April 24, 2026: GitHub begins training AI models on Copilot interaction data today — opted in by default for individual users, contractually excluded for enterprise customers. Two-tier privacy. Context ↓
Published April 18, 2026 · WellSpr.ing Civic Project

GitHub is a
discovery layer.
Not a git host.
Here's the migration.

When GitHub suspends your account without notice, without graduated enforcement, and without substantive staff response for 30–90 days, the fastest answer is not to plead with the support queue. The fastest answer is to own your git, mirror to GitHub as discovery surface, and keep working.

Get Your Exit Plan → Read the Incident Record
The Incident

What happened to WellBuilder
on April 18, 2026

On the morning of April 18, 2026, at approximately 8:30 AM PT, GitHub suspended the WellBuilder organization. WellBuilder publishes civic-technology MCP servers — one per US area code — as part of the WellSpr.ing covenant-governed civic infrastructure federation. Thirty-two repositories were offline simultaneously. The personal account that owned the organization was also suspended.

No suspension email. No notice. No graduated enforcement. The appeal path, when opened, routed first-line response to an automated reply requesting information already present in the appeal letter. WellSpr.ing responded within minutes with complete information. The account remains suspended at the time of this site's publication.

08:30 AM PT  — WellBuilder organization suspended (all 32 repos offline)
08:48 AM PT  — WellSpr.ing notified; unable to access account
08:48 AM PT  — Appeal submitted via support.github.com
~08:54 AM PT — Auto-reply requests standard identification details
08:55 AM PT  — WellSpr.ing replies with complete information
  — Substantive response pending as of publication
Thirty-two MCP servers. One per US area code. Federated under the Linux Foundation's own standardized protocol. Each repository complete, each serving real civic data, each under a published conduct standard. Suspended simultaneously. No email. No reason given.
Stable URL
notgit.org/incident/2026-04-18
Permanent incident record for the WellBuilder case
Blog Post
WellSpr.ing sovereignty response
Full account of the incident and the architectural response
Manifest
Federation manifest v2.0 (sovereign architecture)
Updated to list primary Forgejo host and Codeberg mirror for all 32 portals
The Pattern

Documented across sixty cases

The WellBuilder case is not anomalous. A Reddit thread on r/github, maintained by volunteers since 2023, has catalogued approximately sixty suspension cases with the same signature: no email, no graduated enforcement, appeals that queue for 30 to 90 days, and — documented by multiple users — manual reinstatement by staff followed by automated re-suspension within 1 to 5 days.

The affected maintainers are not spammers.

Limine Bootloader
Main maintainer of Limine, a widely-adopted open-source boot manager used across hundreds of projects. Suspended without notice.
Status: public record, r/github thread
GetX Framework
Creator of GetX, the Flutter state management framework installed in 200,000+ projects. Suspended without notice or graduated enforcement.
200,000+ downstream projects affected
AI Research · 62 repos
Independent AI researcher with paid GitHub Pro account, 62 research repositories, suspended over a Git LFS model checkpoint. Had to appeal from a second paid account.
Paid Pro subscriber · No email sent
Ferdium · Core Maintainer
One of two core maintainers of Ferdium, an open-source messaging app. Eight-year-old GitHub account. Suspended without notice.
8-year account history · No warning
Cybersecurity Research
Security researcher publishing indicators-of-compromise to help others defend against malware. Suspended for publishing defensive security data.
Defensive research — flagged as threat
WellBuilder · 32 Repos
Civic infrastructure federation — 32 MCP servers, one per US area code, serving local civic data through the Linux Foundation's standardized protocol.
April 18, 2026 · This incident
"GitHub suspended my paid account with 62 repos, sent no email and I had to file appeals from a second paid account... If GitHub can do this to a paying customer over a model checkpoint, they can do it to you over anything."
— Independent AI researcher, April 2026, r/github thread

GitHub's own Terms of Service Section F requires notice before suspension. The enforcement documentation describes graduated enforcement before termination. Across sixty documented cases, neither commitment appears to be consistently honored.

This site is not about whether GitHub is a net-positive for open-source software. It clearly is, and has been, for more than a decade. This site is about the specific gap between GitHub's stated enforcement commitments and actual enforcement practice — and about the fact that the correction to that gap is individually available to every maintainer. You do not need to wait for GitHub to fix this. You can migrate in an afternoon.

The Exit Guide

The three-mirror architecture

The core insight: GitHub is a discovery layer, not a git host. The conflation of those two functions is the dependency trap. The formula separates them back out.

PRIMARY GIT — SOVEREIGN git.yourproject.org Self-hosted Forgejo · Railway / Fly.io · You own it auto push-mirror auto push-mirror SECONDARY — COMMUNITY codeberg.org/yourproject Nonprofit · EU-hosted · Forgejo-native Free · Your fallback DISCOVERY LAYER github.com/yourproject Stars · Forks · Network effect Suspendable — non-critical
01
Primary git — self-hosted Forgejo
Deploy on Railway, Fly.io, or any VPS. Forgejo is the community fork of Gitea, actively maintained, open source, AGPL-licensed. Deploy time on Railway: ~15 minutes. Cost: $5–10/month. CNAME git.yourproject.org to your Railway deployment. This is where you push. If GitHub or Codeberg or any other host disappears tomorrow, your git source of truth is unaffected.
02
Secondary git — Codeberg
Codeberg is the community-governed, nonprofit Forgejo instance hosted in Berlin. Free for open source. Runs Forgejo natively, so push-mirror integration with your primary is trivial to configure. This is your fallback — what if your self-hosted instance has a bad day. Configure a push-mirror from your Forgejo primary: one API call, automatic thereafter. Full walkthrough at notgit.org/push-mirror-setup.
03
Discovery layer — GitHub (as mirror)
GitHub, if and when your account is restored, becomes a push-mirror only. You never push to it directly. Your primary Forgejo pushes to it automatically. If GitHub suspends you again, your stars and forks are frozen but your git work continues unaffected. Suspension becomes a discoverability event, not a data-loss event. GitHub, at its best, holds a first-class place in your federation. That place just isn't primary anymore.
What makes this resilient: Forgejo's native push-mirror feature means you configure the two secondary mirrors once. Your workflow doesn't change — git push origin main to your sovereign primary, and it syncs automatically. Suspension of any single mirror is a discoverability event, not a data-loss event.

Full Migration Formula →  Push-Mirror Technical Walkthrough

Choose Your Mirrors

Platform comparison

Forgejo (self-hosted) Codeberg SourceHut GitLab CE
Governance You own it Nonprofit Nonprofit You own it
Cost ~$5–10/mo Free Free / paid Heavier infra
PAT / API Full Forgejo API Full Forgejo API REST + email workflow Full GitLab API
Push mirrors Yes — native Yes — native Limited Yes
Speed to deploy 15 min (Railway) Instant (signup) Instant (signup) Hours (self-host)
Best for Primary sovereign Community secondary Minimalist / CLI-first Org-scale
AI Agents & Mirrors

Using AI coding tools
without triggering enforcement

A distinct class of suspension cases involves maintainers using AI coding assistants — Claude, Cursor, Copilot Workspace, custom MCP servers — with personal access tokens that make API calls GitHub's detection flags as anomalous. Documented cases include maintainers whose Claude Desktop + GitHub MCP integration was flagged as "token abuse," researchers whose Git LFS pushes of ML checkpoints triggered suspension, and builders whose rapid automation of repository creation (for legitimate federated projects) matched typosquatting heuristics.

These cases are growing. The tooling is ahead of the platform's detection calibration. The mitigation is operational.

01
README-first publication
Never publish an empty or near-empty repository. Substantive README, working initial commit, topic tags, a license. Repos created via automation that look like placeholders will flag — this is what happened to WellBuilder.
02
Cadence discipline
Don't create twenty repositories in ten minutes. If automation is creating repos, rate-limit it to 2–3 per day. Rapid federated publication via PAT automation resembles typosquatting patterns to detection systems. Defensive discipline regardless of platform.
03
PAT scoping
Give your AI assistant's PAT the minimum scope it needs. A PAT with full-org permissions used by an AI that makes many API calls per minute is exactly the pattern that flags. Scope to repo only, not admin:org unless necessary.
04
Push-mirror through sovereign primary
If you're using AI tooling that pushes to git, push to your sovereign Forgejo first, not to GitHub. The push-mirror propagates to GitHub. If GitHub flags the pattern, your primary is untouched and the worst case is you turn off the GitHub mirror temporarily while you resolve it.
05
Pre-commit model checkpoints elsewhere
Git LFS for ML work has documented edge cases. If you're working with large model artifacts, consider a dedicated artifact store (Hugging Face, Weights & Biases) and reference from git rather than committing directly. Git is not an artifact store.
The underlying principle: AI coding tools will continue outpacing platform detection calibration. The operational discipline is to use those tools against sovereign primary hosts where no single platform's classifier can take your work offline. Your AI assistant gets the same workflow. The platform becomes a mirror.
Community Hosting

git.wellspr.ing
is open to others

The Forgejo instance WellSpr.ing built after the GitHub suspension is open for community registration. If you are an open-source maintainer, civic technologist, or AI developer who wants a self-hosted primary that is not dependent on GitHub's platform decisions, you are welcome here.

The instance runs on Railway with automatic Fly.io edge routing, Bunny CDN, and Codeberg push-mirrors on all WellBuilder repositories. The stack is the same one documented in the Replit cookbook. Registration is open. Accounts are manually reviewed within 24 hours under the WellSpr.ing covenant — which means no predatory content, no commercial scraping, and no surveillance tooling. Civic infrastructure, open-source projects, and AI agent work are exactly what this is for.

"The same infrastructure we built to recover from a platform suspension is now available to others who want to stop being dependent on platforms that can suspend them."

Create an Account at git.wellspr.ing →    Browse WellBuilder Repos ↗

April 24, 2026 · Contextual Note

Two-tier privacy:
GitHub's Copilot policy

Starting today, GitHub is using Copilot interaction data — prompts, completions, code context — to train AI models. The default is opt-in for individual developers. Copilot Business and Enterprise customers are not included because their contracts prohibit training on their data.

The structure of the policy is the structure of the relationship: enterprise customers are partners with contractual protection; individual developers are sources of extractable value unless they navigate to a settings page and toggle a switch. The policy is not anomalous. It is consistent.

This is not the focus of this site. The WellBuilder dossier is about enforcement conduct — the suspension-without-notice pattern. That case stands on its own terms. But the April 24 Copilot policy is worth naming as what it is: a governance choice that treats institutional and individual relationships differently, made visible on the same day individual developers are being asked to trust the platform with their code and their work.

Civic infrastructure should not be built on platforms whose governance treats individual contributors as extractable by default. That is the architectural argument. The April 24 policy is one more reason it is correct.

To opt out: github.com/settings/copilot → "Allow GitHub to use my data to improve GitHub Copilot" → Disabled. This setting must be changed on every account individually.

Submit Your Case

The pattern gets legible
through documentation

If your GitHub account has been suspended without notice, without graduated enforcement, or re-suspended after manual reinstatement, your case belongs in the corpus. Submissions inform periodic pattern reports and help other maintainers recognize what's happening in their own cases.

Submit an Incident Report →