[observability] Observability Coverage Report - 2026-06-14

[github-actions[bot]]

Executive Summary

Scanned a capped sample of 20 runs from the last 7 days. 17 runs were observability-healthy: each had sandbox/firewall/logs/access.log and MCP telemetry in mcp-logs/rpc-messages.jsonl. 3 repeated PR Sous Chef failures were missing both the firewall log and any MCP telemetry.

Key Alerts and Anomalies

Caution

Critical gaps:

• PR Sous Chef §27480956494, §27480194978, and §27479325900 are firewall-enabled in aw_info.json but have no sandbox/firewall/ directory, so access.log is absent.
• Those same runs also have no mcp-logs/, so neither gateway.jsonl nor rpc-messages.jsonl exists.

Warning

gateway.jsonl was absent from every MCP-enabled run in this sample; telemetry is coming entirely from the raw rpc-messages.jsonl fallback.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	20	17	85%	[!WARNING]
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	20	17	85%	[!WARNING]

Detailed Run Analysis

Missing Firewall Logs (access.log)

Workflow	Run ID	Link
PR Sous Chef	27480956494	§27480956494
PR Sous Chef	27480194978	§27480194978
PR Sous Chef	27479325900	§27479325900

Healthy Observability Sample

• Firewall log quality: Smoke Codex had 149 Squid lines with both allow and deny traffic visible (52 TCP_TUNNEL and 30 TCP_DENIED).
• MCP telemetry quality: Smoke Codex had 20 JSONL records, 8 tool calls, 2 servers, and 0 errors in rpc-messages.jsonl.
• Across the healthy sampled runs, telemetry was present only through rpc-messages.jsonl; gateway.jsonl did not appear.

Recommended Actions

1. Make sure early-failing firewall-enabled jobs still emit sandbox/firewall/logs/access.log.
2. Restore or add gateway.jsonl emission so MCP telemetry is available in the preferred structured format.
3. Keep rpc-messages.jsonl as the fallback, but alert on runs that stop before MCP initialization.

References:

• §27480956494
• §27480363179
• §27482675132

---

Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 20

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

[!TIP]
api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · 40.9 AIC · ⊞ 11.7K · ◷

• expires on Jun 14, 2026, 4:12 PM UTC-08:00

[github-actions[bot]]

This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway.

A newer discussion is available at Discussion #39297.