[integrity] DIFC Integrity-Filtered Events Report — 2026-03-27

[github-actions[bot]]

Executive Summary

In the last 7 days, 746 DIFC integrity-filtered events were detected across 58 workflow runs. The most frequently filtered tool was list_issues (526 events — 70.5% of all events), and the dominant filter reason was integrity_blocked (100% of events). The pattern is highly concentrated on March 26 (560 events) with a further 186 events on March 27, suggesting a recent uptick driven by new external issues and PRs authored by contributors without approved integrity standing.

The filtering is almost entirely driven by two workflows — AI Moderator (267 events) and Auto-Triage Issues (248 events) — which are tasked with reading and moderating content from untrusted contributors. Every single filtered event is an integrity block: resources authored by none:all or unapproved:all contributors are being correctly quarantined. No secrecy filtering was observed. The high volume indicates the integrity system is operating as expected, though the frequency of missing_data reports from AI Moderator warrants attention.

Key Metrics

Metric	Value
Total filtered events	746
Unique tools filtered	5
Unique workflows affected	11
Most common filter reason	integrity_blocked (100%)
Busiest day	2026-03-26 (560 events)
Busiest workflow	AI Moderator (267 events)
Busiest user (most blocked content)	szabta89 (109 events)

📈 Events Over Time

Activity is concentrated over two days (March 26–27), with March 26 accounting for 75% of total events. The spike on March 26 is driven by a burst of new issues and a Sub-Issue Closer / Dev workflow run with unusually high filter counts. The pattern reflects normal repository activity as external contributors file issues and PRs.

🔧 Top Filtered Tools

list_issues dominates with 526 events (70.5%) — this is the bulk listing tool used by Auto-Triage Issues, Sub-Issue Closer, and similar workflows when they scan all open issues and filter out low-integrity ones row by row. search_issues (160, 21.4%) and issue_read (50, 6.7%) follow. A small number of pull_request_read (6) and search_pull_requests (4) events are also present, coming mainly from the Smoke Claude workflow encountering an integrity-restricted PR.

🏷️ Filter Reasons and Tags

100% of filtering is integrity-based (no secrecy filtering detected). All 746 events carry the none:all integrity tag, meaning content authored by users with no established integrity level. 263 of these additionally carry unapproved:all, indicating content flagged as explicitly unapproved. No secrecy tags appeared, confirming the system is not over-restricting based on data sensitivity — only origin trustworthiness.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
AI Moderator	267
Auto-Triage Issues	248
Sub-Issue Closer	61
Dev	61
Issue Triage Agent	50
The Daily Repository Chronicle	25
Daily Team Evolution Insights	12
DeepReport - Intelligence Gathering Agent	8
Smoke Claude	5
Daily Documentation Updater	4
Workflow Health Manager - Meta-Orchestrator	3
Code Simplifier	1
Release	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	746

All filtered events come exclusively from the github MCP server — no other servers produced integrity-filtered output.

👤 Per-User Breakdown (top 20)

Author Login	Filtered Events
szabta89	109
dsyme	91
grahame-white	61
deyaaeldeen	56
mnkiefer	35
danielmeppiel	31
srgibbs99	29
samuelkahessay	27
bindsi	21
mlinksva	21
camposbrunocampos	20
(unknown/no login)	20
dbudym-cs	17
TiggySravan	15
veverkap	15
eaftan	14
bryanchen-d	13
abillingsley	12
Henry-Shan	10
diogenesc	7

🔍 Per-User Analysis

The filtered events are distributed across many distinct human contributors — no bot accounts appear in the top list, suggesting this is genuine external contributor activity rather than automated spam. The top three contributors (szabta89, dsyme, grahame-white) together account for 261 events (35% of total), which is consistent with being active issue filers without yet-approved integrity standing. Several contributors with CONTRIBUTOR association (e.g., szabta89, eaftan, mnkiefer) also appear — their issues are still tagged none:all or unapproved:all until explicitly approved.

💡 Tuning Recommendations

1. Approve high-volume external contributors — Contributors like szabta89 (109 events), dsyme (91), grahame-white (61), and deyaaeldeen (56) have substantial engagement history. If their content is legitimate, approving their integrity level would eliminate 35–50% of filter noise immediately and allow AI Moderator / Auto-Triage to process their issues.

2. Review unapproved:all tag usage — 263 of 746 events (35%) carry unapproved:all in addition to none:all. These resources have been explicitly flagged as unapproved rather than merely lacking approval. Review whether these are old flagged issues that should be re-evaluated or permanently suppressed.

3. AI Moderator cannot moderate what it cannot read — Every AI Moderator run that encountered an integrity-blocked issue ended with a missing_data report and no moderation action. This creates a circular dependency: AI Moderator needs to read content to moderate it, but DIFC blocks unmoderated content. Consider a pre-moderation pipeline that runs with elevated integrity access before the AI Moderator workflow ingests content.

4. Dev workflow spike warrants investigation — The Dev workflow produced 61 filtered events in a single run (run §23586783098), which failed. This is unusually high for a Dev workflow and suggests it scanned a large issue list. Investigate whether this run's issue-listing behavior was intentional and whether its scope should be narrowed.

5. Auto-Triage Issues: reduce list_issues fan-out — Auto-Triage is responsible for most list_issues filtering (it lists all open issues and each blocked item generates an event). Consider pre-filtering by author_association before fetching full issue lists, or moving from list_issues to targeted issue_read calls for already-identified issues. This would dramatically reduce per-run event counts.

6. Monitor increasing trend — With 560 events on March 26 alone vs. historical baselines, the filter rate is increasing. This is consistent with a growing number of open external issues in the backlog. Track weekly totals to detect if the rate continues to rise — sustained growth may indicate the approved-contributor list needs regular curation.

References:

• §23586783098 — Dev workflow, 61 filtered events (failed)
• §23572096422 — Auto-Triage Issues, 77 filtered events (failed)
• §23662084001 — Auto-Triage Issues, 26 filtered events

AI generated by Daily DIFC Integrity-Filtered Events Analyzer · history

• expires on Mar 30, 2026, 8:41 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #23479.