[observability] Observability Coverage Report - 2026-07-07 #43889
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway. A newer discussion is available at Discussion #44135. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Caution
agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.
Details
The threat detection engine failed to produce results.
Review the workflow run logs for details.
Executive Summary
I sampled the 20 most recent unique runs from the last 7 days. Firewall summary data exists for 19 of them, but no raw
access.log/directories were present anywhere under/tmp/gh-aw/aw-mcp/logs, so Squid egress debugging is not currently supported by the downloaded artifacts. I also found nogateway.jsonlorrpc-messages.jsonlfiles in the sample, including tool-heavy PR Sous Chef runs, so MCP telemetry is missing from the observable log set as well.Three runs reported blocked egress in the firewall summary totals, but the raw request lines needed to debug those blocks were not available. One failure (
Smoke CI) had no firewall activity and no tool telemetry, so it is N/A for both components.Key Alerts and Anomalies
🔴 Critical Issues:
access.log.gateway.jsonlorrpc-messages.jsonl).28828345771,28825337282, and28823818796, but the raw Squid entries are absent.Coverage Summary
access.log)gateway.jsonlorrpc-messages.jsonl)📋 Detailed Run Analysis
Firewall-Enabled Runs
2883113472828830940661, 28829827804, 28828486126, 28827245177, 28825705904, 28823534950, 28821195230, 288184403802882969274228828345771288280781272882705568828825337282288238187962882379695228823577890288235306022882349102828823291461Missing Firewall Logs (
access.log)All 19 firewall-enabled runs above are missing the raw Squid log directory, so there is no per-request line-level evidence for allowed vs blocked traffic.
Tool-Using Runs Inspected for MCP Telemetry
2883113472828830940661, 28829827804, 28828486126, 28827245177, 28825705904, 28823534950, 28821195230, 288184403802882969274228828345771288280781272882705568828825337282288238187962882379695228823577890288235306022882349102828823291461Missing MCP Telemetry (
gateway.jsonl/rpc-messages.jsonl)No raw MCP gateway or RPC log files were present in the downloaded tree, so the sampled tool-using runs cannot be debugged at the event level.
🔍 Telemetry Quality Analysis
28828345771(8),28823818796(1),28825337282(1).gateway.jsonlnorrpc-messages.jsonlwas present.Recommended Actions
/access.log/for every firewall-enabled run and fail the workflow if the directory is absent.gateway.jsonlorrpc-messages.jsonlfor every tool-using run so MCP execution can be debugged after the fact.Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 20
Beta Was this translation helpful? Give feedback.
All reactions