diff --git a/src/types/api-proxy-options.ts b/src/types/api-proxy-options.ts
index 9a36b53e2..c87d02ac3 100644
--- a/src/types/api-proxy-options.ts
+++ b/src/types/api-proxy-options.ts
@@ -524,78 +524,4 @@ export interface ApiProxyOptions {
    */
   anthropicCacheTailTtl?: '5m' | '1h';
 
-  /**
-   * Enable CLI proxy sidecar for secure gh CLI access
-   *
-   * When true, deploys a CLI proxy sidecar container that:
-   * - Routes gh CLI invocations through an external DIFC proxy (mcpg)
-   * - The DIFC proxy enforces guard policies (min-integrity, repo restrictions)
-   * - Generates audit logs via mcpg's JSONL output
-   *
-   * The agent container gets a /usr/local/bin/gh wrapper script that
-   * forwards invocations to the CLI proxy sidecar at http://172.30.0.50:11000.
-   *
-   * The DIFC proxy (mcpg) is started externally by the gh-aw compiler on the
-   * host. AWF only launches the cli-proxy container and connects it to the
-   * external DIFC proxy via a TCP tunnel for TLS hostname matching.
-   *
-   * @example 'host.docker.internal:18443'
-   */
-  difcProxyHost?: string;
-
-  /**
-   * Path to the TLS CA certificate written by the external DIFC proxy.
-   *
-   * The DIFC proxy generates a self-signed TLS cert. This path points to
-   * the CA cert on the host filesystem, which is bind-mounted into the
-   * cli-proxy container for TLS verification.
-   *
-   * @example '/tmp/gh-aw/difc-proxy-tls/ca.crt'
-   */
-  difcProxyCaCert?: string;
-
-  /**
-   * GitHub token for the CLI proxy sidecar
-   *
-   * When difcProxyHost is set, GitHub tokens are excluded from the agent
-   * container environment. The token is held by the external DIFC proxy.
-   *
-   * Read from GITHUB_TOKEN environment variable when not specified.
-   *
-   * @default undefined
-   */
-  githubToken?: string;
-
-  /**
-   * Docker host (socket) to use for AWF's own container operations
-   *
-   * When set, overrides the `DOCKER_HOST` environment variable for all
-   * docker CLI calls made by AWF itself (compose up/down, docker wait, etc.).
-   *
-   * Use this when you need to point AWF at a specific local Unix socket that
-   * is not the system default (`/var/run/docker.sock`).
-   *
-   * When not set, AWF auto-detects the Docker host:
-   * - If `DOCKER_HOST` is a Unix socket, it is used as-is.
-   * - If `DOCKER_HOST` is a TCP address (e.g. a Docker-in-Docker (DinD) daemon),
-   *   AWF clears it and falls back to the system default socket.
-   *
-   * The original `DOCKER_HOST` value (if any) is always forwarded into the
-   * agent container so the agent workload can still reach the DinD daemon.
-   *
-   * @example 'unix:///var/run/docker.sock'
-   * @example 'unix:///run/user/1000/docker.sock'
-   */
-  awfDockerHost?: string;
-
-  /**
-   * Prefix runner-visible bind-mount source paths for Docker daemon resolution
-   *
-   * Use this when the Docker daemon runs in a different filesystem namespace
-   * than the AWF process (for example, ARC + DinD sidecar setups). AWF will
-   * prepend this prefix to bind-mount source paths before generating compose.
-   *
-   * @example '/host'
-   */
-  dockerHostPathPrefix?: string;
 }
diff --git a/src/types/cli-proxy-options.ts b/src/types/cli-proxy-options.ts
new file mode 100644
index 000000000..ca324e00d
--- /dev/null
+++ b/src/types/cli-proxy-options.ts
@@ -0,0 +1,47 @@
+/**
+ * CLI proxy sidecar configuration options.
+ */
+
+export interface CliProxyOptions {
+  /**
+   * Enable CLI proxy sidecar for secure gh CLI access
+   *
+   * When set, deploys a CLI proxy sidecar container that:
+   * - Routes gh CLI invocations through an external DIFC proxy (mcpg)
+   * - The DIFC proxy enforces guard policies (min-integrity, repo restrictions)
+   * - Generates audit logs via mcpg's JSONL output
+   *
+   * The agent container gets a /usr/local/bin/gh wrapper script that
+   * forwards invocations to the CLI proxy sidecar at http://172.30.0.50:11000.
+   *
+   * The DIFC proxy (mcpg) is started externally by the gh-aw compiler on the
+   * host. AWF only launches the cli-proxy container and connects it to the
+   * external DIFC proxy via a TCP tunnel for TLS hostname matching.
+   *
+   * @example 'host.docker.internal:18443'
+   */
+  difcProxyHost?: string;
+
+  /**
+   * Path to the TLS CA certificate written by the external DIFC proxy.
+   *
+   * The DIFC proxy generates a self-signed TLS cert. This path points to
+   * the CA cert on the host filesystem, which is bind-mounted into the
+   * cli-proxy container for TLS verification.
+   *
+   * @example '/tmp/gh-aw/difc-proxy-tls/ca.crt'
+   */
+  difcProxyCaCert?: string;
+
+  /**
+   * GitHub token for the CLI proxy sidecar
+   *
+   * When difcProxyHost is set, GitHub tokens are excluded from the agent
+   * container environment. The token is held by the external DIFC proxy.
+   *
+   * Read from GITHUB_TOKEN environment variable when not specified.
+   *
+   * @default undefined
+   */
+  githubToken?: string;
+}
diff --git a/src/types/container-image-options.ts b/src/types/container-image-options.ts
index c6904de0f..15dc13106 100644
--- a/src/types/container-image-options.ts
+++ b/src/types/container-image-options.ts
@@ -64,4 +64,37 @@ export interface ContainerImageOptions {
    * @example 'ghcr.io/catthehacker/ubuntu:runner-22.04'
    */
   agentImage?: 'default' | 'act' | string;
+
+  /**
+   * Docker host (socket) to use for AWF's own container operations
+   *
+   * When set, overrides the `DOCKER_HOST` environment variable for all
+   * docker CLI calls made by AWF itself (compose up/down, docker wait, etc.).
+   *
+   * Use this when you need to point AWF at a specific local Unix socket that
+   * is not the system default (`/var/run/docker.sock`).
+   *
+   * When not set, AWF auto-detects the Docker host:
+   * - If `DOCKER_HOST` is a Unix socket, it is used as-is.
+   * - If `DOCKER_HOST` is a TCP address (e.g. a Docker-in-Docker (DinD) daemon),
+   *   AWF clears it and falls back to the system default socket.
+   *
+   * The original `DOCKER_HOST` value (if any) is forwarded into the agent container
+   * by default so the agent workload can still reach an external DinD daemon, but it may be
+   * overridden (e.g. in DinD mode when `awfDockerHost` is set to a unix:// socket).
+   * @example 'unix:///var/run/docker.sock'
+   * @example 'unix:///run/user/1000/docker.sock'
+   */
+  awfDockerHost?: string;
+
+  /**
+   * Prefix runner-visible bind-mount source paths for Docker daemon resolution
+   *
+   * Use this when the Docker daemon runs in a different filesystem namespace
+   * than the AWF process (for example, ARC + DinD sidecar setups). AWF will
+   * prepend this prefix to bind-mount source paths before generating compose.
+   *
+   * @example '/host'
+   */
+  dockerHostPathPrefix?: string;
 }
diff --git a/src/types/wrapper-config.ts b/src/types/wrapper-config.ts
index de0383329..565384337 100644
--- a/src/types/wrapper-config.ts
+++ b/src/types/wrapper-config.ts
@@ -10,6 +10,7 @@ import type { NetworkOptions } from './network-options';
 import type { VolumeOptions } from './volume-options';
 import type { SecurityOptions } from './security-options';
 import type { ApiProxyOptions } from './api-proxy-options';
+import type { CliProxyOptions } from './cli-proxy-options';
 import type { RateLimitOptions } from './rate-limit-options';
 import type { RuntimeOptions } from './runtime-options';
 
@@ -19,5 +20,6 @@ export type WrapperConfig =
   & VolumeOptions
   & SecurityOptions
   & ApiProxyOptions
+  & CliProxyOptions
   & RateLimitOptions
   & RuntimeOptions;