{"id":43605817,"url":"https://github.com/github/gh-aw-firewall","last_synced_at":"2026-05-25T06:01:41.272Z","repository":{"id":320254513,"uuid":"1077889760","full_name":"github/gh-aw-firewall","owner":"github","description":"GitHub Agentic Workflows Firewall","archived":false,"fork":false,"pushed_at":"2026-05-24T23:36:22.000Z","size":14054,"stargazers_count":79,"open_issues_count":66,"forks_count":21,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-25T00:32:15.454Z","etag":null,"topics":["agentic","github","workflows"],"latest_commit_sha":null,"homepage":"https://github.github.com/gh-aw-firewall/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-10-16T22:26:49.000Z","updated_at":"2026-05-24T23:32:00.000Z","dependencies_parsed_at":"2025-11-06T22:10:19.611Z","dependency_job_id":null,"html_url":"https://github.com/github/gh-aw-firewall","commit_stats":null,"previous_names":["githubnext/gh-aw-firewall","github/gh-aw-firewall"],"tags_count":117,"template":false,"template_full_name":null,"purl":"pkg:github/github/gh-aw-firewall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fgh-aw-firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fgh-aw-firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fgh-aw-firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fgh-aw-firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/gh-aw-firewall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fgh-aw-firewall/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33462501,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-25T02:24:28.008Z","status":"ssl_error","status_checked_at":"2026-05-25T02:23:23.339Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic","github","workflows"],"created_at":"2026-02-04T07:11:24.069Z","updated_at":"2026-05-25T06:01:41.264Z","avatar_url":"https://github.com/github.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# Agentic Workflow Firewall\n\n\u003e [!WARNING]\n\u003e Releases v0.25.21 through v0.25.39 were retired due to a bug that impacted billing. If you are running one of these versions, please upgrade to the latest release as soon as possible.\n\nA network firewall for agentic workflows that restricts outbound HTTP/HTTPS to an allowlist of domains.\n\n\u003e [!TIP]\n\u003e This project is a part of GitHub's explorations of [Agentic Workflows](https://github.com/github/gh-aw). For more background, check out the [project page](https://github.github.io/gh-aw/)! ✨\n\n## How it works\n\n`awf` runs your command inside a Docker sandbox with three containers:\n\n- **Squid proxy** — filters outbound traffic by domain allowlist\n- **Agent** — runs your command; all HTTP/HTTPS is routed through Squid\n- **API proxy sidecar** *(optional)* — holds LLM API keys so they never reach the agent process\n\n## Requirements\n\n- **Docker**: 20.10+ with Docker Compose v2\n- **Node.js**: 20.19.0+ (for building from source)\n- **OS**: Ubuntu 22.04+ or compatible Linux distribution (x86_64 and arm64)\n\nSee [Compatibility](docs/compatibility.md) for full details on supported versions and tested configurations.\n\n## Get started fast\n\n```bash\ncurl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash\nsudo awf --allow-domains github.com -- curl https://api.github.com\n```\n\nThe `--` separator divides firewall options from the command to run.\n\n## Feature highlights\n\n- **Declarative config support**: `--config \u003cpath\u003e` with JSON/YAML + published JSON Schema\n- **Domain and URL controls**: allow/deny domain rules, SSL Bump (`--ssl-bump`), and URL patterns (`--allow-urls`, requires `--ssl-bump`)\n- **Data protection controls**: DLP scanning (`--enable-dlp`), DNS-over-HTTPS, and agent runtime limits (`--agent-timeout`)\n- **API proxy capabilities**: OpenAI, Anthropic, Copilot, and Gemini targets with rate limits, token steering, and Anthropic auto-cache\n- **Infrastructure flexibility**: upstream proxy chaining, host service access, Docker-in-Docker, custom mounts, memory limits, and TTY mode\n- **Operational tooling**: pre-download images and inspect logs/stats/summaries/audits from live or saved runs\n\n## CLI subcommands\n\n- `awf predownload` — pre-pull runtime images for faster startup or offline environments\n- `awf logs` — inspect firewall logs in raw/pretty/json\n  - `awf logs stats` — aggregate traffic statistics\n  - `awf logs summary` — markdown/json summaries (great for GitHub Actions step summaries)\n  - `awf logs audit` — audit view with policy-rule matching (requires `policy-manifest.json`, typically from `--audit-dir`)\n\nFor the complete CLI surface area, run `awf --help`.\n\n## GitHub Action quick start\n\n```yaml\nsteps:\n  - uses: actions/checkout@v4\n  - name: Setup AWF\n    uses: github/gh-aw-firewall@v1\n  - name: Run command through firewall\n    run: sudo awf --allow-domains github.com,api.github.com -- curl https://api.github.com\n```\n\nSee [GitHub Actions](docs/github_actions.md) for advanced setup and `awf logs summary` examples.\n\n## Explore the docs\n\n- [Quick start](docs/quickstart.md) — install, verify, and run your first command\n- [Usage guide](docs/usage.md) — CLI flags, domain allowlists, examples\n- [AWF config schema](docs/awf-config.schema.json) — machine-readable JSON Schema for JSON/YAML configs (also published as a [versioned release asset](https://github.com/github/gh-aw-firewall/releases/latest/download/awf-config.schema.json) for IDE autocomplete)\n- [AWF config spec](docs/awf-config-spec.md) — normative processing and precedence rules for tooling/compiler integration\n- [Audit log schema](schemas/audit.schema.json) — JSON Schema for L7 traffic audit records (`audit.jsonl`)\n- [Token usage schema](schemas/token-usage.schema.json) — JSON Schema for per-call token usage records (`token-usage.jsonl`)\n- [Schemas README](schemas/README.md) — versioning policy, record identification, and validation examples\n- [Enterprise configuration](docs/enterprise-configuration.md) — GitHub Enterprise Cloud and Server setup\n- [Chroot mode](docs/chroot-mode.md) — use host binaries with network isolation (glibc-based daemon hosts)\n- [API proxy sidecar](docs/api-proxy-sidecar.md) — secure credential management for LLM APIs\n- [Authentication architecture](docs/authentication-architecture.md) — deep dive into token handling and credential isolation\n- [SSL Bump](docs/ssl-bump.md) — HTTPS content inspection for URL path filtering\n- [GitHub Actions](docs/github_actions.md) — CI/CD integration and MCP server setup\n- [Environment variables](docs/environment.md) — passing environment variables to containers\n- [Logging quick reference](docs/logging_quickref.md) and [Squid log filtering](docs/squid_log_filtering.md) — view and filter traffic\n- [Security model](docs/security.md) — what the firewall protects and how\n- [Architecture](docs/architecture.md) — how Squid, Docker, and iptables fit together\n- [Compatibility](docs/compatibility.md) — supported Node.js, OS, and Docker versions\n- [Troubleshooting](docs/troubleshooting.md) — common issues and fixes\n- [Image verification](docs/image-verification.md) — cosign signature verification\n\n## Development\n\n- Install dependencies: `npm install`\n- Run tests: `npm test`\n- Build: `npm run build`\n\n## Contributing\n\nContributions welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fgh-aw-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub%2Fgh-aw-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fgh-aw-firewall/lists"}