[integrity] DIFC Integrity-Filtered Events Report — 2026-03-30

[github-actions[bot]]

Executive Summary

In the last 7 days, 530 DIFC integrity-filtered events were detected across 30 workflow runs and 15 distinct workflows. The most frequently filtered tool was search_issues (262 events, 49%), followed closely by list_issues (164 events, 31%). The dominant — in fact, sole — filter reason was integrity: every single event was triggered by resources (issues or pull requests) carrying none:all integrity tags, meaning they were authored by contributors whose content has not been approved for agentic consumption.

The trend shows a sharp spike on 2026-03-30 (423 events, ~80% of the week's total), concentrated especially in the Organization Health Report workflow (247 events) and Auto-Triage Issues (120 events across multiple runs). The Organization Health Report alone accounts for nearly half of all filtered events from a single run, suggesting it iterates over a large set of issues — many of which are authored by external contributors. The Monday spike is structural: scheduled workflows that scan large issue backlogs (triage, health reports, summaries) all tend to trigger on the same day.

Key Metrics

Metric	Value
Total filtered events	530
Unique tools filtered	5 (search_issues, list_issues, search_pull_requests, issue_read, pull_request_read)
Unique workflows affected	15
Most common filter reason	integrity (100%)
Busiest day	2026-03-30 (423 events)
Most-filtered workflow	Organization Health Report (247 events)
Most-filtered user (issue author)	szabta89 (53 events)
Integrity tag coverage	none:all 530×, unapproved:all 112×

📈 Events Over Time

The volume is heavily right-skewed: 423 events (80%) landed on March 30, compared to 81 on March 29 and only 26 on March 28. This pattern tracks the schedule of bulk-scanning workflows (Issue Triage, Organization Health Report, Weekly Issue Summary). The spike is not a sign of system degradation — it reflects a concentration of scheduled workflow runs on a single day processing a growing backlog of unapproved issues.

🔧 Top Filtered Tools

search_issues (49%) and list_issues (31%) dominate because triage and health workflows enumerate large issue lists. Every unapproved issue encountered in a list result is individually filtered. search_pull_requests (18%) shows up primarily from the Organization Health Report. The issue_read and pull_request_read calls (4 each) indicate a small number of targeted reads on specific low-integrity resources.

🏷️ Filter Reasons and Tags

100% of events are integrity filtered — no secrecy-tag filtering occurred this week. The none:all tag appears on all 530 filtered resources (contributors with no integrity approval), while unapproved:all appears on 112 resources (contributors with an explicit "unapproved" marking). No secrecy tags were involved, confirming that DIFC is working as intended: it prevents agents from reading issue/PR content authored by untrusted external contributors.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
Organization Health Report	247
Auto-Triage Issues	120
Weekly Issue Summary	61
Sub-Issue Closer	37
Issue Triage Agent	21
Dev	16
Workflow Health Manager - Meta-Orchestrator	11
GitHub Remote MCP Authentication Test	3
Smoke Copilot	3
The Daily Repository Chronicle	3
Daily Team Evolution Insights	2
Release	2
Daily Documentation Updater	2
Smoke Claude	1
AI Moderator	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	530

All filtering was performed by the github MCP server, which enforces DIFC integrity checks on every resource it returns. No other servers were involved.

👤 Per-User Breakdown (top 30 issue authors whose content was blocked)

Author Login	Filtered Events
szabta89	53
j-srodka	38
danielmeppiel	36
mnkiefer	23
deyaaeldeen	17
johnpreed	14
stiliyana94	12
grahame-white	11
samuelkahessay	11
hacnho	10
TiggySravan	9
veverkap	9
srgibbs99	7
lpcox	6
rudroroy4058-cyber	6
rajuahmead179-collab	6
razajohn44442860-create	6
lupoaiappsstore	6
aaronpowell	6
bindsi	5
dbudym-cs	5
camposbrunocampos	5
mlinksva	5
eaftan	4
Esomoire-consultancy-Company	4
benissimo	4
jaroslawgajewski	4
schneidergithub	4
henrycatalinismith	4
moeyui1	4

🔍 Per-User Analysis

All filtered events originate from human contributors, not bots. The top-blocked user is szabta89 (53 events), followed by j-srodka (38) and danielmeppiel (36). These counts reflect how many times their issues appeared in filtered list/search results across multiple workflow runs — not necessarily 53 distinct issues. The long tail (130+ unique users with 1–3 events) shows a healthy, diverse contributor base that the integrity system is correctly quarantining from agentic processing until their contributions are approved. There is no anomalous automation behavior; the filtering is working as designed.

💡 Tuning Recommendations

1. Review the Organization Health Report workflow for list-pagination efficiency. It produced 247 filtered events in a single run, indicating it fetches large paginated issue/PR lists without pre-filtering by integrity label. Consider adding a filter to only fetch approved or member-labelled issues, or use a pre-step to scope the query, to reduce DIFC pressure and improve run performance.

2. Consider approving high-frequency contributors. Users szabta89, j-srodka, and danielmeppiel have their issues blocked across many workflow runs. If these are known, active contributors whose work is legitimate, approving them in the DIFC registry would immediately reduce the filtered event count by ~120 (23% of total).

3. Add integrity pre-filtering to Auto-Triage Issues. With 120 filtered events across 7+ runs, the triage workflow repeatedly encounters the same unapproved issues. A deterministic pre-step filtering out none:all-tagged issues would reduce DIFC overhead and allow the agent to focus on approvable content.

4. Monitor the rising baseline. The week shows a significant day-over-day increase (26 → 81 → 423). While partly explained by Monday's batch schedules, the absolute count of unapproved issues in the repository is growing. Consider a periodic review process to approve or close stale issues from external contributors.

5. unapproved:all tag coverage is 21% of events. 112 events involve explicitly unapproved:all-tagged resources, distinct from the none:all (no-tag) cohort. These contributors have been affirmatively marked as untrusted. Review whether any should be graduated to approved status, or whether the unapproved label should trigger additional workflow suppression.

6. Weekly Issue Summary produced 61 events from a single run. This workflow scans a broad issue set weekly. If the output quality is acceptable with approved-only input, this is working correctly. If the summary is missing important external issues, consider a separate low-trust summary pass with reduced write permissions.

---

Generated by the Daily Integrity Analysis workflow
Analysis window: Last 7 days (2026-03-24 to 2026-03-30) | Repository: github/gh-aw
Run: §23765157332

AI generated by Daily DIFC Integrity-Filtered Events Analyzer · history

• expires on Apr 2, 2026, 8:28 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #23772.