[deep-report] Enable firewall policy attribution artifacts to resolve 362 '(unknown)' blocked requests

[github-actions]

Description

The Daily Firewall Report for 2026-04-30 found 362 out of 372 blocked requests labeled as (unknown) — meaning the firewall is blocking traffic to unresolved/unnamed destinations with no policy rule attribution. 12 distinct workflows are affected. Without policy-manifest.json and audit.jsonl artifacts enabled, it is impossible to determine which deny rules are responsible or whether these blocks represent legitimate security enforcement vs. misconfiguration.

The firewall report explicitly recommends enabling these artifacts for rule-level attribution. Currently no policy_analysis data was available for any of the 45 analyzed runs.

Expected Impact

Enabling these artifacts would transform the (unknown) block category into actionable intelligence: which deny rules fire, which workflows trigger them, and whether they need network policy updates. This directly improves the security observability signal quality from ~6% attribution to ~100%.

Suggested Agent

Workflow Normalizer or a configuration agent that can update the firewall policy configuration across affected workflows.

Estimated Effort

Quick (< 1 hour): add policy-manifest.json and audit.jsonl artifact generation to the firewall policy configuration.

Data Source

• DeepReport Intelligence Briefing — April 30, 2026
• Daily Firewall Report — 2026-04-30

Generated by DeepReport - Intelligence Gathering Agent · ● 573.9K · ◷

• expires on May 2, 2026, 3:37 PM UTC

[github-actions]

🍪 Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · ● 13.2K · ◷