github · pelikhan · Oct 25, 2025 · Oct 25, 2025 · Oct 25, 2025 · Oct 25, 2025
diff --git a/.changeset/patch-parse-firewall-logs-logs-audit.md b/.changeset/patch-parse-firewall-logs-logs-audit.md
diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml
diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md
@@ -683,15 +683,6 @@ env: "example-value"
 # Feature flags to enable experimental or optional features in the workflow. Each
 # feature is specified as a key with a boolean value.
 # (optional)
-#
-# Available features:
-#   firewall: Enable AWF (Agent Workflow Firewall) for network egress control
-#             with domain allowlisting. Currently only supported for the Copilot
-#             engine. AWF is sourced from https://github.com/githubnext/gh-aw-firewall
-#
-# Example:
-#   features:
-#     firewall: true
 features:
   {}
 

diff --git a/pkg/cli/audit.go b/pkg/cli/audit.go
@@ -51,7 +51,7 @@ Examples:
   ` + constants.CLIExtensionPrefix + ` audit https://github.example.com/owner/repo/actions/runs/1234567890  # Audit from GitHub Enterprise
   ` + constants.CLIExtensionPrefix + ` audit 1234567890 -o ./audit-reports  # Custom output directory
   ` + constants.CLIExtensionPrefix + ` audit 1234567890 -v  # Verbose output
-  ` + constants.CLIExtensionPrefix + ` audit 1234567890 --parse  # Parse agent logs and generate log.md`,
+  ` + constants.CLIExtensionPrefix + ` audit 1234567890 --parse  # Parse agent logs and firewall logs, generating log.md and firewall.md`,
 		Args: cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
 			runIDOrURL := args[0]
@@ -78,7 +78,7 @@ Examples:
 	// Add flags to audit command
 	auditCmd.Flags().StringP("output", "o", "./logs", "Output directory for downloaded logs and artifacts")
 	auditCmd.Flags().Bool("json", false, "Output audit report as JSON instead of formatted console tables")
-	auditCmd.Flags().Bool("parse", false, "Run JavaScript parser on agent logs and write markdown to log.md")
+	auditCmd.Flags().Bool("parse", false, "Run JavaScript parsers on agent logs and firewall logs, writing markdown to log.md and firewall.md")
 
 	return auditCmd
 }
@@ -333,6 +333,19 @@ func AuditWorkflowRun(runInfo RunURLInfo, outputDir string, verbose bool, parse
 		} else if verbose {
 			fmt.Fprintln(os.Stderr, console.FormatInfoMessage("No engine detected (aw_info.json missing or invalid); skipping agent log rendering"))
 		}
+
+		// Also parse firewall logs if they exist
+		if err := parseFirewallLogs(runOutputDir, verbose); err != nil {
+			if verbose {
+				fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse firewall logs for run %d: %v", runInfo.RunID, err)))
+			}
+		} else {
+			// Show success message if firewall.md was created
+			firewallMdPath := filepath.Join(runOutputDir, "firewall.md")
+			if _, err := os.Stat(firewallMdPath); err == nil {
+				fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed firewall logs for run %d → %s", runInfo.RunID, firewallMdPath)))
+			}
+		}
 	}
 
 	// Save run summary for caching future audit runs