| description | Network access configuration reference for gh-aw workflows — valid ecosystem identifiers, domain patterns, and common mistakes to avoid. |
|---|
Use the network frontmatter field to control which domains an AI engine can reach during a workflow run. All traffic is enforced by the Agent Workflow Firewall (AWF).
# Shorthand — use default infrastructure domains only
network: defaults
# Custom — allow defaults plus package registries for a Node.js project
network:
allowed:
- defaults
- node
# Custom — allow specific external APIs
network:
allowed:
- defaults
- api.example.com
- "*.trusted-partner.com"
# No network access
network:
allowed: []Each entry in network.allowed must be one of:
| Type | Examples | Notes |
|---|---|---|
| Ecosystem identifier | defaults, node, python |
Expands to a curated list of domains for that runtime/tool |
| Exact domain | api.example.com, registry.npmjs.org |
Must be a fully-qualified domain name (FQDN) |
| Wildcard subdomain | *.example.com |
Matches sub.example.com, deep.nested.example.com, and example.com itself |
⚠️ Bare shorthands likenpm,pypi, orlocalhostare NOT valid unless they are listed in the ecosystem identifiers table below. Use ecosystem identifiers (node,python) or explicit FQDNs (registry.npmjs.org,pypi.org) instead.
These keywords expand to curated lists of domains maintained by gh-aw:
| Identifier | Runtime / Tool | Key Domains Enabled |
|---|---|---|
defaults |
Basic infrastructure | Certificate authorities, Ubuntu package verification, JSON schema |
github |
GitHub domains | *.githubusercontent.com, codeload.github.com, docs.github.com |
github-actions |
GitHub Actions artifacts | Azure Blob storage for action caches and artifacts |
node |
npm / yarn / pnpm | registry.npmjs.org, npmjs.com, yarnpkg.com |
python |
pip / PyPI / conda | pypi.org, files.pythonhosted.org, pip.pypa.io |
go |
Go modules | proxy.golang.org, sum.golang.org, go.dev |
dotnet |
NuGet / .NET | api.nuget.org, nuget.org, dotnet.microsoft.com |
java |
Maven / Gradle | repo1.maven.org, plugins.gradle.org, jdk.java.net |
ruby |
Bundler / RubyGems | rubygems.org, api.rubygems.org |
rust |
Cargo | crates.io, index.crates.io, static.crates.io, sh.rustup.rs |
swift |
Swift Package Manager | swift.org, cocoapods.org |
php |
Composer / Packagist | packagist.org, repo.packagist.org, getcomposer.org |
dart |
pub.dev | pub.dev, pub.dartlang.org |
haskell |
Hackage / GHCup | *.hackage.haskell.org, get-ghcup.haskell.org |
perl |
CPAN | cpan.org, metacpan.org |
containers |
Docker / GHCR | ghcr.io, registry.hub.docker.com, *.docker.io |
playwright |
Playwright browsers | playwright.download.prss.microsoft.com, cdn.playwright.dev |
linux-distros |
apt / yum / apk | deb.debian.org, security.debian.org, Ubuntu/Alpine mirrors |
terraform |
HashiCorp | releases.hashicorp.com, registry.terraform.io |
local |
Loopback addresses | 127.0.0.1, ::1, localhost |
bazel |
Bazel build | releases.bazel.build, bcr.bazel.build |
clojure |
Clojure / Clojars | clojars.org, repo.clojars.org |
deno |
Deno / JSR | deno.land, jsr.io |
elixir |
Hex.pm | hex.pm, repo.hex.pm |
fonts |
Google Fonts | fonts.googleapis.com, fonts.gstatic.com |
julia |
Julia packages | pkg.julialang.org, julialang.org |
kotlin |
Kotlin / JetBrains | packages.jetbrains.team |
lua |
LuaRocks | luarocks.org |
node-cdns |
JS CDNs | cdn.jsdelivr.net, code.jquery.com, unpkg.com |
ocaml |
OPAM | opam.ocaml.org, ocaml.org |
powershell |
PowerShell Gallery | powershellgallery.com |
r |
CRAN | cran.r-project.org, cloud.r-project.org |
scala |
sbt / Scala | repo.scala-sbt.org, repo1.maven.org |
zig |
Zig packages | ziglang.org |
dev-tools |
CI/CD tools | Renovate, Codecov, shields.io, and other dev tooling |
chrome |
Chrome / Chromium | *.googleapis.com, *.gvt1.com |
These values look like they might work but are not valid ecosystem identifiers and will be passed through as literal domain names (and will almost certainly not match any real host):
| Invalid value | What you probably meant | Correct value |
|---|---|---|
npm |
npm registry | node |
pypi |
Python Package Index | python |
pip |
pip package manager | python |
cargo |
Rust crate registry | rust |
gem or gems |
RubyGems | ruby |
nuget |
NuGet package registry | dotnet |
maven |
Maven Central | java |
gradle |
Gradle plugins | java |
composer |
PHP Composer | php |
docker |
Docker Hub / GHCR | containers |
localhost |
Loopback interface | local |
- Wildcard
*requires a dot prefix:*.example.comis valid; bare*is blocked (and rejected outright in strict mode). - Protocol prefix is not supported:
https://api.example.comis not a valid entry — omit the scheme and writeapi.example.com. - Subdomains must be explicit:
github.comdoes not coverapi.github.com; use*.github.comor add both entries.
When a workflow builds, tests, or installs packages, always add the matching ecosystem alongside defaults:
| File indicators | Ecosystem to add | Enables |
|---|---|---|
package.json, yarn.lock, pnpm-lock.yaml, .nvmrc |
node |
registry.npmjs.org |
requirements.txt, pyproject.toml, uv.lock, Pipfile |
python |
pypi.org, files.pythonhosted.org |
go.mod, go.sum |
go |
proxy.golang.org, sum.golang.org |
*.csproj, *.sln, *.slnx |
dotnet |
api.nuget.org |
pom.xml, build.gradle |
java |
repo1.maven.org |
Gemfile, *.gemspec |
ruby |
rubygems.org |
Cargo.toml |
rust |
crates.io |
Package.swift |
swift |
swift.org |
composer.json |
php |
packagist.org |
pubspec.yaml |
dart |
pub.dev |
⚠️ network: defaultsalone is never sufficient for code workflows —defaultscovers basic infrastructure (certificate authorities, Ubuntu verification) but cannot reach package registries. Always add the language ecosystem identifier.
network:
allowed:
- defaults
- githubnetwork:
allowed:
- defaults
- nodenetwork:
allowed:
- defaults
- node
- pythonnetwork:
allowed:
- defaults
- api.myservice.com
- "*.myservice.com"network:
allowed: []