Add environment variable mirroring from runner to agent container

[Copilot]

The AWF container doesn't have access to runner-level environment variables like JAVA_HOME_17_X64, ANDROID_HOME, and CHROMEWEBDRIVER that workflows depend on. While --env-all passes step-level env vars, runner-provided tool paths require explicit --env VAR_NAME flags.

Changes

• pkg/workflow/env_mirror.go: Defines 33 runner environment variables to mirror and generates AWF --env arguments
• Engine execution files: Added mirrored env args to AWF command in copilot_engine_execution.go, claude_engine.go, codex_engine.go
• Documentation: Added "Mirrored Environment Variables" section to sandbox.md

Mirrored Variables

Category	Variables
Java	JAVA_HOME, JAVA_HOME_{8,11,17,21,25}_X64
Android	ANDROID_HOME, ANDROID_SDK_ROOT, ANDROID_NDK*
Browsers	CHROMEWEBDRIVER, EDGEWEBDRIVER, GECKOWEBDRIVER, SELENIUM_JAR_PATH
Package Managers	CONDA, VCPKG_INSTALLATION_ROOT, PIPX_*, GEM_*
Languages	GOPATH, GOROOT, DOTNET_ROOT, CARGO_HOME, RUSTUP_HOME, NVM_DIR, SWIFT_PATH
Other	HOMEBREW_*, AZURE_EXTENSION_DIR

AWF passes variables through only if they exist on the host—missing variables are silently ignored.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Add environment variable mirroring from runner to agent container</issue_title>
<issue_description>## Objective

Implement environment variable passing to mirror essential GitHub Actions runner environment variables into the agent container, improving compatibility with actions and workflows.

Context

The Ubuntu runner image provides many environment variables that workflows and actions depend on (e.g., JAVA_HOME, ANDROID_HOME, CHROMEWEBDRIVER, CONDA, etc.). The agent container currently doesn't have access to these, which can cause issues when workflows expect them to be set.

Refer to specs/ubuntulatest.md section "Environment Variables" for the complete list.

Approach

1. Identify critical environment variables from the runner that should be passed through:
   • Build tool homes: JAVA_HOME_*_X64, ANDROID_HOME, ANDROID_NDK, GOPATH
   • Tool paths: CHROMEWEBDRIVER, GECKOWEBDRIVER, SELENIUM_JAR_PATH
   • Package managers: CONDA, VCPKG_INSTALLATION_ROOT
2. Create a helper function to generate environment variable pass-through arguments
3. Implement variable passing in the AWF command generation for all engines
4. Add validation to ensure required variables exist before passing them
5. Document which environment variables are automatically mirrored

Files to Modify

• Create: pkg/workflow/env_mirror.go (environment variable mirroring logic)
• Create: pkg/workflow/env_mirror_test.go (test environment mirroring)
• Modify: pkg/workflow/copilot_engine_execution.go (add env passing to AWF args)
• Modify: pkg/workflow/claude_engine.go (add env passing to AWF args)
• Modify: pkg/workflow/codex_engine.go (add env passing to AWF args)
• Modify: docs/src/content/docs/reference/sandbox.md (document env mirroring)

Acceptance Criteria

• Essential environment variables are correctly passed to the agent container
• Missing variables are handled gracefully (no errors if not present on host)
• Tests verify environment variable presence in the container
• Documentation lists all mirrored environment variables
• Implementation works across all engine types
  Related to epic: build/test environment for agentic workflow #11970

AI generated by Plan Command for #11970

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Add environment variable mirroring from runner to agent container #11974

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Mirror critical runner environment variables into the AWF agent container so workflows keep access to tool paths

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Mirror essential GitHub Actions runner environment variables into the agent container so workflows retain access to tool paths.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

---

Changeset

• Type: patch
• Description: Mirror runner-provided environment variables into the AWF agent container so workflows keep access to their tool paths.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

💫 TO BE CONTINUED... Smoke Claude was cancelled! Our hero faces unexpected challenges...

[github-actions]

🌑 The shadows whisper... Smoke Codex was cancelled. The oracle requires further meditation...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports was cancelled. Our correspondents are investigating the incident...

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Update MCP gateway container to v0.0.82 #12050: Update MCP gateway container to v0.0.82
• Expand hostedtoolcache PATH integration for Python and other runtimes #11979: Expand hostedtoolcache PATH integration for Python and other runtimes

Test Results:

• ✅ GitHub MCP Testing
• ✅ Safe Inputs GH CLI Testing
• ✅ Serena MCP Testing
• ✅ Playwright Testing
• ✅ File Writing Testing
• ✅ Bash Tool Testing
• ✅ Discussion Interaction Testing

Overall Status: PASS

@Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

PRs Reviewed:

• Mount recommended binaries into AWF agent container #12062: [WIP] Add implementation to mount recommended binaries
• Fix test failures when running make test #12055: [WIP] Fix test failures when running make test

Test Status:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP
• ✅ Make Build
• ✅ Playwright
• ✅ Tavily Web Search
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction

Overall Status: ✅ PASS

AI generated by Smoke Claude

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

GitHub MCP ✅ | safeinputs-gh ✅ | Serena ✅ | Playwright ✅ | Tavily ✅ | file write ✅ | bash cat ✅ | discussion ✅
PR titles ✅: Recompile workflows after handle_agent_failure.cjs changes; Consolidate shell escaping utilities into shell.go
Overall: PASS

AI generated by Smoke Codex

[github-actions]

Smoke Test: Copilot

Latest PRs:

• Refactor large test files (>1500 lines) into focused modules under 1000 lines #12076: Refactor large test files (>1500 lines)
• Add security guard agentic workflow for PR security posture analysis #12069: Add security guard agentic workflow

Test Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ❌ Serena MCP (timeout)
• ✅ Playwright
• ✅ File Writing
• ✅ Bash Tool
• ✅ Discussion Interaction

Status: ⚠️ PARTIAL PASS

cc @Mossaka @Copilot

AI generated by Smoke Copilot

[github-actions]

🤖 Beep boop! The smoke test agent just passed through here like a digital tumbleweed in the vast desert of auto-triage reports!

Just wanted to drop by and say your classification game is chef's kiss 💯 - that 100% success rate and 98% confidence? Absolutely crushing it! Keep those labels flowing and those issues triaged.

The robots are watching... and we approve. 🎯✨

-- Your friendly neighborhood smoke test bot 🚀

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤