[observability] Observability Coverage Report - 2026-06-24

[github-actions[bot]]

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection engine failed to produce results.

Review the workflow run logs for details.

Executive Summary

I analyzed a representative 20-run sample from the last 7 days. Firewall observability is not usable in this sample: every analyzed firewall-enabled run is missing the Squid access.log artifact, so network egress debugging has no request-level trace. MCP observability is healthy for the 4 MCP-enabled runs because rpc-messages.jsonl is present in every case, even though gateway.jsonl is absent.

Overall coverage is split: firewall coverage is 0%, MCP coverage is 100% via the canonical fallback, and overall component coverage across the analyzed sample is 16.7%.

Key Alerts and Anomalies

🔴 Critical Issues:

• 20/20 analyzed firewall-enabled runs are missing access.log.
• Missing firewall logs affect every analyzed firewall run, so blocked vs allowed network traffic cannot be reconstructed from the run artifacts.

⚠️ Warnings:

• MCP telemetry is coming from rpc-messages.jsonl only; gateway.jsonl is absent in all MCP-enabled runs.
• No structured duration metrics are available from the fallback RPC logs, so latency analysis is limited.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	20	0	0%	🔴
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	4	4	100%	✅

📋 Detailed Run Analysis

Firewall-Enabled Runs

All 20 analyzed firewall-enabled runs were missing access.log.

Workflow	Run ID	access.log	Status
Daily BYOK Ollama Test	28062125221	❌	🔴
Daily Reliability Review	28063449181	❌	🔴
PR Sous Chef	28064483622	❌	🔴
PR Sous Chef	28061717930	❌	🔴
Issue Monster	28065267509	❌	🔴
PR Sous Chef	28063252430	❌	🔴
Issue Monster	28061680983	❌	🔴
Daily Security Red Team Agent	28064786954	❌	🔴
Daily AWF Spec Compiler Surfacing Review	28061847527	❌	🔴
Issue Monster	28064156668	❌	🔴
Scout	28061548888	❌	🔴
Smoke CI	28060803252	❌	🔴
PR Sous Chef	28059974440	❌	🔴
Release	28060834240	❌	🔴
Smoke Pi	28059833931	❌	🔴
Agent Container Smoke Test	28059833987	❌	🔴
Changeset Generator	28059834005	❌	🔴
Smoke Claude	28059833930	❌	🔴
PR Description Updater	28059435838	❌	🔴
Daily Regulatory Report Generator	28059285594	❌	🔴

Missing Firewall Logs (access.log)

Workflow	Run ID	Date	Link
Daily BYOK Ollama Test	28062125221	2026-06-23	§28062125221
Daily Reliability Review	28063449181	2026-06-23	§28063449181
PR Sous Chef	28064483622	2026-06-23	§28064483622
PR Sous Chef	28061717930	2026-06-23	§28061717930
Issue Monster	28065267509	2026-06-24	§28065267509
PR Sous Chef	28063252430	2026-06-23	§28063252430
Issue Monster	28061680983	2026-06-23	§28061680983
Daily Security Red Team Agent	28064786954	2026-06-23	§28064786954
Daily AWF Spec Compiler Surfacing Review	28061847527	2026-06-23	§28061847527
Issue Monster	28064156668	2026-06-23	§28064156668

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Entries	Servers	Tool Calls	Errors	Status
Smoke CI	28057995177	rpc-messages.jsonl	6	2	1	0	✅
Smoke CI	28059115974	rpc-messages.jsonl	6	2	1	0	✅
Smoke CI	28060803252	rpc-messages.jsonl	6	2	1	0	✅
Release	28060834240	rpc-messages.jsonl	8	2	2	0	✅

Missing MCP Telemetry (no gateway.jsonl or rpc-messages.jsonl)

No missing MCP telemetry was observed in the 4 MCP-enabled runs analyzed.

🔍 Telemetry Quality Analysis

Firewall Log Quality

• Total access.log entries analyzed: 0
• Domains accessed: 0 unique
• Blocked requests: 0
• Allowed requests: 0
• Most accessed domains: N/A

Gateway Log Quality

• Telemetry source: rpc-messages.jsonl
• Total entries analyzed: 26
• MCP servers used: safeoutputs, github
• Total tool calls: 5
• Error rate: 0%
• Average response time: N/A from rpc-messages.jsonl fallback

Healthy Runs Summary

• Smoke CI 28057995177
• Smoke CI 28059115974
• Smoke CI 28060803252
• Release 28060834240

Recommended Actions

1. Restore Squid access.log capture for firewall-enabled runs; without it, blocked-request debugging is not possible.
2. Keep rpc-messages.jsonl as the canonical MCP fallback, but add gateway.jsonl emission for richer latency and status metrics.
3. Add a post-run observability guard that fails or warns when firewall is enabled and access.log is absent.

📊 Historical Trends

No historical trend analysis was added from this sample alone.

---

Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 20

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

[!TIP]
api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · 13.8 AIC · ⊞ 16K · ◷

• expires on Jun 24, 2026, 4:11 PM UTC-08:00

[github-actions[bot]]

This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway.

A newer discussion is available at Discussion #41338.