-
Notifications
You must be signed in to change notification settings - Fork 250
docs: update network.md to document Codex and Gemini engine support for firewall/network features #17910
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: update network.md to document Codex and Gemini engine support for firewall/network features #17910
Changes from all commits
ca78275
d5d8537
4898779
58a91de
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -7,7 +7,7 @@ sidebar: | |||||
|
|
||||||
| Control network access for AI engines using the top-level `network` field to specify which domains and services your agentic workflows can access during execution. | ||||||
|
|
||||||
| > **Note**: Network permissions are currently supported by the Claude engine and the Copilot engine (when using the [firewall feature](/gh-aw/reference/sandbox/)). | ||||||
| > **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details. | ||||||
|
|
||||||
| If no `network:` permission is specified, it defaults to `network: defaults` which allows access to basic infrastructure domains (certificates, JSON schema, Ubuntu, common package mirrors, Microsoft sources). | ||||||
|
|
||||||
|
|
@@ -37,7 +37,7 @@ network: | |||||
| - "api.example.com" # Exact domain (also matches subdomains) | ||||||
| - "*.cdn.example.com" # Wildcard: matches any subdomain of cdn.example.com | ||||||
|
|
||||||
| # Protocol-specific domain filtering (Copilot engine only) | ||||||
| # Protocol-specific domain filtering (Copilot and Claude engines only) | ||||||
|
||||||
| # Protocol-specific domain filtering (Copilot and Claude engines only) | |
| # Protocol-specific domain filtering (all engines: Copilot, Claude, Codex, and Gemini) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The note implies network permissions are supported “via the AWF firewall”, but later this page explains that when the firewall is disabled, network permissions only affect content sanitization (network egress becomes unrestricted). Consider clarifying here that network egress enforcement happens when the AWF sandbox/firewall is enabled (default unless explicitly disabled), while sanitization applies regardless.