You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Over the past 7 days (analysis window: June 1, 2026), 50 firewall-enabled agentic workflow runs were analyzed across the github/gh-aw repository. A total of 3,211 network requests were monitored: 2,665 allowed (83%) and 546 blocked (17%). The dominant blocked traffic category is (unknown) — requests with no resolvable domain name, likely localhost or internal routing attempts — accounting for 544 of 546 blocked requests. Only two named external domains were blocked (1 request each: github.com:443 and api.github.com:443), suggesting the firewall policy is well-tuned for external access but that many workflows are generating unresolvable connection attempts.
No DIFC integrity-filtered events were detected in the last 7 days, indicating clean data-flow integrity across all agentic workflow executions. This is a positive security signal showing that the DIFC system found no unauthorized tool calls or data exfiltration attempts.
🔥 Firewall Analysis
Key Firewall Metrics
Metric
Value
Workflows analyzed (firewall-enabled)
50
Total network requests monitored
3,211
✅ Allowed requests
2,665
🚫 Blocked requests
546
Block rate
17%
Total unique blocked domains
3
📈 Firewall Request Trends
All 50 firewall-enabled runs occurred on June 1, 2026. The block rate of 17% is consistent across workflows and largely attributable to (unknown) domain requests — likely internal connection attempts (e.g., localhost, loopback, or container-internal routing) that are blocked by default. The two named domain blocks (github.com:443, api.github.com:443) are isolated incidents and not a pattern of concern.
Top Blocked Domains
The overwhelming majority of blocked requests (544/546) are classified as (unknown) — requests with no identifiable destination domain. This is expected behavior for container-internal or localhost connections. The single blocked requests to github.com:443 and api.github.com:443 warrant monitoring: these suggest a workflow attempted direct GitHub API access without going through the MCP gateway, which is the correct integration path.
Investigate (unknown) blocked requests: The 544 (unknown) domain blocks should be audited to understand what connection targets are being attempted. These may be benign (container-internal calls) but could also indicate workflows attempting to reach unallowed endpoints by IP address rather than hostname.
Review direct GitHub API access: The single blocked requests to github.com:443 and api.github.com:443 suggest a workflow is attempting direct API access. Per AGENTS.md guidelines, workflows using the Copilot engine must use the GitHub MCP server (toolsets: [default]) — not direct api.github.com access.
High block-rate workflows: Workflows with 25-28% block rates (Auto-Triage Issues, Repository Quality Improvement Agent, Workflow Normalizer) should be reviewed to confirm all needed domains are in their network.allowed configuration.
Daily Malicious Code Scan Agent: This workflow has an unusually high allowed-request count (490) with a low block rate (4%). Its network access pattern should be periodically reviewed given its sensitive purpose.
🔒 DIFC Integrity Analysis
Key DIFC Metrics
Metric
Value
Total filtered events
0
Unique tools filtered
0
Unique workflows affected
0
Most common filter reason
N/A
Busiest day
N/A
📈 DIFC Events Over Time
No DIFC integrity-filtered events were recorded in the last 7 days. This is a healthy baseline — the Data Integrity and Flow Control system found no tool calls requiring integrity filtering across all agentic workflow runs.
🔧 Top Filtered Tools
No tool calls were filtered by the DIFC system in the analysis window.
🏷️ Filter Reasons and Tags
No integrity or secrecy tags were triggered in the analysis window.
📋 Per-Workflow DIFC Breakdown
No DIFC events to report.
📋 Per-Server DIFC Breakdown
No DIFC events to report.
👤 Per-User DIFC Breakdown
No DIFC events to report.
💡 DIFC Tuning Recommendations
Maintain current configuration: Zero filtered events indicates the DIFC policy is well-calibrated — no legitimate tool calls are being over-blocked.
Continue monitoring: Even with zero events today, track daily trends over time. A sudden spike in filtered events would warrant immediate investigation.
Review after new workflow deployments: When new workflows are added that use novel MCP servers or tool combinations, verify DIFC coverage is appropriate.
Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer) Analysis window: Last 7 days | Repository: github/gh-aw Run: https://github.com/github/gh-aw/actions/runs/26771769662
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Over the past 7 days (analysis window: June 1, 2026), 50 firewall-enabled agentic workflow runs were analyzed across the
github/gh-awrepository. A total of 3,211 network requests were monitored: 2,665 allowed (83%) and 546 blocked (17%). The dominant blocked traffic category is(unknown)— requests with no resolvable domain name, likely localhost or internal routing attempts — accounting for 544 of 546 blocked requests. Only two named external domains were blocked (1 request each:github.com:443andapi.github.com:443), suggesting the firewall policy is well-tuned for external access but that many workflows are generating unresolvable connection attempts.No DIFC integrity-filtered events were detected in the last 7 days, indicating clean data-flow integrity across all agentic workflow executions. This is a positive security signal showing that the DIFC system found no unauthorized tool calls or data exfiltration attempts.
🔥 Firewall Analysis
Key Firewall Metrics
📈 Firewall Request Trends
All 50 firewall-enabled runs occurred on June 1, 2026. The block rate of 17% is consistent across workflows and largely attributable to
(unknown)domain requests — likely internal connection attempts (e.g., localhost, loopback, or container-internal routing) that are blocked by default. The two named domain blocks (github.com:443,api.github.com:443) are isolated incidents and not a pattern of concern.Top Blocked Domains
The overwhelming majority of blocked requests (544/546) are classified as
(unknown)— requests with no identifiable destination domain. This is expected behavior for container-internal or localhost connections. The single blocked requests togithub.com:443andapi.github.com:443warrant monitoring: these suggest a workflow attempted direct GitHub API access without going through the MCP gateway, which is the correct integration path.Most Frequently Blocked Domains
View Detailed Request Patterns by Workflow
View Complete Blocked Domains List
(unknown)— 544 blocked requests (internal/unresolvable)api.github.com:443— 1 blocked requestgithub.com:443— 1 blocked request🔒 Firewall Security Recommendations
(unknown)blocked requests: The 544(unknown)domain blocks should be audited to understand what connection targets are being attempted. These may be benign (container-internal calls) but could also indicate workflows attempting to reach unallowed endpoints by IP address rather than hostname.github.com:443andapi.github.com:443suggest a workflow is attempting direct API access. Per AGENTS.md guidelines, workflows using the Copilot engine must use the GitHub MCP server (toolsets: [default]) — not directapi.github.comaccess.network.allowedconfiguration.🔒 DIFC Integrity Analysis
Key DIFC Metrics
📈 DIFC Events Over Time
No DIFC integrity-filtered events were recorded in the last 7 days. This is a healthy baseline — the Data Integrity and Flow Control system found no tool calls requiring integrity filtering across all agentic workflow runs.
🔧 Top Filtered Tools
No tool calls were filtered by the DIFC system in the analysis window.
🏷️ Filter Reasons and Tags
No integrity or secrecy tags were triggered in the analysis window.
📋 Per-Workflow DIFC Breakdown
No DIFC events to report.
📋 Per-Server DIFC Breakdown
No DIFC events to report.
👤 Per-User DIFC Breakdown
No DIFC events to report.
💡 DIFC Tuning Recommendations
Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer)
Analysis window: Last 7 days | Repository: github/gh-aw
Run: https://github.com/github/gh-aw/actions/runs/26771769662
Beta Was this translation helpful? Give feedback.
All reactions