[observability] Observability Coverage Report - 2026-06-21

[github-actions[bot]]

Executive Summary

I sampled 9 runs from the last 7 days: 7 runs from Daily Firewall Logs Collector and Reporter and 2 MCP-oriented runs (Daily Project Performance Summary Generator (Using MCP Scripts) and Agentic Workflow Audit Agent). In every sampled firewall run, the downloaded material did not expose a firewall-audit-logs bundle or access.log. In both MCP runs, the downloaded material did not expose gateway.jsonl or rpc-messages.jsonl.

Net result: observability coverage for the sampled runs is 0% for both firewall and MCP telemetry. That is a blocking debugging gap, not just reduced fidelity.

Key Alerts and Anomalies

Caution

Critical issues detected in both observability paths.

• Firewall: 7 of 7 sampled firewall runs are missing access.log coverage.
• MCP: 2 of 2 sampled MCP runs are missing both gateway.jsonl and rpc-messages.jsonl.
• No non-critical warnings were found beyond the critical absence of the required telemetry.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	7	0	0%	🔴 Critical
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	2	0	0%	🔴 Critical

📋 Detailed Run Analysis

Firewall-Enabled Runs

Workflow	Run ID	access.log	Status
Daily Firewall Logs Collector and Reporter	27858646068	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27803421463	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27734553421	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27663612723	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27591918514	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27522127754	❌	🔴 Critical
Daily Firewall Logs Collector and Reporter	27487029322	❌	🔴 Critical

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Status
Daily Project Performance Summary Generator (Using MCP Scripts)	27883826698	None	🔴 Critical
Agentic Workflow Audit Agent	27884603769	None	🔴 Critical

🔍 Telemetry Quality Analysis

Firewall Log Quality

• Total access.log entries analyzed: 0
• Allowed requests: 0
• Blocked requests: 0
• Result: no Squid proxy log bundle was materialized in the sampled runs

MCP Gateway Log Quality

• Telemetry source: none
• Total gateway entries analyzed: 0
• Total RPC message entries analyzed: 0
• Result: no MCP gateway telemetry bundle was materialized in the sampled runs

Healthy Runs Summary

• None in the sampled set met the required observability bar for their enabled telemetry path.

Recommended Actions

1. Restore or verify the upload path for firewall-audit-logs in the firewall workflow, and fail the run if squid-logs/access.log is absent.
2. Ensure MCP runs emit either mcp-logs/gateway.jsonl or mcp-logs/rpc-messages.jsonl, and gate completion on that file being present.
3. Add a post-run assertion that writes an explicit observability status into the run summary so missing telemetry is visible without artifact inspection.

References: §27858646068, §27803421463, §27883826698

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

[!TIP]
api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · 38.8 AIC · ⌖ 3.17 AIC · ⊞ 15.3K · ◷

• expires on Jun 21, 2026, 4:14 PM UTC-08:00