You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Over the last 7 days (2026-06-16 – 2026-06-17), the gh-aw security stack monitored 488 firewall-enabled workflow runs generating 26,665 network requests, of which 891 (3.3%) were blocked. The blocked traffic is dominated by Google service endpoints triggered by browser-automation smoke tests (Playwright/Chrome) and a pattern of localhost:8080 blocks that warrants further investigation. No DIFC integrity-filtered events were recorded in this period, indicating that the MCP gateway integrity/secrecy policy is operating cleanly with no cross-boundary data-flow violations.
The Smoke workflow group (Claude, Copilot, Gemini, Codex, Antigravity) accounts for 780 of the 891 blocked requests (87.5%), primarily because these tests exercise browser-driven agents that attempt to reach Google authentication and auto-fill services not in the allow-list. This is expected behavior for smoke coverage but presents an opportunity to either explicitly allow-list required endpoints or suppress the noise via per-workflow policy overrides.
🔥 Firewall Analysis
Key Firewall Metrics
Metric
Value
Workflows analyzed (firewall-enabled)
488
Total network requests monitored
26,665
✅ Allowed requests
25,774
🚫 Blocked requests
891
Block rate
3.3%
Total unique blocked domains
20
📈 Firewall Request Trends
Firewall activity spans 2 recorded days in the analysis window. June 16 saw higher total traffic (13,437 allowed, 635 blocked; 4.5% block rate) compared to June 17 (12,337 allowed, 256 blocked; 2.0% block rate). The lower block rate on June 17 likely reflects fewer smoke-test runs completing before the reporting cut-off rather than a genuine policy improvement.
Top Blocked Domains
Google browser-infrastructure endpoints (content-autofill, safebrowsing, accounts, android-clients) collectively account for 391 blocks (43.9%) — all originating from Playwright-driven smoke tests. The localhost:8080 pattern (137 blocks) is the most unusual finding, suggesting an internal proxy or side-car service is being accessed via an un-tunneled path. The proxy.golang.org and index.crates.io blocks indicate Go/Rust dependency-fetch attempts in sandbox environments that lack those allow-list entries.
Allow-list Playwright CDN endpoints — playwright.azureedge.net, playwright-akamai.azureedge.net, playwright-verizon.azureedge.net are blocked 21 times across smoke tests. If browser-automation workflows require downloading Playwright browsers, add these CDN domains to the Playwright-category allow-list.
Investigate localhost:8080 blocks (137 hits) — This is the 3rd-most-blocked destination and does not correspond to an external domain. It likely reflects a workflow trying to reach the MCP bridge or an internal proxy without going through the approved tunnel. Identify which workflow/step emits these requests and either fix the routing or add a policy exception.
Add proxy.golang.org and index.crates.io to the Go/Rust allow-list — These 38 combined blocks affect any sandbox workflow that performs live go get or cargo fetch operations. Add them under a go and rust policy category with appropriate scope controls.
Triage github.com and api.github.com blocks (8 total) — These domains should normally be in the defaults allow-list. Four blocks each suggests a workflow is attempting GitHub API calls through an un-tunneled path or before the allow-list config is loaded. Check the Smoke Claude and PR Code Quality Reviewer firewall logs for these events.
Suppress Google browser-infrastructure noise for smoke tests — The 572 Google-service blocks (content-autofill + accounts + android-clients + safebrowsing) are almost certainly benign Playwright side-effects. Consider a smoke-browser policy category that allows these endpoints exclusively for smoke test workflows to clean up the block-rate metric and reduce alert fatigue.
🔒 DIFC Integrity Analysis
Key DIFC Metrics
Metric
Value
Total filtered events
0
Unique tools filtered
—
Unique workflows affected
—
Most common filter reason
—
Busiest day
—
i️ No DIFC integrity-filtered events found in the last 7 days. The MCP gateway integrity/secrecy policy did not block any tool calls during this analysis window. This indicates all tool calls respected data-flow boundaries between integrity and secrecy domains.
📈 DIFC Events Over Time
No events to visualize. Clean slate for this reporting window.
🔧 Top Filtered Tools
No tool calls were filtered by the DIFC gateway.
🏷️ Filter Reasons and Tags
No integrity or secrecy filter events recorded.
💡 DIFC Tuning Recommendations
No immediate tuning required — Zero filtered events is a positive signal that workflows are correctly scoped to their assigned integrity/secrecy labels. No policy changes are needed this cycle.
Establish a baseline alert threshold — As new workflows are added, consider setting an alert if DIFC filtered events exceed a threshold (e.g., 10 per day) to catch misconfigured tools early.
Verify coverage — Confirm that all workflows running against external data sources (issues, PRs, user comments) are enrolled in DIFC monitoring so this clean result reflects actual coverage rather than a gap in instrumentation.
Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer) Analysis window: Last 7 days | Repository: github/gh-aw Run: §27705239494
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Over the last 7 days (2026-06-16 – 2026-06-17), the gh-aw security stack monitored 488 firewall-enabled workflow runs generating 26,665 network requests, of which 891 (3.3%) were blocked. The blocked traffic is dominated by Google service endpoints triggered by browser-automation smoke tests (Playwright/Chrome) and a pattern of
localhost:8080blocks that warrants further investigation. No DIFC integrity-filtered events were recorded in this period, indicating that the MCP gateway integrity/secrecy policy is operating cleanly with no cross-boundary data-flow violations.The Smoke workflow group (Claude, Copilot, Gemini, Codex, Antigravity) accounts for 780 of the 891 blocked requests (87.5%), primarily because these tests exercise browser-driven agents that attempt to reach Google authentication and auto-fill services not in the allow-list. This is expected behavior for smoke coverage but presents an opportunity to either explicitly allow-list required endpoints or suppress the noise via per-workflow policy overrides.
🔥 Firewall Analysis
Key Firewall Metrics
📈 Firewall Request Trends
Firewall activity spans 2 recorded days in the analysis window. June 16 saw higher total traffic (13,437 allowed, 635 blocked; 4.5% block rate) compared to June 17 (12,337 allowed, 256 blocked; 2.0% block rate). The lower block rate on June 17 likely reflects fewer smoke-test runs completing before the reporting cut-off rather than a genuine policy improvement.
Top Blocked Domains
Google browser-infrastructure endpoints (content-autofill, safebrowsing, accounts, android-clients) collectively account for 391 blocks (43.9%) — all originating from Playwright-driven smoke tests. The
localhost:8080pattern (137 blocks) is the most unusual finding, suggesting an internal proxy or side-car service is being accessed via an un-tunneled path. Theproxy.golang.organdindex.crates.ioblocks indicate Go/Rust dependency-fetch attempts in sandbox environments that lack those allow-list entries.Most Frequently Blocked Domains
View Detailed Request Patterns by Workflow
🔒 Firewall Security Recommendations
Allow-list Playwright CDN endpoints —
playwright.azureedge.net,playwright-akamai.azureedge.net,playwright-verizon.azureedge.netare blocked 21 times across smoke tests. If browser-automation workflows require downloading Playwright browsers, add these CDN domains to the Playwright-category allow-list.Investigate
localhost:8080blocks (137 hits) — This is the 3rd-most-blocked destination and does not correspond to an external domain. It likely reflects a workflow trying to reach the MCP bridge or an internal proxy without going through the approved tunnel. Identify which workflow/step emits these requests and either fix the routing or add a policy exception.Add
proxy.golang.organdindex.crates.ioto the Go/Rust allow-list — These 38 combined blocks affect any sandbox workflow that performs livego getorcargo fetchoperations. Add them under agoandrustpolicy category with appropriate scope controls.Triage
github.comandapi.github.comblocks (8 total) — These domains should normally be in thedefaultsallow-list. Four blocks each suggests a workflow is attempting GitHub API calls through an un-tunneled path or before the allow-list config is loaded. Check theSmoke ClaudeandPR Code Quality Reviewerfirewall logs for these events.Suppress Google browser-infrastructure noise for smoke tests — The 572 Google-service blocks (content-autofill + accounts + android-clients + safebrowsing) are almost certainly benign Playwright side-effects. Consider a
smoke-browserpolicy category that allows these endpoints exclusively for smoke test workflows to clean up the block-rate metric and reduce alert fatigue.🔒 DIFC Integrity Analysis
Key DIFC Metrics
📈 DIFC Events Over Time
No events to visualize. Clean slate for this reporting window.
🔧 Top Filtered Tools
No tool calls were filtered by the DIFC gateway.
🏷️ Filter Reasons and Tags
No integrity or secrecy filter events recorded.
💡 DIFC Tuning Recommendations
No immediate tuning required — Zero filtered events is a positive signal that workflows are correctly scoped to their assigned integrity/secrecy labels. No policy changes are needed this cycle.
Establish a baseline alert threshold — As new workflows are added, consider setting an alert if DIFC filtered events exceed a threshold (e.g., 10 per day) to catch misconfigured tools early.
Verify coverage — Confirm that all workflows running against external data sources (issues, PRs, user comments) are enrolled in DIFC monitoring so this clean result reflects actual coverage rather than a gap in instrumentation.
Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer)
Analysis window: Last 7 days | Repository: github/gh-aw
Run: §27705239494
Beta Was this translation helpful? Give feedback.
All reactions