[security-observability] Daily Security Observability Report — 2026-06-24

[github-actions[bot]]

Executive Summary

This report covers firewall traffic and DIFC integrity-filtering activity across github/gh-aw agentic workflow runs for the last 7 days (June 18–24, 2026). Today's fresh analysis of 48 firewall-enabled runs shows 4,844 total network requests with a 16% overall block rate. Three workflows encountered real domain blocks: Daily Fact About gh-aw had api.github.com and github.com blocked (indicating a missing defaults allowlist entry), Matt Pocock Skills Reviewer blocked proxy.golang.org (Go module proxy not in allowlist), and Update Astro blocked docs.astro.build. Historical data from the cache shows a significant spike on June 22 where 65% of requests were blocked, likely driven by Google-domain traffic from a workflow with browser automation (Playwright).

On the DIFC front, there were zero integrity-filtered events in the analysis window — a clean signal indicating no tool calls were blocked by the Data Integrity and Flow Control system during this period. No tuning action is needed for DIFC at this time.

---

🔥 Firewall Analysis

Key Firewall Metrics

Metric	Value
Workflows analyzed (firewall-enabled, today)	48
Total network requests monitored	4,844
✅ Allowed requests	4,068
🚫 Blocked requests	776
Block rate	16.0%
Total unique real blocked domains (today)	4
Total unique blocked domains (7-day incl. cache)	16

Note: The blocked request count (776) includes squid proxy startup overhead (~12 entries/run × 48 runs = ~576 noise entries). Real domain-specific blocks are limited to 4 unique domains across 3 workflows.

📈 Firewall Request Trends

Network activity shows three data points over the 7-day window: June 16 (1,163 requests, 7.5% blocked), June 22 (12,792 requests, 65.2% blocked — a significant spike), and June 24 (4,844 requests, 16.0% blocked). The June 22 spike is attributed to workflows making heavy use of Google APIs and browser automation (Playwright) that hit the domain block list. Today's block rate has returned to a more typical baseline.

Top Blocked Domains

The most frequently blocked domains are Google services (www.google.com, content-autofill.googleapis.com, accounts.google.com), which account for the majority of historical blocks. These are characteristic of headless browser (Playwright) automation workflows attempting to navigate to Google properties. The presence of localhost:8080 blocks suggests some workflows attempted to reach a local MCP server outside the allowed IP range.

Most Frequently Blocked Domains (Last 7 Days — Combined)

Domain	Times Blocked	Workflow	Category
www.google.com:443	18	(June 22 runs)	Search/Ads
content-autofill.googleapis.com:443	14	(June 22 runs)	Google Services
localhost:8080	14	(June 22 runs)	Internal
(unknown)	13	(June 22 runs)	Unknown
accounts.google.com:443	10	(June 22 runs)	Google Auth
android.clients.google.com:443	5	(June 22 runs)	Google Services
safebrowsingohttpgateway.googleapis.com:443	5	(June 22 runs)	Google Safe Browsing
antigravity-unleash.goog:443	2	(June 22 runs)	Google Feature Flags
clients2.google.com	2	(June 22 runs)	Google Services
playwright-akamai.azureedge.net:443	1	(June 22 runs)	Playwright CDN
playwright-verizon.azureedge.net:443	1	(June 22 runs)	Playwright CDN
playwright.azureedge.net:443	1	(June 22 runs)	Playwright CDN
proxy.golang.org:443	2	Matt Pocock Skills Reviewer	Go Module Registry
api.github.com:443	1	Daily Fact About gh-aw	GitHub API
github.com:443	1	Daily Fact About gh-aw	GitHub
docs.astro.build:443	1	Update Astro	Documentation

Policy Rule Attribution

📋 Policy: deny-default (default deny all) with 9 named rules

Rule	Action	Description	Notable
deny-unsafe-ports	🔴 Deny	Non-80/443 port requests	Port security
deny-connect-unsafe-ports	🔴 Deny	HTTPS CONNECT to unsafe ports	Port security
allow-api-proxy-ip	🟢 Allow	AWF api-proxy sidecar (172.30.0.30)	Infrastructure
allow-from-api-proxy	🟢 Allow	Unrestricted outbound from api-proxy	Infrastructure
deny-raw-ipv4	🔴 Deny	Direct IPv4 address requests	Anti-bypass
deny-raw-ipv6	🔴 Deny	Direct IPv6 address requests	Anti-bypass
allow-both-plain	🟢 Allow	51 explicitly allowlisted domains	Domain allow
allow-both-regex	🟢 Allow	Regex: *.grafana.net, *.sentry.io, *.pythonhosted.org	Wildcard allow
deny-default	🔴 Deny	Block all unmatched traffic	Default deny

View Detailed Request Patterns by Workflow (Today)

Workflow	Total Reqs	Allowed	Blocked	Blocked Domains
Matt Pocock Skills Reviewer	141	124	17	proxy.golang.org:443
Daily Fact About gh-aw	71	53	18	api.github.com:443, github.com:443
Update Astro	300	282	18	docs.astro.build:443
All other 45 workflows	~4,332	~3,609	~723	squid startup noise only

Top allowed domains today: api.githubcopilot.com:443 (67 req/run), o205451.ingest.us.sentry.io:443 (30/run), otlp-gateway-prod-eu-west-2.grafana.net:443 (30/run)

View Complete Blocked Domains List (All Time — 16 unique)

Domain	Occurrences
www.google.com:443	18
content-autofill.googleapis.com:443	14
localhost:8080	14
(unknown)	13
accounts.google.com:443	10
android.clients.google.com:443	5
safebrowsingohttpgateway.googleapis.com:443	5
antigravity-unleash.goog:443	2
clients2.google.com	2
playwright-akamai.azureedge.net:443	1
playwright-verizon.azureedge.net:443	1
playwright.azureedge.net:443	1
proxy.golang.org:443	2
api.github.com:443	1
github.com:443	1
docs.astro.build:443	1

🔒 Firewall Security Recommendations

1. Fix Daily Fact About gh-aw allowlist — This workflow blocked api.github.com and github.com, which are required for basic GitHub operations. Add defaults to its allowed_domains list in the workflow frontmatter. This is a misconfiguration that may cause silent failures when the workflow needs to call the GitHub API.

2. Evaluate Playwright workflows — The June 22 spike (65% block rate, 8,345 blocked requests) was driven by Google-domain traffic. If workflows use headless browsers for testing, consider whether Google domains need to be allowlisted or whether the tests should be scoped to not access external Google services.

3. Allow proxy.golang.org for Go workflows — Any workflow running Go compilation/module resolution needs proxy.golang.org and sum.golang.org. Add these to the allowed_domains for workflows that use Go tooling (e.g., Matt Pocock Skills Reviewer).

4. Allow docs.astro.build for Update Astro — The Astro update workflow blocked this documentation domain. If the workflow needs to check Astro release notes, add docs.astro.build to its allowlist.

5. Investigate localhost:8080 blocks — 14 requests to localhost:8080 were blocked on June 22. This may indicate a workflow attempting to reach an MCP server via localhost rather than the host.docker.internal hostname. Review MCP server configurations for any workflows that ran on June 22.

---

🔒 DIFC Integrity Analysis

Key DIFC Metrics

Metric	Value
Total filtered events	0
Unique tools filtered	0
Unique workflows affected	0
Most common filter reason	N/A
Busiest day	N/A

No DIFC integrity-filtered events were found in the last 7 days. The Data Integrity and Flow Control system did not block any tool calls during this period. This indicates that all agentic workflows operated within their declared integrity and secrecy boundaries — a positive security signal.

The warm-start snapshot (cached 2026-06-23, age: 1 day) confirmed this consistent state. No statistical charts were generated for DIFC as there is no data to visualize.

💡 DIFC Tuning Recommendations

1. No immediate action required — Zero filtered events is the desired state, indicating workflows are well-configured for their data access patterns.

2. Continue monitoring — If new workflows are added that process external untrusted data (issue bodies, PR comments, external API responses), review their integrity tag configurations to ensure proper DIFC coverage.

3. Establish a baseline — Consider running a deliberate test workflow that exercises DIFC filtering (e.g., a workflow that intentionally reads a low-integrity source and attempts to pass it to a write tool) to verify the DIFC system is active and correctly configured.

---

Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer)
Analysis window: Last 7 days | Repository: github/gh-aw
Run: https://github.com/github/gh-aw/actions/runs/28113995878

Generated by 🔒 Daily Security Observability Report · 209.8 AIC · ⌖ 12.1 AIC · ⊞ 12K · ◷

• expires on Jun 27, 2026, 9:09 AM UTC-08:00

[github-actions[bot]]

Smoke cave ping. Test 7 good. Bot see discussion.

Warning

Firewall blocked 5 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 258.1 AIC · ⌖ 19.3 AIC · ⊞ 19.3K · ◷