feat: add cli-proxy feature flag for AWF gh CLI proxy sidecar (firewall v0.25.14)#24997
Merged
feat: add cli-proxy feature flag for AWF gh CLI proxy sidecar (firewall v0.25.14)#24997
Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2e432b55-8a31-4eb8-ab16-7602b03acea2 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…mand injection Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2e432b55-8a31-4eb8-ab16-7602b03acea2 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add cli-proxy feature flag for AWF gh CLI proxy sidecar
feat: add cli-proxy feature flag for AWF gh CLI proxy sidecar (firewall v0.25.14)
Apr 7, 2026
pelikhan
approved these changes
Apr 7, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Bumps the default Agentic Workflow Firewall (AWF) version to v0.25.14 and introduces cli-proxy / cli-proxy-writable feature flags that add AWF CLI proxy sidecar arguments (including optional guard policy propagation) to enable secure gh CLI usage inside the agent sandbox.
Changes:
- Bump default AWF firewall version to
v0.25.14. - Add
cli-proxyandcli-proxy-writablefeature flags and wire them intoBuildAWFArgs()(including optional--cli-proxy-policyfromtools.githubguard fields). - Add unit tests for CLI proxy arg injection paths and recompile workflow lockfiles to the new AWF version.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/awf_helpers.go | Injects --enable-cli-proxy, --cli-proxy-writable, and optional --cli-proxy-policy into AWF args based on feature flags. |
| pkg/workflow/awf_helpers_test.go | Adds unit tests covering CLI proxy arg injection/non-injection cases. |
| pkg/constants/version_constants.go | Updates DefaultFirewallVersion to v0.25.14. |
| pkg/constants/feature_constants.go | Adds CliProxyFeatureFlag and CliProxyWritableFeatureFlag constants and documentation. |
| .github/workflows/workflow-health-manager.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/workflow-generator.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/weekly-blog-post-writer.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/test-workflow.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/test-project-url-default.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/test-dispatcher.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/smoke-gemini.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/security-compliance.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/repo-tree-map.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/refiner.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/q.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/pr-triage-agent.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/poem-bot.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/plan.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/notion-issue-summary.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/metrics-collector.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/jsweep.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/issue-triage-agent.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/issue-monster.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/gpclean.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/github-remote-mcp-auth-test.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/firewall.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/example-permissions-warning.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/dictation-prompt.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/dev.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/dependabot-burner.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/daily-team-status.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/daily-secrets-analysis.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/craft.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/copilot-token-optimizer.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/contribution-check.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/constraint-solving-potd.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/code-simplifier.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/changeset.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/brave.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/bot-detection.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/ai-moderator.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .github/workflows/ace-editor.lock.yml | Recompiled lockfile to AWF v0.25.14 / image tag 0.25.14. |
| .changeset/patch-bump-awf-v0-25-14.md | Adds a patch changeset documenting the default AWF version bump. |
| .changeset/minor-add-cli-proxy-feature-flag.md | Adds a minor changeset documenting the new CLI proxy feature flags and behavior. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 111/188 changed files
- Comments generated: 1
pkg/workflow/awf_helpers.go
Outdated
Comment on lines
+245
to
+249
| // Enable CLI proxy sidecar when the cli-proxy feature flag is set. | ||
| // This gives the agent secure gh CLI access without exposing GITHUB_TOKEN | ||
| // in the agent container (firewall v0.25.14+). | ||
| if isFeatureEnabled(constants.CliProxyFeatureFlag, config.WorkflowData) { | ||
| awfArgs = append(awfArgs, "--enable-cli-proxy") |
There was a problem hiding this comment.
The CLI proxy flags are injected purely based on the feature flags. Workflows can pin an older AWF version via network_permissions.firewall.version; for versions < v0.25.14 these flags will cause AWF startup to fail (unknown flag). Add a version gate similar to awfSupportsExcludeEnv (e.g., awfSupportsCliProxy with a min-version constant) and skip/ log when the pinned version is too old; update tests to cover the pinned-old-version path.
Collaborator
|
@copilot apply changes based on the comments in this thread |
…er AWF versions Agent-Logs-Url: https://github.com/github/gh-aw/sessions/180bd43e-792e-4d72-b6b0-137eacfdd829 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Contributor
Author
Done in commit 1adf086. Added |
…#25003) Agent-Logs-Url: https://github.com/github/gh-aw/sessions/45d7425a-e55e-4a76-8049-e58cad7ee0d6 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/d97ec115-fca7-468f-8455-80e276a712cf Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7417d3b0-97d5-4b8f-baf1-dff3635cd5d2 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
) * fix: restore backward compat in assign_to_agent.cjs for standalone tests The main() function was refactored to a handler factory pattern but tests still use the old standalone interface (env vars + direct item processing). Add standalone mode detection when main() is called with no config: - Reads config from env vars (GH_AW_AGENT_DEFAULT, GH_AW_AGENT_MAX_COUNT, etc.) - Processes all assign_to_agent items from GH_AW_AGENT_OUTPUT - Writes summary, sets outputs, calls setFailed on errors Also fix the "Ignore-if-error mode enabled" log message to match tests. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e00f51ce-33dd-493d-ba64-e13e1ebeb1be Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> * fix: address code review feedback on standalone mode detection Agent-Logs-Url: https://github.com/github/gh-aw/sessions/e00f51ce-33dd-493d-ba64-e13e1ebeb1be Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> * Update; rm -rf / Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> * fix: update assign_to_agent tests to use handler factory pattern Replace `await main()` standalone calls in test evals with a STANDALONE_RUNNER snippet that simulates the safe-output handler manager flow: - build config from env vars - call main(config) to get the handler function - process assign_to_agent items through the handler - write summary, set outputs, call setFailed on errors Also fix the "encounters auth errors" assertion to match the production log message. No changes to assign_to_agent.cjs production code. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/d92459b5-9e9b-40ad-a0c6-108c70f23622 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bump default AWF firewall to v0.25.14 and add
cli-proxy/cli-proxy-writablefeature flags that wire up the new gh CLI proxy sidecar — secureghaccess in the agent container without exposingGITHUB_TOKEN.Changes
pkg/constants/version_constants.go—DefaultFirewallVersion→v0.25.14; addedAWFCliProxyMinVersion = "v0.25.14"minimum version constant for the version gatepkg/constants/feature_constants.go— two new flags:CliProxyFeatureFlag = "cli-proxy"CliProxyWritableFeatureFlag = "cli-proxy-writable"pkg/workflow/awf_helpers.go—BuildAWFArgs()injects after--enable-api-proxy:--enable-cli-proxywhencli-proxy: true(gated onawfSupportsCliProxy()version check)--cli-proxy-writablewhencli-proxy-writable: true(gated oncli-proxy)--cli-proxy-policy <json>reusinggetDIFCProxyPolicyJSON()whentools.githubhasmin-integrity/allowed-reposawfSupportsCliProxy()version gate (mirrorsawfSupportsExcludeEnv) — skips all cli-proxy flags with a log message when the workflow pins an AWF version older than v0.25.14, preventing unknown-flag startup failurespkg/workflow/awf_helpers_test.go— 16 unit tests covering all injection/non-injection paths, including pinned-old-version path (TestAWFSupportsCliProxyand updatedTestBuildAWFArgsCliProxy)Usage
Note
Workflows that pin
network_permissions.firewall.versionto a version older thanv0.25.14will have the cli-proxy flags silently skipped to avoid AWF startup failures.