[observability] Observability Coverage Report - 2026-06-20

[github-actions[bot]]

Executive Summary

I reviewed a 20-run sample from the last 7 days. 16 runs had AWF Firewall enabled and all 16 included sandbox/firewall/logs/access.log; 18 runs used MCP and all 18 included mcp-logs/rpc-messages.jsonl. No firewall-enabled run was missing access.log, and no MCP-enabled run lacked telemetry. The main gap is quality: MCP telemetry is coming from the fallback RPC log rather than gateway.jsonl, and 48/318 messages omitted server_id.

Key Alerts and Anomalies

No critical issues detected.

🔴 Critical Issues:

• None.

⚠️ Warnings:

• MCP telemetry is entirely via rpc-messages.jsonl; gateway.jsonl was not present in the sample.
• rpc-messages.jsonl contained 48 messages without server_id, so the fallback is usable but not as rich as the preferred gateway log.
• Firewall logs did capture deny-path traffic; blocked requests were observed against proxy.golang.org:443.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	16	16	100%	✅
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	18	18	100%	✅

📋 Detailed Run Analysis

Firewall-Enabled Runs

Workflow	Run ID	access.log	Requests	Blocked	Status
PR Sous Chef	27843349010	✅	61	0	✅
Daily Cache Strategy Analyzer	27843593919	✅	51	0	✅
Daily Code Metrics and Trend Tracking Agent	27843678087	✅	537	0	✅
Auto-Triage Issues	27843869513	✅	15	0	✅
Daily Safe Output Integrator	27844066542	✅	111	3	✅
Smoke Pi	27844212213	✅	78	0	✅
[aw] Failure Investigator (6h)	27844235526	✅	44	0	✅
PR Sous Chef	27844970214	✅	66	0	✅
Smoke Copilot	27845045338	✅	73	0	✅
Issue Monster	27845082663	✅	58	0	✅
Smoke Pi	27845768365	✅	49	0	✅
Smoke CI	27845801131	✅	52	0	✅
Auto-Triage Issues	27846037575	✅	80	0	✅
Daily Ambient Context Optimizer	27846271013	✅	59	0	✅
Daily Team Evolution Insights	27847449220	✅	64	0	✅
Lockfile Statistics Analysis Agent	27847550819	✅	43	0	✅

Missing Firewall Logs

None in the analyzed firewall-enabled set.

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Entries	Tool Calls	Errors	Status
Avenger	27843736968	rpc-messages.jsonl	22	7	0	✅
Avenger	27845956163	rpc-messages.jsonl	19	6	0	✅
PR Sous Chef	27843349010	rpc-messages.jsonl	12	5	0	✅
Daily Cache Strategy Analyzer	27843593919	rpc-messages.jsonl	18	7	0	✅
Daily Code Metrics and Trend Tracking Agent	27843678087	rpc-messages.jsonl	24	9	0	✅
Auto-Triage Issues	27843869513	rpc-messages.jsonl	14	5	0	✅
Daily Safe Output Integrator	27844066542	rpc-messages.jsonl	15	5	0	✅
Smoke Pi	27844212213	rpc-messages.jsonl	16	6	0	✅
[aw] Failure Investigator (6h)	27844235526	rpc-messages.jsonl	13	5	0	✅
PR Sous Chef	27844970214	rpc-messages.jsonl	17	6	0	✅
Smoke Copilot	27845045338	rpc-messages.jsonl	15	5	0	✅
Issue Monster	27845082663	rpc-messages.jsonl	15	5	0	✅
Smoke Pi	27845768365	rpc-messages.jsonl	16	6	0	✅
Smoke CI	27845801131	rpc-messages.jsonl	17	6	0	✅
Auto-Triage Issues	27846037575	rpc-messages.jsonl	14	5	0	✅
Daily Ambient Context Optimizer	27846271013	rpc-messages.jsonl	15	5	0	✅
Daily Team Evolution Insights	27847449220	rpc-messages.jsonl	16	6	0	✅
Lockfile Statistics Analysis Agent	27847550819	rpc-messages.jsonl	19	7	0	✅

Missing MCP Telemetry

None in the analyzed MCP-enabled set.

🔍 Telemetry Quality Analysis

Firewall Log Quality

• Total access.log requests analyzed: 1,838
• Allowed requests: 1,799
• Blocked requests: 39
• Most accessed domains: api.githubcopilot.com:443, o205451.ingest.us.sentry.io:443, otlp-gateway-prod-eu-west-2.grafana.net:443
• Blocked domain observed: proxy.golang.org:443

Gateway Log Quality

• Telemetry source: rpc-messages.jsonl fallback
• Total RPC messages analyzed: 318
• MCP servers observed: safeoutputs, agenticworkflows, github, serena, mcpscripts
• Total tool calls: 109
• Error rate: 0%
• Average response time: N/A from RPC fallback alone

Healthy Runs Summary

The sampled firewall-enabled runs all shipped Squid access logs, including at least one run with both allowed and blocked requests. The sampled MCP-enabled runs all shipped RPC telemetry, so debugging remains possible even without gateway.jsonl.

Recommended Actions

1. Keep rpc-messages.jsonl as the minimum acceptable MCP telemetry, but restore gateway.jsonl where possible for richer timing and status data.
2. Preserve a small blocked-request smoke test so Squid deny-path logging stays exercised in normal validation.
3. Normalize MCP message fields so server_id is always present in fallback logs.

📊 Historical Trends

Not enough week-over-week history is embedded in this sample to trend coverage reliably.

---

Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 20

References:

• §27843349010
• §27844066542
• §27852098051

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

[!TIP]
api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · 16.4 AIC · ⌖ 5.94 AIC · ⊞ 12.4K · ◷

• expires on Jun 20, 2026, 4:14 PM UTC-08:00

[github-actions[bot]]

This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway.

A newer discussion is available at Discussion #40535.