[integrity] DIFC Integrity-Filtered Events Report — 2026-03-31

[github-actions[bot]]

Executive Summary

In the last 7 days, 631 DIFC integrity-filtered events were detected across 17 distinct workflows and 40 workflow runs. All events were filtered by the github MCP server due to integrity violations — resources authored by contributors with none:all or unapproved:all integrity tags being passed to agent tools that require a higher integrity level.

The most frequently filtered tools were list_issues (274 events, 43%) and search_issues (234 events, 37%), together accounting for 80% of all filtered events. The Organization Health Report workflow was the largest single contributor with 247 events (39%), driven by its broad sweeps of repository issues and pull requests opened by external contributors. The overall volume is concentrated in a 2-day window (2026-03-30 and 2026-03-31), suggesting these are scheduled/triggered batch workflows rather than a sustained spike.

Key Metrics

Metric	Value
Total filtered events	631
Unique tools filtered	7
Unique workflows affected	17
Unique users whose content triggered filtering	162
MCP server responsible	github (100%)
Filter reason	integrity (100%)
Most common integrity tag	none:all (631 events)
Busiest day	2026-03-30 (410 events)

📈 Events Over Time

Events are clustered in a 2-day window — 410 events on 2026-03-30 and 221 on 2026-03-31. This is consistent with scheduled batch workflows (Organization Health Report, Auto-Triage Issues, Weekly Issue Summary) that run once per day and scan large backlogs of issues. There is no indication of a sustained escalating trend; this appears to be normal volume for the workflows currently deployed.

🔧 Top Filtered Tools

list_issues (274) and search_issues (234) dominate — both are read-heavy tools that retrieve bulk lists of issues, inevitably surfacing content from external/unapproved contributors. search_pull_requests (96) follows the same pattern for PR-scanning workflows. These tools are being correctly blocked: the resources they return carry none:all integrity labels, and the agents requesting them require a higher integrity level before acting on their content.

🏷️ Workflow Distribution & Integrity Tags

All 631 events carry the none:all integrity tag (resource author has no approved association), and 127 of those also carry unapproved:all (explicitly flagged as unapproved). The Organization Health Report (39%) and Auto-Triage Issues (24%) together account for nearly two-thirds of all filtered events. This distribution reflects intentional workflow design — these workflows need to broadly scan issues submitted by the public, which will always include unapproved contributors.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
Organization Health Report	247
Auto-Triage Issues	153
Sub-Issue Closer	63
Issue Triage Agent	61
Weekly Issue Summary	61
Issue Monster	14
Dev	8
Daily Team Evolution Insights	5
GitHub Remote MCP Authentication Test	5
AI Moderator	4
The Daily Repository Chronicle	3
Workflow Health Manager - Meta-Orchestrator	2
Architecture Diagram Generator	1
Go Fan	1
Code Simplifier	1
Smoke Claude	1
Smoke Copilot	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	631

All events originate from the github MCP server — no other MCP servers triggered integrity filtering during this window.

👤 Per-User Breakdown (top 30)

Author Login	Filtered Events
szabta89	65
j-srodka	38
danielmeppiel	36
mnkiefer	23
camposbrunocampos	17
grahame-white	14
johnpreed	13
deyaaeldeen	13
samuelkahessay	13
stiliyana94	12
virenpepper	11
TiggySravan	10
veverkap	10
hacnho	10
kbreit-insight	9
doughgle	8
srgibbs99	8
mlinksva	8
bindsi	7
dbudym-cs	7
strawgate	6
microsasa	6
rudroroy4058-cyber	6
rajuahmead179-collab	6
razajohn44442860-create	6
lupoaiappsstore	6
aaronpowell	6
bbonafed	5
benissimo	5
Rubyj	5

162 unique users in total.

🔍 Per-User Analysis

The per-user distribution is broad: 162 unique contributors whose issues/PRs were blocked, with no single account dominating disproportionately. The top user szabta89 triggered 65 events (10% of total), followed by j-srodka (38) and danielmeppiel (36). Notably, all top accounts appear to be human contributors (external collaborators or first-time contributors) rather than bots — confirming this is expected behaviour of the integrity system correctly isolating unapproved external content. No automated bot accounts appear in the top users list.

💡 Tuning Recommendations

1. Organization Health Report — consider batched integrity labelling. This single workflow produces 39% of all filtered events. The workflow performs broad issue/PR sweeps and is legitimately blocked when encountering none:all content. If this workflow needs to summarize activity from all contributors (including unapproved ones), consider running the summary logic at reduced integrity and applying explicit integrity downgrade annotations so the agent can still process the data for read-only reporting purposes.

2. Auto-Triage Issues — expected, no action needed. This workflow's 153 events across 12 runs (avg ~13/run) represent its normal scanning of new issues from external contributors. The integrity system is working as designed. No tuning required.

3. Weekly Issue Summary — monitor volume growth. 61 events in a single run suggests this workflow scans a large backlog. As the repository grows and more external issues accumulate, this count will rise. Consider adding a date-range filter to the issue queries so it only processes issues opened in the last 7 days rather than all open issues.

4. list_issues / search_issues — candidate for integrity-aware pre-filtering. These two tools account for 80% of all filtered events. If workflows need to scan issues without integrity filtering, consider introducing a dedicated "discovery" step that runs at integrity: low to enumerate issue numbers, followed by a higher-integrity processing step for acting on approved content.

5. Integrity tag adoption. The unapproved:all tag appears on 127 events (20%), indicating some contributors have been explicitly flagged. Review whether workflows should handle unapproved:all differently from none:all — the former may warrant stricter handling (e.g., auto-close or route to human review) while the latter is simply a new/unknown contributor.

6. No secrecy filtering detected. Zero events were filtered for secrecy reasons — all filtering is integrity-based. This is a healthy signal that the secrecy labelling system is not over-triggering.

References:

• §23735933506 — Organization Health Report (247 events)
• §23752867324 — Weekly Issue Summary (61 events)
• §23793218944 — Sub-Issue Closer (43 events)

AI generated by Daily DIFC Integrity-Filtered Events Analyzer · history

• expires on Apr 3, 2026, 8:37 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #23945.