[integrity] DIFC Integrity-Filtered Events Report — 2026-03-25

[github-actions[bot]]

Executive Summary

In the last 7 days, 60 DIFC integrity-filtered events were detected across 20 workflow runs (out of 31 total runs analyzed). The most frequently filtered tools were list_issues (31 events, 52%) and issue_read (22 events, 37%). The dominant filter reason was integrity — all 60 events were blocked because resources had integrity below the "approved" threshold. The activity is concentrated on 2026-03-25 (56 events), with only 4 events on 2026-03-24, indicating essentially all filtering activity happened on a single day.

Two workflows dominate the filtered events: AI Moderator and Auto-Triage Issues account for 20 events each (33% apiece). This is expected behavior — both workflows are designed to read issue/PR content created by external contributors, who receive none:all integrity tags by default. The filtering rate is high because the repository has active community contributions from accounts not yet granted approved integrity. The The Daily Repository Chronicle workflow (12 events) also stands out — its scheduled bulk list_issues scan generates cluster-style filtering events.

Key Metrics

Metric	Value
Total filtered events	60
Unique tools filtered	5
Unique workflows affected	7
Most filtered tool	list_issues (31 events, 52%)
Most active filter day	2026-03-25 (56 events)
Most common integrity tag	none:all (60 events)
unapproved:all tag prevalence	31 events (52%)
Top triggering author	szabta89 (14 events)

📈 Events Over Time

The filtering is heavily concentrated on 2026-03-25 (56 of 60 events), with only 4 events on 2026-03-24. This is not a worrying trend — it reflects the natural cadence of new issues and PRs being opened on the same day by contributors without approved-integrity status. The 4-event baseline on March 24 was driven by Auto-Triage Issues processing dsyme's contributor-tagged issues (#22785, #22784).

🔧 Top Filtered Tools

list_issues (31) and issue_read (22) account for 88% of all filtered events. list_issues is a bulk-read operation — a single call can yield many filtered items in one shot, explaining why the Daily Repository Chronicle and Daily Team Evolution Insights generate clusters. issue_read is a targeted single-read commonly used by AI Moderator and Auto-Triage Issues when processing individual issues or comments. search_pull_requests (4) and search_issues (2) are secondary, with pull_request_read appearing only once (Code Simplifier).

🏷️ Filter Reasons and Tags

All 60 events carry the none:all integrity tag, meaning the triggering resources (issues/PRs) were authored by accounts with no approved integrity designation. 31 of those also carry unapproved:all, indicating the resource was explicitly tagged as unapproved. No secrecy-tag filtering was observed — this is a purely integrity-driven filtering profile. The pie chart shows that AI Moderator and Auto-Triage Issues are co-equal top contributors at ~33% each.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
AI Moderator	20
Auto-Triage Issues	20
The Daily Repository Chronicle	12
Daily Team Evolution Insights	5
Smoke Codex	1
Daily Documentation Healer	1
Code Simplifier	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	60

👤 Per-User Breakdown (all triggering authors)

Author Login	Filtered Events	Notes
szabta89	14	CONTRIBUTOR — multiple issues blocked across 6 runs
dsyme	12	CONTRIBUTOR — issues #22785, #22784 blocked repeatedly across 8 runs
unknown	5	Author login not available in event (partial DIFC redaction)
dbudym-cs	4	NONE association — issue #22913
lupinthe14th	4	NONE association — issue #19652 across multiple runs
camposbrunocampos	3	NONE association — issue #22897
mnkiefer	3	CONTRIBUTOR — PR #22845
deyaaeldeen	2	NONE association — issue #22957
dduran28	2	NONE association — issue #22713
mlinksva	2	NONE association — issues #22533
porada	2	NONE association — issue #21828
samuelkahessay	2	—
davidslater	1	CONTRIBUTOR — PR #22832
DogeAmazed	1	—
jaroslawgajewski	1	—
chrizbo	1	—
strawgate	1	—
srgibbs99	1	—

🔍 Per-User Analysis

The per-user distribution reveals that the spike is entirely driven by community contributors and external users — no bot accounts (e.g., github-actions[bot]) appear in the filtered events. The top two actors are szabta89 (14 events) and dsyme (12 events), both labeled as CONTRIBUTORs. Their issues/PRs were repeatedly encountered across multiple workflow runs on the same day, generating duplicate filter events (e.g., issue #22784 was blocked in 5 separate runs). This is expected: a single open issue from a non-approved contributor will be re-filtered every time a workflow scans the issue list. The repeated filtering of issues #22785, #22784, #22913, #22908, #22894, #22902, #22904 is a direct consequence of multiple concurrent workflow instances processing the same open issue set.

💡 Tuning Recommendations

1. Approve high-frequency external contributors: szabta89 and dsyme are CONTRIBUTORs whose content is being blocked in every workflow run that scans open issues. If their contributions are trusted, granting them approved integrity designation would immediately reduce filtered event volume by ~43% (26 of 60 events).

2. Deduplicate repeated list_issues filtering: The Daily Repository Chronicle, Daily Team Evolution Insights, and Auto-Triage Issues all independently scan open issues and re-block the same set of low-integrity resources. Consider a shared pre-filter step or a cache layer that marks issues as "already integrity-checked" to avoid redundant filter events across concurrent scheduled runs.

3. Issue MCP Gateway v0.1.8: tools/call still returns HTTP 400 for Streamable HTTP backends #19652, actions-lock.json - consider renaming  #22784, Pins in actions-lock.json can drift out of sync with workflow #22785 as persistent blockers: These issues appear in filters across many runs (4, 7, and 7 events respectively). They are long-standing open issues with none:all integrity. They will continue to cause filtering until either the authors are approved or the issues are closed. Flag these for maintainer review.

4. Add author_login to all filter events: 5 events have unknown author_login due to partial DIFC redaction (the event itself is redacted). Ensuring complete author attribution in gateway logs would improve accountability and make per-user analysis more accurate.

5. Review pull_request_read filtering in Code Simplifier: The Code Simplifier workflow encountered a filtered pull_request_read for PR feat: prevent GitHub App safe-outputs from self-cancelling issue_comment workflows #22825 (none:all tag). If this workflow needs to process externally-submitted PRs, it should either be granted broader read access with appropriate integrity controls, or the target PR should be explicitly approved before the workflow processes it.

6. Monitor for filter volume growth: The current rate (~60 events/day when contributors are active) is within acceptable bounds. If the rate doubles as community contributions grow, re-evaluate the approval process to avoid widespread blocking of legitimate contributor content.

---

Generated by the Daily Integrity Analysis workflow
Analysis window: Last 7 days | Repository: github/gh-aw
Run: §23561462519

AI generated by Daily DIFC Integrity-Filtered Events Analyzer · history

• expires on Mar 28, 2026, 8:23 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #23272.