[Code Quality] Fix firewall SSL-bump field extraction in frontmatter parser

[github-actions]

Description

The firewall configuration fields ssl-bump, allow-urls, and cleanup-script are defined in the schema and have corresponding struct fields, but are not extracted from workflow frontmatter YAML. This prevents users from configuring HTTPS inspection for the network firewall.

Problem

Current State:

• Schema defines these fields (pkg/parser/schemas/main_workflow_schema.json)
• FirewallConfig struct has fields (pkg/workflow/firewall.go:12-22)
• Extraction code is missing these fields (pkg/workflow/frontmatter_extraction_security.go:98-132)
• Downstream code tries to use them (pkg/workflow/firewall.go:195-218)

Impact:

• Users cannot enable SSL bump for HTTPS content inspection
• URL filtering through allow-urls is non-functional
• Fields remain at zero values (false, nil, empty string)

Suggested Changes

Add extraction logic to extractFirewallConfig() in pkg/workflow/frontmatter_extraction_security.go after line 127:

// Extract ssl-bump if present  
if sslBump, hasSslBump := firewallObj["ssl-bump"]; hasSslBump {
    if sslBumpBool, ok := sslBump.(bool); ok {
        config.SSLBump = sslBumpBool
    }
}

// Extract allow-urls if present
if allowUrls, hasAllowUrls := firewallObj["allow-urls"]; hasAllowUrls {
    if urlsSlice, ok := allowUrls.([]any); ok {
        for _, url := range urlsSlice {
            if urlStr, ok := url.(string); ok {
                config.AllowURLs = append(config.AllowURLs, urlStr)
            }
        }
    }
}

// Extract cleanup-script if present (deprecated but still in struct)
if cleanupScript, hasCleanup := firewallObj["cleanup-script"]; hasCleanup {
    if scriptStr, ok := cleanupScript.(string); ok {
        config.CleanupScript = scriptStr
    }
}

Files Affected

• pkg/workflow/frontmatter_extraction_security.go (lines 98-132) - Add extraction logic

Success Criteria

• ssl-bump boolean field extracted from YAML
• allow-urls string array field extracted from YAML
• cleanup-script string field extracted from YAML (maintain backwards compatibility)
• Test workflow with firewall SSL bump compiles successfully
• Generated AWF command includes SSL bump arguments when configured
• All existing firewall tests pass
• Add test case for firewall field extraction

Source

Extracted from Schema Consistency Analysis discussion #13862

Critical Issue #1: Firewall Configuration Fields Not Extracted from YAML

Priority

High - Blocks users from using documented firewall features for HTTPS inspection

AI generated by Discussion Task Miner - Code Quality Improvement Agent

• expires on Feb 6, 2026, 1:25 PM UTC

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster