Skip to content

docs: update network.md to document Codex and Gemini engine support for firewall/network features #17910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 4 commits into from
Feb 23, 2026
+32 −3
Merged

docs: update network.md to document Codex and Gemini engine support for firewall/network features #17910

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ca78275
Initial plan
Copilot Feb 23, 2026
d5d8537
docs: update network.md to document Codex and Gemini engine support
Copilot Feb 23, 2026
4898779
docs: make AWF description consistent across all engine subsections
Copilot Feb 23, 2026
58a91de
docs: consolidate engine subsections into a single minimal section
Copilot Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 32 additions & 3 deletions docs/src/content/docs/reference/network.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ sidebar:

Control network access for AI engines using the top-level `network` field to specify which domains and services your agentic workflows can access during execution.

> **Note**: Network permissions are currently supported by the Claude engine and the Copilot engine (when using the [firewall feature](/gh-aw/reference/sandbox/)).
> **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details.
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The note implies network permissions are supported “via the AWF firewall”, but later this page explains that when the firewall is disabled, network permissions only affect content sanitization (network egress becomes unrestricted). Consider clarifying here that network egress enforcement happens when the AWF sandbox/firewall is enabled (default unless explicitly disabled), while sanitization applies regardless.

Suggested change
> **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini (via the AWF firewall). See the [Implementation](#implementation) section for engine-specific details.
> **Note**: Network permissions are supported by all four engines: Copilot, Claude, Codex, and Gemini. Network egress enforcement is provided when the AWF sandbox/firewall is enabled (default unless explicitly disabled), while content sanitization based on these permissions applies regardless. See the [Implementation](#implementation) section for engine-specific details and engine-specific behavior.

Copilot uses AI. Check for mistakes.

If no `network:` permission is specified, it defaults to `network: defaults` which allows access to basic infrastructure domains (certificates, JSON schema, Ubuntu, common package mirrors, Microsoft sources).

Expand Down Expand Up @@ -37,7 +37,7 @@ network:
- "api.example.com" # Exact domain (also matches subdomains)
- "*.cdn.example.com" # Wildcard: matches any subdomain of cdn.example.com

# Protocol-specific domain filtering (Copilot engine only)
# Protocol-specific domain filtering (Copilot and Claude engines only)
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment says protocol-specific filtering is “Copilot and Claude engines only”, but the compiler’s domain validation and AWF argument generation are engine-agnostic (protocol prefixes are accepted in network.allowed via validateDomainPattern, and passed through to AWF’s --allow-domains for Codex/Gemini as well). Unless there’s an intentional product limitation outside this repo, the docs should include Codex and Gemini too (or explain why they’re excluded).

This issue also appears on line 97 of the same file.

Suggested change
# Protocol-specific domain filtering (Copilot and Claude engines only)
# Protocol-specific domain filtering (all engines: Copilot, Claude, Codex, and Gemini)

Copilot uses AI. Check for mistakes.
network:
allowed:
- "https://secure.api.example.com" # HTTPS-only access
Expand Down Expand Up @@ -94,7 +94,7 @@ Network permissions follow the principle of least privilege with four access lev

## Protocol-Specific Domain Filtering

Restrict domains to a specific protocol (HTTP or HTTPS only) for legacy systems, strict HTTPS enforcement, or gradual migration. Currently supported by the Copilot engine with AWF firewall enabled; domains without a protocol prefix allow both HTTP and HTTPS.
Restrict domains to a specific protocol (HTTP or HTTPS only) for legacy systems, strict HTTPS enforcement, or gradual migration. Currently supported by the Copilot and Claude engines with AWF firewall enabled; domains without a protocol prefix allow both HTTP and HTTPS.

```yaml wrap
engine: copilot
Expand Down Expand Up @@ -209,6 +209,35 @@ When enabled, AWF:
- Logs all network activity for audit purposes
- Blocks access to domains not explicitly allowed

### Claude, Codex, and Gemini Engines

The Claude, Codex, and Gemini engines use the same AWF firewall as the Copilot engine. Configure network permissions using the same `network.allowed` / `network.blocked` fields:

```yaml wrap
# Claude
engine: claude
network:
allowed:
- defaults
- "api.example.com"

# Codex
engine: codex
network:
allowed:
- defaults
- node

# Gemini
engine: gemini
network:
allowed:
- defaults
- node
```

Each engine also has a built-in default domain list for its CLI authentication and operation. See [`domains.go`](https://github.com/github/gh-aw/blob/main/pkg/workflow/domains.go) for the full lists.

### Firewall Log Level

Control the verbosity of AWF firewall logs using the `log-level` field:
Expand Down