[observability] Observability Coverage Report - 2026-05-30

[github-actions[bot]]

Executive Summary

I sampled 20 runs from the last 7 days. 17 were firewall-enabled and all 17 were missing access.log, so Squid egress debugging is currently blocked. MCP coverage is healthy: all 20 analyzed runs had telemetry, using rpc-messages.jsonl as the fallback stream.

The MCP sample contained 224 JSON-RPC entries, 80 tool calls, 0 RPC-level errors, and 4 unique servers (github, safeoutputs, sentry, tavily).

Key Alerts and Anomalies

🔴 Critical Issues:

• access.log is missing from every firewall-enabled run in the sample.
• No firewall run exposed allowed/blocked request history.

⚠️ Warnings:

• gateway.jsonl was not observed in this sample; telemetry fell back to rpc-messages.jsonl.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	17	0	0%	🔴
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	20	20	100%	✅

Detailed Run Analysis

Firewall-Enabled Runs

All firewall-enabled runs were missing access.log. Breakdown by workflow: Daily Security Red Team Agent x1; Smoke CI x4; Daily News x2; PR Sous Chef x2; PR Code Quality Reviewer x1; Matt Pocock Skills Reviewer x1; Design Decision Gate 🏗️ x1; Test Quality Sentinel x1; Daily Reliability Review x1; Issue Monster x1; Agent Container Smoke Test x1; Changeset Generator x1.

Missing Firewall Logs

Workflow	Run ID	Date	Link
Daily Security Red Team Agent	26668131073	2026-05-29	§26668131073
Smoke CI	26667999959	2026-05-29	§26667999959
Daily News	26667735276	2026-05-29	§26667735276
PR Sous Chef	26667649991	2026-05-29	§26667649991
PR Code Quality Reviewer	26667328859	2026-05-29	§26667328859

MCP-Enabled Runs

All 20 analyzed runs had MCP telemetry. Representative sample:

Workflow	Run ID	Telemetry	Entries	Tool Calls	Errors
Daily Security Red Team Agent	26668131073	rpc-messages.jsonl	6	2	0
Smoke CI	26667999959	rpc-messages.jsonl	6	1	0
Daily News	26667735276	rpc-messages.jsonl	6	0	0
PR Sous Chef	26667649991	rpc-messages.jsonl	4	1	0
PR Code Quality Reviewer	26667328859	rpc-messages.jsonl	32	14	0

Telemetry Quality Analysis

• Firewall log quality: 0 access.log entries, so allowed/blocked request mix could not be verified.
• Gateway log quality: rpc-messages.jsonl was valid and complete across the sample.
• Healthy runs summary: MCP telemetry was present in all 20 analyzed runs; firewall telemetry was absent in all 17 firewall-enabled runs.

Recommended Actions

1. Ensure the Squid artifact uploader persists access.log for every firewall-enabled run, including successful completions.
2. Add a validation check that warns or fails when firewall_enabled=true but access.log is absent.
3. Keep rpc-messages.jsonl as the MCP fallback path and promote gateway.jsonl where available for richer timing metrics.

---

Report generated automatically by the Daily Observability Report workflow
Analysis window: Last 7 days | Runs analyzed: 20

References:

• §26668484774
• §26668131073
• §26667328859

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

💡 Tip: api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · gpt54 3.7M · ◷

• expires on May 31, 2026, 12:13 AM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway.

A newer discussion is available at Discussion #36021.