Add domain blocklist support via --block-domains flag

.github/aw/schemas/agentic-workflow.json

@@ -2038,6 +2038,15 @@
               },
               "$comment": "Empty array is valid and means deny all network access. Omit the field entirely or use network: defaults to use default network permissions."
             },
+            "blocked": {
+              "type": "array",
+              "description": "List of blocked domains or ecosystem identifiers (e.g., 'python', 'node', 'tracker.example.com'). Blocked domains take precedence over allowed domains.",
+              "items": {
+                "type": "string",
+                "description": "Domain name or ecosystem identifier to block (supports wildcards like '*.example.com' and ecosystem names like 'python', 'node')"
+              },
+              "$comment": "Blocked domains are subtracted from the allowed list. Useful for blocking specific domains or ecosystems within broader allowed categories."
+            },
             "firewall": {
               "description": "AWF (Agent Workflow Firewall) configuration for network egress control. Only supported for Copilot engine.",
               "deprecated": true,

docs/src/content/docs/reference/frontmatter-full.md

@@ -823,6 +823,13 @@ network:
     # Array of Domain name or ecosystem identifier (supports wildcards like
     # '*.example.com' and ecosystem names like 'python', 'node')
 
+  # List of blocked domains or ecosystem identifiers (e.g., 'python', 'node',
+  # 'tracker.example.com'). Blocked domains take precedence over allowed domains.
+  # (optional)
+  blocked: []
+    # Array of Domain name or ecosystem identifier to block (supports wildcards like
+    # '*.example.com' and ecosystem names like 'python', 'node')
+
 # Sandbox configuration for AI engines. Controls agent sandbox (AWF or Sandbox
 # Runtime) and MCP gateway.
 # (optional)

docs/src/content/docs/reference/network.md

@@ -39,9 +39,72 @@ network:
 
 # No network access
 network: {}
+
+# Block specific domains
+network:
+  allowed:
+    - defaults              # Basic infrastructure
+    - python               # Python/PyPI ecosystem
+  blocked:
+    - "tracker.example.com" # Block specific tracking domain
+    - "analytics.example.com" # Block analytics
+
+# Block entire ecosystems
+network:
+  allowed:
+    - defaults
+    - github
+    - node
+  blocked:
+    - python               # Block Python/PyPI even if in defaults
+```
+
+## Blocking Domains
+
+Use the `blocked` field to block specific domains or ecosystems while allowing others. Blocked domains take precedence over allowed domains, enabling fine-grained control:
+
+```yaml wrap
+# Block specific tracking/analytics domains
+network:
+  allowed:
+    - defaults
+    - github
+  blocked:
+    - "tracker.example.com"
+    - "analytics.example.com"
+
+# Block entire ecosystem within broader allowed set
+network:
+  allowed:
+    - defaults              # Includes many ecosystems
+  blocked:
+    - python               # Block Python/PyPI specifically
+
+# Combine domain and ecosystem blocking
+network:
+  allowed:
+    - defaults
+    - github
+    - node
+  blocked:
+    - python               # Block Python ecosystem
+    - "cdn.example.com"    # Block specific CDN
 ```
 
-## Security Model
+:::tip[When to Use Blocked Domains]
+- **Privacy**: Block tracking and analytics domains while allowing legitimate services
+- **Security**: Block known malicious or compromised domains
+- **Compliance**: Enforce organizational network policies
+- **Fine-grained control**: Allow broad ecosystem access but block specific problematic domains
+:::
+
+**Key behaviors**:
+- Blocked domains are subtracted from the allowed list
+- Supports both individual domains and ecosystem identifiers
+- Blocked domains include all subdomains (like allowed domains)
+- Useful for blocking specific domains within broader ecosystem allowlists
+
+## Configuration
 
 Network permissions follow the principle of least privilege with four access levels: