fireall.md: Changed engine from 'claude' to 'copilot'#2327
Conversation
Signed-off-by: Jiaxiao (mossaka) Zhou <duibao55328@gmail.com>
There was a problem hiding this comment.
Pull Request Overview
This pull request changes the AI engine for the firewall workflow from Claude to GitHub Copilot. The change involves updating the engine configuration, swapping out Claude-specific tooling for Copilot-specific tooling, and adding new firewall features using the awf binary for network access control.
Key Changes:
- Engine changed from
claudetocopilotwith newfeatures.firewall: trueconfiguration - Replaced Claude Code CLI with GitHub Copilot CLI and
awffirewall wrapper - Updated MCP configuration to use Copilot format with web-fetch tool support
- Added comprehensive firewall logging and analysis capabilities
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/firewall.md |
Changed engine from claude to copilot and added features.firewall: true configuration |
.github/workflows/firewall.lock.yml |
Extensive refactoring to replace Claude-specific steps with Copilot-specific steps, including awf binary installation, firewall log parsing, and updated log analysis |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Execute Claude Code CLI with prompt from file | ||
| claude --print --mcp-config /tmp/gh-aw/mcp-config/mcp-servers.json --allowed-tools "ExitPlanMode,Glob,Grep,LS,NotebookRead,Read,Task,TodoWrite,WebFetch,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__get_job_logs,mcp__github__get_label,mcp__github__get_latest_release,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_review_comments,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_release_by_tag,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issue_types,mcp__github__list_issues,mcp__github__list_label,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_releases,mcp__github__list_secret_scanning_alerts,mcp__github__list_starred_repositories,mcp__github__list_sub_issues,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__pull_request_read,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users" --debug --verbose --permission-mode bypassPermissions --output-format stream-json --settings /tmp/gh-aw/.claude/settings.json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" 2>&1 | tee /tmp/gh-aw/agent-stdio.log | ||
| sudo -E awf --env-all \ | ||
| --allow-domains api.enterprise.githubcopilot.com,api.github.com,github.com,raw.githubusercontent.com,registry.npmjs.org \ |
There was a problem hiding this comment.
The hardcoded allow-domains list bypasses the documented network: configuration mechanism. According to the coding guidelines, network permissions should be configured using the top-level network: field in the workflow markdown, which should then generate appropriate enforcement mechanisms. This hardcoded list in the command execution step creates a disconnect between the documented configuration pattern and the actual implementation.
| --allow-domains api.enterprise.githubcopilot.com,api.github.com,github.com,raw.githubusercontent.com,registry.npmjs.org \ |
| sudo -E awf --env-all \ | ||
| --allow-domains api.enterprise.githubcopilot.com,api.github.com,github.com,raw.githubusercontent.com,registry.npmjs.org \ | ||
| --log-level debug \ | ||
| 'npx -y @github/copilot@0.0.350 --add-dir /tmp/gh-aw/ --log-level all --disable-builtin-mcps --allow-tool github --allow-tool web-fetch --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' \ | ||
| 2>&1 | tee /tmp/gh-aw/agent-stdio.log |
There was a problem hiding this comment.
Using sudo -E to preserve environment variables when executing the awf wrapper presents a security risk. This approach elevates privileges for the entire command, including the Copilot CLI execution, which could expose sensitive environment variables (like COPILOT_CLI_TOKEN) to potentially untrusted code. Consider restructuring to run only the necessary components with elevated privileges, or use a dedicated service account with appropriate permissions instead of sudo.
Signed-off-by: Jiaxiao (mossaka) Zhou duibao55328@gmail.com