cloudamqp · Copilot · Sep 9, 2025 · Sep 9, 2025
@@ -0,0 +1,80 @@
+# GitHub Copilot Coding Agent Allowlist
+
+This document outlines the URLs and hosts that should be added to the GitHub Copilot Coding Agent allowlist to prevent firewall blocking issues.
+
+## Required URLs/Hosts
+
+### Ubuntu Package Repositories
+- `esm.ubuntu.com` - Ubuntu Extended Security Maintenance repository
+- `security.ubuntu.com` - Ubuntu security updates
+- `archive.ubuntu.com` - Ubuntu main package repository  
+- `packages.ubuntu.com` - Ubuntu package search
+- `keyserver.ubuntu.com` - Ubuntu keyserver for package verification
+- `ports.ubuntu.com` - Ubuntu ports repository (for non-x86 architectures)
+
+### Node.js and npm Ecosystem
+- `registry.npmjs.org` - npm package registry
+- `npm.nodejs.org` - npm package registry mirror
+- `nodejs.org` - Node.js official website and releases
+- `github.com` - GitHub for package dependencies hosted on GitHub
+- `raw.githubusercontent.com` - GitHub raw content for package files
+- `api.github.com` - GitHub API for package metadata
+
+### Homebrew (macOS/Linux)
+- `formulae.brew.sh` - Homebrew formulae API
+- `github.com/Homebrew` - Homebrew repositories on GitHub
+- `raw.githubusercontent.com/Homebrew` - Homebrew formulae and casks
+- `ghcr.io` - GitHub Container Registry (for Homebrew bottles)
+
+### Docker and Container Registries
+- `docker.io` - Docker Hub registry
+- `registry-1.docker.io` - Docker Hub registry v1
+- `index.docker.io` - Docker Hub index
+- `auth.docker.io` - Docker Hub authentication
+- `production.cloudflare.docker.com` - Docker CDN
+
+### Certificate Authorities and Security
+- `letsencrypt.org` - Let's Encrypt certificate authority
+- `r3.o.lencr.org` - Let's Encrypt OCSP responder
+- `ocsp.int-x3.letsencrypt.org` - Let's Encrypt OCSP responder
+
+### Playwright (Browser Testing)
+- `playwright.azureedge.net` - Playwright browser downloads
+- `github.com/microsoft/playwright` - Playwright repository
+
+### Additional Development Dependencies
+- `cdn.jsdelivr.net` - jsDelivr CDN for packages
+- `unpkg.com` - unpkg CDN for npm packages
+- `esm.sh` - ES modules CDN
+
+## Recommended Wildcard Allowlist Entries
+
+For broader compatibility, these wildcard entries can be added:
+
+- `*.ubuntu.com`
+- `*.npmjs.org`
+- `*.nodejs.org`  
+- `*.github.com`
+- `*.githubusercontent.com`
+- `*.docker.io`
+- `*.docker.com`
+- `*.brew.sh`
+- `*.letsencrypt.org`
+- `*.azureedge.net`
+- `*.jsdelivr.net`
+
+## Configuration Location
+
+To configure these allowlist entries:
+
+1. Go to the repository's Copilot coding agent settings: 
+   `https://github.com/cloudamqp/amqp-client.js/settings/copilot/coding_agent`
+
+2. Add the URLs/hosts to the custom allowlist (admin access required)
+
+## Notes
+
+- The firewall blocking occurs because the Copilot coding agent environment has restricted network access by default
+- The setup steps configuration (`.github/copilot/setup-steps.yml`) should handle most dependencies proactively
+- Some URLs may only be needed during specific operations (testing, building, etc.)
+- Monitor Copilot agent logs for additional blocked URLs that may need to be added
@@ -0,0 +1,59 @@
+# GitHub Copilot Coding Agent Setup Steps
+# This configuration runs before the firewall is enabled to pre-install dependencies
+# that would otherwise be blocked by firewall rules
+
+name: Copilot Coding Agent Setup
+description: Pre-install dependencies and configure environment for Copilot coding agent
+
+steps:
+  - name: Update package lists
+    run: |
+      sudo apt-get update
+
+  - name: Install required system packages
+    run: |
+      sudo apt-get install -y curl wget ca-certificates gnupg lsb-release
+
+  - name: Set up Homebrew
+    uses: Homebrew/actions/setup-homebrew@master
+
+  - name: Install mkcert via Homebrew
+    run: brew install mkcert
+
+  - name: Setup Node.js
+    uses: actions/setup-node@v4
+    with:
+      node-version: '22.x'
+
+  - name: Create certificates directory
+    run: |
+      mkdir -p .etc_rabbitmq
+
+  - name: Create local CA and certificate
+    run: |
+      CAROOT="$(pwd)/.etc_rabbitmq" $(brew --prefix)/bin/mkcert -install
+      $(brew --prefix)/bin/mkcert -key-file ./.etc_rabbitmq/localhost-key.pem -cert-file ./.etc_rabbitmq/localhost.pem localhost
+      chmod +r ./.etc_rabbitmq/localhost-key.pem
+
+  - name: Create RabbitMQ config
+    run: |
+      tee ./.etc_rabbitmq/rabbitmq.conf <<'EOF'
+      loopback_users = none
+      listeners.ssl.default  = 5671
+      ssl_options.cacertfile = /etc/rabbitmq/rootCA.pem
+      ssl_options.certfile   = /etc/rabbitmq/localhost.pem
+      ssl_options.keyfile    = /etc/rabbitmq/localhost-key.pem
+      EOF
+
+  - name: Start Docker Compose
+    run: docker compose up -d
+
+  - name: Install Node.js dependencies
+    run: |
+      npm install
+    env:
+      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
+
+  - name: Install Playwright browsers (for browser testing)
+    run: |
+      npx playwright install --with-deps chromium
@@ -154,3 +154,14 @@ Module comparison
 | ------ | ------------ | --- |
 | amqp-client.js | 0 | 1743 |
 | amqplib | 14 | 6720 (w/o dependencies) |
+
+## Development
+
+### GitHub Copilot Coding Agent Setup
+
+This repository is configured to work with GitHub Copilot Coding Agent. The configuration includes:
+
+- **Setup Steps**: `.github/copilot/setup-steps.yml` - Defines pre-installation steps that run before firewall restrictions are applied
+- **Allowlist**: `.github/copilot/ALLOWLIST.md` - Documents required URLs/hosts for the firewall allowlist
+
+These configurations help prevent network access issues when the Copilot agent runs builds, tests, or installs dependencies.