Description
The network documentation (docs/src/content/docs/reference/network.md) mentions the log-level field but does NOT document the SSL-bump feature and related configuration options.
Current Documentation Coverage
- ✅
network.firewall (boolean and object form)
- ✅
network.firewall.log-level (enum values documented, lines 243-262)
- ✅
network.firewall.version (implied by examples)
- ❌
network.firewall.ssl-bump (NOT documented)
- ❌
network.firewall.allow-urls (NOT documented)
Missing Feature
The firewall supports SSL bump for HTTPS inspection:
ssl-bump: Enable SSL interception for HTTPS URL filteringallow-urls: URL patterns to allow when SSL bump is enabled
This feature exists in the schema and code but is not documented.
Suggested Changes
Add to docs/src/content/docs/reference/network.md after the log-level section (after line 262):
### SSL Bump for HTTPS Inspection
Enable SSL bump to allow the firewall to inspect HTTPS traffic and filter by URL path:
```yaml
network:
firewall:
ssl-bump: true
allow-urls:
- "https://github.com/githubnext/*"
- "https://api.github.com/repos/*/issues"
allowed:
- defaultsNote: SSL bump requires the AWF firewall and enables deep packet inspection of HTTPS traffic. Use allow-urls to specify URL patterns that should be permitted through the firewall.
Security Considerations:
- SSL bump intercepts and decrypts HTTPS traffic for inspection
- Only enable when URL-level filtering is necessary
- Use
allow-urls patterns carefully to avoid breaking legitimate HTTPS connections
## Files Affected
- `docs/src/content/docs/reference/network.md` (add SSL-bump section)
## Success Criteria
- [ ] SSL-bump feature documented with examples
- [ ] `allow-urls` parameter explained with URL pattern examples
- [ ] Security considerations noted (HTTPS interception)
- [ ] Documentation consistent with other firewall features
## Dependencies
This documentation complements #aw_firewall_extraction (fix extraction bug). Once that bug is fixed, users can actually use this documented feature.
## Source
Extracted from [Schema Consistency Analysis discussion #13862](https://github.com/github/gh-aw/discussions/13862)
## Priority
**Medium** - Documentation gap for existing feature. Should be documented once extraction bug (#aw_firewall_extraction) is fixed.
<!-- gh-aw-tracker-id: discussion-task-miner -->
> AI generated by [Discussion Task Miner - Code Quality Improvement Agent](https://github.com/github/gh-aw/actions/runs/21739679187)
> - [x] expires <!-- gh-aw-expires: 2026-02-07T05:23:42.145Z --> on Feb 7, 2026, 5:23 AM UTC
<!-- gh-aw-agentic-workflow: Discussion Task Miner - Code Quality Improvement Agent, gh-aw-tracker-id: discussion-task-miner, engine: copilot, run: https://github.com/github/gh-aw/actions/runs/21739679187 -->
<!-- gh-aw-workflow-id: discussion-task-miner -->
Description
The network documentation (
docs/src/content/docs/reference/network.md) mentions thelog-levelfield but does NOT document the SSL-bump feature and related configuration options.Current Documentation Coverage
network.firewall(boolean and object form)network.firewall.log-level(enum values documented, lines 243-262)network.firewall.version(implied by examples)network.firewall.ssl-bump(NOT documented)network.firewall.allow-urls(NOT documented)Missing Feature
The firewall supports SSL bump for HTTPS inspection:
ssl-bump: Enable SSL interception for HTTPS URL filteringallow-urls: URL patterns to allow when SSL bump is enabledThis feature exists in the schema and code but is not documented.
Suggested Changes
Add to
docs/src/content/docs/reference/network.mdafter the log-level section (after line 262):Note: SSL bump requires the AWF firewall and enables deep packet inspection of HTTPS traffic. Use
allow-urlsto specify URL patterns that should be permitted through the firewall.Security Considerations:
allow-urlspatterns carefully to avoid breaking legitimate HTTPS connections