feat: default to strict security mode, stop injecting sudo and --enable-host-access#45360
feat: default to strict security mode, stop injecting sudo and --enable-host-access#45360lpcox wants to merge 6 commits into
Conversation
- Change AWFDefaultCommand from 'sudo -E awf' to 'awf' (strict mode) - Add AWFLegacySecurityCommand for explicit legacy mode opt-in - Add LegacySecurity field to AgentSandboxConfig (frontmatter: legacy-security: enable) - GetAWFCommandPrefix() returns 'awf' by default, 'sudo -E awf' only for legacy - BuildAWFArgs() only emits --legacy-security, --enable-host-access, --allow-host-ports when LegacySecurity is true - Bump DefaultFirewallVersion to v0.27.32 (requires --legacy-security flag) - Update all test assertions for new default behavior - Update golden files for strict-mode output Note: Container pin tests will fail until 'make build && make recompile && make recompile' is run with registry access to resolve v0.27.32 SHA digests. Closes #45344 Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8dcc99fc-3d0e-40c5-8b75-bc43d9bf5dee
There was a problem hiding this comment.
Pull request overview
Updates the compiler for AWF v0.27.32’s strict-security default and introduces legacy-security opt-in behavior.
Changes:
- Removes sudo and host-access flags from default AWF execution.
- Adds
legacy-security: enablehandling and legacy command arguments. - Bumps AWF to v0.27.32 and refreshes tests/golden outputs.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden |
Updates AWF fixture version. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden |
Updates AWF fixture version. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden |
Updates AWF fixture version. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden |
Updates AWF fixture version. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden |
Updates Pi AWF output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden |
Updates Gemini AWF output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden |
Updates Copilot AWF output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden |
Updates Codex AWF output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden |
Updates Claude AWF output. |
pkg/workflow/sandbox.go |
Adds legacy-security state. |
pkg/workflow/sandbox_mounts_test.go |
Updates AWF command assertions. |
pkg/workflow/gh_cli_mount_test.go |
Updates AWF command assertions. |
pkg/workflow/frontmatter_extraction_security.go |
Extracts legacy-security configuration. |
pkg/workflow/firewall_workflow_test.go |
Updates firewall command assertion. |
pkg/workflow/firewall_args_test.go |
Updates firewall argument assertions. |
pkg/workflow/compiled_lock_files_test.go |
Updates compiled-command assertion. |
pkg/workflow/claude_engine_network_test.go |
Updates Claude network assertions. |
pkg/workflow/awf_helpers.go |
Implements strict and legacy command behavior. |
pkg/workflow/awf_helpers_test.go |
Tests strict and legacy behavior. |
pkg/workflow/awf_config.go |
Documents unconditional API proxy behavior. |
pkg/workflow/awf_config_test.go |
Updates generated-command assertions. |
pkg/workflow/agentic_output_test.go |
Updates AWF wrapper assertions. |
pkg/constants/version_constants.go |
Bumps AWF and adds compatibility boundary. |
pkg/constants/spec_test.go |
Updates documented default-command test. |
pkg/constants/constants.go |
Defines strict and legacy commands. |
pkg/constants/constants_test.go |
Updates constant expectations. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 26/26 changed files
- Comments generated: 3
- Review effort level: Medium
1. Schema: Add legacy-security field (enum: ['enable']) to sandbox.agent object in main_workflow_schema.json so frontmatter passes validation. 2. Service ports: Gate --allow-host-service-ports on LegacySecurity mode. Strict mode no longer emits host-access flags for service ports. 3. Version guard: Only emit --legacy-security flag when AWF version >= v0.27.32. Older AWF versions default to legacy mode and don't recognize the flag. --enable-host-access is still emitted for backward compat with older AWF. 4. Tests: Full-compilation tests validating legacy-security: enable passes schema validation and produces expected output. Unit tests for version guard and service port gating. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8dcc99fc-3d0e-40c5-8b75-bc43d9bf5dee
|
Run: https://github.com/github/gh-aw/actions/runs/29303664684
|
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Addressed in Local checks rerun:
I also recompiled |
|
@copilot revert all .lock.yml updates to main |
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Addressed in I reverted the incidental |
|
|
No additional code changes were needed; the unresolved review items are already addressed on this branch in Reran local validation:
Branch is already up to date with |
| strict: true | ||
| sandbox: | ||
| agent: | ||
| legacy-security: enable |
Summary
Implements the compiler-side changes for the strict security mode migration. The AWF firewall CLI (v0.27.32) now defaults to strict mode and this PR updates the compiler to match.
Changes
AWFDefaultCommandchanged fromsudo -E awftoawfAWFLegacySecurityCommand = "sudo -E awf"for workflows that explicitly need legacy modelegacy-security: enablein workflow frontmatter opts into legacy behavior--legacy-security,--enable-host-access,--allow-host-portswhenLegacySecurityis trueDefaultFirewallVersion→ v0.27.32 (the first release with--legacy-securityflag)Companion PR
--security-modeto--legacy-security, deprecates--enable-api-proxy)Migration
Existing workflows continue to work unchanged (strict mode is the secure default). Workflows that need legacy behavior must add
legacy-security: enableto their frontmatter.Note on CI
Container pin tests (
TestApplyContainerPins_DefaultFirewallVersion, etc.) will fail untilmake build && make recompile && make recompileis run with registry access to resolve v0.27.32 SHA digests. Lock files also need regeneration.Closes #45344