Skip to content

Add missing GitHub permissions for MCP toolset access #12104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 2 commits into from
Jan 27, 2026
Merged

Add missing GitHub permissions for MCP toolset access #12104

pelikhan merged 2 commits into from
Jan 27, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 27, 2026
edited
Loading

Static analysis flagged 5 workflows with missing GitHub permissions. These workflows configure GitHub MCP server toolsets (issues, pull_requests, labels) but lack the corresponding permission declarations, causing runtime failures when accessing GitHub APIs.

Changes

Added missing permissions based on configured toolsets:

  • daily-semgrep-scan.md: Added issues: read, pull-requests: read (uses context,repos,issues,pull_requests toolsets)
  • dev.md: Added issues: read, pull-requests: read (uses context,repos,issues,pull_requests toolsets)
  • pr-triage-agent.md: Added issues: read (uses pull_requests,repos,issues,labels toolsets; labels requires issues scope)
  • test-create-pr-error-handling.md: Added issues: read, pull-requests: read (uses context,repos,issues,pull_requests toolsets)
  • example-permissions-warning.md: No changes needed (already correct)

Example

Before:

permissions:
  contents: read
tools:
  github:
    toolsets: [pull_requests, repos, issues, labels]

After:

permissions:
  contents: read
  issues: read
  pull-requests: read
tools:
  github:
    toolsets: [pull_requests, repos, issues, labels]

Permission requirements are defined in pkg/workflow/data/github_toolsets_permissions.json.

Original prompt

This section details on the original issue you should resolve

<issue_title>[deep-report] Add missing GitHub permissions to 5 workflows flagged by static analysis</issue_title>
<issue_description>### Description
Static analysis reports missing issues: read and pull-requests: read permissions in five workflows: daily-semgrep-scan.md, dev.md, example-permissions-warning.md, pr-triage-agent.md, and test-create-pr-error-handling.md. Update frontmatter permissions to prevent runtime failures when using GitHub toolsets.

Expected Impact

Eliminates permission-related runtime failures and aligns workflows with required GitHub API access.

Suggested Agent

Workflow Hygiene / Permissions agent

Estimated Effort

Quick (< 1 hour)

Data Source

DeepReport Intelligence Briefing - 2026-01-27 (§21402586299); Static Analysis Report discussion githubnext/gh-aw#12036.

AI generated by DeepReport - Intelligence Gathering Agent

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Add missing GitHub permissions to 4 workflows flagged by static analysis
225c3fe 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add missing GitHub permissions to five workflows Add missing GitHub permissions for MCP toolset access Jan 27, 2026
Copilot AI requested a review from pelikhan January 27, 2026 20:15
@pelikhan pelikhan marked this pull request as ready for review January 27, 2026 21:06
@pelikhan pelikhan merged commit 12839f5 into main Jan 27, 2026
@pelikhan pelikhan deleted the copilot/add-github-permissions-workflows branch January 27, 2026 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[deep-report] Add missing GitHub permissions to 5 workflows flagged by static analysis

2 participants

@pelikhan