @Mossaka

📰 BREAKING: Report filed by Smoke Copilot for issue #1056

[github-actions]

🧪 Bun Build Test Results

Project	Install	Tests	Status
elysia	✅	1/1	PASS
hono	✅	1/1	PASS

Overall: ✅ PASS

Bun version: 1.3.9

Generated by Build Test Bun for issue #1056

[github-actions]

🦕 Deno Build Test Results

Project	Tests	Status
oak	1/1	✅ PASS
std	1/1	✅ PASS

Overall: ✅ PASS

Generated by Build Test Deno for issue #1056

[github-actions]

Rust Build Test Results

Project	Build	Tests	Status
fd	✅	1/1	PASS
zoxide	✅	1/1	PASS

Overall: ✅ PASS

Generated by Build Test Rust for issue #1056

[github-actions]

.NET Build Test Results

Project	Restore	Build	Run	Status
hello-world	✅	✅	✅	PASS
json-parse	✅	✅	✅	PASS

Overall: PASS

Run output

hello-world: Hello, World!

json-parse:

{
  "Name": "AWF Test",
  "Version": 1,
  "Success": true
}
Name: AWF Test, Success: True

Generated by Build Test .NET for issue #1056

[github-actions]

Go Build Test Results

Project	Download	Tests	Status
color	✅	PASS	✅ PASS
env	✅	PASS	✅ PASS
uuid	✅	PASS	✅ PASS

Overall: ✅ PASS

Generated by Build Test Go for issue #1056

[github-actions]

Node.js Build Test Results ✅

Project	Install	Tests	Status
clsx	✅	PASS	PASS
execa	✅	PASS	PASS
p-limit	✅	PASS	PASS

Overall: PASS

Generated by Build Test Node.js for issue #1056

[github-actions]

Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.12	Python 3.12.3	❌ NO
Node.js	v24.13.1	v20.20.0	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ Not all versions matched — Python and Node.js versions differ between host and chroot environment.

Tested by Smoke Chroot for issue #1056

[github-actions]

GitHub MCP merged PRs: ✅
docs: add integration test coverage guide with gap analysis
feat: group --help flags by category, hide dev-only options
safeinputs-gh PR list: ✅
Playwright GitHub title: ✅
Tavily search: ❌
File write: ✅
Cat verify: ✅
Discussion comment: ✅
Build: ✅ | Overall: FAIL

🔮 The oracle has spoken through Smoke Codex for issue #1056

[github-actions]

Java Build Test Results

Project	Compile	Tests	Status
gson	✅	1/1	PASS
caffeine	✅	1/1	PASS

Overall: ✅ PASS

All Java projects compiled and tested successfully against Maven Central via the AWF proxy.

Generated by Build Test Java for issue #1056