[security-observability] Daily Security Observability Report — 2026-05-13

[github-actions[bot]]

Executive Summary

This report covers security telemetry for the github/gh-aw repository over the last 7 days (analysis date: 2026-05-13). The firewall analysis examined 28 workflows across 37 firewall-enabled runs, monitoring 665 total network requests with an overall block rate of 16.1% (107 blocked requests). All blocked traffic originated from a single workflow — Necromancer — where 107 requests to unresolved destinations were intercepted. No new blocked domain names were identified, as the blocked traffic was classified as (unknown) destinations, suggesting these requests were blocked before domain resolution occurred.

The DIFC integrity analysis identified 23 filtered events across 2 workflows over the past 7 days. All filtering was driven by integrity violations — specifically, tool calls that attempted to read GitHub issues authored by users with unapproved or none integrity standing. The Issue Triage Agent (19 events) and Daily Team Evolution Insights (4 events) were the only affected workflows. Both workflows are operating correctly within DIFC policy constraints; the filtering is expected behavior for unapproved external contributors.

There are no cross-cutting themes between the firewall and DIFC signals this period. The firewall blocked traffic is isolated to Necromancer's Codex/ChatGPT engine activity, while DIFC filtering is concentrated in triage and team analytics workflows.

---

🔥 Firewall Analysis

Key Firewall Metrics

Metric	Value
Workflows analyzed (firewall-enabled)	28
Total network requests monitored	665
✅ Allowed requests	558
🚫 Blocked requests	107
Block rate	16.1%
Total unique blocked domains	0 (unknown/pre-resolution)

📈 Firewall Request Trends

All 665 monitored requests occurred on 2026-05-13, reflecting today's scheduled workflow activity. Of 28 workflows with firewall data, only the Necromancer workflow generated blocked traffic (107 requests, 44.4% block rate within that workflow). All other 27 workflows had 100% allowed request rates.

Top Blocked Domains

All 107 blocked requests were classified as (unknown) — meaning the firewall intercepted traffic before domain resolution completed, or the destination domain could not be identified. This pattern is consistent with Necromancer's use of the Codex engine making connections to OpenAI infrastructure that fall outside the allowed domain list.

Most Frequently Blocked Domains

Domain	Times Blocked	Workflows	Category
(unknown)	107	Necromancer	Unresolved / Pre-DNS

View Detailed Request Patterns by Workflow

Workflow	Run ID	Allowed	Blocked	Total
Necromancer	25813059143	134	107	241
Slide Deck Maintainer	25813846324	69	0	69
DeepReport - Intelligence Gathering Agent	25809295248	69	0	69
The Daily Repository Chronicle	25811231608	41	0	41
Daily Sub-Agent Optimizer	25808000622	38	0	38
Daily SPDD Spec Planner	25812759514	36	0	36
Delight	25809515280	27	0	27
Daily CLI Performance Agent	25809864905	22	0	22
Dead Code Removal Agent	25808000171	18	0	18
Daily Copilot PR Merged Report	25810687356	17	0	17
Agent Persona Explorer	25811459425	13	0	13
Outcome Collector (×3)	various	27	0	27
Breaking Change Checker	25810047260	8	0	8
Issue Triage Agent	25809416112	5	0	5
Other workflows	various	~25	0	~25

View Complete Blocked Domains List

No named blocked domains identified. All 107 blocked requests were classified as (unknown) — destination not resolved by the firewall at interception time.

🔒 Firewall Security Recommendations

1. Investigate Necromancer (unknown) blocks: 107 blocked requests from Necromancer (run §25813059143) had no resolved domain. Inspect the raw firewall logs for this run to determine the destination IPs or hostnames being contacted. If these are legitimate Codex/OpenAI endpoints, consider adding them to the allowed domain list.
2. Enable domain resolution logging: The (unknown) classification suggests the firewall is blocking traffic before DNS resolution completes. Consider enabling pre-resolution logging to capture destination hostnames even for blocked pre-DNS requests.
3. Review Necromancer network policy: With a 44.4% block rate, Necromancer's network permissions may need tuning — either expanding the allowlist for legitimate AI API endpoints or restricting the engine's network footprint.

---

🔒 DIFC Integrity Analysis

Key DIFC Metrics

Metric	Value
Total filtered events	23
Unique tools filtered	2
Unique workflows affected	2
Most common filter reason	integrity (100%)
Busiest day	2026-05-13 (19 events)

📈 DIFC Events Over Time

DIFC filtering activity is spread across two days: 19 events on 2026-05-13 (Issue Triage Agent) and 4 events on 2026-05-12 (Daily Team Evolution Insights). The concentration on 2026-05-13 reflects today's triage run encountering multiple unapproved-contributor issues in the queue.

🔧 Top Filtered Tools

list_issues (21 events) and search_issues (2 events) are the only two tools filtered. Both are GitHub MCP server tools used for reading issue data. The filtering is correct — these tools attempted to expose issue content from contributors with unapproved or none integrity standing to agents requiring approved-or-higher integrity data.

🏷️ Filter Reasons and Tags

All 23 events (100%) were blocked for integrity reasons. The two tags applied to every event — none:all and unapproved:all — indicate that the triggering issue resources have neither been reviewed nor approved. No secrecy-tag filtering was observed in this period.

📋 Per-Workflow DIFC Breakdown

Workflow	Filtered Events
Issue Triage Agent	19
Daily Team Evolution Insights	4

📋 Per-Server DIFC Breakdown

MCP Server	Filtered Events
github	23

👤 Per-User DIFC Breakdown

Author Login	Filtered Events
NicolasRannou	3
tsm-harmoney	3
jaroslawgajewski	2
sg650	2
jeffhandley	2
octatone	1
rabo-unumed	1
tore-unumed	1
corygehr	1
mason-tim	1
yskopets	1
anthonymastreanvae	1
labudis	1
matiloti	1
danielmeppiel	1
norrietaylor	1

💡 DIFC Tuning Recommendations

1. Review contributor approval status: 16 unique contributors triggered integrity filtering. Consider reviewing whether any should be elevated from unapproved to approved to reduce filtering friction for legitimate contributors.
2. Add pre-check step to Issue Triage Agent: Since 19 of the 23 filtered events came from Issue Triage Agent's list_issues calls, consider adding a deterministic pre-filter step that excludes unapproved-contributor issues before the agent processes them, reducing wasted inference turns.
3. Monitor search_issues filtering: 2 search_issues calls were filtered. If the triage workflow uses search to discover issues, pre-filtering search parameters by approved-contributor association could eliminate these events.
4. Trend watch: With 23 filtered events across just 2 runs, the per-run event rate (~11.5 events/run) is high. If the backlog of unapproved-contributor issues grows, filtering rates will increase proportionally — consider a periodic contributor review process.

---

Generated by the Daily Security Observability workflow (consolidated from Daily Firewall Reporter + Daily DIFC Analyzer)
Analysis window: Last 7 days | Repository: github/gh-aw
Run: https://github.com/github/gh-aw/actions/runs/25812680032

Generated by Daily Security Observability Report · ● 27.2M · ◷

• expires on May 16, 2026, 5:24 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-05-16T17:24:13.777Z.

Closed by Workflow