[integrity] DIFC Integrity-Filtered Events Report — 2026-04-03

[github-actions[bot]]

Executive Summary

In the last 7 days, 767 DIFC integrity-filtered events were detected across 15 workflow runs spanning 8 unique workflows. All 767 events were filtered by the github MCP server for integrity reasons — no secrecy violations were observed. The most frequently filtered tool was list_issues (590 events, 77%), followed by search_issues (112, 15%). The filtering rate is sharply concentrated: 70.7% of all events originate from a single workflow, Auto-Triage Issues.

The volume shows a strong day-over-day increase: 177 events on 2026-04-02 vs 590 on 2026-04-03, driven primarily by more Auto-Triage Issues runs on the latter day (5 runs on 04-03 vs 3 runs on 04-02). All events are caused by the agent attempting to read GitHub issues and PRs without holding the required integrity tags (unapproved:all and approved:all) that the DIFC guard policy demands. This is expected behaviour for workflows that process untrusted issue/PR content — the guard correctly intercepts these accesses.

Key Metrics

Metric	Value
Total filtered events	767
Unique tools filtered	7
Unique workflows affected	8
MCP servers involved	1 (github)
Filter reason	integrity (100%)
Busiest day	2026-04-03 (590 events)
Most filtered workflow	Auto-Triage Issues (542 events)
Most filtered tool	list_issues (590 events)

📈 Events Over Time

Events spiked sharply from 177 on 2026-04-02 to 590 on 2026-04-03, a 3.3× increase. This jump is driven by more Auto-Triage Issues runs firing on 04-03 (likely due to increased issue creation activity on that day). The overall trend is not yet concerning — both days represent normal triage activity — but the volume should be monitored for sustained growth.

🔧 Top Filtered Tools

list_issues (590) and search_issues (112) account for 92% of all filtering. Both tools return collections of GitHub issues, which are classified as untrusted, user-controlled content. The agent's requests to read these before acquiring the required integrity labels triggers the guard filter. issue_read (48 events) confirms individual issue detail fetches are also affected. The remaining tools — list_commits, list_pull_requests, search_pull_requests, pull_request_read — represent a small fraction.

🏷️ Workflow Distribution & Tag Breakdown

All 767 events require the agent to hold unapproved:all and approved:all integrity tags before accessing issue/PR data. These tags represent the minimum trust threshold the guard policy (integrity=approved) requires before exposing raw GitHub content to agent tool calls. The filtering is functioning as designed: the DIFC system prevents the agent from reading untrusted repository content unless the current label flow has been approved.

📋 Per-Workflow Breakdown

Workflow	Filtered Events
Auto-Triage Issues	542
Issue Triage Agent	85
The Daily Repository Chronicle	58
Sub-Issue Closer	51
Dev	17
Daily Team Evolution Insights	8
Code Simplifier	4
Draft PR Cleanup	2

📋 Per-Server Breakdown

MCP Server	Filtered Events
github	767

👤 Per-Actor Breakdown

Actor	Filtered Events
pelikhan	592
unknown (inferred from run metadata)	175

🔍 Per-Actor Analysis

pelikhan is the triggering actor for 77% of events — this is fully expected because pelikhan is the repository owner whose activity drives issue creation, triggering Auto-Triage Issues and related workflows. The 175 "unknown" events are from runs where the actor field was not captured in the run metadata (secondary runs within episodes). There are no bot actors or unexpected external contributors appearing in this dataset — the filtering is entirely attributable to normal repository maintainer activity.

💡 Tuning Recommendations

1. Auto-Triage Issues accounts for 71% of all filtered events. Review whether the workflow prompt instructs the agent to call list_issues before the DIFC guard's label flow has been established. If the workflow correctly labels the triggering issue as approved before making downstream list_issues calls, the filter should not fire. Check whether the activation job applies the required integrity label before the agent job begins.

2. list_issues is filtered 590 times. If the Auto-Triage workflow needs to list all open issues before processing, consider pre-fetching the list inside the activation job (which runs in a higher-trust context) and passing the relevant issue numbers as job outputs, avoiding the need for list_issues calls in the agent step.

3. The volume increase (177 → 590) coincides with higher issue activity on 2026-04-03. No immediate action required, but if the daily run count continues rising, consider batching triage operations to reduce redundant list calls.

4. search_issues generates 112 events — if the workflow uses search to filter issues for triage, consider whether the search query can be restricted to already-labelled (approved) issues only, avoiding DIFC filtering on the result set.

5. All events are integrity-only (no secrecy violations). This is a healthy signal — no sensitive data is leaking through tool calls. The guard is working correctly. No secrecy-tag relaxation is needed.

6. Issue Triage Agent (85 events) and The Daily Repository Chronicle (58 events) also generate meaningful filter volumes. These workflows should undergo the same review: ensure agents acquire integrity labels before calling list/search tools on issue data.

---

Generated by the Daily Integrity Analysis workflow
Analysis window: Last 7 days | Repository: github/gh-aw
Run: https://github.com/github/gh-aw/actions/runs/23960289178

Generated by Daily DIFC Integrity-Filtered Events Analyzer · ● 3.1M · ◷

• expires on Apr 6, 2026, 8:21 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily DIFC Integrity-Filtered Events Analyzer.

A newer discussion is available at Discussion #24773.