docs: enhance existing pages with audit cross-references and glossary entries#24453
Merged
docs: enhance existing pages with audit cross-references and glossary entries#24453
Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3fc36686-b218-400c-92b7-61c9a808d60f Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Enhance existing pages with audit cross-references and glossary entries
docs: enhance existing pages with audit cross-references and glossary entries
Apr 4, 2026
…kdown Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1963eb3c-8c61-43d8-8a58-55ccfdc71795 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Contributor
There was a problem hiding this comment.
Pull request overview
Enhances documentation discoverability for the gh aw audit feature by adding cross-references, expanding troubleshooting/monitoring guidance, and introducing related glossary entries.
Changes:
- Added/expanded audit-related guidance in debugging, network troubleshooting, MCP gateway references, monitoring patterns, and cost management.
- Introduced new glossary entries (Audit, Behavior Fingerprint, Firewall Analysis) and updated existing audit-related glossary definitions/links.
- Replaced/updated multi-run “trend” guidance to emphasize
gh aw logs --format markdown.
Show a summary per file
| File | Description |
|---|---|
| docs/src/content/docs/troubleshooting/debugging.md | Expands gh aw audit output description and updates cross-run guidance to gh aw logs --format. |
| docs/src/content/docs/reference/network.md | Adds troubleshooting guidance for using gh aw audit / gh aw audit diff for firewall behavior. |
| docs/src/content/docs/reference/mcp-gateway.md | Adds an audit tip for MCP health inspection and adds an informative reference link to audit docs. |
| docs/src/content/docs/reference/glossary.md | Adds new audit-related glossary entries and updates audit-related links/descriptions. |
| docs/src/content/docs/reference/cost-management.md | Adds a cost-focused pointer to gh aw audit for single-run deep dives and gh aw logs --format for trends. |
| docs/src/content/docs/patterns/monitoring.md | Reworks operational monitoring into an audit-centric section with commands, examples, and automation tip. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 6/6 changed files
- Comments generated: 2
| ### Cross-Run Audit Report (`gh aw logs --format`) | ||
|
|
||
| A feature of `gh aw logs` that aggregates firewall data across multiple workflow runs to produce a cross-run security report. The report includes an executive summary, domain inventory, and per-run breakdown. Designed for security reviews, compliance checks, and feeding debugging or optimization agents. Outputs markdown by default (suitable for `$GITHUB_STEP_SUMMARY`), or pretty/JSON format. See [CLI Reference](/gh-aw/setup/cli/#logs). | ||
| A feature of `gh aw logs` that aggregates firewall, MCP, and metrics data across multiple workflow runs to produce a security and performance report. Includes an executive summary, domain inventory, and per-run breakdown with anomaly detection. Designed for security reviews, compliance checks, and feeding optimization agents. See [Audit Commands](/gh-aw/reference/audit/#gh-aw-logs-format-fmt). |
There was a problem hiding this comment.
The glossary link to the gh aw logs --format <fmt> section likely uses the wrong autogenerated heading anchor. In reference/audit.md the heading text includes --format, which typically slugifies to an anchor with extra hyphens (e.g., gh-aw-logs---format-fmt), so /gh-aw/reference/audit/#gh-aw-logs-format-fmt may 404. Consider either linking to /gh-aw/reference/audit/ without an anchor or updating the anchor to match the generated slug (or adding an explicit heading ID in reference/audit.md and linking to that).
Suggested change
| A feature of `gh aw logs` that aggregates firewall, MCP, and metrics data across multiple workflow runs to produce a security and performance report. Includes an executive summary, domain inventory, and per-run breakdown with anomaly detection. Designed for security reviews, compliance checks, and feeding optimization agents. See [Audit Commands](/gh-aw/reference/audit/#gh-aw-logs-format-fmt). | |
| A feature of `gh aw logs` that aggregates firewall, MCP, and metrics data across multiple workflow runs to produce a security and performance report. Includes an executive summary, domain inventory, and per-run breakdown with anomaly detection. Designed for security reviews, compliance checks, and feeding optimization agents. See [Audit Commands](/gh-aw/reference/audit/). |
| 5. Update readiness based on critical server status | ||
|
|
||
| > [!TIP] | ||
| > To inspect MCP server health for a specific workflow run at runtime, use `gh aw audit <run-id>`. The **MCP Server Health** section of the audit report shows connection failures, timeout errors, tool call counts, and error rates per server — providing a post-run view of gateway behavior. For recurring MCP failures, `gh aw audit diff` compares MCP tool usage between two runs to identify regressions. See [Audit Commands](/gh-aw/reference/audit/). |
There was a problem hiding this comment.
This TIP says you can inspect MCP server health "at runtime" via gh aw audit <run-id>, but gh aw audit is a post-run analysis command (it downloads artifacts/logs from a completed run). Rewording to avoid implying live/runtime introspection would prevent confusion (e.g., "for a specific workflow run" / "after the run completes").
Suggested change
| > To inspect MCP server health for a specific workflow run at runtime, use `gh aw audit <run-id>`. The **MCP Server Health** section of the audit report shows connection failures, timeout errors, tool call counts, and error rates per server — providing a post-run view of gateway behavior. For recurring MCP failures, `gh aw audit diff` compares MCP tool usage between two runs to identify regressions. See [Audit Commands](/gh-aw/reference/audit/). | |
| > To inspect MCP server health for a specific workflow run after the run completes, use `gh aw audit <run-id>`. The **MCP Server Health** section of the audit report shows connection failures, timeout errors, tool call counts, and error rates per server — providing a post-run view of gateway behavior. For recurring MCP failures, `gh aw audit diff` compares MCP tool usage between two runs to identify regressions. See [Audit Commands](/gh-aw/reference/audit/). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several documentation pages lacked cross-references to the audit feature, reducing discoverability for users arriving via related topics (network, MCP, cost, monitoring, debugging).
Glossary (
reference/glossary.md)Audit (gh aw audit)— single-run analysis commandBehavior Fingerprint— multi-dimensional run characterization (network, tools, tokens, assessments)Firewall Analysis— per-run breakdown of allowed/blocked domains with policy attributionAudit DiffandCross-Run Audit Report— link to/reference/audit/instead of the generic CLI reference; expanded descriptions to cover MCP and metrics dimensionsMonitoring (
patterns/monitoring.md)gh aw logs --format markdownNetwork (
reference/network.md)gh aw auditandgh aw audit diffto the Troubleshooting section for inspecting and comparing firewall behavior per run[Audit Commands]to Related DocumentationMCP Gateway (
reference/mcp-gateway.md)gh aw auditfor runtime MCP server health inspection andaudit difffor regression detection[gh-aw-audit]to Informative ReferencesDebugging (
troubleshooting/debugging.md)gh aw logs --formatfor trend analysisCost Management (
reference/cost-management.md)gh aw auditfor single-run cost deep-dives andgh aw logs --format markdownfor cross-run trends