Integrate AWF for Claude engine (#6905)

* Initial plan

* Initial plan

* Integrate AWF for Claude engine (Phase 1-4)

- Add ClaudeDefaultDomains and GetClaudeAllowedDomains() helper
- Set supportsFirewall: true in NewClaudeEngine()
- Update GetInstallationSteps() to install AWF when firewall enabled
- Update GetExecutionSteps() to wrap Claude with AWF (--tty flag, mounts)
- Add GetSquidLogsSteps() and GetFirewallLogsCollectionStep() methods
- Add Claude firewall log upload/parsing steps in compiler_yaml_main_job.go
- Update firewall.go to enable AWF by default for Claude
- Remove deprecated engine_network_hooks.go and claude_settings.go
- Update tests for new AWF-based approach

Co-authored-by: Mossaka <[email protected]>

* Fix test expectations for AWF Claude integration

- Update test expectations for env var format changes (no quotes)
- Update firewall support tests to reflect Claude now supports firewall
- Update network permission tests for AWF-based approach
- Remove deprecated claude_settings_tmp_test.go
- Update allowed domains sanitization tests for Claude defaults

Co-authored-by: Mossaka <[email protected]>

* Fix remaining test expectations for AWF Claude integration

- Update step_summary_test.go to expect firewall enabled for Claude
- Claude now has firewall enabled by default with AWF integration

Co-authored-by: Mossaka <[email protected]>

* Reduce AWF mounts for Claude to minimal set

Remove unnecessary host binary mounts (date, gh, yq, node, npm, npx, node_modules, .npm) from Claude AWF configuration. Only keep essential mounts:
- /tmp:/tmp:rw for temporary files
- ${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw for workspace access

Custom mounts from agent config are still respected.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Regenerate lock files with reduced AWF mounts for Claude

All Claude engine workflows now use minimal AWF mounts:
- /tmp:/tmp:rw
- ${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Use minimal surgical mounts for Claude with AWF

Mount only essential components for Claude CLI:
- /usr/local/bin/node (Node.js runtime)
- /usr/local/bin/claude (Claude CLI executable)
- /usr/local/lib/node_modules/@Anthropic-AI (Claude package only, not all node_modules)

This surgical approach provides Claude CLI functionality while minimizing the attack surface compared to mounting all of node_modules, npm, npx, and npm cache.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Invoke Claude CLI directly via node to avoid binary mount issues

Instead of mounting /usr/local/bin/claude (which doesn't exist in GitHub Actions),
invoke Claude directly: node /usr/local/lib/node_modules/@anthropic-ai/claude-code/cli.js

Minimal mounts now:
- /usr/local/bin/node (Node.js runtime)
- /usr/local/lib/node_modules/@Anthropic-AI (Claude package directory)

This approach works regardless of where npm creates the claude binary symlink.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Mount hostedtoolcache node directory for Claude with AWF

GitHub Actions' setup-node installs to /opt/hostedtoolcache/node, not /usr/local.
Mount this entire directory (read-only) to give AWF container access to:
- Node.js runtime
- npm and npx
- All globally installed packages (including Claude CLI)

This pragmatic approach avoids path guessing while keeping the mount read-only.
AWF's security value comes from network isolation, not filesystem isolation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Add PATH setup to find Claude in hostedtoolcache

Prepend hostedtoolcache node bin directory to PATH before invoking Claude.
This ensures the claude command is found inside the AWF container even though
GitHub Actions installs it in a non-standard location.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Use npx to invoke Claude Code more elegantly

Replace PATH manipulation with npx invocation:
- npx --yes @anthropic-ai/claude-code (explicit, clean)
- No shell command substitution needed
- No PATH exports
- More maintainable and explicit about what we're running

Mount remains the same (/opt/hostedtoolcache/node) but command is cleaner.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Pin Claude Code version in npx invocation

Use the configured Claude version (defaults to 2.0.71) in npx command:
- npx --yes @anthropic-ai/[email protected]
- Ensures version used matches installed version
- Improves security and reproducibility
- Version controlled by constants.DefaultClaudeCodeVersion

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Fix: Define claudeVersion in GetExecutionSteps

The claudeVersion variable needs to be defined in GetExecutionSteps function,
not just GetInstallationSteps. This ensures npx invocation uses the correct
pinned version (2.0.71 by default, or custom if configured).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Revert to PATH-based claude invocation

npx breaks MCP server launching (serena fails to connect).
Revert to PATH export approach which keeps environment complete:
- export PATH="...hostedtoolcache/node/.../bin:$PATH" && claude
- Ensures all npm/node binaries available for MCP server spawning
- Mount: /opt/hostedtoolcache/node:ro (read-only, pragmatic)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

* Merge branch 'main' into copilot/integrate-awf-for-claude

Resolved merge conflicts:
- pkg/workflow/compiler_yaml_main_job.go: Added both Claude and Codex firewall log collection steps
- pkg/workflow/domains.go: Added ClaudeDefaultDomains alongside new CodexDefaultDomains and merged domain functions
- pkg/workflow/domains_test.go: Added tests for both Claude and Codex domain functions
- pkg/workflow/firewall.go: Updated comment to include all supported engines

Co-authored-by: pelikhan <[email protected]>

* Fix duplicate test functions in domains_test.go

Remove duplicate TestCodexDefaultDomains and TestGetCodexAllowedDomains
functions that were accidentally introduced during rebase conflict resolution.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: Mossaka <[email protected]>
Co-authored-by: Jiaxiao (mossaka) Zhou <[email protected]>
Co-authored-by: Claude Sonnet 4.5 <[email protected]>
Co-authored-by: pelikhan <[email protected]>

Author: 4 people