Skip to content

[Code Quality] Document firewall SSL-bump feature #14047

New issue
New issue
Closed
#14266
Closed
[Code Quality] Document firewall SSL-bump feature#14047
#14266
Assignees
pelikhancopilot-swe-agent
Labels
automationcode-qualitycookieIssue Monster Loves Cookies!documentationImprovements or additions to documentationtask-mining
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 6, 2026

Description

The network documentation (docs/src/content/docs/reference/network.md) mentions the log-level field but does NOT document the SSL-bump feature and related configuration options.

Current Documentation Coverage

  • network.firewall (boolean and object form)
  • network.firewall.log-level (enum values documented, lines 243-262)
  • network.firewall.version (implied by examples)
  • network.firewall.ssl-bump (NOT documented)
  • network.firewall.allow-urls (NOT documented)

Missing Feature

The firewall supports SSL bump for HTTPS inspection:

  • ssl-bump: Enable SSL interception for HTTPS URL filtering
  • allow-urls: URL patterns to allow when SSL bump is enabled

This feature exists in the schema and code but is not documented.

Suggested Changes

Add to docs/src/content/docs/reference/network.md after the log-level section (after line 262):

### SSL Bump for HTTPS Inspection

Enable SSL bump to allow the firewall to inspect HTTPS traffic and filter by URL path:

```yaml
network:
  firewall:
    ssl-bump: true
    allow-urls:
      - "https://github.com/githubnext/*"
      - "https://api.github.com/repos/*/issues"
  allowed:
    - defaults

Note: SSL bump requires the AWF firewall and enables deep packet inspection of HTTPS traffic. Use allow-urls to specify URL patterns that should be permitted through the firewall.

Security Considerations:

  • SSL bump intercepts and decrypts HTTPS traffic for inspection
  • Only enable when URL-level filtering is necessary
  • Use allow-urls patterns carefully to avoid breaking legitimate HTTPS connections

## Files Affected

- `docs/src/content/docs/reference/network.md` (add SSL-bump section)

## Success Criteria

- [ ] SSL-bump feature documented with examples
- [ ] `allow-urls` parameter explained with URL pattern examples
- [ ] Security considerations noted (HTTPS interception)
- [ ] Documentation consistent with other firewall features

## Dependencies

This documentation complements #aw_firewall_extraction (fix extraction bug). Once that bug is fixed, users can actually use this documented feature.

## Source

Extracted from [Schema Consistency Analysis discussion #13862](https://github.com/github/gh-aw/discussions/13862)

## Priority

**Medium** - Documentation gap for existing feature. Should be documented once extraction bug (#aw_firewall_extraction) is fixed.


<!-- gh-aw-tracker-id: discussion-task-miner -->




> AI generated by [Discussion Task Miner - Code Quality Improvement Agent](https://github.com/github/gh-aw/actions/runs/21739679187)
> - [x] expires <!-- gh-aw-expires: 2026-02-07T05:23:42.145Z --> on Feb 7, 2026, 5:23 AM UTC

<!-- gh-aw-agentic-workflow: Discussion Task Miner - Code Quality Improvement Agent, gh-aw-tracker-id: discussion-task-miner, engine: copilot, run: https://github.com/github/gh-aw/actions/runs/21739679187 -->

<!-- gh-aw-workflow-id: discussion-task-miner -->

Metadata

Metadata

Assignees

Labels

automationcode-qualitycookieIssue Monster Loves Cookies!documentationImprovements or additions to documentationtask-mining

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions