Summary
The "Known limitations" section in docs/src/content/docs/guides/arc-dind-copilot-agent.md has two items that need updating:
1. MCP gateway Docker socket access — resolved, remove
The second bullet references #44251, which was closed on July 10, 2026. The shared-volume workaround is no longer needed.
Remove the known-limitations bullet and the corresponding "Docker daemon is not accessible in MCP gateway" troubleshooting entry (including the YAML snippet).
2. allowPrivilegeEscalation: false — keep, but clarify
This limitation is still real but the current wording ("The Copilot CLI install script uses sudo") is imprecise. The actual sudo calls are in actions/setup/sh/install_copilot_cli.sh:
sudo tar -xz -C /usr/local/bin ... — extracting the binary
sudo chmod +x /usr/local/bin/copilot — making it executable
sudo chown -R ... — fixing ownership of .copilot dirs created by chroot
sudo install -m 0755 ... — installing a wrapper script
Note that the AWF install script (install_awf_binary.sh) already supports --rootless mode (installs to ~/.local/ without sudo), so this limitation is specific to the Copilot CLI install, not AWF itself.
Update the bullet to clarify it is the Copilot CLI binary installation (not AWF) that requires sudo, and reference the tracking issue for rootless Copilot CLI installation support.
Why
Stale limitations erode trust in the guide and cause operators to apply unnecessary workarounds. Imprecise wording makes it harder to understand what is actually constrained.
Summary
The "Known limitations" section in
docs/src/content/docs/guides/arc-dind-copilot-agent.mdhas two items that need updating:1. MCP gateway Docker socket access — resolved, remove
The second bullet references #44251, which was closed on July 10, 2026. The shared-volume workaround is no longer needed.
Remove the known-limitations bullet and the corresponding "Docker daemon is not accessible in MCP gateway" troubleshooting entry (including the YAML snippet).
2.
allowPrivilegeEscalation: false— keep, but clarifyThis limitation is still real but the current wording ("The Copilot CLI install script uses
sudo") is imprecise. The actualsudocalls are inactions/setup/sh/install_copilot_cli.sh:sudo tar -xz -C /usr/local/bin ...— extracting the binarysudo chmod +x /usr/local/bin/copilot— making it executablesudo chown -R ...— fixing ownership of.copilotdirs created by chrootsudo install -m 0755 ...— installing a wrapper scriptNote that the AWF install script (
install_awf_binary.sh) already supports--rootlessmode (installs to~/.local/without sudo), so this limitation is specific to the Copilot CLI install, not AWF itself.Update the bullet to clarify it is the Copilot CLI binary installation (not AWF) that requires
sudo, and reference the tracking issue for rootless Copilot CLI installation support.Why
Stale limitations erode trust in the guide and cause operators to apply unnecessary workarounds. Imprecise wording makes it harder to understand what is actually constrained.