[observability] Observability Coverage Report - 2026-06-08

[github-actions[bot]]

Executive Summary

I reviewed 2 representative recent runs that exercise the observability stack. Both sampled runs have the firewall enabled, and both are missing the Squid access.log artifact, which blocks network-debugging for AWF firewall investigations.

MCP telemetry is present and usable in both runs via the canonical fallback: mcp-logs/rpc-messages.jsonl. Neither run has gateway.jsonl, but that is not critical because the raw RPC log exists and is well-formed.

Key Alerts and Anomalies

Caution

Critical issue: access.log is missing from both sampled firewall-enabled runs.

Note

No critical MCP issue detected. rpc-messages.jsonl is present in both runs, so MCP telemetry is available even though gateway.jsonl is absent.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	2	0	0%	🔴
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	2	2	100%	✅

Detailed Run Analysis

Firewall-Enabled Runs

Workflow	Run ID	access.log	Entries	Allowed	Blocked	Status
Daily Firewall Logs Collector and Reporter	27081411151	❌	0	0	0	🔴
Design Decision Gate 🏗️	27108743281	❌	0	0	0	🔴

Missing Firewall Logs (access.log)

Workflow	Run ID	Date	Link
Daily Firewall Logs Collector and Reporter	27081411151	2026-06-07	§27081411151
Design Decision Gate 🏗️	27108743281	2026-06-08	§27108743281

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Entries	Servers	Tool Calls	Errors	Status
Daily Firewall Logs Collector and Reporter	27081411151	rpc-messages.jsonl	6	2	1	0	✅
Design Decision Gate 🏗️	27108743281	rpc-messages.jsonl	4	2	1	0	✅

Telemetry Quality Analysis

Firewall Log Quality

• Total access.log entries analyzed: 0
• Blocked requests: 0
• Allowed requests: 0
• Result: unavailable for debugging because the file is missing

MCP Gateway Quality

• Telemetry source: rpc-messages.jsonl
• Total entries analyzed: 10
• MCP servers used: agenticworkflows, safeoutputs
• Total tool calls: 2
• Error rate: 0%
• Average response time: N/A from raw RPC log pairing in this sample

Healthy Runs Summary

• Both sampled runs have usable MCP telemetry.
• Both sampled runs are missing the firewall artifact required for network triage.

Recommended Actions

1. Restore access.log export for firewall-enabled workflows and verify the artifact path is created on every run.
2. Add a post-run guard that fails or warns when firewall is enabled but access.log is absent.
3. Keep rpc-messages.jsonl as the MCP fallback and add gateway.jsonl only if the gateway exporter becomes available.

References:

• §27081411151
• §27108743281

Analysis window: last 7 days | Runs analyzed: 2

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

[!TIP]
api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · 130 AIC · ⌖ 9.83 AIC · ⊞ 14.5K · ◷

• expires on Jun 8, 2026, 4:15 PM UTC-08:00

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-06-09T00:15:33.900Z.

Closed by Workflow