[integrity-audit] Integrity Filtering Audit — 2026-04-06 #3296
Description
Integrity Filtering Audit — github/gh-aw
Audit period: 2026-04-05T22:34Z – 2026-04-06T22:34Z (last 24 hours)
Runs analyzed: 30 completed runs in github/gh-aw
Runs with mcp-logs artifacts: 0
Actual agent (MCP Gateway) executions: 0
Findings Summary
| Severity | Count | Description |
|---|---|---|
| 🔴 Critical | 0 | — |
| 🟡 Warning | 1 | Zero DIFC events — all agentic workflows gated by environment protection |
| 🟢 Info | 2 | Normal command-mismatch skips; environment protection operating as expected |
Warnings
W-1 · Zero DIFC events — no agentic workflows executed
In the last 24 hours, every .lock.yml agentic workflow run completed with action_required — i.e., the workflow reached the environment protection gate and stopped. No agent job reached execution, and therefore the MCP Gateway was never started, meaning zero DIFC integrity/secrecy labeling events occurred.
- Workflows affected: Scout, Q, Archie, Grumpy Code Reviewer, Security Review Agent, Plan Command, Mergefest, /cloclo, ACE Editor Session, Documentation Unbloat, PR Nitpick Reviewer, Resource Summarizer Agent, AI Moderator, Content Moderation (lock)
- Run count: 28 out of 30 recent runs
- Sample run IDs (all
action_required): 24054341149 (Scout), 24054341181 (/cloclo), 24054341172 (Q), 24054341165 (Archie), 24054308113 (Archie), and 23+ more - Observed over pages 1–25 of issue_comment and pull_request event runs
Impact: The DIFC pipeline cannot be validated during periods where the environment gate blocks all agent execution. Any guard misconfiguration or silent failure would go undetected.
Likely cause: All .lock.yml workflows reference a protected environment (likely agent or production) that requires a human reviewer to approve before the agent job runs. No reviewer approved any pending run in this 24-hour window.
Note: This environment protection is itself a security feature, not a vulnerability. However, sustained zero-execution periods create an observability gap for the DIFC audit trail.
Informational
I-1 · Two Grumpy Code Reviewer runs completed with agent job skipped
- Run 24054539534 and 24054548005
- Both triggered by
pull_requestevents on branchescopilot/add-artifact-download-optionandcopilot/add-assignees-to-create-pull-request pre_activationjob ran and produced warning: "None of the commands [/grumpy] matched the first word (found: 'Add'). Workflow will be skipped."agentjob was correctly skipped — command detection logic working as intended- No artifacts, no MCP gateway invocation
I-2 · Content Moderation and AI Moderator ran successfully
- These are simple
github-scriptmoderation workflows (not MCP Gateway workflows) - No DIFC involvement; not relevant to integrity filtering
I-3 · Historical pattern: Scout workflow shows no completed agent runs back to at least March 25
- Checked pages 1–100 of scout.lock.yml runs (~10,000 runs over ~2 weeks): all
action_requiredorskipped - Suggests the environment protection gate has been blocking agent execution for an extended period
Runs Analyzed
| Run | Workflow | Branch | Agent Invoked | DIFC Events | Firewall Blocks | Status |
|---|---|---|---|---|---|---|
| 24054626980 | Grumpy Code Reviewer | main | ❌ skipped | 0 | 0 | |
| 24054548005 | Grumpy Code Reviewer | copilot/add-assignees-to-create-pull-request | ❌ skipped | 0 | 0 | |
| 24054539534 | Grumpy Code Reviewer | copilot/add-artifact-download-option | ❌ skipped | 0 | 0 | |
| 24054341149 | Scout | copilot/add-assignees-to-create-pull-request | ❌ early-exit | 0 | 0 | |
| 24054341181 | /cloclo | copilot/add-assignees-to-create-pull-request | ❌ early-exit | 0 | 0 | |
| 24054341172 | Q | copilot/add-assignees-to-create-pull-request | ❌ early-exit | 0 | 0 | |
| 24054341165 | Archie | copilot/add-assignees-to-create-pull-request | ❌ early-exit | 0 | 0 | |
| 24054209197 | Security Review Agent | main | ❌ early-exit | 0 | 0 | |
| 24054209201 | ACE Editor Session | main | ❌ early-exit | 0 | 0 | |
| 24054209203 | Mergefest | main | ❌ early-exit | 0 | 0 | |
| 24054209205 | Plan Command | main | ❌ early-exit | 0 | 0 | |
| 22 more | (various .lock.yml) | — | ❌ early-exit | 0 | 0 |
All 30 runs: 28
action_required(environment gate), 2success(agent skipped due to command mismatch). Zero actual agent executions.
Recommendations
-
Monitor environment approval latency: The current environment protection gate is blocking all agent runs. Consider tracking how long runs wait in
action_requiredstate and alerting if agent workflows go more than N hours without any approved execution — sustained gaps create blind spots in the DIFC audit trail. -
Add DIFC smoke-test workflow: Consider a scheduled workflow (e.g., nightly) that exercises the MCP Gateway with a known-safe prompt and validates that DIFC events appear in
rpc-messages.jsonl. This would provide a baseline heartbeat independent of human-approval gates. -
Confirm environment protection is intentional at this frequency: If the intent is that agents should regularly execute (e.g., when Copilot SWE agent opens PRs), verify that the environment protection reviewers are being notified and approving in a timely manner. The historical pattern (zero completed agent runs observed across ~2 weeks of Scout history) may indicate the approval workflow is stalled.
-
No direct API bypass detected: No network firewall blocks or direct
api.github.com/ external AI service bypass attempts were found — consistent with zero actual agent execution.
Generated by Integrity Filtering Audit · ● 4.9M · ◷
- expires on Apr 13, 2026, 10:44 PM UTC