[observability] Observability Coverage Report - 2026-06-02

[github-actions[bot]]

Executive Summary

Analyzed 20 workflow runs from the last 7 days. Firewall observability is the weak point: 3 firewall-enabled runs are missing access.log, and those same runs also have no MCP telemetry. Within the analyzed set, that leaves firewall coverage at 12/15 (80.0%).

MCP telemetry is mostly healthy. There was no gateway.jsonl in this sample; every usable MCP trace came from rpc-messages.jsonl. Of the 17 MCP-enabled runs in the sample, 15 had valid JSONL telemetry and 2 emitted empty placeholder files, so MCP coverage is 15/17 (88.2%) with two warning-level quality issues.

Key Alerts and Anomalies

Critical Issues

• Semantic Function Refactoring §26789796284
• Daily Documentation Healer §26789746422
• Smoke Claude §26789674010

All three are firewall-enabled runs with neither sandbox/firewall/logs/access.log nor MCP telemetry.

Warnings

• Smoke Pi §26789674018 has an empty rpc-messages.jsonl placeholder.
• Smoke Pi §26788943094 has an empty rpc-messages.jsonl placeholder.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	15	12	80.0%	⚠️
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	17	15	88.2%	⚠️

📋 Detailed Run Analysis

Firewall-Enabled Runs

Workflow	Run ID	access.log	Entries	Allowed	Blocked	Status
Semantic Function Refactoring	§26789796284	❌	0	0	0	🔴
Daily Documentation Healer	§26789746422	❌	0	0	0	🔴
Smoke Claude	§26789674010	❌	0	0	0	🔴
Smoke Codex	§26789674093	✅	196	76	120	✅
Agent Container Smoke Test	§26789674054	✅	39	14	25	✅
Daily Security Red Team Agent	§26789367565	✅	137	51	86	✅
Smoke Claude	§26788943043	✅	258	75	183	✅
Smoke Codex	§26788943036	✅	217	80	137	✅
Agent Container Smoke Test	§26788943023	✅	25	9	16	✅
Changeset Generator	§26788942992	✅	45	26	19	✅
Matt Pocock Skills Reviewer	§26788932526	✅	145	53	92	✅
Design Decision Gate 🏗️	§26788932491	✅	31	15	16	✅
PR Code Quality Reviewer	§26788932490	✅	135	39	96	✅
Test Quality Sentinel	§26788932465	✅	315	69	246	✅
PR Sous Chef	§26788708470	✅	69	18	51	✅

Missing Firewall Logs (access.log)

Workflow	Run ID	Date	Link
Semantic Function Refactoring	26789796284	2026-06-02	§26789796284
Daily Documentation Healer	26789746422	2026-06-02	§26789746422
Smoke Claude	26789674010	2026-06-02	§26789674010

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Entries	Servers	Tool Calls	Errors	Status
Smoke Codex	§26789674093	rpc-messages.jsonl	38	github, safeoutputs, serena	16	0	✅
Agent Container Smoke Test	§26789674054	rpc-messages.jsonl	6	github, safeoutputs	1	0	✅
Smoke Antigravity	§26789674021	rpc-messages.jsonl	2	safeoutputs	0	0	✅
Smoke Gemini	§26789674019	rpc-messages.jsonl	8	safeoutputs	3	1	✅
Smoke Claude	§26788943043	rpc-messages.jsonl	56	agenticworkflows, mcpscripts, safeoutputs, serena, tavily	23	1	✅
Smoke Codex	§26788943036	rpc-messages.jsonl	46	github, safeoutputs, serena	20	0	✅
Agent Container Smoke Test	§26788943023	rpc-messages.jsonl	6	github, safeoutputs	1	0	✅
Smoke Antigravity	§26788943021	rpc-messages.jsonl	2	safeoutputs	0	0	✅
Changeset Generator	§26788942992	rpc-messages.jsonl	8	github, safeoutputs	2	0	✅
Matt Pocock Skills Reviewer	§26788932526	rpc-messages.jsonl	12	github, safeoutputs	4	1	✅
Design Decision Gate 🏗️	§26788932491	rpc-messages.jsonl	4	safeoutputs	1	0	✅
PR Code Quality Reviewer	§26788932490	rpc-messages.jsonl	30	github, safeoutputs	13	0	✅
Test Quality Sentinel	§26788932465	rpc-messages.jsonl	6	safeoutputs	2	0	✅
PR Sous Chef	§26788708470	rpc-messages.jsonl	4	safeoutputs	1	0	✅
Smoke Pi	§26789674018	rpc-messages.jsonl	0	none	0	0	⚠️
Smoke Pi	§26788943094	rpc-messages.jsonl	0	none	0	0	⚠️
Smoke Pi	§26789674018	rpc-messages.jsonl	0	none	0	0	⚠️

🔍 Telemetry Quality Analysis

Firewall Log Quality

• Total access.log entries analyzed: 1,612
• Unique domains: 18
• Allowed requests: 525
• Blocked/error entries: 1,087
• Most accessed domains: api.githubcopilot.com:443, o205451.ingest.us.sentry.io:443, api.anthropic.com:443, api.openai.com:443, github.githubassets.com:443

MCP Log Quality

• Telemetry source: rpc-messages.jsonl (canonical fallback)
• Structured gateway logs: none found in this sample
• Total RPC entries analyzed: 234
• Total tool calls: 89
• MCP servers seen: safeoutputs, github, serena, tavily, agenticworkflows, mcpscripts
• Error responses captured: 4

Healthy Runs Summary

• Firewall and MCP telemetry were both present and usable in the 12 healthy firewall-enabled runs.
• The two Smoke Pi runs with empty RPC placeholders should be treated as warning-level quality gaps, not critical telemetry loss.

Recommended Actions

1. Restore sandbox/firewall/logs/access.log emission for firewall-enabled runs so egress debugging does not depend on best-effort artifacts.
2. Replace empty rpc-messages.jsonl placeholders with populated RPC logs, or suppress the placeholder file when MCP is unused.
3. Add or re-enable gateway.jsonl if you want structured per-call duration metrics; the current fallback is usable, but it limits latency analysis.

References:

• §26789796284
• §26789746422
• §26789674010

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

💡 Tip: api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by 📊 Daily Observability Report for AWF Firewall and MCP Gateway · gpt54 5.9M · ◷

• expires on Jun 3, 2026, 12:15 AM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-06-03T00:15:18.276Z.

Closed by Workflow