From 76663d3d1018adc47180cb8d77bf44fb4dca04cd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 1 May 2026 03:25:46 +0000 Subject: [PATCH 1/2] Initial plan From b56fdd545516b5b42955326703c7e6d81afa9ec6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 1 May 2026 03:40:15 +0000 Subject: [PATCH 2/2] fix: update integration tests to use JSON config key format for domain checks The AWF firewall was refactored to embed domain config via --config JSON file instead of --allow-domains/--block-domains CLI flags. Update the integration tests in blocked_domains_integration_test.go and domains_protocol_integration_test.go to check for "allowDomains" and "blockDomains" JSON keys instead of the old CLI flag strings. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/120fec7d-4dbb-4d59-8525-c2bf7c00017f Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../blocked_domains_integration_test.go | 42 +++++++++---------- .../domains_protocol_integration_test.go | 12 +++--- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/pkg/workflow/blocked_domains_integration_test.go b/pkg/workflow/blocked_domains_integration_test.go index befd726f49c..aa6fdd1c210 100644 --- a/pkg/workflow/blocked_domains_integration_test.go +++ b/pkg/workflow/blocked_domains_integration_test.go @@ -65,9 +65,9 @@ Test workflow with blocked domains. lockYAML := string(lockContent) - // Verify --block-domains flag is present - if !strings.Contains(lockYAML, "--block-domains") { - t.Error("Compiled workflow should contain '--block-domains' flag") + // Verify blockDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"blockDomains"`) { + t.Error("Compiled workflow should contain 'blockDomains' key in config JSON") } // Verify blocked domains are in the command @@ -79,9 +79,9 @@ Test workflow with blocked domains. t.Error("Compiled workflow should contain blocked domain 'tracker.example.com'") } - // Verify standard AWF flags are still present - if !strings.Contains(lockYAML, "--allow-domains") { - t.Error("Compiled workflow should still contain '--allow-domains' flag") + // Verify allowDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"allowDomains"`) { + t.Error("Compiled workflow should still contain 'allowDomains' key in config JSON") } if !strings.Contains(lockYAML, "--log-level") { @@ -140,9 +140,9 @@ Test workflow with blocked ecosystem. lockYAML := string(lockContent) - // Verify --block-domains flag is present - if !strings.Contains(lockYAML, "--block-domains") { - t.Error("Compiled workflow should contain '--block-domains' flag") + // Verify blockDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"blockDomains"`) { + t.Error("Compiled workflow should contain 'blockDomains' key in config JSON") } // Verify at least one Python ecosystem domain is blocked @@ -208,14 +208,14 @@ Test workflow without blocked domains. lockYAML := string(lockContent) - // Verify --block-domains flag is NOT present - if strings.Contains(lockYAML, "--block-domains") { - t.Error("Compiled workflow should NOT contain '--block-domains' flag when no domains are blocked") + // Verify blockDomains key is NOT present in the config JSON + if strings.Contains(lockYAML, `"blockDomains"`) { + t.Error("Compiled workflow should NOT contain 'blockDomains' key in config JSON when no domains are blocked") } - // Verify --allow-domains is still present - if !strings.Contains(lockYAML, "--allow-domains") { - t.Error("Compiled workflow should still contain '--allow-domains' flag") + // Verify allowDomains key is still present + if !strings.Contains(lockYAML, `"allowDomains"`) { + t.Error("Compiled workflow should still contain 'allowDomains' key in config JSON") } }) @@ -269,9 +269,9 @@ Test Claude workflow with blocked domains. lockYAML := string(lockContent) - // Verify --block-domains flag is present - if !strings.Contains(lockYAML, "--block-domains") { - t.Error("Compiled Claude workflow should contain '--block-domains' flag") + // Verify blockDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"blockDomains"`) { + t.Error("Compiled Claude workflow should contain 'blockDomains' key in config JSON") } // Verify blocked domain is in the command @@ -330,9 +330,9 @@ Test Codex workflow with blocked domains. lockYAML := string(lockContent) - // Verify --block-domains flag is present - if !strings.Contains(lockYAML, "--block-domains") { - t.Error("Compiled Codex workflow should contain '--block-domains' flag") + // Verify blockDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"blockDomains"`) { + t.Error("Compiled Codex workflow should contain 'blockDomains' key in config JSON") } // Verify blocked domain is in the command diff --git a/pkg/workflow/domains_protocol_integration_test.go b/pkg/workflow/domains_protocol_integration_test.go index 80777500b90..101b83a4d11 100644 --- a/pkg/workflow/domains_protocol_integration_test.go +++ b/pkg/workflow/domains_protocol_integration_test.go @@ -136,10 +136,10 @@ Test protocol-specific domains in safe-outputs. } } - // If checking AWF args, verify --allow-domains flag is present + // If checking AWF args, verify allowDomains key is present in the config JSON if tt.checkAWFArgs { - if !strings.Contains(lockYAML, "--allow-domains") { - t.Error("Expected --allow-domains flag in compiled workflow") + if !strings.Contains(lockYAML, `"allowDomains"`) { + t.Error("Expected 'allowDomains' key in config JSON of compiled workflow") } } @@ -301,8 +301,8 @@ Test backward compatibility with domains without protocols. } } - // Verify --allow-domains flag is present - if !strings.Contains(lockYAML, "--allow-domains") { - t.Error("Expected --allow-domains flag in compiled workflow") + // Verify allowDomains key is present in the config JSON + if !strings.Contains(lockYAML, `"allowDomains"`) { + t.Error("Expected 'allowDomains' key in config JSON of compiled workflow") } }