Integrate AWF for Claude engine

[Copilot]

AWF Integration for Claude Engine

This PR integrates Application-level Firewall (AWF) for the Claude engine following the Copilot pattern. Deprecates Python hooks entirely—AWF is now the sole network restriction mechanism for Claude.

Core Changes

• Domain allowlist (domains.go): Added ClaudeDefaultDomains with Anthropic services, GitHub, infrastructure (CRL/OCSP), package managers, Playwright
• Firewall support (claude_engine.go): Set supportsFirewall: true, AWF wraps Claude CLI with --tty flag, domain allowlist, required mounts
• Default enablement (firewall.go): Added enableFirewallByDefaultForClaude() mirroring Copilot behavior
• Observability (compiler_yaml_main_job.go): Added firewall log upload/parsing steps for Claude

Removed (deprecated)

• engine_network_hooks.go — Python hook generation
• claude_settings.go — Settings file generation for hooks

AWF Command Structure

sudo -E awf \
  --tty \
  --allow-domains *.githubusercontent.com,anthropic.com,api.anthropic.com,... \
  --mount /home/runner/work/... \
  --mount /tmp \
  --mount /usr/bin/node,/usr/bin/npx \
  --mount ~/.npm \
  --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs \
  -- npx @anthropic-ai/claude-code@<version> ...

Behavior

• AWF enabled when network.firewall: true is set (or enabled by default when network restrictions present)
• Disableable via sandbox.agent: false
• Reuses existing parse_firewall_logs.cjs (engine-agnostic)

Merged with main

Resolved merge conflicts in multiple files to incorporate Codex AWF support alongside Claude AWF support:

• pkg/workflow/compiler_yaml_main_job.go: Added both Claude and Codex firewall log collection steps
• pkg/workflow/domains.go: Added ClaudeDefaultDomains alongside CodexDefaultDomains and merged domain functions
• pkg/workflow/domains_test.go: Added tests for both Claude and Codex domain functions
• pkg/workflow/firewall.go: Updated comment to include all supported engines (copilot, claude, codex)

Original prompt

Overview

Integrate Application-level Firewall (AWF) for the Claude engine following the Copilot pattern, providing network isolation for Claude Code CLI via domain allowlisting.

User decisions

• AWF enabled by default for Claude (like Copilot)
• Deprecate Python hooks entirely (AWF is the only network restriction mechanism)
• Pre-install Claude CLI during installation steps and mount required binaries (like Copilot)

---

Phase 1: Core AWF integration

1.1 Add Claude default domains

File: /home/mossaka/developer/gh-aw-repos/gh-aw/pkg/workflow/domains.go
Add after CopilotDefaultDomains:

// ClaudeDefaultDomains are the default domains required for Claude Code CLI authentication and operation
var ClaudeDefaultDomains = []string{
    "*.githubusercontent.com",
    "anthropic.com",
    "api.anthropic.com",
    "api.github.com",
    "api.snapcraft.io",
    "archive.ubuntu.com",
    "azure.archive.ubuntu.com",
    "cdn.playwright.dev",
    "codeload.github.com",
    "crl.geotrust.com",
    "crl.globalsign.com",
    "crl.identrust.com",
    "crl.sectigo.com",
    "crl.thawte.com",
    "crl.usertrust.com",
    "crl.verisign.com",
    "crl3.digicert.com",
    "crl4.digicert.com",
    "crls.ssl.com",
    "files.pythonhosted.org",
    "ghcr.io",
    "github-cloud.githubusercontent.com",
    "github-cloud.s3.amazonaws.com",
    "github.com",
    "host.docker.internal",
    "json-schema.org",
    "json.schemastore.org",
    "keyserver.ubuntu.com",
    "lfs.github.com",
    "objects.githubusercontent.com",
    "ocsp.digicert.com",
    "ocsp.geotrust.com",
    "ocsp.globalsign.com",
    "ocsp.identrust.com",
    "ocsp.sectigo.com",
    "ocsp.ssl.com",
    "ocsp.thawte.com",
    "ocsp.usertrust.com",
    "ocsp.verisign.com",
    "packagecloud.io",
    "packages.cloud.google.com",
    "packages.microsoft.com",
    "playwright.download.prss.microsoft.com",
    "ppa.launchpad.net",
    "pypi.org",
    "raw.githubusercontent.com",
    "registry.npmjs.org",
    "s.symcb.com",
    "s.symcd.com",
    "security.ubuntu.com",
    "sentry.io",
    "statsig.anthropic.com",
    "ts-crl.ws.symantec.com",
    "ts-ocsp.ws.symantec.com",
}

Add helper(s) (pattern: merge defaults + NetworkPermissions, deterministic sort; optionally append host.docker.internal when safe-inputs enabled).

1.2 Enable firewall support in the Claude engine

File: /home/mossaka/developer/gh-aw-repos/gh-aw/pkg/workflow/claude_engine.go
Set supportsFirewall: true in NewClaudeEngine().

---

Phase 2: Installation steps + hook removal

2.1 Update installation steps

File: .../claude_engine.go
Use base install (secret validation + npm install for @anthropic-ai/claude-code) and, when firewall enabled, append AWF installation step.
Note: remove all Python hook install/config logic.

2.2 Remove hook-related files (cleanup commit after verification)

• .../engine_network_hooks.go (delete)
• .../claude_settings.go (delete)

---

Phase 3: AWF-wrapped execution

File: .../claude_engine.go
In GetExecutionSteps():

• Build Claude command using npx @anthropic-ai/claude-code@<version> ...

• If firewall enabled: wrap command with awf using:

  • --tty (required)
  • --allow-domains <GetClaudeAllowedDomains...()>
  • mounts: workspace, /tmp, gh/yq/date, plus node/npx and npm cache dirs needed for the preinstalled package
  • --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs

• Else: run Claude directly (baseline / sandbox.agent: false)

---

Phase 4: Observability & log parsing

• Reuse existing js/parse_firewall_logs.cjs (engine-agnostic).
• Keep Claude parsing via js/parse_claude_log.cjs.
• In compiler_yaml_main_job.go, add Claude firewall log upload/parsing steps around the same places as Copilot.

---

Phase 5: Testing

• Add .github/workflows/smoke-claude-firewall.md with firewall enabled and allowed network presets; validate:

  • CLI invocation via npx inside AWF
  • domain allowlist enforcement
  • logs produced + parsed

• Update .github/workflows/smoke-claude.md with sandbox.agent: false for comparison.

---

Phase 6: Default enablement

File: /pkg/workflow/firewall.go
Ensure Claude follows the same “enabled by default” logic as Copilot (e.g., copilot || claude).

---

Critical files summary

Modify

• pkg/workflow/domains.go (ClaudeDefaultDomains + merge helper)
• pkg/workflow/claude_engine.go (supportsFirewall, install, exec wrapper)
• pkg/workflow/compiler_yaml_main_job.go (log steps)
• pkg/workflow/firewall.go (default enablement, if needed)

Create

• .github/workflows/smoke-claude-firewall.md

Delete (post-verify)

• pkg/workflow/engine_network_hooks.go
• pkg/workflow/claude_settings.go

...

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main into this branch in cff0dc0. Resolved merge conflict in pkg/workflow/compiler_parse.go and recompiled lock files.

[Mossaka]

@copilot reduce the mounts to only --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw"

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

Smoke Test Results - Run 20382606336

Recent PRs:

• [WIP] Update Codex CLI to v0.76.0 #7002: [WIP] Update Codex CLI to v0.76.0
• [WIP] Update outdated files generated by init command #7004: [WIP] Update outdated files generated by init command

Test Results:

• ✅ GitHub MCP - Retrieved last 2 merged PRs
• ✅ File Writing - Created agent test file
• ✅ Bash Tool - Verified file contents
• ❌ GitHub MCP Default Toolset - get_me failed (expected - not in default toolsets)
• ✅ Cache Memory - Created and verified cache file

Available Tools: add_comment, add_labels, create_issue, missing_tool, noop

Overall: PASS

cc @Mossaka

📰 BREAKING: Report filed by Smoke Copilot fer issue #6905 🗺️

[github-actions]

Smoke Test Results - Copilot Engine (No Firewall)

Last 2 Merged PRs:

• Fix create-agentic-workflow agent prompting patterns #6999: Fix create-agentic-workflow agent prompting patterns
• Restructure campaign designer to match workflow designer two-mode pattern #6996: Restructure campaign designer to match workflow designer two-mode pattern

Test Results:

• ✅ GitHub MCP: Retrieved PR information
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20382606338.txt
• ✅ Bash Tool: Verified file creation successful
• ✅ Playwright MCP: Navigated to github.com, title contains "GitHub"
• ❌ Safe Input gh Tool: Authentication not configured in bash

Overall Status: PASS (4/5 tests successful - gh tool requires GITHUB_TOKEN which is expected limitation)

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #6905 🗺️

[github-actions]

PRs: #6999 Fix create-agentic-workflow agent prompting patterns; #6996 Restructure campaign designer to match workflow designer two-mode pattern
OpenAI access: ❌ (DNS blocked)
GitHub MCP PR fetch: ✅
File write/read: ✅ (/tmp/gh-aw/agent/smoke-test-codex-firewall-20382606389.txt)
Blocked domain (example.com): ✅ (blocked)
Network: SANDBOXED
Overall: FAIL

🔥 Firewall tested by Smoke Codex Firewall fer issue #6905 🗺️

[github-actions]

Smoke Test Results

GitHub MCP: ✅ (Last 2 merged PRs reviewed)
File Writing: ✅ (Created smoke-test-copilot-20382606332.txt)
Bash Tool: ✅ (Verified file creation)
Serena MCP: ✅ (Listed project classes)
Safe Input gh: ✅ (Accessed GitHub issues)

Overall Status: PASS

Ahoy! This treasure was crafted by 🏴‍☠️ Smoke Copilot Safe Inputs fer issue #6905 🗺️

[github-actions]

Smoke Test Results

PRs: [WIP] Update Codex CLI to v0.76.0, [WIP] Update outdated files generated by init command

✅ GitHub MCP - Retrieved 2 recent PRs
✅ File Writing - Created /tmp/gh-aw/agent/smoke-test-claude-20382606347.txt
✅ Bash Tool - Verified file creation
✅ Playwright - Navigated to GitHub, title confirmed
✅ Cache Memory - Created /tmp/gh-aw/cache-memory/smoke-test-20382606347.txt
❌ Safe Input gh Tool - Tool not available

Overall: PARTIAL PASS (5/6 tests passed)

💥 [THE END] — Illustrated by Smoke Claude fer issue #6905 🗺️

[github-actions]

Recent merged PRs: Fix create-agentic-workflow agent prompting patterns; Restructure campaign designer to match workflow designer two-mode pattern
GitHub MCP merged PR fetch: ✅
File write/verify (/tmp/gh-aw/agent): ✅
Playwright title contains "GitHub": ✅
Cache memory write/verify: ✅
safeinputs-gh gh issues list: ❌ (command not found in PATH)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #6905 🗺️