fix: add cli-proxy container image to release workflow

.github/workflows/release.yml

@@ -269,6 +269,66 @@ jobs:
             --type spdxjson \
             ghcr.io/${{ github.repository }}/api-proxy@${{ steps.build_api_proxy.outputs.digest }}
 
+  build-cli-proxy:
+    name: Build CLI Proxy Image
+    runs-on: ubuntu-latest
+    needs: bump-version
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
+        with:
+          ref: ${{ needs.bump-version.outputs.version }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+        with:
+          platforms: arm64
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+
+      - name: Build and push CLI Proxy image
+        id: build_cli_proxy
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+        with:
+          context: ./containers/cli-proxy
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ghcr.io/${{ github.repository }}/cli-proxy:${{ needs.bump-version.outputs.version_number }}
+            ghcr.io/${{ github.repository }}/cli-proxy:latest
+          cache-from: type=gha,scope=cli-proxy
+          cache-to: type=gha,mode=max,scope=cli-proxy
+
+      - name: Sign CLI Proxy image with cosign
+        run: |
+          cosign sign --yes \
+            ghcr.io/${{ github.repository }}/cli-proxy@${{ steps.build_cli_proxy.outputs.digest }}
+
+      - name: Generate SBOM for CLI Proxy image
+        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2
+        with:
+          image: ghcr.io/${{ github.repository }}/cli-proxy@${{ steps.build_cli_proxy.outputs.digest }}
+          format: spdx-json
+          output-file: cli-proxy-sbom.spdx.json
+
+      - name: Attest SBOM for CLI Proxy image
+        run: |
+          cosign attest --yes \
+            --predicate cli-proxy-sbom.spdx.json \
+            --type spdxjson \
+            ghcr.io/${{ github.repository }}/cli-proxy@${{ steps.build_cli_proxy.outputs.digest }}
+
   # Build agent-act image with catthehacker/ubuntu:act-24.04 base for GitHub Actions parity
   # amd64-only: catthehacker/ubuntu:act-24.04 does not publish arm64 manifests
   build-agent-act:
@@ -346,7 +406,7 @@ jobs:
   release:
     name: Create Release
     runs-on: ubuntu-latest
-    needs: [bump-version, build-squid, build-agent, build-api-proxy, build-agent-act]
+    needs: [bump-version, build-squid, build-agent, build-api-proxy, build-cli-proxy, build-agent-act]
     steps:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4

docs/releasing.md

@@ -49,6 +49,7 @@ Once the workflow completes:
    - `squid:<version>` and `squid:latest`
    - `agent:<version>` and `agent:latest`
    - `api-proxy:<version>` and `api-proxy:latest`
+   - `cli-proxy:<version>` and `cli-proxy:latest`
    - `agent-act:<version>` and `agent-act:latest` (GitHub Actions parity image)
 
 ## Release Artifacts
@@ -66,6 +67,7 @@ Docker images are published to `ghcr.io/github/gh-aw-firewall`:
 - `squid:<version>` and `squid:latest` - Squid proxy container
 - `agent:<version>` and `agent:latest` - Agent execution environment (minimal, ~200MB)
 - `api-proxy:<version>` and `api-proxy:latest` - API proxy sidecar for credential isolation
+- `cli-proxy:<version>` and `cli-proxy:latest` - CLI proxy sidecar for gh CLI access via mcpg DIFC proxy
 - `agent-act:<version>` and `agent-act:latest` - Agent with GitHub Actions parity (~2GB)
 
 These images are automatically pulled by the CLI when running commands.
@@ -100,6 +102,7 @@ pkg . --targets node18-linux-x64 --output release/awf
 docker build -t awf-test/squid:local ./containers/squid
 docker build -t awf-test/agent:local ./containers/agent
 docker build -t awf-test/api-proxy:local ./containers/api-proxy
+docker build -t awf-test/cli-proxy:local ./containers/cli-proxy
 
 # Test with local images
 sudo ./dist/cli.js \
@@ -141,7 +144,7 @@ If users report that Docker images can't be pulled:
 
 To make packages public:
 1. Go to repository **Packages** page
-2. Click on the package (squid, agent, api-proxy, or agent-act)
+2. Click on the package (squid, agent, api-proxy, cli-proxy, or agent-act)
 3. Go to **Package settings**
 4. Change visibility to **Public**