You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I sampled 30 recent runs from the last 7 days and found 9 runs that exercised the two observability surfaces we care about here: 1 firewall-enabled run and 8 MCP-enabled runs. Coverage is complete for both components in this sample. The MCP side is using the canonical rpc-messages.jsonl fallback everywhere I found telemetry; I did not find any gateway.jsonl artifacts in the downloaded runs.
The firewall run has a present sandbox/firewall/logs/access.log and the proxy summary shows both allowed and blocked activity. The raw Squid log is parseable and contains enough signal to debug egress issues without guessing.
Key Alerts and Anomalies
No critical issues detected.
Coverage Summary
Component
Runs Analyzed
Logs Present
Coverage
Status
AWF Firewall (access.log)
1
1
100%
Healthy
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)
8
8
100%
Healthy
📋 Detailed Run Analysis
Firewall-Enabled Runs
Workflow
Run ID
access.log
Entries
Allowed
Blocked
Status
Daily Documentation Healer
28137574644
Present
226
117
109
Healthy
Missing Firewall Logs (access.log)
None in the sampled set.
MCP-Enabled Runs
Workflow
Run ID
Telemetry Source
Entries
Servers
Tool Calls
Errors
Status
Smoke CI
28126843159
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28129081141
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28132688249
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28133275200
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28134087784
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28135969000
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Smoke CI
28136640014
rpc-messages.jsonl
6
github, safeoutputs
1
0
Healthy
Daily Documentation Healer
28137574644
rpc-messages.jsonl
4
safeoutputs
1
0
Healthy
Missing MCP Telemetry
None in the sampled set.
🔍 Telemetry Quality Analysis
Firewall Log Quality
Raw access.log lines analyzed: 226
Proxy summary requests: 18
Allowed requests: 2
Blocked requests: 16
Raw log format is Squid-compatible and contains both successful CONNECT traffic and failure/abort entries, which is enough to trace egress behavior.
Gateway Log Quality
Telemetry source: rpc-messages.jsonl fallback only
Total RPC entries analyzed: 46
Outgoing RPC requests: 23
Tool calls: 8
MCP servers observed: github, safeoutputs
Response errors: 0
Average response time: N/A from RPC mirror alone
Healthy Runs Summary
All analyzed firewall and MCP runs had usable telemetry. The only material gap is that gateway.jsonl was not present in this sample, so latency histograms are unavailable from the preferred format.
Recommended Actions
Keep emitting rpc-messages.jsonl for MCP runs; it is sufficient for debugging when gateway.jsonl is absent.
Restore gateway.jsonl generation where possible so future reports can include response-time distributions.
Preserve the current firewall logging path; it is present and actionable in the sampled firewall run.
Report generated automatically by the Daily Observability Report workflow Analysis window: Last 7 days | Runs analyzed: 9 relevant runs
Warning
Firewall blocked 2 domains
The following domains were blocked by the firewall during workflow execution:
api.github.com
github.com
[!TIP] api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:
tools:
github:
mode: gh-proxy
See GitHub Tools for more information on gh-proxy mode.
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Caution
agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.
Details
The threat detection engine failed to produce results.
Review the workflow run logs for details.
Executive Summary
I sampled 30 recent runs from the last 7 days and found 9 runs that exercised the two observability surfaces we care about here: 1 firewall-enabled run and 8 MCP-enabled runs. Coverage is complete for both components in this sample. The MCP side is using the canonical
rpc-messages.jsonlfallback everywhere I found telemetry; I did not find anygateway.jsonlartifacts in the downloaded runs.The firewall run has a present
sandbox/firewall/logs/access.logand the proxy summary shows both allowed and blocked activity. The raw Squid log is parseable and contains enough signal to debug egress issues without guessing.Key Alerts and Anomalies
No critical issues detected.
Coverage Summary
access.log)gateway.jsonlorrpc-messages.jsonl)📋 Detailed Run Analysis
Firewall-Enabled Runs
Missing Firewall Logs (
access.log)None in the sampled set.
MCP-Enabled Runs
rpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlgithub,safeoutputsrpc-messages.jsonlsafeoutputsMissing MCP Telemetry
None in the sampled set.
🔍 Telemetry Quality Analysis
Firewall Log Quality
access.loglines analyzed: 226Gateway Log Quality
rpc-messages.jsonlfallback onlygithub,safeoutputsHealthy Runs Summary
All analyzed firewall and MCP runs had usable telemetry. The only material gap is that
gateway.jsonlwas not present in this sample, so latency histograms are unavailable from the preferred format.Recommended Actions
rpc-messages.jsonlfor MCP runs; it is sufficient for debugging whengateway.jsonlis absent.gateway.jsonlgeneration where possible so future reports can include response-time distributions.References:
Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 9 relevant runs
Warning
Firewall blocked 2 domains
The following domains were blocked by the firewall during workflow execution:
api.github.comgithub.com[!TIP]
api.github.comis blocked because GitHub API access uses the built-in GitHub tools by default. Instead of addingapi.github.comtonetwork.allowed, usetools.github.mode: gh-proxyfor direct pre-authenticated GitHub CLI access without requiring network access toapi.github.com:See GitHub Tools for more information on
gh-proxymode.To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:See Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions