Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: github/gh-aw-firewall
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.16.3
Choose a base ref
...
head repository: github/gh-aw-firewall
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.16.4
Choose a head ref
  • 3 commits
  • 8 files changed
  • 4 contributors

Commits on Feb 13, 2026

  1. test: fix exit code validation in test runner fixture (#792) 

    * Initial plan

* feat: add rust one-shot-token library implementation

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* docs: update README for rust implementation

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* feat: update Dockerfile and entrypoint for rust build

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* Initial plan

* fix: correct success field calculation in test runner

- Normalize exitCode before evaluating success condition
- Previously compared original result.exitCode (possibly undefined) to 0
- Now normalizes to 0 first, then uses normalized value for success check
- Fixes issue where exit code 0 was incorrectly marked as failure

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

---------

Co-authored-by: anthropic-code-agent[bot] <242468646+Claude@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: Jiaxiao (mossaka) Zhou <duibao55328@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @Claude @lpcox
    @Mossaka @claude
    4 people authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    450cde7 View commit details
    Browse the repository at this point in the history

  2. fix: unset sensitive tokens from entrypoint environ after agent starts ( 

    #809)

* Initial plan

* fix: unset sensitive tokens from entrypoint environ after agent starts

The entrypoint (PID 1) now unsets all sensitive tokens from its own
environment after starting the agent command. This prevents tokens
from being accessible via /proc/1/environ after the agent has
initialized.

Changes:
- Added unset_sensitive_tokens() function to entrypoint.sh
- Modified both chroot and non-chroot execution paths to:
  1. Start agent command in background (not using exec)
  2. Wait 5 seconds for agent to cache tokens via one-shot-token lib
  3. Unset all sensitive tokens from parent shell
  4. Wait for agent to complete and exit with its exit code
- Updated one-shot-token library to include GITHUB_PERSONAL_ACCESS_TOKEN
  and CLAUDE_CODE_OAUTH_TOKEN in default token list
- Added test script to verify tokens are cleared from /proc/1/environ

Security impact: Closes vulnerability where tokens remained accessible
in /proc/1/environ even after agent cached them via one-shot-token
library.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* docs: add documentation for token unsetting security fix

Added comprehensive documentation explaining the security fix that
prevents tokens from being accessible via /proc/1/environ after the
agent has started.

Also added integration tests to verify the fix works correctly.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* fix: redirect unset_sensitive_tokens echo to stderr

Diagnostic messages from unset_sensitive_tokens() were going to stdout,
polluting agent command output and breaking tests that use
getLastLine(result.stdout) to extract command results.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add signal handlers to forward SIGTERM/SIGINT to agent process

Addresses Security Guard review: when running the agent in the
background, SIGTERM/SIGINT from Docker stop were not being forwarded
to the child process. This adds trap handlers in both chroot and
non-chroot code paths to ensure graceful shutdown during the token
unsetting window.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: anthropic-code-agent[bot] <242468646+Claude@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: Jiaxiao (mossaka) Zhou <duibao55328@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @Claude @lpcox
    @Mossaka @claude
    4 people authored Feb 13, 2026
    Configuration menu
    Copy the full SHA
    9582c57 View commit details
    Browse the repository at this point in the history

  3. 0.16.4

    @Mossaka
    Mossaka committed Feb 13, 2026
    Configuration menu
    Copy the full SHA
    77344b2 View commit details
    Browse the repository at this point in the history
Loading