From ca782750fc01a4d3e385d950b44bfb83fc609dca Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Feb 2026 12:20:22 +0000 Subject: [PATCH 1/4] Initial plan From d5d85370627dc59d0fa3f672951716e9a3fdc070 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Feb 2026 12:26:28 +0000 Subject: [PATCH 2/4] docs: update network.md to document Codex and Gemini engine support Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- docs/src/content/docs/reference/network.md | 84 +++++++++++++++++++++- 1 file changed, 81 insertions(+), 3 deletions(-) diff --git a/docs/src/content/docs/reference/network.md b/docs/src/content/docs/reference/network.md index 494854a5d7..4ff232545a 100644 --- a/docs/src/content/docs/reference/network.md +++ b/docs/src/content/docs/reference/network.md @@ -7,7 +7,7 @@ sidebar: Control network access for AI engines using the top-level `network` field to specify which domains and services your agentic workflows can access during execution. -> **Note**: Network permissions are currently supported by the Claude engine and the Copilot engine (when using the [firewall feature](/gh-aw/reference/sandbox/)). +> **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details. If no `network:` permission is specified, it defaults to `network: defaults` which allows access to basic infrastructure domains (certificates, JSON schema, Ubuntu, common package mirrors, Microsoft sources). @@ -37,7 +37,7 @@ network: - "api.example.com" # Exact domain (also matches subdomains) - "*.cdn.example.com" # Wildcard: matches any subdomain of cdn.example.com -# Protocol-specific domain filtering (Copilot engine only) +# Protocol-specific domain filtering (Copilot and Claude engines only) network: allowed: - "https://secure.api.example.com" # HTTPS-only access @@ -94,7 +94,7 @@ Network permissions follow the principle of least privilege with four access lev ## Protocol-Specific Domain Filtering -Restrict domains to a specific protocol (HTTP or HTTPS only) for legacy systems, strict HTTPS enforcement, or gradual migration. Currently supported by the Copilot engine with AWF firewall enabled; domains without a protocol prefix allow both HTTP and HTTPS. +Restrict domains to a specific protocol (HTTP or HTTPS only) for legacy systems, strict HTTPS enforcement, or gradual migration. Currently supported by the Copilot and Claude engines with AWF firewall enabled; domains without a protocol prefix allow both HTTP and HTTPS. ```yaml wrap engine: copilot @@ -209,6 +209,84 @@ When enabled, AWF: - Logs all network activity for audit purposes - Blocks access to domains not explicitly allowed +### Claude Engine + +The Claude engine supports network permissions through AWF (Agent Workflow Firewall), the same firewall infrastructure used by the Copilot engine. + +Enable network permissions in your workflow: + +```yaml wrap +engine: claude + +network: + allowed: + - defaults # Basic infrastructure + - python # Python ecosystem + - "api.example.com" # Custom domain +``` + +**Default domain list** – the following domains are always allowed for Claude CLI authentication and operation: + +- `*.githubusercontent.com` +- `anthropic.com`, `api.anthropic.com`, `statsig.anthropic.com` +- `api.github.com`, `github.com`, `codeload.github.com`, `lfs.github.com` +- `raw.githubusercontent.com`, `objects.githubusercontent.com`, `github-cloud.githubusercontent.com`, `github-cloud.s3.amazonaws.com` +- `ghcr.io` +- `cdn.playwright.dev`, `playwright.download.prss.microsoft.com` +- `files.pythonhosted.org`, `pypi.org` +- `registry.npmjs.org` +- `packages.microsoft.com`, `packages.cloud.google.com` +- `archive.ubuntu.com`, `azure.archive.ubuntu.com`, `security.ubuntu.com`, `keyserver.ubuntu.com` +- `ppa.launchpad.net`, `api.snapcraft.io`, `packagecloud.io` +- `json-schema.org`, `json.schemastore.org` +- `sentry.io` +- Various certificate authority domains (CRL/OCSP endpoints) + +### Codex Engine + +The Codex engine supports network permissions through AWF (Agent Workflow Firewall). + +Enable network permissions in your workflow: + +```yaml wrap +engine: codex + +network: + allowed: + - defaults # Basic infrastructure + - node # Node.js ecosystem + - "api.example.com" # Custom domain +``` + +**Default domain list** – the following domains are always allowed for Codex CLI operation: + +- `api.openai.com`, `openai.com` – OpenAI API endpoints +- `host.docker.internal` – Docker host networking +- `172.30.0.1` – AWF gateway IP (Codex resolves `host.docker.internal` to this IP for Rust DNS compatibility) + +### Gemini Engine + +The Gemini engine supports network permissions through AWF (Agent Workflow Firewall). + +Enable network permissions in your workflow: + +```yaml wrap +engine: gemini + +network: + allowed: + - defaults # Basic infrastructure + - node # Node.js ecosystem + - "api.example.com" # Custom domain +``` + +**Default domain list** – the following domains are always allowed for Gemini CLI authentication and operation: + +- `*.googleapis.com`, `generativelanguage.googleapis.com` – Google API endpoints +- `github.com`, `raw.githubusercontent.com` – GitHub access +- `host.docker.internal` – Docker host networking +- `registry.npmjs.org` – npm registry + ### Firewall Log Level Control the verbosity of AWF firewall logs using the `log-level` field: From 4898779b705d44739e8b706d9fa85d156a97f388 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Feb 2026 15:26:23 +0000 Subject: [PATCH 3/4] docs: make AWF description consistent across all engine subsections Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- docs/src/content/docs/reference/network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/content/docs/reference/network.md b/docs/src/content/docs/reference/network.md index 4ff232545a..160a98294c 100644 --- a/docs/src/content/docs/reference/network.md +++ b/docs/src/content/docs/reference/network.md @@ -211,7 +211,7 @@ When enabled, AWF: ### Claude Engine -The Claude engine supports network permissions through AWF (Agent Workflow Firewall), the same firewall infrastructure used by the Copilot engine. +The Claude engine supports network permissions through AWF (Agent Workflow Firewall). Enable network permissions in your workflow: From 58a91de847b1a94ad0af5f5f1179fcc2c9287a75 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Feb 2026 15:39:07 +0000 Subject: [PATCH 4/4] docs: consolidate engine subsections into a single minimal section Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- docs/src/content/docs/reference/network.md | 73 ++++------------------ 1 file changed, 12 insertions(+), 61 deletions(-) diff --git a/docs/src/content/docs/reference/network.md b/docs/src/content/docs/reference/network.md index 160a98294c..8985209f66 100644 --- a/docs/src/content/docs/reference/network.md +++ b/docs/src/content/docs/reference/network.md @@ -209,83 +209,34 @@ When enabled, AWF: - Logs all network activity for audit purposes - Blocks access to domains not explicitly allowed -### Claude Engine +### Claude, Codex, and Gemini Engines -The Claude engine supports network permissions through AWF (Agent Workflow Firewall). - -Enable network permissions in your workflow: +The Claude, Codex, and Gemini engines use the same AWF firewall as the Copilot engine. Configure network permissions using the same `network.allowed` / `network.blocked` fields: ```yaml wrap +# Claude engine: claude - network: allowed: - - defaults # Basic infrastructure - - python # Python ecosystem - - "api.example.com" # Custom domain -``` - -**Default domain list** – the following domains are always allowed for Claude CLI authentication and operation: - -- `*.githubusercontent.com` -- `anthropic.com`, `api.anthropic.com`, `statsig.anthropic.com` -- `api.github.com`, `github.com`, `codeload.github.com`, `lfs.github.com` -- `raw.githubusercontent.com`, `objects.githubusercontent.com`, `github-cloud.githubusercontent.com`, `github-cloud.s3.amazonaws.com` -- `ghcr.io` -- `cdn.playwright.dev`, `playwright.download.prss.microsoft.com` -- `files.pythonhosted.org`, `pypi.org` -- `registry.npmjs.org` -- `packages.microsoft.com`, `packages.cloud.google.com` -- `archive.ubuntu.com`, `azure.archive.ubuntu.com`, `security.ubuntu.com`, `keyserver.ubuntu.com` -- `ppa.launchpad.net`, `api.snapcraft.io`, `packagecloud.io` -- `json-schema.org`, `json.schemastore.org` -- `sentry.io` -- Various certificate authority domains (CRL/OCSP endpoints) - -### Codex Engine - -The Codex engine supports network permissions through AWF (Agent Workflow Firewall). - -Enable network permissions in your workflow: + - defaults + - "api.example.com" -```yaml wrap +# Codex engine: codex - network: allowed: - - defaults # Basic infrastructure - - node # Node.js ecosystem - - "api.example.com" # Custom domain -``` - -**Default domain list** – the following domains are always allowed for Codex CLI operation: - -- `api.openai.com`, `openai.com` – OpenAI API endpoints -- `host.docker.internal` – Docker host networking -- `172.30.0.1` – AWF gateway IP (Codex resolves `host.docker.internal` to this IP for Rust DNS compatibility) - -### Gemini Engine - -The Gemini engine supports network permissions through AWF (Agent Workflow Firewall). - -Enable network permissions in your workflow: + - defaults + - node -```yaml wrap +# Gemini engine: gemini - network: allowed: - - defaults # Basic infrastructure - - node # Node.js ecosystem - - "api.example.com" # Custom domain + - defaults + - node ``` -**Default domain list** – the following domains are always allowed for Gemini CLI authentication and operation: - -- `*.googleapis.com`, `generativelanguage.googleapis.com` – Google API endpoints -- `github.com`, `raw.githubusercontent.com` – GitHub access -- `host.docker.internal` – Docker host networking -- `registry.npmjs.org` – npm registry +Each engine also has a built-in default domain list for its CLI authentication and operation. See [`domains.go`](https://github.com/github/gh-aw/blob/main/pkg/workflow/domains.go) for the full lists. ### Firewall Log Level