[observability] Observability Coverage Report - 2026-07-08 #44135
Closed
Replies: 1 comment
-
|
This discussion was automatically closed because it expired on 2026-07-09T00:11:31.128Z.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Caution
agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.
Details
The threat detection engine failed to produce results.
Review the workflow run logs for details.
Executive Summary
I analyzed 19 recent workflow runs from the last 7 days, staying within the requested cap. The sample shows a clear split: MCP telemetry is intact for all 3 MCP-enabled runs, but raw AWF Firewall Squid logs are missing from every firewall-enabled run I found. That makes firewall debugging materially weaker than it should be, even though the summarized firewall counters are still being produced.
The MCP side is in good shape by the repo's fallback rule:
rpc-messages.jsonlis present for each MCP-enabled run, so none of those runs should be treated as a telemetry-critical miss. The firewall side is the opposite: 0 of 19 firewall-enabled runs exposed a rawaccess.log, so the source of truth for egress debugging is absent across the whole sampled window.Key Alerts and Anomalies
Caution
Critical issue: 19/19 firewall-enabled runs are missing raw Squid
access.logfiles. The sample still shows firewall activity insummary.json(for example, blocked requests toawmg-mcpg:8080), but the raw log needed for request-level debugging is not present.Note
No critical MCP telemetry gaps were found. All 3 MCP-enabled runs had
mcp-logs/rpc-messages.jsonl, which is the approved canonical fallback whengateway.jsonlis absent.Coverage Summary
access.log)gateway.jsonlorrpc-messages.jsonl)📋 Detailed Run Analysis
Firewall-Enabled Runs
All sampled firewall-enabled runs had firewall activity in
summary.json, but none exposed a rawaccess.logdirectory or file set.Missing Firewall Logs (
access.log)MCP-Enabled Runs
rpc-messages.jsonlrpc-messages.jsonlrpc-messages.jsonlMissing MCP Telemetry
None. Every MCP-enabled run in the sample had
rpc-messages.jsonlpresent.🔍 Telemetry Quality Analysis
Firewall Log Quality
access.logentries analyzed: 0summary.jsonGateway Log Quality
rpc-messages.jsonlfallbackgithub,safeoutputsHealthy Runs Summary
The 3 MCP-enabled AI Moderator runs are observability-healthy on the MCP side. None of the sampled runs are firewall-healthy because the raw Squid log artifact is missing everywhere.
Recommended Actions
access.loga required artifact for every firewall-enabled run and fail the workflow step if the directory is missing.rpc-messages.jsonlas the MCP fallback, but add a guard that alerts if bothgateway.jsonlandrpc-messages.jsonlare absent.References:
Beta Was this translation helpful? Give feedback.
All reactions