Fix integration tests: handle shell-escaped JSON keys and add sandbox feature flag

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Author: Copilot

pkg/workflow/allowed_domains_sanitization_test.go

@@ -605,8 +605,15 @@ Test workflow with non-api prefix api-target.
 			// Check allowDomains in AWF JSON config contains expected domains.
 			// Network settings are now expressed via --config JSON file instead of
 			// --allow-domains CLI flag (see BuildAWFConfigJSON).
+			// The JSON is shell-escaped in the lock file, so try both the unescaped
+			// ("allowDomains":[) and escaped (\"allowDomains\":[) forms.
 			allowDomainsPrefix := `"allowDomains":[`
+			allowDomainsPrefixEscaped := `\"allowDomains\":[`
 			allowDomainsIdx := strings.Index(lockStr, allowDomainsPrefix)
+			if allowDomainsIdx < 0 {
+				allowDomainsPrefix = allowDomainsPrefixEscaped
+				allowDomainsIdx = strings.Index(lockStr, allowDomainsPrefixEscaped)
+			}
 			if allowDomainsIdx < 0 {
 				t.Fatal("allowDomains key not found in compiled lock file")
 			}
@@ -618,15 +625,22 @@ Test workflow with non-api prefix api-target.
 			}
 			allowDomainsSection := lockStr[arrayStart : arrayStart+allowDomainsEnd]
 
+			// containsJSONDomain checks for a domain as a JSON string value, handling both
+			// escaped (\"domain\") and unescaped ("domain") forms in the lock file.
+			containsJSONDomain := func(section, domain string) bool {
+				return strings.Contains(section, `"`+domain+`"`) ||
+					strings.Contains(section, `\"`+domain+`\"`)
+			}
+
 			for _, domain := range tt.expectedDomains {
-				if !strings.Contains(allowDomainsSection, `"`+domain+`"`) {
+				if !containsJSONDomain(allowDomainsSection, domain) {
 					t.Errorf("Expected domain %q not found in allowDomains.\nSection: %s", domain, allowDomainsSection)
 				}
 			}
 			// Use exact JSON string matching for "not present" checks to avoid false positives
 			// (e.g. "corp.example.com" would substring-match "copilot.corp.example.com").
 			for _, domain := range tt.unexpectedDomains {
-				if strings.Contains(allowDomainsSection, `"`+domain+`"`) {
+				if containsJSONDomain(allowDomainsSection, domain) {
 					t.Errorf("Unexpected domain %q found in allowDomains.\nSection: %s", domain, allowDomainsSection)
 				}
 			}
@@ -801,16 +815,28 @@ Test workflow with GHE data residency api-target and threat detection.
 	// once for the main agent AWF run and once for the threat detection AWF run.
 	// API proxy settings are now expressed via --config JSON file instead of
 	// --copilot-api-target CLI flag (see BuildAWFConfigJSON).
-	apiTargetCount := strings.Count(lockStr, `"copilot":{"host":"api.contoso-aw.ghe.com"}`)
+	// The JSON is shell-escaped in the lock file, so try both unescaped and escaped forms.
+	apiTargetUnescaped := `"copilot":{"host":"api.contoso-aw.ghe.com"}`
+	apiTargetEscaped := `\"copilot\":{\"host\":\"api.contoso-aw.ghe.com\"}`
+	apiTargetCount := strings.Count(lockStr, apiTargetUnescaped)
+	if apiTargetCount == 0 {
+		apiTargetCount = strings.Count(lockStr, apiTargetEscaped)
+	}
 	if apiTargetCount < 2 {
 		t.Errorf("Expected copilot api-target to appear in both the main agent and threat detection AWF JSON configs (at least 2 times), but found %d occurrence(s).", apiTargetCount)
 	}
 
 	// Find all allowDomains occurrences in AWF JSON config and verify each contains the GHE domains.
 	// api.contoso-aw.ghe.com triggers base-domain derivation, so both the API domain
 	// and the base domain (contoso-aw.ghe.com) must appear in each AWF invocation.
+	// The JSON is shell-escaped in the lock file, so try both unescaped and escaped key forms.
 	requiredDomains := []string{"api.contoso-aw.ghe.com", "contoso-aw.ghe.com"}
 	allowDomainsPrefix := `"allowDomains":[`
+	allowDomainsPrefixEscaped := `\"allowDomains\":[`
+	// Use whichever prefix form is present in the lock file.
+	if strings.Index(lockStr, allowDomainsPrefix) < 0 {
+		allowDomainsPrefix = allowDomainsPrefixEscaped
+	}
 	remaining := lockStr
 	occurrenceIdx := 0
 	for {
@@ -826,7 +852,8 @@ Test workflow with GHE data residency api-target and threat detection.
 		}
 		section := remaining[arrayStart : arrayStart+arrayEnd]
 		for _, domain := range requiredDomains {
-			if !strings.Contains(section, `"`+domain+`"`) {
+			// Handle both escaped (\"domain\") and unescaped ("domain") forms.
+			if !strings.Contains(section, `"`+domain+`"`) && !strings.Contains(section, `\"`+domain+`\"`) {
 				t.Errorf("allowDomains occurrence #%d is missing GHE domain %q.\nSection: %s", occurrenceIdx, domain, section)
 			}
 		}

pkg/workflow/aw_info_steps_test.go

@@ -47,6 +47,8 @@ permissions:
   issues: read
   pull-requests: read
 engine: copilot
+features:
+  dangerously-disable-sandbox-agent: "controlled environment with no internet access"
 sandbox:
   agent: false
 strict: false

pkg/workflow/blocked_domains_integration_test.go

@@ -65,8 +65,10 @@ Test workflow with blocked domains.
 
 		lockYAML := string(lockContent)
 
-		// Verify blockDomains key is present in the config JSON
-		if !strings.Contains(lockYAML, `"blockDomains"`) {
+		// Verify blockDomains key is present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"blockDomains\" or "blockDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "blockDomains") {
 			t.Error("Compiled workflow should contain 'blockDomains' key in config JSON")
 		}
 
@@ -79,8 +81,10 @@ Test workflow with blocked domains.
 			t.Error("Compiled workflow should contain blocked domain 'tracker.example.com'")
 		}
 
-		// Verify allowDomains key is present in the config JSON
-		if !strings.Contains(lockYAML, `"allowDomains"`) {
+		// Verify allowDomains key is present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"allowDomains\" or "allowDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "allowDomains") {
 			t.Error("Compiled workflow should still contain 'allowDomains' key in config JSON")
 		}
 
@@ -140,8 +144,10 @@ Test workflow with blocked ecosystem.
 
 		lockYAML := string(lockContent)
 
-		// Verify blockDomains key is present in the config JSON
-		if !strings.Contains(lockYAML, `"blockDomains"`) {
+		// Verify blockDomains key is present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"blockDomains\" or "blockDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "blockDomains") {
 			t.Error("Compiled workflow should contain 'blockDomains' key in config JSON")
 		}
 
@@ -208,13 +214,17 @@ Test workflow without blocked domains.
 
 		lockYAML := string(lockContent)
 
-		// Verify blockDomains key is NOT present in the config JSON
-		if strings.Contains(lockYAML, `"blockDomains"`) {
+		// Verify blockDomains key is NOT present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"blockDomains\" or "blockDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if strings.Contains(lockYAML, "blockDomains") {
 			t.Error("Compiled workflow should NOT contain 'blockDomains' key in config JSON when no domains are blocked")
 		}
 
-		// Verify allowDomains key is still present
-		if !strings.Contains(lockYAML, `"allowDomains"`) {
+		// Verify allowDomains key is still present.
+		// The key appears shell-escaped in the lock file (\"allowDomains\" or "allowDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "allowDomains") {
 			t.Error("Compiled workflow should still contain 'allowDomains' key in config JSON")
 		}
 	})
@@ -269,8 +279,10 @@ Test Claude workflow with blocked domains.
 
 		lockYAML := string(lockContent)
 
-		// Verify blockDomains key is present in the config JSON
-		if !strings.Contains(lockYAML, `"blockDomains"`) {
+		// Verify blockDomains key is present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"blockDomains\" or "blockDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "blockDomains") {
 			t.Error("Compiled Claude workflow should contain 'blockDomains' key in config JSON")
 		}
 
@@ -330,8 +342,10 @@ Test Codex workflow with blocked domains.
 
 		lockYAML := string(lockContent)
 
-		// Verify blockDomains key is present in the config JSON
-		if !strings.Contains(lockYAML, `"blockDomains"`) {
+		// Verify blockDomains key is present in the config JSON.
+		// The key appears shell-escaped in the lock file (\"blockDomains\" or "blockDomains"),
+		// so we search for the key name without surrounding quotes to match both forms.
+		if !strings.Contains(lockYAML, "blockDomains") {
 			t.Error("Compiled Codex workflow should contain 'blockDomains' key in config JSON")
 		}
 

pkg/workflow/domains_protocol_integration_test.go

@@ -136,9 +136,11 @@ Test protocol-specific domains in safe-outputs.
 				}
 			}
 
-			// If checking AWF args, verify allowDomains key is present in the config JSON
+			// If checking AWF args, verify allowDomains key is present in the config JSON.
+			// The key appears shell-escaped in the lock file (\"allowDomains\" or "allowDomains"),
+			// so we search for the key name without surrounding quotes to match both forms.
 			if tt.checkAWFArgs {
-				if !strings.Contains(lockYAML, `"allowDomains"`) {
+				if !strings.Contains(lockYAML, "allowDomains") {
 					t.Error("Expected 'allowDomains' key in config JSON of compiled workflow")
 				}
 			}
@@ -301,8 +303,10 @@ Test backward compatibility with domains without protocols.
 		}
 	}
 
-	// Verify allowDomains key is present in the config JSON
-	if !strings.Contains(lockYAML, `"allowDomains"`) {
+	// Verify allowDomains key is present in the config JSON.
+	// The key appears shell-escaped in the lock file (\"allowDomains\" or "allowDomains"),
+	// so we search for the key name without surrounding quotes to match both forms.
+	if !strings.Contains(lockYAML, "allowDomains") {
 		t.Error("Expected 'allowDomains' key in config JSON of compiled workflow")
 	}
 }

pkg/workflow/sandbox_agent_disabled_test.go

@@ -74,6 +74,8 @@ func TestSandboxAgentFalse(t *testing.T) {
 
 		markdown := `---
 engine: copilot
+features:
+  dangerously-disable-sandbox-agent: "controlled environment with no internet access"
 sandbox:
   agent: false
 strict: false
@@ -157,6 +159,8 @@ Test workflow with agent sandbox disabled in strict mode.
 
 		markdown := `---
 engine: copilot
+features:
+  dangerously-disable-sandbox-agent: "controlled environment with no internet access"
 sandbox:
   agent: false
 strict: false
@@ -192,6 +196,8 @@ func TestSandboxAgentFalseWithTools(t *testing.T) {
 
 	markdown := `---
 engine: copilot
+features:
+  dangerously-disable-sandbox-agent: "controlled environment with no internet access"
 sandbox:
   agent: false
 strict: false