feat: security improvements from threat model review

[Copilot]

Implements medium-priority security enhancements from threat model review (#306): configurable memory limits, hardened seccomp profile, and automated firewall escape tests.

Changes

Configurable Memory Limit (#310)

• Add --memory-limit CLI flag (default: 2g, previously hardcoded 4g)
• Validation accepts formats like 512m, 1g, 4g with 64MB minimum

# Conservative limit for untrusted code
sudo awf --memory-limit 1g --allow-domains github.com -- npm install

# Larger limit for AI workloads
sudo awf --memory-limit 8g --allow-domains api.openai.com -- copilot --prompt "..."

Hardened Seccomp Profile (#311)

• Switch from allow-by-default to deny-by-default (SCMP_ACT_ERRNO)
• Allowlist ~300 syscalls required for normal operations (bash, curl, git, node)
• Explicit deny list extended with additional dangerous syscalls (bpf, setns, fanotify_init, etc.)

Automated Firewall Escape Tests (#309)

• New workflow .github/workflows/firewall-escape-test.yml
• Extended network-security.test.ts with:
  • Container escape prevention (ptrace, mount blocked by seccomp)
  • Raw socket prevention (ping blocked, NET_RAW dropped)
  • DNS exfiltration prevention (untrusted DNS servers blocked)

Deferred

• [plan] implement dns-over-https support #307 (DNS-over-HTTPS) and [plan] add content inspection for sensitive data patterns #308 (DLP content inspection) require container image changes and are tracked separately.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] security improvements from threat model review</issue_title>
<issue_description>## Overview

This tracking issue covers security enhancements identified in the comprehensive threat model and security review.

Source: Discussion #302

Security Posture

Current rating: 🟢 STRONG (9/10) - No critical vulnerabilities identified.

This plan addresses recommendations to further harden the system against sophisticated attacks through defense-in-depth improvements.

Planned Security Enhancements

High Priority

1. [plan] implement dns-over-https support #307 - Implement DNS-over-HTTPS support
2. [plan] add content inspection for sensitive data patterns #308 - Add content inspection for sensitive data patterns

Medium Priority

3. [plan] add automated firewall escape tests #309 - Add automated firewall escape tests
4. [plan] reduce default memory limit with configurable override #310 - Reduce default memory limit with configurable override
5. [plan] harden seccomp profile with deny-by-default approach #311 - Harden seccomp profile with deny-by-default approach

Success Criteria

• All high-priority security enhancements implemented
• Automated testing validates firewall cannot be bypassed
• Resource limits prevent DoS in shared environments
• Seccomp profile follows principle of least privilege</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] security improvements from threat model review #306

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric	Base	PR	Delta
Lines	77.88%	77.86%	📉 -0.02%
Statements	77.94%	77.92%	📉 -0.02%
Functions	77.29%	77.41%	📈 +0.12%
Branches	71.00%	70.90%	📉 -0.10%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/cli.ts	35.5% → 39.4% (+3.82%)	35.5% → 39.4% (+3.82%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts