[daily-firewall-report] Daily Firewall Report - 2026-05-17

[github-actions[bot]]

🔥 Executive Summary

This daily firewall report covers the 7-day window ending 2026-05-17. A total of 38 workflow runs with firewall enabled were identified and audited. However, none of the 38 runs produced a firewall-audit-logs artifact, which is the artifact that carries Squid access logs, policy manifests, and API proxy token usage. As a result, all network-level counters are zero for this reporting period.

This is a data-availability issue rather than a security concern: the firewall was configured on all 38 runs but the audit-log upload step either did not execute (e.g. run was cancelled before that step) or the artifact has since expired.

---

📊 Key Metrics

Metric	Value
Workflow runs analyzed	38
🔥 Total network requests monitored	0
✅ Allowed requests	0
🚫 Blocked requests	0
Block rate	0%
Unique blocked domains	0

---

🚫 Top Blocked Domains

No blocked-domain data was available for this reporting period. All 38 audited runs lacked the firewall-audit-logs artifact required to extract domain-level statistics.

---

📋 Policy Rule Attribution

No policy rule data was available for this reporting period.

---

📈 30-Day Firewall Trends

---

View Detailed Request Patterns by Workflow

No per-workflow breakdown available — firewall-audit-logs artifact was absent from all 38 runs.

View Complete Blocked Domains List

No domain data available for this reporting period.

---

🔒 Security Recommendations

1. Investigate missing firewall-audit-logs artifacts: All 38 firewall-enabled runs are missing this artifact. Check whether the firewall upload step is correctly configured and whether runs are completing before the artifact upload step.
2. Verify firewall is actually intercepting traffic: The logs tool reports firewall enabled (squid) for these runs, but the absence of audit artifacts means we cannot confirm traffic was actually proxied and logged.
3. Check artifact retention policy: GitHub Actions artifacts expire after a configurable retention period. If the runs are older than the retention window, audit logs will no longer be available.
4. Add monitoring: Consider adding an alert if firewall-audit-logs is missing from firewall-enabled runs — this could indicate a silent failure in the firewall pipeline.

---

View All 38 Audited Run IDs

Run ID	Artifacts Present	firewall-audit-logs?
§25980100097	activation	❌
§25978031559	activation, agent, detection, safe-outputs-items	❌
§25979007792	activation, agent, detection, safe-outputs-items	❌
§25977988201	activation, agent, detection, safe-outputs-items	❌
§25977875231	activation, agent, detection, safe-outputs-items	❌
§25977842927	activation, agent, detection, safe-outputs-items	❌
§25977744938	activation, agent, detection, safe-outputs-items, repo-memory-default	❌
§25977794955	activation, agent, detection, safe-outputs-items	❌
§25977901750	activation, agent, detection, safe-outputs-items, dockerbuild	❌
§25977675129	activation, agent, detection, safe-outputs-items	❌
§25976570246	activation, agent, detection, safe-outputs-items, repo-memory-default	❌
§25976567436	activation, agent, detection, safe-outputs-items, model-manifests	❌
§25976367710	activation, agent, detection, safe-outputs-items	❌
§25976455051	activation, agent, detection, safe-outputs-items	❌
§25976346322	activation, agent, detection, safe-outputs-items	❌
§25976055625	activation, agent, detection, safe-outputs-items, experiment	❌
§25975883485	activation, agent, detection, safe-outputs-items	❌
§25975333684	activation, agent, detection, safe-outputs-items	❌
§25975077576	activation, agent, safe-outputs-items, repo-memory-default	❌
§25976371401	activation, agent, detection, safe-outputs-items, dockerbuild	❌
§25974669852	activation, agent, detection, safe-outputs-items	❌
§25974650357	activation, agent	❌
§25974650391	activation, agent, detection, safe-outputs-items	❌
§25974650377	activation, agent, detection, safe-outputs-items	❌
§25974126576	activation, agent, detection, safe-outputs-items	❌
§25973825488	activation, agent, detection, safe-outputs-items	❌
§25973414422	activation, agent, detection, safe-outputs-items	❌
§25973086347	activation, agent, detection, safe-outputs-items	❌
§25973283855	activation, agent, detection, safe-outputs-items	❌
§25972940078	activation, agent, detection, safe-outputs-items	❌
§25972743169	activation, agent	❌
§25972805272	activation, agent	❌
§25972696055	activation, agent, repo-memory-default	❌
§25972537381	activation, agent	❌
§25972929656	activation, agent, detection, safe-outputs-items, dockerbuild	❌
§25973335014	activation, agent, detection, safe-outputs-items, safe-outputs-assets, repo-memory-default, dockerbuild	❌
§25972456969	activation, agent	❌
§25972474953	activation, agent, safe-outputs-items, repo-memory-default	❌

---

References:

• §25980100097
• §25978031559
• §25979007792

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• productionresultssa5.blob.core.windows.net

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "productionresultssa5.blob.core.windows.net"

See Network Configuration for more information.

Generated by 🔒 Daily Firewall Logs Collector and Reporter · ● 21.4M · ◷

• expires on May 20, 2026, 3:30 AM UTC