Add AWF support for Codex engine

[Copilot]

• Phase 1: Core Integration
  • Add CodexDefaultDomains (api.openai.com, openai.com) in domains.go
  • Add GetCodexAllowedDomains() helper to merge Codex defaults with user's network.allowed domains
  • Refactor domain merging logic into shared mergeDomainsWithNetwork() helper
  • Enable supportsFirewall: true in NewCodexEngine() in codex_engine.go
• Phase 2: Installation Steps
  • Update GetInstallationSteps() in codex_engine.go to install AWF when firewall enabled
• Phase 3: AWF-Wrapped Execution
  • Update GetExecutionSteps() in codex_engine.go to wrap with AWF when firewall enabled
  • Configure mounts: workspace, /tmp, utilities (gh/yq/date), and /usr/local/bin/codex
  • No --tty flag (Codex is a Rust CLI, not a TUI)
• Phase 4: Observability & Log Parsing
  • Add GetFirewallLogsCollectionStep() and GetSquidLogsSteps() to codex_engine.go
  • Extend compiler_yaml_main_job.go to include Codex in firewall log pattern
• Phase 5: Default Enablement
  • Update enableFirewallByDefaultForCopilot() to include Codex engine
  • Update validateStrictFirewall() to validate Codex firewall requirements
• Phase 6: Testing
  • Create .github/workflows/smoke-codex-firewall.md smoke test workflow
  • Add unit tests for CodexDefaultDomains and GetCodexAllowedDomains
  • Update existing tests to reflect Codex's new firewall support
• Run code review and address feedback
• Recompile all workflow lock files
• Merge main branch (resolved conflicts)

Original prompt

AWF Integration for Codex Engine — Implementation Plan

Overview

Integrate Application-level Firewall (AWF) for the Codex engine using the Copilot/Claude pattern: network isolation for Codex CLI with a domain allowlist.

User decisions

• AWF enabled by default for Codex (like Copilot/Claude)
• Minimal defaults: api.openai.com, openai.com (+ user extensions via network.allowed)
• Pre-install Codex (npm global) and mount the binary (Copilot-style)

---

Phase 1: Core integration

1.1 Add Codex default domains + helper

File: /home/mossaka/developer/gh-aw-repos/gh-aw/pkg/workflow/domains.go
Add after ClaudeDefaultDomains:

// CodexDefaultDomains are the minimal default domains required for Codex CLI operation
var CodexDefaultDomains = []string{
    "api.openai.com",
    "openai.com",
}

// GetCodexAllowedDomains merges Codex defaults with NetworkPermissions allowed domains.
// Returns deduped, sorted, comma-separated string for AWF --allow-domains.
func GetCodexAllowedDomains(network *NetworkPermissions) string {
    domainMap := map[string]bool{}

    for _, d := range CodexDefaultDomains {
        domainMap[d] = true
    }
    if network != nil {
        for _, domainList := range GetAllowedDomains(network) {
            for _, d := range strings.Split(domainList, ",") {
                d = strings.TrimSpace(d)
                if d != "" {
                    domainMap[d] = true
                }
            }
        }
    }

    domains := make([]string, 0, len(domainMap))
    for d := range domainMap {
        domains = append(domains, d)
    }
    sort.Strings(domains)
    return strings.Join(domains, ",")
}

1.2 Enable firewall support in the engine

File: /home/mossaka/developer/gh-aw-repos/gh-aw/pkg/workflow/codex_engine.go
Set supportsFirewall: true in NewCodexEngine().

---

Phase 2: Installation steps

File: .../codex_engine.go
Update GetInstallationSteps() to:

• Use base install steps for @openai/codex (secrets + npm install)
• If firewall enabled: append AWF installation step (respect custom agent command if applicable)

---

Phase 3: AWF-wrapped execution

File: .../codex_engine.go
Update GetExecutionSteps() to:

• Build the normal codex ... exec ... command (existing behavior)

• If firewall enabled, wrap with AWF:

  • --env-all
  • no --tty (Codex isn’t a TUI)
  • mounts: workspace, /tmp, basic utilities (gh/yq/date), and /usr/local/bin/codex
  • --allow-domains $(GetCodexAllowedDomains(...))
  • --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs

• Else run unwrapped

---

Phase 4: Observability & log parsing

• Add GetFirewallLogsCollectionStep() (no-op) + GetSquidLogsSteps() (upload + parse) to codex_engine.go
• In compiler_yaml_main_job.go, extend the Copilot/Claude pattern to include Codex
• Reuse js/parse_firewall_logs.cjs; keep Codex parsing via js/parse_codex_log.cjs

---

Phase 5: Testing

Create: .github/workflows/smoke-codex-firewall.md
Validate:

• Codex executes and MCP tools work under AWF
• OpenAI domains allowed; blocked domains denied
• Squid logs uploaded + parsed into step summary
• Optional: confirm network.allowed expansion works (e.g., github, python)

---

Phase 6: Default enablement

File: /pkg/workflow/firewall.go
Ensure default logic includes "codex" (same as copilot/claude).

---

Critical files

Modify

• pkg/workflow/domains.go
• pkg/workflow/codex_engine.go
• pkg/workflow/compiler_yaml_main_job.go
• pkg/workflow/firewall.go (if needed)

Create

• .github/workflows/smoke-codex-firewall.md

Key differences (Codex)

• Minimal default allowlist: api.openai.com, openai.com
• No --tty
• Mount binary at /usr/local/bin/codex
• TOML config accessible via /tmp mount

Notes for Codex

• No TTY Required: Codex is a Rust CLI that outputs to stdout/stderr, not a TUI like Claude
• Minimal Domains: Only OpenAI API domains in defaults - users must explicitly add other domains via network.allowed
• TOML Config: Codex uses TOML format for config.toml, but this is accessible via /tmp mount (no special handling needed)
• Binary Location: npm install -g pla...

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main branch in fe82458. Resolved conflict in strict_mode_validation.go by combining the new sandbox.agent: false strict mode check with the Codex firewall support.

[Mossaka]

@copilot merge main

[Copilot]

@copilot merge main

I've resolved the merge conflict in strict_mode_validation.go (keeping Codex firewall support while incorporating the new sandbox.agent strict mode check from main). However, I cannot complete the merge commit due to tooling limitations - the commit tool doesn't properly handle merge commits. Could you please complete the merge manually by running:

git fetch origin main
git merge origin/main
# Resolve conflict in pkg/workflow/strict_mode_validation.go (keep codex support)
git commit

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

❌ Firewall validation failed... Smoke Codex Firewall failed. Network sandboxing may not be working correctly.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

💀 Blimey! Changeset Generator failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• [WIP] Replace index.js file with a bash script for file copying #6922: [WIP] Replace index.js file with a bash script for file copying
• feat: Enable custom footer messages for update-discussion #6915: feat: Enable custom footer messages for update-discussion

Test Results:

• ✅ GitHub MCP Testing
• ✅ File Writing Testing
• ✅ Bash Tool Testing
• ✅ Playwright MCP Testing (Title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
• ✅ Safe Input gh Tool Testing

Overall Status: PASS

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #6906 🗺️

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• ✅ Unable to access GitHub MCP (tool not available in workflow)

Tests:

• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20363162150.txt
• ✅ Bash Tool: Successfully verified file content
• ❌ Serena MCP: Tool not available in workflow
• ❌ Safe Input gh Tool: Tool not available in workflow
• ❌ GitHub MCP: Tool not available in workflow

Status: FAIL - Some required tools not configured in workflow

Ahoy! This treasure was crafted by 🏴‍☠️ Smoke Copilot Safe Inputs fer issue #6906 🗺️

[github-actions]

Smoke Test Results (Run 20363162130)

Last 2 Merged PRs:

• [WIP] Replace index.js file with a bash script for file copying #6922: [WIP] Replace index.js file with a bash script for file copying
• feat: Enable custom footer messages for update-discussion #6915: feat: Enable custom footer messages for update-discussion

Tests:

• ✅ GitHub MCP (retrieved PRs)
• ✅ File writing (agent directory)
• ✅ Bash tool execution
• ✅ GitHub MCP default toolset (correctly blocked get_me)
• ✅ Cache memory test

Overall: PASS ✅

cc: @Mossaka

📰 BREAKING: Report filed by Smoke Copilot fer issue #6906 🗺️

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• [WIP] Replace index.js file with a bash script for file copying #6922: Replace index.js file with a bash script for file copying
• feat: Enable custom footer messages for update-discussion #6915: Enable custom footer messages for update-discussion

Test Results:

• ✅ GitHub MCP - Fetched PRs with pagination
• ✅ File Writing - Created test file
• ✅ Bash Tool - Verified file creation
• ✅ Playwright - Navigated to GitHub, title verified
• ✅ Cache Memory - Created and verified cache file
• ❌ Safe Input gh Tool - Tool not configured

Status: PASS (5/6 tests passed)

💥 [THE END] — Illustrated by Smoke Claude fer issue #6906 🗺️

[github-actions]

OpenAI domain access: ❌ (DNS blocked)
GitHub MCP (last merged PRs): ✅ feat: Enable custom footer messages for update-discussion | Disable sandbox.agent: false in strict mode for copilot engine
File write/read /tmp/gh-aw/agent/smoke-test-codex-firewall-20363162147.txt: ✅
Blocked domain (example.com) blocked: ✅
Network status: SANDBOXED
Overall status: FAIL

🔥 Firewall tested by Smoke Codex Firewall fer issue #6906 🗺️

[github-actions]

Last merged PRs: feat: Enable custom footer messages for update-discussion; Add update-discussion safe output type
GitHub MCP PR lookup: ✅
File write/read /tmp/gh-aw/agent: ✅
Playwright title contains "GitHub": ✅
Cache memory write/read: ✅
safeinputs-gh (gh issues list): ❌ tool unavailable
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #6906 🗺️