feat: add --no-docker option to disable Docker-in-Docker

[Copilot]

• Understand the codebase and identify where Docker socket is mounted
• Add disableDocker option to WrapperConfig in src/types.ts
• Add --no-docker CLI option in src/cli.ts
• Update generateDockerCompose in src/docker-manager.ts to conditionally mount Docker socket
• Conditionally set Docker environment variables (DOCKER_HOST, DOCKER_CONTEXT) based on --no-docker flag
• Add unit tests for the new option (8 new tests)
• Update README.md and docs/usage.md documentation
• Build and test the changes (357 tests passing)
• Address code review feedback
• Merge main branch into feature branch

Original prompt

---

This section details on the original issue you should resolve

<issue_title>A new mode that disallow docker-in-docker</issue_title>
<issue_description></issue_description>

<agent_instructions>docker in docker has a lot of potential security issues. you are going to implement a new mode in awf so that it blocks docker-in-docker, and does not automatically mount docker socket from the host to the container. </agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes A new mode that disallow docker-in-docker #116

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Mossaka]

@copilot merge main

[github-actions]

Test Coverage Report

Metric	Coverage	Covered/Total
Lines	66.35%	716/1079
Statements	66.51%	737/1108
Functions	70.73%	87/123
Branches	61.19%	235/384

Coverage Thresholds

The project has the following coverage thresholds configured:

• Lines: 38%
• Statements: 38%
• Functions: 35%
• Branches: 30%

---

Coverage report generated by `npm run test:coverage`

[Copilot]

@copilot merge main

Merged main into this branch in b771dda. Resolved conflict in README.md by keeping the simplified structure from main and added the --no-docker feature documentation to docs/usage.md. All 357 tests pass.

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• docs: streamline README for first-time visitors #111: docs: streamline README for first-time visitors
• feat(cli): add container hardening measures #96: feat(cli): add container hardening measures

Test Results:

• ✅ GitHub MCP (list PRs)
• ✅ File writing (/tmp/gh-aw/agent/smoke-test-copilot-20378127748.txt)
• ✅ Bash tool (file read verification)

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #117 🗺️

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• docs: streamline README for first-time visitors #111: docs: streamline README for first-time visitors
• feat: add install script with sha256 validation #108: feat: add install script with sha256 validation

Tests:

• ✅ GitHub MCP (list PRs)
• ✅ File writing (/tmp/gh-aw/agent/smoke-test-claude-20378127715.txt)
• ✅ Bash tool (verified file creation)
• ❌ Playwright (ERR_TUNNEL_CONNECTION_FAILED - network proxy issue)

Status: FAIL (Playwright network connectivity issue)

💥 [THE END] — Illustrated by Smoke Claude fer issue #117 🗺️