You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This report summarizes all network firewall activity across agentic workflows for 2026-03-27. A total of 43 firewall-enabled workflow runs were analyzed, representing the full available dataset. All runs are from today — this is an early-stage dataset as the firewall feature has been recently rolled out across workflows.
⚠️Limited Data Range: All 43 analyzed runs are from 2026-03-27 only. Trend charts show hourly breakdowns rather than multi-day trends. As more data accumulates over coming days, these charts will evolve into multi-day trend lines.
Key Metrics
Metric
Value
🔍 Workflow runs analyzed
43
📅 Date range
2026-03-27
📊 Total network requests
1,343
✅ Allowed requests
1,303 (97.0%)
🚫 Blocked requests
40 (3.0%)
🌐 Unique blocked domains
7
🌐 Unique allowed domains
~30+
Block rate: 3.0% — the vast majority of traffic is flowing normally.
Top Blocked Domains
#
Domain
Blocks
Workflows
Category
1
ab.chatgpt.com
13
AI Moderator, Smoke Codex
AI Services
2
proxy.golang.org
12
Dependabot Dependency Checker
Dev Services
3
chatgpt.com
4
AI Moderator, Smoke Codex
AI Services
4
invalid.example.invalid
4
jsweep - JavaScript Unbloater, Code Simplifier
Test/Bogus
5
github.com
3
AI Moderator
GitHub
6
api.github.com
3
AI Moderator
GitHub
7
storage.googleapis.com
1
GPL Dependency Cleaner (gpclean)
Google/CDN
📈 Firewall Activity Trends
Request Patterns (Hourly, 2026-03-27)
Firewall activity is concentrated in the early morning UTC hours (00:00–04:00) with a large burst of allowed traffic during the 01:00 hour, when many scheduled workflows trigger simultaneously. Blocked requests are sparse and spread across the day, with the 00:00 and 01:00 UTC hours seeing the most denied traffic. The overall traffic volume drops significantly after 04:00 UTC, suggesting most scheduled workflows run in a narrow overnight window.
Top Blocked Domains
The two dominant blocked domains — ab.chatgpt.com and proxy.golang.org — account for over 60% of all blocked requests. The AI Moderator and Smoke Codex workflows are probing external AI service endpoints (ChatGPT), which are appropriately denied by policy. The proxy.golang.org blocks suggest the Dependabot Dependency Checker is attempting to fetch Go module proxies which haven't been allowlisted.
Domain Analysis
AI Services (chatgpt.com, ab.chatgpt.com)
These blocks originate from the AI Moderator and Smoke Codex workflows. These appear to be intentional security testing scenarios — the workflows likely test that unauthorized AI endpoints are correctly blocked. No action needed unless these workflows require actual ChatGPT access.
Go Module Proxy (proxy.golang.org)
The Dependabot Dependency Checker is making 12 requests to proxy.golang.org:443, all blocked. This is likely a legitimate Go toolchain operation during dependency checking. If this workflow needs to resolve Go dependencies, proxy.golang.org should be added to its allowed domains list.
Test Domain (invalid.example.invalid)
Used by jsweep - JavaScript Unbloater and Code Simplifier — this appears to be an intentional test domain used to verify network behavior. Expected and harmless.
GitHub Domains (github.com, api.github.com)
Blocked 3 times each by AI Moderator. This is unusual — github.com and api.github.com are typically allowlisted in all workflows. This could indicate the AI Moderator uses a more restrictive network policy intentionally (for security testing) or there's a misconfiguration in its allowed domains list.
Google Storage (storage.googleapis.com)
One block from GPL Dependency Cleaner (gpclean). Likely an incidental download attempt.
🟡 Add proxy.golang.org to Dependabot Dependency Checker's allowed domains
The Dependabot Dependency Checker needs Go module proxy access. Update its frontmatter to include proxy.golang.org or add it to the go preset in allowed domains.
🔵 Investigate github.com / api.github.com blocks in AI Moderator
The AI Moderator is having github.com and api.github.com blocked — these are typically always-allowed domains. Verify whether this is intentional (security test) or a misconfiguration. If accidental, add these domains to the workflow's allowed list.
✅ ChatGPT/OpenAI blocks are expected
The ab.chatgpt.com and chatgpt.com blocks in Smoke Codex and AI Moderator appear to be intentional security tests verifying that external AI endpoints are correctly blocked. No action needed.
✅ invalid.example.invalid is a test domain
These blocks are by design in jsweep and Code Simplifier workflows. No action needed.
🟡 Expand historical data collection
This is the first day of firewall data collection for this report. As data accumulates, trend analysis will become more meaningful. Consider retaining 30 days of firewall logs for richer analysis.
🔵 Monitor storage.googleapis.com
A single block from GPL Dependency Cleaner. If this workflow needs to download packages from Google Cloud Storage, add storage.googleapis.com to its allowed domains list.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
This report summarizes all network firewall activity across agentic workflows for 2026-03-27. A total of 43 firewall-enabled workflow runs were analyzed, representing the full available dataset. All runs are from today — this is an early-stage dataset as the firewall feature has been recently rolled out across workflows.
Key Metrics
Block rate: 3.0% — the vast majority of traffic is flowing normally.
Top Blocked Domains
ab.chatgpt.comproxy.golang.orgchatgpt.cominvalid.example.invalidgithub.comapi.github.comstorage.googleapis.com📈 Firewall Activity Trends
Request Patterns (Hourly, 2026-03-27)
Firewall activity is concentrated in the early morning UTC hours (00:00–04:00) with a large burst of allowed traffic during the 01:00 hour, when many scheduled workflows trigger simultaneously. Blocked requests are sparse and spread across the day, with the 00:00 and 01:00 UTC hours seeing the most denied traffic. The overall traffic volume drops significantly after 04:00 UTC, suggesting most scheduled workflows run in a narrow overnight window.
Top Blocked Domains
The two dominant blocked domains —
ab.chatgpt.comandproxy.golang.org— account for over 60% of all blocked requests. The AI Moderator and Smoke Codex workflows are probing external AI service endpoints (ChatGPT), which are appropriately denied by policy. Theproxy.golang.orgblocks suggest the Dependabot Dependency Checker is attempting to fetch Go module proxies which haven't been allowlisted.Domain Analysis
AI Services (chatgpt.com, ab.chatgpt.com)
These blocks originate from the AI Moderator and Smoke Codex workflows. These appear to be intentional security testing scenarios — the workflows likely test that unauthorized AI endpoints are correctly blocked. No action needed unless these workflows require actual ChatGPT access.
Go Module Proxy (proxy.golang.org)
The Dependabot Dependency Checker is making 12 requests to
proxy.golang.org:443, all blocked. This is likely a legitimate Go toolchain operation during dependency checking. If this workflow needs to resolve Go dependencies,proxy.golang.orgshould be added to its allowed domains list.Test Domain (invalid.example.invalid)
Used by jsweep - JavaScript Unbloater and Code Simplifier — this appears to be an intentional test domain used to verify network behavior. Expected and harmless.
GitHub Domains (github.com, api.github.com)
Blocked 3 times each by AI Moderator. This is unusual —
github.comandapi.github.comare typically allowlisted in all workflows. This could indicate the AI Moderator uses a more restrictive network policy intentionally (for security testing) or there's a misconfiguration in its allowed domains list.Google Storage (storage.googleapis.com)
One block from GPL Dependency Cleaner (gpclean). Likely an incidental download attempt.
View Detailed Request Patterns by Workflow
Workflows with Blocked Traffic
Workflows with Clean Traffic (0 blocked)
All other 37 workflows had 100% allow rates, indicating their network permission configurations are well-tuned.
Top allowed domains across all workflows:
api.githubcopilot.com— primary AI inference endpoint (majority of traffic)uploads.github.com— artifact and asset uploadsobjects.githubusercontent.com— GitHub object storageregistry.npmjs.org— npm package registrypypi.org— Python package indexfiles.pythonhosted.org— Python packagesView Complete Blocked Domains List
ab.chatgpt.comproxy.golang.orgchatgpt.cominvalid.example.invalidgithub.comapi.github.comstorage.googleapis.comSecurity Recommendations
🟡 Add
proxy.golang.orgto Dependabot Dependency Checker's allowed domainsThe Dependabot Dependency Checker needs Go module proxy access. Update its frontmatter to include
proxy.golang.orgor add it to thegopreset in allowed domains.🔵 Investigate
github.com/api.github.comblocks in AI ModeratorThe AI Moderator is having
github.comandapi.github.comblocked — these are typically always-allowed domains. Verify whether this is intentional (security test) or a misconfiguration. If accidental, add these domains to the workflow's allowed list.✅ ChatGPT/OpenAI blocks are expected
The
ab.chatgpt.comandchatgpt.comblocks in Smoke Codex and AI Moderator appear to be intentional security tests verifying that external AI endpoints are correctly blocked. No action needed.✅
invalid.example.invalidis a test domainThese blocks are by design in jsweep and Code Simplifier workflows. No action needed.
🟡 Expand historical data collection
This is the first day of firewall data collection for this report. As data accumulates, trend analysis will become more meaningful. Consider retaining 30 days of firewall logs for richer analysis.
🔵 Monitor
storage.googleapis.comA single block from GPL Dependency Cleaner. If this workflow needs to download packages from Google Cloud Storage, add
storage.googleapis.comto its allowed domains list.References:
Beta Was this translation helpful? Give feedback.
All reactions