github · mnkiefer · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026
diff --git a/docs/src/content/docs/patterns/central-repo-ops.mdx b/docs/src/content/docs/patterns/central-repo-ops.mdx
@@ -81,7 +81,7 @@ Categorize and orchestrate Dependabot rollout across repositories.
 ```
 
 Compile this workflow to generate the lock file: `gh aw compile`.
-Create a fine-grained PAT `GH_AW_READ_ORG_TOKEN` with the organization as an owner,
+Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_READ_ORG_TOKEN&description=GitHub+Agentic+Workflows+-+Org+read+access&contents=read) `GH_AW_READ_ORG_TOKEN` (this link pre-fills the token name, description, and Contents: Read permission) with the organization as an owner,
 select "All repositories" (or allowlist of specific repos), and grant Repository permission: `Contents: Read-only`.
 Add this into your Actions repository secrets. This gives the orchestrator read access to all candidate repositories.
 
@@ -259,11 +259,11 @@ In the PR/issue body, explain **why** you chose this specific configuration (not
 ````
 
 Compile this workflow to generate the lock file: `gh aw compile`.
-Create a fine-grained PAT `ORG_REPO_CHECKOUT_TOKEN` with the organization as an owner,
+Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=ORG_REPO_CHECKOUT_TOKEN&description=GitHub+Agentic+Workflows+-+Checkout+token&contents=write&actions=write) `ORG_REPO_CHECKOUT_TOKEN` (this link pre-fills the token name, description, and permissions) with the organization as an owner,
 select "All repositories" (or allowlist of specific repos), and grant Repository permission: `Contents: Read & write`, `Actions: Read & write`.
 This allows the worker to check out the target repository.
 
-Also create a fine-grained PAT `REPO_SAFE_OUTPUTS_TOKEN` with the organization as an owner,
+Also create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=REPO_SAFE_OUTPUTS_TOKEN&description=GitHub+Agentic+Workflows+-+Safe+outputs+token&contents=write&issues=write&pull_requests=write) `REPO_SAFE_OUTPUTS_TOKEN` (this link pre-fills the token name, description, and permissions) with the organization as an owner,
 select "All repositories" (or allowlist of specific repos), and grant Repository permission: `Contents: Write`, `Issues: Write`, `Pull Requests: Write`.
 This allows the worker to create pull requests and issues in the target repository based on the orchestrator's instructions.
 

diff --git a/docs/src/content/docs/patterns/side-repo-ops.mdx b/docs/src/content/docs/patterns/side-repo-ops.mdx
@@ -64,7 +64,7 @@ cd my-project-automation
 
 ### 2. Configure Personal Access Token (PAT)
 
-Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with repository access to your main repository and grant these permissions: **Contents** (Read), **Issues** (Read+Write), **Pull requests** (Read+Write), and **Metadata** (Read).
+Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_MAIN_REPO_TOKEN&description=GitHub+Agentic+Workflows+-+Cross-repository+access&contents=read&issues=write&pull_requests=write) (this link pre-fills the token name, description, and permissions) with repository access to your main repository and grant these permissions: **Contents** (Read), **Issues** (Read+Write), **Pull requests** (Read+Write), and **Metadata** (Read).
 
 For classic PATs, use the `repo` scope. Store the token as a secret:
 

diff --git a/docs/src/content/docs/reference/assign-to-copilot.mdx b/docs/src/content/docs/reference/assign-to-copilot.mdx
@@ -71,7 +71,7 @@ The required token type and permissions depend on whether you own the repository
 
 1. **Create the PAT**:
 
-   For User-owned Repositories, [create a fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with:
+   For User-owned Repositories, [create a fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&issues=write&pull_requests=write) (this link pre-fills the token name, description, and permissions) with:
    - **Resource owner**: Your user account
    - **Repository access**: "Public repositories" or select specific repos
    - **Repository permissions**:
@@ -80,7 +80,7 @@ The required token type and permissions depend on whether you own the repository
      - Issues: Write
      - Pull requests: Write
 
-   For Organization-owned Repositories: [create a fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with:
+   For Organization-owned Repositories: [create a fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&issues=write&pull_requests=write) (this link pre-fills the token name, description, and permissions) with:
    - **Resource owner**: The organization that owns the repository
    - **Repository access**: Select the specific repositories that will use the workflow
    - **Repository permissions**:

diff --git a/docs/src/content/docs/reference/auth-projects.mdx b/docs/src/content/docs/reference/auth-projects.mdx
@@ -22,7 +22,7 @@ Project operations require additional authentication since the default `GITHUB_T
 
    **For Organization-owned Projects (v2)**:
 
-   Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with:
+   Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_PROJECT_GITHUB_TOKEN&description=GitHub+Agentic+Workflows+-+Projects+authentication&contents=read&issues=read&pull_requests=read) (this link pre-fills the token name, description, and repository permissions) with:
    - **Repository access**: Select specific repos that will use the workflow
    - **Repository permissions**:
      - Contents: Read

diff --git a/docs/src/content/docs/reference/auth.mdx b/docs/src/content/docs/reference/auth.mdx
@@ -78,7 +78,7 @@ If using Copilot as your AI engine, you need a GitHub Actions Secret set to a Gi
 
 **Setup**:
 
-[**Create a fine-grained PAT**](https://github.com/settings/personal-access-tokens/new?name=COPILOT_GITHUB_TOKEN&description=GitHub+Agentic+Workflows+-+Copilot+engine+authentication&user_copilot_requests=read) (this link pre-fills the token name and Copilot Requests permission). Verify the following settings before generating:
+[**Create a fine-grained PAT**](https://github.com/settings/personal-access-tokens/new?name=COPILOT_GITHUB_TOKEN&description=GitHub+Agentic+Workflows+-+Copilot+engine+authentication&user_copilot_requests=read) (this link pre-fills the token name, description, and Copilot Requests permission). Verify the following settings before generating:
 
 1. **Resource owner** is your **user account**, not an organization.
 2. **Repository access** is set to **Public repositories**, even if you will be using it with private repositories. This is required for the "Copilot Requests" permission to be available.

diff --git a/docs/src/content/docs/reference/github-tools.md b/docs/src/content/docs/reference/github-tools.md
@@ -84,7 +84,7 @@ This is required when your workflow requires any of the following:
 
 If additional authentication is required, one way is to create a fine-grained PAT with appropriate permissions, add it as a repository secret, and reference it in your workflow:
 
-1. Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with:
+1. Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?description=GitHub+Agentic+Workflows+-+GitHub+tools+access&contents=read&issues=read&pull_requests=read) (this link pre-fills the description and common read permissions) with:
 
    - **Repository access**:
      - Select specific repos or "All repositories"

diff --git a/docs/src/content/docs/reference/triggering-ci.mdx b/docs/src/content/docs/reference/triggering-ci.mdx
@@ -31,7 +31,7 @@ To trigger CI checks on PRs created by agentic workflows, configure additional a
 
 ### Using a Personal Access Token (PAT)
 
-1. Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new) with `Contents: Read & Write` scoped to the relevant repositories where pull requests will be created.
+1. Create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new?name=GH_AW_CI_TRIGGER_TOKEN&description=GitHub+Agentic+Workflows+-+CI+trigger&contents=write) (this link pre-fills the token name, description, and Contents permission) with `Contents: Read & Write` scoped to the relevant repositories where pull requests will be created.
 
 2. Add the PAT as a repository secret (e.g., `MY_CI_TRIGGER_PAT`) using