[integrity] DIFC Integrity-Filtered Events Report — 2026-04-15

[github-actions[bot]]

Executive Summary

In the last 7 days, 229 DIFC integrity-filtered events were detected across 31 workflow runs and 8 distinct workflows. All events were filtered by the github MCP server, and the dominant filter reason is that resources carry the none:all integrity tag — meaning issues and PRs opened by external contributors have not yet been approved/elevated to "approved" integrity. The most frequently filtered tool was list_issues (107 events), followed closely by search_issues (95 events). Events are overwhelmingly concentrated on 2026-04-15 (227 of 229 events), with a pronounced activity spike between 09:00 and 10:00 UTC.

The filtering activity is driven primarily by issue-processing workflows — Dev (75 events), Issue Triage Agent (50 events), and Sub-Issue Closer (50 events) — which routinely scan the issue backlog and encounter GitHub issues filed by external users who have not yet been approved. This is expected system behaviour: the DIFC integrity gate is working as designed by blocking unvetted content from influencing agentic actions.

Key Metrics

Metric	Value
Total filtered events	229
Unique tools filtered	4
Unique workflows affected	8
Unique MCP servers affected	1 (github)
Most common filter reason	Integrity below "approved" (none:all tag)
Busiest day	2026-04-15 (227 events)
Busiest hour	2026-04-15T09:00 UTC (75 events)

📈 Events Over Time

Events are almost entirely concentrated on April 15, 2026, with virtually no activity on April 14 (2 events). The April 15 spike is the result of multiple scheduled and PR-triggered agentic workflow runs executing in the same window. There is no ongoing upward trend; activity reflects natural workflow execution patterns rather than a growing filtering problem.

🔧 Top Filtered Tools

list_issues (107) and search_issues (95) dominate — both are bulk read operations invoked by triage, closing, and team-evolution workflows that scan the entire issue backlog. pull_request_read (26) reflects the Design Decision Gate reviewing Copilot-authored PRs that haven't yet been approved. A single get_commit event appeared from the Go Fan workflow examining a commit on an external repo. All filtering is integrity-based; no secrecy-based filtering was detected.

🏷️ Filter Resource Types & Tags

Issues (issue:) account for ~89% of filtered resources, with PRs (pr:) at ~10% and one commit (commit:). Every event carries the none:all integrity tag (229/229 events), with 9 events additionally tagged unapproved:all. No secrecy tags were observed — secrecy-based filtering is not occurring. The integrity gate is correctly blocking resources whose authors have not been approved in the repository's trust model.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
Dev	75
Issue Triage Agent	50
Sub-Issue Closer	50
Design Decision Gate 🏗️	26
Workflow Health Manager - Meta-Orchestrator	20
Daily Team Evolution Insights	6
Go Fan	1
GitHub Remote MCP Authentication Test	1

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	229

👤 Per-User Breakdown

Author Login	Filtered Events
(no author — PRs/automated)	26
yskopets	19
samuelkahessay	15
microsasa	9
strawgate	9
Corb3nik	8
Yoyokrazy	7
jsquire	6
benvillalobos	6
bbonafed	5
jaroslawgajewski	5
mlinksva	5
veverkap	5
MH0386	5
shea-parkes	5
abillingsley	5
arthurfvives	4
ruokun-niu	4
PureWeen	4
danielmeppiel	4
bindsi	4
benissimo	4
TiggySravan	4
arezero	4
jtracey93	3
Ray961123	3
JanKrivanek	3
jfomhover	3
doughgle	3
johnwilliams-12	3
mvdbos	3
corymhall	3
praveenkuttappan	3
jeremiah-snee-openx	3
(others ≤2 each)	28

🔍 Per-User Analysis

The 26 "unknown" author events correspond to PR-read calls where no author_login metadata is captured (e.g., pull_request_read filtered events). Of the identified users, all are human contributors filing issues on the repository — none are bot accounts. yskopets (19 events) and samuelkahessay (15 events) appear most frequently because their issues are repeatedly encountered across multiple triage and closing workflow runs. This is expected: recurring issue scans will re-encounter the same unapproved issues on each run. There is no indication of malicious or unusual behaviour — the filtering is consistent with legitimate open-source contribution patterns.

💡 Tuning Recommendations

1. Approve high-frequency issue authors: Users like yskopets (19 hits), samuelkahessay (15 hits), and microsasa/strawgate (9 each) have multiple issues that are repeatedly filtered. Consider reviewing and approving their contributions to reduce noise in triage runs.

2. Cache filtered issue IDs in triage workflows: The Issue Triage Agent and Sub-Issue Closer encounter the same unapproved issues on every scheduled run. Implementing a skip-list or cache for known-filtered resources would reduce redundant integrity checks and improve agent efficiency.

3. Review the unapproved:all subset: 9 events carry the stricter unapproved:all tag. These may indicate resources that have been explicitly marked as untrusted. Review these issues/PRs to ensure the labelling is intentional.

4. Monitor the Design Decision Gate PR filtering: 26 PR-read events across multiple Copilot-authored branches suggest the Design Decision Gate frequently encounters PRs from branches with none:all integrity. If these are all Copilot agent branches, consider whether Copilot-authored PRs should receive elevated integrity by default.

5. Review Go Fan and GitHub Remote MCP Auth Test: Both had isolated 1-event filtering incidents. These are likely one-off occurrences (an external commit and an authentication test run) but should be monitored for recurrence.

6. No secrecy tuning needed: No secrecy-based filtering was detected. The filtering is entirely integrity-based and is operating as intended.

---

Generated by the Daily Integrity Analysis workflow
Analysis window: Last 7 days | Repository: github/gh-aw
Run: §24475941416

Generated by Daily DIFC Integrity-Filtered Events Analyzer · ● 2.7M · ◷

• expires on Apr 18, 2026, 9:08 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-04-18T21:08:27.350Z.

Closed by Workflow