[observability] Observability Coverage Report - 2026-05-11

[github-actions[bot]]

Executive Summary

Analyzed 19 workflow runs downloaded through the agentic-workflows log service for the last 7 days. Fifteen runs were completed and scored for observability coverage; four runs were still in progress and are listed separately so incomplete artifact uploads are not misclassified as missing telemetry.

Completed firewall-enabled runs have full access.log coverage: 13 of 13 have Squid access logs. Completed MCP runs also have telemetry coverage: 15 of 15 include rpc-messages.jsonl, the canonical fallback telemetry file. No completed run is missing both gateway.jsonl and rpc-messages.jsonl.

Key Alerts and Anomalies

No critical issues detected.

🔴 Critical Issues:

• None. No completed firewall-enabled run is missing access.log.
• None. No completed MCP-enabled run is missing both gateway.jsonl and rpc-messages.jsonl.

⚠️ Warnings:

• §25641551144 (Smoke Pi) includes rpc-messages.jsonl, but the file was empty in the downloaded artifacts.
• All completed MCP telemetry in this sample used rpc-messages.jsonl; no gateway.jsonl files were present. This is acceptable fallback coverage, but preferred structured gateway telemetry was not observed.
• Four latest runs were still in_progress; their artifact sets may be incomplete and were not scored for missing-log coverage.

Coverage Summary

Component	Runs Analyzed	Logs Present	Coverage	Status
AWF Firewall (access.log)	13 completed firewall-enabled runs	13	100%	✅ Healthy
MCP Gateway (gateway.jsonl or rpc-messages.jsonl)	15 completed MCP runs	15	100%	✅ Healthy

📋 Detailed Run Analysis

Firewall-Enabled Runs

Workflow	Run ID	access.log	Entries	Allowed	Blocked	Status
Daily Security Red Team Agent	§25643041914	✅	265	264	0	✅ Healthy
Matt Pocock Skills Reviewer	§25642880877	✅	183	183	0	✅ Healthy
Test Quality Sentinel	§25642964048	✅	286	285	0	✅ Healthy
Design Decision Gate	§25642964043	✅	145	144	0	✅ Healthy
Matt Pocock Skills Reviewer	§25642964025	✅	246	246	0	✅ Healthy
Test Quality Sentinel	§25642880880	✅	217	216	0	✅ Healthy
Design Decision Gate	§25642880879	✅	150	149	0	✅ Healthy
Smoke CI	§25641805749	✅	11	11	0	✅ Healthy
Smoke Claude	§25641551150	✅	286	252	27	✅ Healthy
Smoke Codex	§25641551131	✅	235	235	0	✅ Healthy
Smoke Copilot	§25641551127	✅	615	550	35	✅ Healthy
Changeset Generator	§25641551137	✅	54	54	0	✅ Healthy
Agent Container Smoke Test	§25641551139	✅	34	34	0	✅ Healthy

Missing Firewall Logs (access.log)

Workflow	Run ID	Date	Link
None	-	-	-

MCP-Enabled Runs

Workflow	Run ID	Telemetry Source	Entries	Servers	Tool Calls	Errors	Status
Smoke Pi	§25641551144	rpc-messages.jsonl	0	0	0	0	⚠️ Warning
Smoke Gemini	§25641551143	rpc-messages.jsonl	2	1	0	0	✅ Healthy
Daily Security Red Team Agent	§25643041914	rpc-messages.jsonl	4	1	1	0	✅ Healthy
Matt Pocock Skills Reviewer	§25642880877	rpc-messages.jsonl	22	2	9	0	✅ Healthy
Test Quality Sentinel	§25642964048	rpc-messages.jsonl	8	1	3	0	✅ Healthy
Design Decision Gate	§25642964043	rpc-messages.jsonl	6	1	2	0	✅ Healthy
Matt Pocock Skills Reviewer	§25642964025	rpc-messages.jsonl	20	2	8	0	✅ Healthy
Test Quality Sentinel	§25642880880	rpc-messages.jsonl	6	1	2	0	✅ Healthy
Design Decision Gate	§25642880879	rpc-messages.jsonl	6	1	2	0	✅ Healthy
Smoke CI	§25641805749	rpc-messages.jsonl	6	2	1	0	✅ Healthy
Smoke Claude	§25641551150	rpc-messages.jsonl	58	5	24	0	✅ Healthy
Smoke Codex	§25641551131	rpc-messages.jsonl	40	3	17	0	✅ Healthy
Smoke Copilot	§25641551127	rpc-messages.jsonl	52	4	22	0	✅ Healthy
Changeset Generator	§25641551137	rpc-messages.jsonl	6	2	1	0	✅ Healthy
Agent Container Smoke Test	§25641551139	rpc-messages.jsonl	6	2	1	0	✅ Healthy

Missing MCP Telemetry (no gateway.jsonl or rpc-messages.jsonl)

Workflow	Run ID	Date	Link
None	-	-	-

In-Progress Runs Not Scored

Workflow	Run ID	Status	Notes
Smoke CI	§25643420736	in_progress	partial artifacts present
Semantic Function Refactoring	§25643391291	in_progress	artifact upload not complete
Daily Observability Report for AWF Firewall and MCP Gateway	§25643399750	in_progress	current report run
Daily Documentation Healer	§25643366385	in_progress	artifact upload not complete

🔍 Telemetry Quality Analysis

Firewall Log Quality

• Total completed firewall-enabled access.log entries analyzed: 2,727
• Domains observed in completed firewall-enabled access logs: 17 unique
• Blocked requests observed: 62 (2.3%)
• Most accessed domains: api.githubcopilot.com:443, api.anthropic.com:443, api.openai.com:443, github.githubassets.com:443, content-autofill.googleapis.com:443
• Runs with blocked requests: Smoke Claude (27), Smoke Copilot (35)

Gateway Log Quality

• Telemetry source observed: rpc-messages.jsonl canonical fallback
• Preferred gateway.jsonl files observed: 0
• Total JSON-RPC entries analyzed across completed runs: 242
• MCP servers observed: agenticworkflows, github, mcpscripts, safeoutputs, serena, tavily
• Total tool calls derived from outgoing tools/call requests: 93
• MCP response errors observed: 0
• JSONL parse errors observed: 0
• Average response time: N/A because this sample used rpc-messages.jsonl; duration metrics require gateway telemetry or reliable request/response timestamp pairing.

Healthy Runs Summary

All 13 completed firewall-enabled runs had access logs with entries. All 15 completed runs with MCP telemetry had at least one canonical telemetry artifact, and 14 of 15 had non-empty JSON-RPC message logs.

Recommended Actions

1. Keep the rpc-messages.jsonl fallback in the health criteria; it prevented false critical alerts when gateway.jsonl was absent.
2. Investigate why Smoke Pi uploaded an empty rpc-messages.jsonl despite the file being present.
3. Revisit gateway artifact upload coverage so completed MCP runs publish gateway.jsonl when the gateway supports it, preserving richer duration and status metrics.
4. Continue excluding actively running workflows from missing-artifact critical counts; artifact availability is only reliable after completion.

📊 Historical Trends

No prior trend dataset was available in the downloaded artifacts for this run. This report records the current baseline as 100% completed-run firewall coverage and 100% completed-run MCP telemetry coverage, with one MCP quality warning for an empty fallback log.

References: §25643399750, §25641551127, §25641551150

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• api.github.com
• github.com

💡 Tip: api.github.com is blocked because GitHub API access uses the built-in GitHub tools by default. Instead of adding api.github.com to network.allowed, use tools.github.mode: gh-proxy for direct pre-authenticated GitHub CLI access without requiring network access to api.github.com:

tools:
  github:
    mode: gh-proxy

See GitHub Tools for more information on gh-proxy mode.

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "api.github.com"
    - "github.com"

See Network Configuration for more information.

Generated by Daily Observability Report for AWF Firewall and MCP Gateway · ◷

• expires on May 12, 2026, 12:09 AM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Observability Report for AWF Firewall and MCP Gateway.

A newer discussion is available at Discussion #31606.