awf-skill
AWF (Agentic Workflow Firewall) Usage Skill
Use this skill when you need to run commands with network isolation, restrict network access to approved domains, or execute AI agents in a sandboxed environment with controlled network access.
What is AWF?
AWF is a network firewall for agentic workflows that provides:
- L7 Domain Whitelisting: Control HTTP/HTTPS traffic at the application layer
- Host-Level Enforcement: Uses iptables DOCKER-USER chain to enforce firewall on ALL containers
- Chroot Mode: Optional transparent access to host binaries (Python, Node.js, Go) while maintaining network isolation
When to Use AWF
Use AWF when:
- Running AI agents (Copilot CLI, Claude, etc.) that need network access but should be restricted
- Testing code that makes network requests in a controlled environment
- Enforcing network security policies for automated workflows
- Running untrusted commands with limited network access
More from github/gh-aw-firewall
awf-debug-tools
Practical Python scripts for debugging awf - parse logs, diagnose issues, inspect containers, test domains
5debug-firewall
Debug the AWF firewall by inspecting Docker containers (awf-squid, awf-agent), analyzing Squid access logs, checking iptables rules, and troubleshooting blocked domains or network issues.
4debugging-workflows
Debug GitHub Actions workflows by downloading logs, analyzing summaries, and understanding how agentic workflows and the AWF firewall work together.
4recompile-workflows
Regenerate and post-process all agentic workflows. Use when gh-aw is updated, workflow .md files change, or when asked to recompile/regenerate workflows.
4