You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This report covers firewall activity across all agentic workflows in the github/gh-aw repository for April 8, 2026. A total of 30 firewall-enabled workflow runs were analyzed, generating 626 total network requests. The overall block rate is low at 2.9% (18 blocked out of 626 total), with blocking concentrated in 3 workflows running the Codex engine — all attempting to reach ChatGPT domains (chatgpt.com, ab.chatgpt.com) that are not in any allowed-domain list.
A notable finding is that the Changeset Generator workflow also attempted to reach github.com and api.github.com directly, which were blocked because its allowed-domains config (defaults, node, go) does not include the github preset — this is a misconfiguration that may impair functionality.
📈 Firewall Activity Trends
Request Patterns
The majority of network traffic is legitimate and allowed. The heaviest consumers are the Daily Community Attribution Updater (167 requests), Glossary Maintainer (124), and Daily Go Function Namer / Daily Testify Uber Super Expert (80 each). The three workflows with blocked traffic — Changeset Generator, Smoke Codex, and AI Moderator — are all running the Codex engine.
Top Blocked Domains
ChatGPT-related domains dominate the blocked list, accounting for 13 of 18 blocked requests (72%). These appear to be telemetry or home-call requests initiated by the Codex engine itself rather than intentional workflow actions. The 5 GitHub-related blocks in Changeset Generator are a separate misconfiguration issue.
All 18 blocked requests matched the deny-default rule (domains not in any allow list). There were no unsafe-port or raw IP access attempts.
Rule Effectiveness: The deny-default rule is doing all the blocking work, catching both the Codex engine telemetry calls and the GitHub misconfiguration. The allow-both-plain rule handles all legitimate traffic. The deny-raw-ipv4/deny-raw-ipv6 rules had zero hits today — indicating no bypass attempts.
Workflow: AI Moderator (run 24122554196) — Codex engine
Domain
Allowed
Blocked
Block Rate
github.com
2
0
0%
api.openai.com
1
0
0%
chatgpt.com
0
1
100%
ab.chatgpt.com
0
1
100%
Allowed domains config: defaults, github
Total blocked: 2 | Total allowed: 21
View Complete Blocked Domains List (Alphabetical)
Domain
Total Blocks
Category
Workflows
ab.chatgpt.com
10
AI/ChatGPT Telemetry
Changeset Generator, Smoke Codex, AI Moderator
api.github.com
1
Development
Changeset Generator
chatgpt.com
3
AI/ChatGPT
Changeset Generator, Smoke Codex, AI Moderator
codeload.github.com
1
Development
Changeset Generator
github.com
3
Development
Changeset Generator
💡 Security Recommendations
🔧 Fix Changeset Generator allowed-domains configuration — The workflow uses ['defaults', 'node', 'go'] but is attempting to access github.com, api.github.com, and codeload.github.com. Since this workflow likely needs GitHub access for changeset operations, the github preset should be added to its allowed_domains config. This is a functionality issue, not just a security one.
🔍 Investigate Codex engine ChatGPT telemetry — All three Codex-engine workflows (Changeset Generator, Smoke Codex, AI Moderator) attempt to connect to ab.chatgpt.com and chatgpt.com. These appear to be background telemetry or home-call requests from the Codex model runtime. Since chatgpt.com is not an OpenAI API domain (unlike api.openai.com, which is allowed and working), these calls appear to be analytics beacons. No action needed from a security perspective — the firewall is correctly blocking these. Monitor for increases in frequency.
✅ All GitHub domain blocks are misconfiguration — The github.com, api.github.com, and codeload.github.com blocks are not security concerns; they are configuration issues in Changeset Generator. The github preset should be added.
📊 Zero unsafe-port or IP-bypass attempts — No workflow attempted to connect to raw IP addresses or non-standard ports, indicating no active evasion attempts. The protective rules (deny-raw-ipv4, deny-raw-ipv6, deny-unsafe-ports) had zero hits.
🟡 27 of 30 runs produced zero blocked requests — Most workflows are operating cleanly within their network permissions. Only Codex-engine workflows are generating blocked requests, all from the same pattern.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
📊 Executive Summary
This report covers firewall activity across all agentic workflows in the
github/gh-awrepository for April 8, 2026. A total of 30 firewall-enabled workflow runs were analyzed, generating 626 total network requests. The overall block rate is low at 2.9% (18 blocked out of 626 total), with blocking concentrated in 3 workflows running the Codex engine — all attempting to reach ChatGPT domains (chatgpt.com,ab.chatgpt.com) that are not in any allowed-domain list.A notable finding is that the Changeset Generator workflow also attempted to reach
github.comandapi.github.comdirectly, which were blocked because its allowed-domains config (defaults,node,go) does not include thegithubpreset — this is a misconfiguration that may impair functionality.📈 Firewall Activity Trends
Request Patterns
The majority of network traffic is legitimate and allowed. The heaviest consumers are the Daily Community Attribution Updater (167 requests), Glossary Maintainer (124), and Daily Go Function Namer / Daily Testify Uber Super Expert (80 each). The three workflows with blocked traffic — Changeset Generator, Smoke Codex, and AI Moderator — are all running the Codex engine.
Top Blocked Domains
ChatGPT-related domains dominate the blocked list, accounting for 13 of 18 blocked requests (72%). These appear to be telemetry or home-call requests initiated by the Codex engine itself rather than intentional workflow actions. The 5 GitHub-related blocks in Changeset Generator are a separate misconfiguration issue.
📋 Key Metrics
🚫 Top Blocked Domains
ab.chatgpt.comchatgpt.comgithub.comapi.github.comcodeload.github.com🛡️ Policy Rule Attribution
Policy Configuration (from analyzed runs): 6 rules, SSL Bump disabled, DLP disabled
deny-unsafe-portsdeny-connect-unsafe-portsdeny-raw-ipv4deny-raw-ipv6allow-both-plaindeny-defaultAll 18 blocked requests matched the
deny-defaultrule (domains not in any allow list). There were no unsafe-port or raw IP access attempts.Rule Effectiveness: The
deny-defaultrule is doing all the blocking work, catching both the Codex engine telemetry calls and the GitHub misconfiguration. Theallow-both-plainrule handles all legitimate traffic. Thedeny-raw-ipv4/deny-raw-ipv6rules had zero hits today — indicating no bypass attempts.View Detailed Request Patterns by Workflow
Workflow: Changeset Generator (run
24120376708) — Codex engineregistry.npmjs.orgproxy.golang.orgab.chatgpt.comgithub.comapi.openai.comstorage.googleapis.comchatgpt.comapi.github.comcodeload.github.comdefaults,node,go(missinggithubpreset)Workflow: Smoke Codex (run
24120376714) — Codex enginegithub.comab.chatgpt.comproxy.golang.orgapi.openai.comstorage.googleapis.comchatgpt.comdefaults,github,playwrightWorkflow: AI Moderator (run
24122554196) — Codex enginegithub.comapi.openai.comchatgpt.comab.chatgpt.comdefaults,githubView Complete Blocked Domains List (Alphabetical)
ab.chatgpt.comapi.github.comchatgpt.comcodeload.github.comgithub.com💡 Security Recommendations
🔧 Fix Changeset Generator allowed-domains configuration — The workflow uses
['defaults', 'node', 'go']but is attempting to accessgithub.com,api.github.com, andcodeload.github.com. Since this workflow likely needs GitHub access for changeset operations, thegithubpreset should be added to itsallowed_domainsconfig. This is a functionality issue, not just a security one.🔍 Investigate Codex engine ChatGPT telemetry — All three Codex-engine workflows (
Changeset Generator,Smoke Codex,AI Moderator) attempt to connect toab.chatgpt.comandchatgpt.com. These appear to be background telemetry or home-call requests from the Codex model runtime. Sincechatgpt.comis not an OpenAI API domain (unlikeapi.openai.com, which is allowed and working), these calls appear to be analytics beacons. No action needed from a security perspective — the firewall is correctly blocking these. Monitor for increases in frequency.✅ All GitHub domain blocks are misconfiguration — The
github.com,api.github.com, andcodeload.github.comblocks are not security concerns; they are configuration issues in Changeset Generator. Thegithubpreset should be added.📊 Zero unsafe-port or IP-bypass attempts — No workflow attempted to connect to raw IP addresses or non-standard ports, indicating no active evasion attempts. The protective rules (
deny-raw-ipv4,deny-raw-ipv6,deny-unsafe-ports) had zero hits.🟡 27 of 30 runs produced zero blocked requests — Most workflows are operating cleanly within their network permissions. Only Codex-engine workflows are generating blocked requests, all from the same pattern.
References:
Beta Was this translation helpful? Give feedback.
All reactions