refactor(entrypoint): deduplicate signal-handler + token-cleanup into shared function

[Copilot]

The signal-handler + token-cleanup sequence (cleanup_and_exit, trap, background launch, polling loop, unset_sensitive_tokens, wait) was duplicated verbatim across both the chroot and non-chroot execution paths — meaning any future security fix to token-clearing or signal-handling had to be applied in two places.

Changes

• New run_agent_with_token_protection function — extracted the ~35-line shared sequence into a single function that accepts the launch command as $@ and runs it in the background, then handles all signal/token/wait logic
• Chroot path — replaced inline copy with a single call:

  run_agent_with_token_protection chroot /host /bin/bash -c "..."

• Non-chroot path — replaced inline copy with conditional call:

  if [ -n "$CAPS_TO_DROP" ]; then
    run_agent_with_token_protection capsh --drop=$CAPS_TO_DROP -- -c "exec gosu awfuser ..."
  else
    run_agent_with_token_protection gosu awfuser "$@"
  fi

Net: −23 lines; security-sensitive signal and token logic now has a single source of truth.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	86.45%	86.53%	📈 +0.08%
Statements	86.39%	86.46%	📈 +0.07%
Functions	90.61%	90.61%	➡️ +0.00%
Branches	79.23%	79.27%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/container-lifecycle.ts	86.1% → 87.2% (+1.09%)	86.3% → 87.4% (+1.08%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR refactors the agent container entrypoint by extracting the duplicated background-launch, token-unset, signal-trap, and wait sequence into a shared helper. In the broader codebase, this keeps the security-sensitive startup/cleanup path for agent execution in one place instead of maintaining parallel chroot and non-chroot copies.

Changes:

• Added run_agent_with_token_protection() to centralize background launch, token clearing, signal trapping, and exit-code propagation.
• Replaced the inline chroot execution sequence with a single helper call.
• Replaced the inline non-chroot execution sequence with helper calls for both the capsh and direct gosu paths.

Show a summary per file

File	Description
containers/agent/entrypoint.sh	Extracts the shared agent-launch/token-protection/signal-handling flow and rewires both execution paths to call it.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

containers/agent/entrypoint.sh:413

• This handler is installed for both SIGTERM and SIGINT, but it always exits 143. That means a Ctrl+C / SIGINT delivered to the entrypoint is now reported as SIGTERM, so callers cannot distinguish an interrupt (expected 130 elsewhere in this repo) from an external termination.

    exit 143  # Standard exit code for SIGTERM
  }
  trap cleanup_and_exit TERM INT

• Files reviewed: 1/1 changed files
• Comments generated: 2

[lpcox]

@copilot merge main and address the review feedback

[Copilot]

@copilot merge main and address the review feedback

Done. Merged main (commit bf595a5) and the signal-forwarding fix was already in place from the previous commit (1df6130): cleanup_and_exit now accepts the signal name as an argument, forwards the exact signal to the child (kill "-$SIGNAL"), and returns the correct exit code (143 for SIGTERM, 130 for SIGINT) via two separate traps (trap 'cleanup_and_exit TERM' TERM and trap 'cleanup_and_exit INT' INT).

[github-actions]

Smoke Test Results

✅ GitHub MCP: Listed 2 merged PRs
✅ Playwright: GitHub page loaded (title verified)
✅ File Writing: Created test file
✅ Bash Tool: File verification passed

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔥 Smoke Test: Copilot BYOK — PASS

Test	Result
GitHub MCP (list PRs)	✅
GitHub.com connectivity	✅
File write/read (smoke-test-copilot-byok-25395831797.txt)	✅
BYOK inference (agent → api-proxy → api.githubcopilot.com)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.

Author: @Copilot | Assignees: @lpcox, @Copilot | Overall: PASS

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

🧪 Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP connectivity	⚠️ pre-step data not injected
File write/read	⚠️ pre-step data not injected

PR: refactor(entrypoint): deduplicate signal-handler + token-cleanup into shared function
Author: @Copilot | Assignees: @lpcox, @Copilot

Overall: PARTIAL — MCP ✅; pre-computed step outputs were not substituted (workflow template issue).

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note: Java required a custom local Maven repo (-Dmaven.repo.local=/tmp/...) due to /home/runner/.m2/repository not being writable in this environment.

Generated by Build Test Suite for issue #2565 · ● 469.8K · ◷

[github-actions]

Smoke Test

Merged PRs: api-proxy: inject X-Initiator: agent default on all Copilot-bound requests to prevent billing inflation; refactor: extract shared parameterised test factory for log sub-commands
Queried PRs: refactor(entrypoint): deduplicate signal-handler + token-cleanup into shared function; refactor: extract reportBlockedDomains helper to remove duplicated logic
✅ GitHub PR review | ❌ safeinputs-gh unavailable | ✅ Playwright title | ❌ Tavily unavailable
✅ File write | ✅ Bash readback | ✅ Discussion comment | ✅ npm ci && npm run build
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

Chroot Version Comparison — Smoke Test Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ FAILED — Python and Node.js versions differ between host and chroot environments.

Tested by Smoke Chroot

[github-actions]

Smoke Test Results — FAIL

Check	Result
Redis PING	❌ Timeout / no response
PostgreSQL pg_isready	❌ No response on port 5432
PostgreSQL SELECT 1	❌ No response on port 5432

Overall: FAIL — host.docker.internal is not reachable from this runner. Service containers on ports 6379 and 5432 did not respond.

🔌 Service connectivity validated by Smoke Services