Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
| - Logs all network activity for audit purposes | ||
| - Blocks access to domains not explicitly allowed | ||
|
|
||
| ### Claude Engine |
There was a problem hiding this comment.
@copilot the firewall is the same for all engines
There was a problem hiding this comment.
Removed "the same firewall infrastructure used by the Copilot engine" from the Claude subsection — all four engine descriptions now use the same phrasing: "supports network permissions through AWF (Agent Workflow Firewall)." (commit 4898779)
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot keep the network section minimal in each engine, it is the same for all. Point to better docs |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 58a91de. Replaced the four separate engine subsections with a single "Claude, Codex, and Gemini Engines" section that shows minimal config examples for each and points to |
There was a problem hiding this comment.
Pull request overview
Updates the network permissions reference to reflect firewall/network feature support across all four engines (Copilot, Claude, Codex, Gemini), and expands the Implementation section accordingly.
Changes:
- Update the engine support note to list Copilot, Claude, Codex, and Gemini.
- Update protocol-specific filtering documentation to include Claude (in addition to Copilot).
- Add an Implementation subsection for Claude/Codex/Gemini, including example configs and a link to default-domain lists in
domains.go.
Comments suppressed due to low confidence (2)
docs/src/content/docs/reference/network.md:97
- This paragraph states protocol-specific filtering is supported only by Copilot and Claude. In code, protocol-prefixed domains are validated for network.allowed generally and then included in the AWF --allow-domains list for all AWF-wrapped engines (including Codex and Gemini). Please update this statement to include Codex/Gemini as supported (or add a brief explanation if they’re intentionally not supported at runtime).
Restrict domains to a specific protocol (HTTP or HTTPS only) for legacy systems, strict HTTPS enforcement, or gradual migration. Currently supported by the Copilot and Claude engines with AWF firewall enabled; domains without a protocol prefix allow both HTTP and HTTPS.
docs/src/content/docs/reference/network.md:215
- This section says Claude/Codex/Gemini “use the same AWF firewall as the Copilot engine,” but the Copilot subsection above describes AWF as a wrapper around Copilot CLI execution, which now reads as Copilot-specific. Consider adjusting wording (either here or in the Copilot subsection) to make it clear AWF is the shared sandbox/firewall wrapper used to run all engine CLIs, not a Copilot-only mechanism.
The Claude, Codex, and Gemini engines use the same AWF firewall as the Copilot engine. Configure network permissions using the same `network.allowed` / `network.blocked` fields:
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Control network access for AI engines using the top-level `network` field to specify which domains and services your agentic workflows can access during execution. | ||
|
|
||
| > **Note**: Network permissions are currently supported by the Claude engine and the Copilot engine (when using the [firewall feature](/gh-aw/reference/sandbox/)). | ||
| > **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details. |
There was a problem hiding this comment.
The note implies network permissions are supported “via the AWF firewall”, but later this page explains that when the firewall is disabled, network permissions only affect content sanitization (network egress becomes unrestricted). Consider clarifying here that network egress enforcement happens when the AWF sandbox/firewall is enabled (default unless explicitly disabled), while sanitization applies regardless.
| > **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details. | |
| > **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini. Network egress enforcement is provided when the AWF sandbox/firewall is enabled (default unless explicitly disabled), while content sanitization based on these permissions applies regardless. See the [Implementation](#implementation) section for engine-specific details and engine-specific behavior. |
| - "*.cdn.example.com" # Wildcard: matches any subdomain of cdn.example.com | ||
|
|
||
| # Protocol-specific domain filtering (Copilot engine only) | ||
| # Protocol-specific domain filtering (Copilot and Claude engines only) |
There was a problem hiding this comment.
This comment says protocol-specific filtering is “Copilot and Claude engines only”, but the compiler’s domain validation and AWF argument generation are engine-agnostic (protocol prefixes are accepted in network.allowed via validateDomainPattern, and passed through to AWF’s --allow-domains for Codex/Gemini as well). Unless there’s an intentional product limitation outside this repo, the docs should include Codex and Gemini too (or explain why they’re excluded).
This issue also appears on line 97 of the same file.
| # Protocol-specific domain filtering (Copilot and Claude engines only) | |
| # Protocol-specific domain filtering (all engines: Copilot, Claude, Codex, and Gemini) |
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.