Fix threat detection AWF run missing --copilot-api-target and GHE domains on data residency (#21527)

* Initial plan

* Fix threat detection AWF run missing --copilot-api-target and GHE domains on data residency

When engine.api-target is configured for GHE Cloud with data residency,
propagate the APITarget from the main engine config to the detection
engine config so the threat detection AWF invocation receives the same
--copilot-api-target flag and GHE-specific domains in --allow-domains.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Add GITHUB_COPILOT_BASE_URL env var support and fix integration test api-target

- Fix TestAPITargetDomainsInThreatDetectionStep to use api.contoso-aw.ghe.com
  (copilot-api. prefix does not trigger base-domain derivation in GetAPITargetDomains)
- Add GetCopilotAPITarget() helper: resolves --copilot-api-target from engine.api-target
  (explicit) or GITHUB_COPILOT_BASE_URL in engine.env (fallback), mirroring the
  OPENAI_BASE_URL/ANTHROPIC_BASE_URL pattern for Codex/Claude
- Update awf_helpers.go, copilot_engine_execution.go, and domains.go to use the helper
- Add unit tests for GetCopilotAPITarget and engine execution step
- Add integration test TestGitHubCopilotBaseURLInCompiledWorkflow
- Update engines.md docs to document GITHUB_COPILOT_BASE_URL

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

* Update DefaultMCPGatewayVersion to v0.1.17 and regenerate golden/lock files (#21609)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* fix: merge main to resolve failing build-wasm and test CI jobs (#21612)

* docs: add GH_HOST and RUNNER_TEMP to glossary (daily scan 2026-03-18) (#21553)

* docs: update GHES CLI docs and add Copilot GHES troubleshooting guide (#21528)

* Fix list height not updating on terminal resize (#21555)

* fix(daily-workflow-updater): unblock PR creation by setting protected-files: allowed (#21554)

* chore: bump MCP Gateway v0.1.15→v0.1.17 (#21552)

* feat: custom Huh theme mapped from pkg/styles Dracula palette (#21557)

* Add top-level `github-app` frontmatter as universal fallback for token minting (#21510)

* feat: add GitHub App-only permissions support (#21511)

* fix: fall back to existing remote tracking ref when incremental patch fetch fails (#21568)

* Add weekly blog post writer agentic workflow (#21575)

* ci: add timeout-minutes to all 25 jobs lacking explicit limits (#21601)

* fix: add setupGlobals in generate_aw_info step to fix staged mode ReferenceError (#21602)

* Disable lockdown mode for weekly blog post generator (#21598)

* fix: replace git push with GraphQL signed commits to satisfy required_signatures rulesets (#21576)

* docs: add weekly update blog post for 2026-03-18 (#21608)

Covers v0.58.0 through v0.61.0 (7 releases this week),
notable PRs, and auto-triage-issues as Agent of the Week.

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix failing CI: merge main to include setupGlobals in generate_aw_info step and update golden files

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: Landon Cox <landon.cox@microsoft.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: 6 people

.changeset/patch-threat-detection-ghe-api-target.md

@@ -139,9 +139,9 @@ The specified hostname must also be listed in `network.allowed` for the firewall
 
 #### Custom API Endpoints via Environment Variables
 
-Two environment variables receive special treatment when set in `engine.env`: `OPENAI_BASE_URL` (for `codex`) and `ANTHROPIC_BASE_URL` (for `claude`). When either is present, the AWF sandbox proxy automatically routes API calls to the specified host instead of the default `api.openai.com` or `api.anthropic.com`. Credential isolation and firewall enforcement remain active.
+Three environment variables receive special treatment when set in `engine.env`: `OPENAI_BASE_URL` (for `codex`), `ANTHROPIC_BASE_URL` (for `claude`), and `GITHUB_COPILOT_BASE_URL` (for `copilot`). When any of these is present, the AWF sandbox proxy automatically routes API calls to the specified host instead of the default endpoint. Credential isolation and firewall enforcement remain active.
 
-This enables workflows to use internal LLM routers, Azure OpenAI deployments, or other OpenAI-compatible endpoints without bypassing AWF's security model.
+This enables workflows to use internal LLM routers, Azure OpenAI deployments, corporate Copilot proxies, or other compatible endpoints without bypassing AWF's security model.
 
 ```yaml wrap
 engine:
@@ -172,7 +172,23 @@ network:
     - anthropic-proxy.internal.example.com
 ```
 
-The custom hostname is extracted from the URL and passed to the AWF `--openai-api-target` or `--anthropic-api-target` flag automatically at compile time. No additional configuration is required.
+For Copilot workflows routed through a custom Copilot-compatible endpoint (e.g., a corporate proxy or a GHE Cloud data residency instance):
+
+```yaml wrap
+engine:
+  id: copilot
+  env:
+    GITHUB_COPILOT_BASE_URL: "https://copilot-proxy.corp.example.com"
+
+network:
+  allowed:
+    - github.com
+    - copilot-proxy.corp.example.com
+```
+
+`GITHUB_COPILOT_BASE_URL` is used as a fallback when `engine.api-target` is not explicitly set. If both are configured, `engine.api-target` takes precedence.
+
+The custom hostname is extracted from the URL and passed to the AWF `--openai-api-target`, `--anthropic-api-target`, or `--copilot-api-target` flag automatically at compile time. No additional configuration is required.
 
 ### Engine Command-Line Arguments
 

docs/src/content/docs/reference/engines.md

@@ -658,6 +658,164 @@ Test workflow with non-api prefix api-target.
 	}
 }
 
+// TestGitHubCopilotBaseURLInCompiledWorkflow verifies that when GITHUB_COPILOT_BASE_URL is set
+// in engine.env (without an explicit engine.api-target), the compiled lock file contains
+// --copilot-api-target and includes the extracted hostname in both --allow-domains and
+// GH_AW_ALLOWED_DOMAINS — matching the OPENAI_BASE_URL/ANTHROPIC_BASE_URL pattern for other engines.
+func TestGitHubCopilotBaseURLInCompiledWorkflow(t *testing.T) {
+	workflow := `---
+on: push
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
+engine:
+  id: copilot
+  env:
+    GITHUB_COPILOT_BASE_URL: "https://copilot-proxy.corp.example.com"
+strict: false
+safe-outputs:
+  create-issue:
+---
+
+# Test Workflow
+
+Test workflow with GITHUB_COPILOT_BASE_URL in engine.env.
+`
+
+	tmpDir := testutil.TempDir(t, "copilot-base-url-test")
+	testFile := filepath.Join(tmpDir, "test-workflow.md")
+	if err := os.WriteFile(testFile, []byte(workflow), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	compiler := NewCompiler()
+	if err := compiler.CompileWorkflow(testFile); err != nil {
+		t.Fatalf("Failed to compile workflow: %v", err)
+	}
+
+	lockFile := stringutil.MarkdownToLockFile(testFile)
+	lockContent, err := os.ReadFile(lockFile)
+	if err != nil {
+		t.Fatalf("Failed to read lock file: %v", err)
+	}
+	lockStr := string(lockContent)
+
+	// --copilot-api-target should be derived from the env var
+	if !strings.Contains(lockStr, "--copilot-api-target copilot-proxy.corp.example.com") {
+		t.Error("Expected --copilot-api-target to be derived from GITHUB_COPILOT_BASE_URL")
+	}
+
+	// Extracted hostname should appear in --allow-domains
+	allowDomainsIdx := strings.Index(lockStr, "--allow-domains")
+	if allowDomainsIdx < 0 {
+		t.Fatal("--allow-domains flag not found in compiled lock file")
+	}
+	allowDomainsEnd := strings.Index(lockStr[allowDomainsIdx:], "\n")
+	if allowDomainsEnd < 0 {
+		allowDomainsEnd = len(lockStr) - allowDomainsIdx
+	}
+	allowDomainsLine := lockStr[allowDomainsIdx : allowDomainsIdx+allowDomainsEnd]
+	if !strings.Contains(allowDomainsLine, "copilot-proxy.corp.example.com") {
+		t.Errorf("Expected hostname from GITHUB_COPILOT_BASE_URL in --allow-domains.\nLine: %s", allowDomainsLine)
+	}
+
+	// Extracted hostname should appear in GH_AW_ALLOWED_DOMAINS
+	lines := strings.Split(lockStr, "\n")
+	var domainsLine string
+	for _, line := range lines {
+		if strings.Contains(line, "GH_AW_ALLOWED_DOMAINS:") {
+			domainsLine = line
+			break
+		}
+	}
+	if domainsLine == "" {
+		t.Fatal("GH_AW_ALLOWED_DOMAINS not found in compiled lock file")
+	}
+	if !strings.Contains(domainsLine, "copilot-proxy.corp.example.com") {
+		t.Errorf("Expected hostname from GITHUB_COPILOT_BASE_URL in GH_AW_ALLOWED_DOMAINS.\nLine: %s", domainsLine)
+	}
+}
+
+// TestAPITargetDomainsInThreatDetectionStep is a regression test verifying that when engine.api-target
+// is configured, the threat detection AWF invocation in the compiled lock file also receives
+// --copilot-api-target and includes the GHE domains in its --allow-domains list.
+// Regression test for: Threat detection AWF run missing --copilot-api-target on data residency.
+func TestAPITargetDomainsInThreatDetectionStep(t *testing.T) {
+	workflow := `---
+on: push
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
+engine:
+  id: copilot
+  api-target: api.contoso-aw.ghe.com
+strict: false
+safe-outputs:
+  create-issue:
+---
+
+# Test Workflow
+
+Test workflow with GHE data residency api-target and threat detection.
+`
+
+	tmpDir := testutil.TempDir(t, "api-target-threat-detection-test")
+	testFile := filepath.Join(tmpDir, "test-workflow.md")
+	if err := os.WriteFile(testFile, []byte(workflow), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	compiler := NewCompiler()
+	if err := compiler.CompileWorkflow(testFile); err != nil {
+		t.Fatalf("Failed to compile workflow: %v", err)
+	}
+
+	lockFile := stringutil.MarkdownToLockFile(testFile)
+	lockContent, err := os.ReadFile(lockFile)
+	if err != nil {
+		t.Fatalf("Failed to read lock file: %v", err)
+	}
+	lockStr := string(lockContent)
+
+	// Verify --copilot-api-target appears at least twice:
+	// once for the main agent AWF run and once for the threat detection AWF run.
+	apiTargetCount := strings.Count(lockStr, "--copilot-api-target api.contoso-aw.ghe.com")
+	if apiTargetCount < 2 {
+		t.Errorf("Expected --copilot-api-target to appear in both the main agent and threat detection AWF invocations (at least 2 times), but found %d occurrence(s).", apiTargetCount)
+	}
+
+	// Find all --allow-domains occurrences and verify each contains the GHE domains.
+	// api.contoso-aw.ghe.com triggers base-domain derivation, so both the API domain
+	// and the base domain (contoso-aw.ghe.com) must appear in each AWF invocation.
+	requiredDomains := []string{"api.contoso-aw.ghe.com", "contoso-aw.ghe.com"}
+	remaining := lockStr
+	occurrenceIdx := 0
+	for {
+		idx := strings.Index(remaining, "--allow-domains")
+		if idx < 0 {
+			break
+		}
+		occurrenceIdx++
+		lineEnd := strings.Index(remaining[idx:], "\n")
+		if lineEnd < 0 {
+			lineEnd = len(remaining) - idx
+		}
+		line := remaining[idx : idx+lineEnd]
+		for _, domain := range requiredDomains {
+			if !strings.Contains(line, domain) {
+				t.Errorf("--allow-domains occurrence #%d is missing GHE domain %q.\nLine: %s", occurrenceIdx, domain, line)
+			}
+		}
+		remaining = remaining[idx+lineEnd:]
+	}
+
+	if occurrenceIdx < 2 {
+		t.Errorf("Expected at least 2 --allow-domains occurrences (main agent + threat detection), found %d", occurrenceIdx)
+	}
+}
+
 // TestAllowedDomainsUnionWithNetworkConfig tests that safe-outputs.allowed-domains
 // is unioned with network.allowed and always includes localhost and github.com
 func TestAllowedDomainsUnionWithNetworkConfig(t *testing.T) {

pkg/workflow/allowed_domains_sanitization_test.go

@@ -221,11 +221,11 @@ func BuildAWFArgs(config AWFCommandConfig) []string {
 		awfHelpersLog.Printf("Added --anthropic-api-target=%s", anthropicTarget)
 	}
 
-	// Add Copilot API target for custom Copilot endpoints (GHEC, GHES, or custom)
-	// This uses the engine.api-target field if configured
-	if config.WorkflowData.EngineConfig != nil && config.WorkflowData.EngineConfig.APITarget != "" {
-		awfArgs = append(awfArgs, "--copilot-api-target", config.WorkflowData.EngineConfig.APITarget)
-		awfHelpersLog.Printf("Added --copilot-api-target=%s", config.WorkflowData.EngineConfig.APITarget)
+	// Add Copilot API target for custom Copilot endpoints (GHEC, GHES, or custom).
+	// Resolved from engine.api-target (explicit) or GITHUB_COPILOT_BASE_URL in engine.env (implicit).
+	if copilotTarget := GetCopilotAPITarget(config.WorkflowData); copilotTarget != "" {
+		awfArgs = append(awfArgs, "--copilot-api-target", copilotTarget)
+		awfHelpersLog.Printf("Added --copilot-api-target=%s", copilotTarget)
 	}
 
 	// Add SSL Bump support for HTTPS content inspection (v0.9.0+)
@@ -348,3 +348,23 @@ func extractAPITargetHost(workflowData *WorkflowData, envVar string) string {
 	awfHelpersLog.Printf("Extracted API target host from %s: %s", envVar, host)
 	return host
 }
+
+// GetCopilotAPITarget returns the effective Copilot API target hostname, checking in order:
+//  1. engine.api-target (explicit, takes precedence)
+//  2. GITHUB_COPILOT_BASE_URL in engine.env (implicit, derived from the configured Copilot base URL)
+//
+// This mirrors the pattern used by other engines:
+//   - Codex:    OPENAI_BASE_URL     → --openai-api-target
+//   - Claude:   ANTHROPIC_BASE_URL  → --anthropic-api-target
+//   - Copilot:  GITHUB_COPILOT_BASE_URL → --copilot-api-target (fallback when api-target not set)
+//
+// Returns empty string if neither source is configured.
+func GetCopilotAPITarget(workflowData *WorkflowData) string {
+	// Explicit engine.api-target takes precedence.
+	if workflowData != nil && workflowData.EngineConfig != nil && workflowData.EngineConfig.APITarget != "" {
+		return workflowData.EngineConfig.APITarget
+	}
+
+	// Fallback: derive from the well-known GITHUB_COPILOT_BASE_URL env var.
+	return extractAPITargetHost(workflowData, "GITHUB_COPILOT_BASE_URL")
+}

pkg/workflow/awf_helpers.go

@@ -308,3 +308,101 @@ func TestEngineExecutionWithCustomAPITarget(t *testing.T) {
 		assert.Contains(t, stepContent, "claude-proxy.internal.company.com", "Should include custom hostname")
 	})
 }
+
+// TestGetCopilotAPITarget tests the GetCopilotAPITarget helper that resolves the effective
+// Copilot API target from either engine.api-target or GITHUB_COPILOT_BASE_URL in engine.env.
+func TestGetCopilotAPITarget(t *testing.T) {
+	tests := []struct {
+		name         string
+		workflowData *WorkflowData
+		expected     string
+	}{
+		{
+			name: "engine.api-target takes precedence over GITHUB_COPILOT_BASE_URL",
+			workflowData: &WorkflowData{
+				EngineConfig: &EngineConfig{
+					ID:        "copilot",
+					APITarget: "api.acme.ghe.com",
+					Env: map[string]string{
+						"GITHUB_COPILOT_BASE_URL": "https://other.endpoint.com",
+					},
+				},
+			},
+			expected: "api.acme.ghe.com",
+		},
+		{
+			name: "GITHUB_COPILOT_BASE_URL used as fallback when api-target not set",
+			workflowData: &WorkflowData{
+				EngineConfig: &EngineConfig{
+					ID: "copilot",
+					Env: map[string]string{
+						"GITHUB_COPILOT_BASE_URL": "https://copilot-api.contoso-aw.ghe.com",
+					},
+				},
+			},
+			expected: "copilot-api.contoso-aw.ghe.com",
+		},
+		{
+			name: "GITHUB_COPILOT_BASE_URL with path extracts hostname only",
+			workflowData: &WorkflowData{
+				EngineConfig: &EngineConfig{
+					ID: "copilot",
+					Env: map[string]string{
+						"GITHUB_COPILOT_BASE_URL": "https://copilot-proxy.corp.example.com/v1",
+					},
+				},
+			},
+			expected: "copilot-proxy.corp.example.com",
+		},
+		{
+			name: "empty when neither api-target nor GITHUB_COPILOT_BASE_URL is set",
+			workflowData: &WorkflowData{
+				EngineConfig: &EngineConfig{
+					ID: "copilot",
+				},
+			},
+			expected: "",
+		},
+		{
+			name:         "empty when workflowData is nil",
+			workflowData: nil,
+			expected:     "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := GetCopilotAPITarget(tt.workflowData)
+			assert.Equal(t, tt.expected, result, "GetCopilotAPITarget should return expected hostname")
+		})
+	}
+}
+
+// TestCopilotEngineIncludesCopilotAPITargetFromEnvVar tests that the Copilot engine execution
+// step includes --copilot-api-target when GITHUB_COPILOT_BASE_URL is configured in engine.env.
+func TestCopilotEngineIncludesCopilotAPITargetFromEnvVar(t *testing.T) {
+	workflowData := &WorkflowData{
+		Name: "test-workflow",
+		EngineConfig: &EngineConfig{
+			ID: "copilot",
+			Env: map[string]string{
+				"GITHUB_COPILOT_BASE_URL": "https://copilot-api.contoso-aw.ghe.com",
+			},
+		},
+		NetworkPermissions: &NetworkPermissions{
+			Firewall: &FirewallConfig{
+				Enabled: true,
+			},
+		},
+	}
+
+	engine := NewCopilotEngine()
+	steps := engine.GetExecutionSteps(workflowData, "test.log")
+
+	assert.NotEmpty(t, steps, "Should generate execution steps")
+
+	stepContent := strings.Join(steps[0], "\n")
+
+	assert.Contains(t, stepContent, "--copilot-api-target", "Should include --copilot-api-target flag")
+	assert.Contains(t, stepContent, "copilot-api.contoso-aw.ghe.com", "Should include custom Copilot hostname")
+}

pkg/workflow/awf_helpers_test.go

@@ -179,9 +179,10 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st
 		// Build AWF-wrapped command using helper function - no mkdir needed, AWF handles it
 		// Get allowed domains (copilot defaults + network permissions + HTTP MCP server URLs + runtime ecosystem domains)
 		allowedDomains := GetCopilotAllowedDomainsWithToolsAndRuntimes(workflowData.NetworkPermissions, workflowData.Tools, workflowData.Runtimes)
-		// Add GHES/custom API target domains to the firewall allow-list when engine.api-target is set
-		if workflowData.EngineConfig != nil && workflowData.EngineConfig.APITarget != "" {
-			allowedDomains = mergeAPITargetDomains(allowedDomains, workflowData.EngineConfig.APITarget)
+		// Add Copilot API target domains to the firewall allow-list.
+		// Resolved from engine.api-target or GITHUB_COPILOT_BASE_URL in engine.env.
+		if copilotAPITarget := GetCopilotAPITarget(workflowData); copilotAPITarget != "" {
+			allowedDomains = mergeAPITargetDomains(allowedDomains, copilotAPITarget)
 		}
 
 		// AWF v0.15.0+ uses chroot mode by default, providing transparent access to host binaries

pkg/workflow/copilot_engine_execution.go

@@ -727,9 +727,10 @@ func (c *Compiler) computeAllowedDomainsForSanitization(data *WorkflowData) stri
 		base = strings.Join(domains, ",")
 	}
 
-	// Add GHES/custom API target domains so GH_AW_ALLOWED_DOMAINS stays in sync with --allow-domains
-	if data.EngineConfig != nil && data.EngineConfig.APITarget != "" {
-		base = mergeAPITargetDomains(base, data.EngineConfig.APITarget)
+	// Add Copilot API target domains so GH_AW_ALLOWED_DOMAINS stays in sync with --allow-domains.
+	// Resolved from engine.api-target or GITHUB_COPILOT_BASE_URL in engine.env.
+	if copilotAPITarget := GetCopilotAPITarget(data); copilotAPITarget != "" {
+		base = mergeAPITargetDomains(base, copilotAPITarget)
 	}
 
 	return base

pkg/workflow/domains.go

@@ -54,6 +54,8 @@ jobs:
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
+            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
+            setupGlobals(core, github, context, exec, io);
             const { main } = require('${{ runner.temp }}/gh-aw/actions/generate_aw_info.cjs');
             await main(core, context);
       - name: Validate COPILOT_GITHUB_TOKEN secret

pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden

@@ -68,6 +68,8 @@ jobs:
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
+            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
+            setupGlobals(core, github, context, exec, io);
             const { main } = require('${{ runner.temp }}/gh-aw/actions/generate_aw_info.cjs');
             await main(core, context);
       - name: Validate COPILOT_GITHUB_TOKEN secret