[integrity] DIFC Integrity-Filtered Events Report — 2026-03-24

[github-actions[bot]]

Executive Summary

In the last 7 days, 420 DIFC integrity-filtered events were detected across 21 workflow runs spanning 9 distinct workflows. All 420 events share the same filter reason: resources with none:all or unapproved:all integrity tags were blocked because agents require a minimum integrity level of "approved". The filtering is concentrated on a single day (2026-03-24), with a notable spike at 18:00 UTC (114 events in one hour driven by the Auto-Triage Issues workflow).

The dominant workflow by volume is Auto-Triage Issues (188 events, 45% of total), followed by AI Moderator (101 events). These workflows regularly encounter issues and PRs submitted by external contributors who have not yet been approved, which is the expected operation of the DIFC integrity system — the filtering is working as designed. No secrecy-tag filtering was observed in this period.

Key Metrics

Metric	Value
Total filtered events	420
Unique tools filtered	6
Unique workflows affected	9
Most common filter reason	Integrity below "approved" (100%)
Dominant integrity tag	none:all (420 events)
Secondary tag	unapproved:all (124 events)
Busiest day	2026-03-24 (418 events)
Busiest hour	2026-03-24T18:00 UTC (114 events)

📈 Events Over Time

Virtually all events (418 of 420) occurred on 2026-03-24, indicating today was unusually active — likely due to a surge of new external issue submissions (e.g., issue #22713 by dduran28, issue #22533 by mlinksva). The 18:00 UTC spike corresponds to a single Auto-Triage Issues run processing a large batch of unapproved issues.

🔧 Top Filtered Tools

list_issues dominates (325 events, 77%) because triage and moderator workflows iterate over open issues to find unapproved ones. search_issues (74 events, 18%) is the second most filtered call. Direct issue_read (15 events) and PR tools (search_pull_requests, pull_request_read, list_pull_requests) account for the remaining 6%.

🏷️ Filter Reasons and Tags

100% of events are integrity-filtered (no secrecy filtering). The top integrity tag none:all (420 events) indicates resources from contributors with no association to the repository. unapproved:all (124 events) appears as a secondary tag on some events, representing resources that have been explicitly flagged as not yet approved. The absence of secrecy-tag events confirms agents are not leaking private data to untrusted tools.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
Auto-Triage Issues	188
AI Moderator	101
Issue Triage Agent	45
Sub-Issue Closer	41
Dev	35
Daily Team Evolution Insights	4
Code Simplifier	3
Release	2
Glossary Maintainer	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	420

👤 Per-User Breakdown

Author Login	Filtered Events
dsyme	62
samuelkahessay	46
mnkiefer	32
mlinksva	20
chrizbo	15
strawgate	15
veverkap	14
pelikhan	12
TiggySravan	11
microsasa	11
mhavelock	10
jaroslawgajewski	9
Rubyj	9
johnwilliams-12	9
haritha-px	8
MH0386	8
diogenesc	8
unknown	7
Corb3nik	7
arezero	7
dduran28	6
Esomoire-consultancy-Company	6
(+ 27 more users with ≤5 events each)	—

🔍 Per-User Analysis

All filtering is driven by human external contributors, not bots. dsyme leads with 62 events (15%), followed by samuelkahessay (46) and mnkiefer (32). These are not automation actors — they are repository contributors whose issues or PRs have not yet received the "approved" integrity label. The high per-user counts reflect repeated attempts by workflows to read the same unapproved resource across multiple workflow runs (e.g., Auto-Triage Issues running on new comments or scheduled triggers). No single bot account is driving disproportionate filtering.

💡 Tuning Recommendations

1. High list_issues filter rate (325/420 events): The Auto-Triage Issues and AI Moderator workflows are iterating over all open issues including unapproved ones. Consider pre-filtering at the prompt level by restricting the issue query to only approved issues (e.g., with a label filter), reducing unnecessary DIFC trips.

2. Recurring high-volume issues: Issues like #22533 (22 hits) and #22510 (15 hits) are being read repeatedly across many runs. These issues should be reviewed for approval — if they contain valid bug reports or feature requests, approving them would eliminate the repeated filtering noise.

3. Sub-Issue Closer workflow (41 events): This workflow generated a high number of filters relative to its single run. Investigate whether it processes a bulk list of issues in one execution and consider whether it needs access to unapproved issues at all.

4. Dev workflow (35 events in 1 run): The Dev workflow triggered 35 filtered events in a single run. Review whether the workflow prompt or tool use inadvertently processes unapproved issues/PRs that it shouldn't need.

5. Monitor unapproved:all tag growth: 124 events (30%) involved resources tagged unapproved:all. If this count grows, it may indicate a backlog of issues awaiting human review for approval.

6. No secrecy filtering detected: The absence of secrecy-filtered events is a positive signal — agents are not passing confidential outputs to untrusted tool calls.

---

Generated by the Daily Integrity Analysis workflow
Analysis window: Last 7 days | Repository: github/gh-aw
Run: https://github.com/github/gh-aw/actions/runs/23509792463

AI generated by Daily DIFC Integrity-Filtered Events Analyzer · history

• expires on Mar 27, 2026, 8:21 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #22968.