Skip to content

Fix: Grant required permissions for assign-to-agent GraphQL mutation #13306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 2 commits into from
Closed

Fix: Grant required permissions for assign-to-agent GraphQL mutation #13306

Copilot wants to merge 2 commits into from
+8 −3

Conversation

Copy link
Contributor

Copilot AI commented Feb 2, 2026
edited
Loading

The assign-to-agent safe output fails with "Resource not accessible by personal access token" because the compiler grants insufficient permissions for the replaceActorsForAssignable GraphQL mutation.

Root Cause

The compiler uses NewPermissionsContentsReadIssuesWrite() for assign-to-agent operations, but the GraphQL mutation requires elevated permissions on four scopes.

Changes

Compiler permissions (pkg/workflow/compiler_safe_outputs_job.go:260)

  • Changed: NewPermissionsContentsReadIssuesWrite()NewPermissionsActionsWriteContentsWriteIssuesWritePRWrite()
  • Grants: actions: write, contents: write, issues: write, pull-requests: write

Affected workflows (auto-recompiled)

  • issue-monster.lock.yml - Primary workflow using assign-to-agent
  • workflow-generator.lock.yml - Also uses assign-to-agent

Example

Before:

safe_outputs:
  permissions:
    contents: read
    issues: write

After:

safe_outputs:
  permissions:
    actions: write
    contents: write
    issues: write
    pull-requests: write

Impact

All workflows using assign-to-agent safe output now receive correct permissions. The GraphQL mutation requires these elevated permissions per assign_agent_helpers.cjs:logPermissionError().

Original prompt

This section details on the original issue you should resolve

<issue_title>[agentics] Issue Monster failed</issue_title>
<issue_description>### Workflow Failure

Workflow: Issue Monster
Branch: main
Run URL: https://github.com/githubnext/gh-aw/actions/runs/21240454588

⚠️ Agent Assignment Failed: Failed to assign agent to issues due to insufficient permissions or missing token.

Assignment Errors:

Action Required

Debug this workflow failure using the agentic-workflows agent:

/agent agentic-workflows

When prompted, instruct the agent to debug this workflow failure.

Generated from Issue Monster

  • expires on Jan 29, 2026, 7:57 AM UTC

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Fix: add required permissions for assign-to-agent GraphQL mutation
d71d080 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Debug agent assignment failure in Issue Monster workflow Fix: Grant required permissions for assign-to-agent GraphQL mutation Feb 2, 2026
Copilot AI requested a review from pelikhan February 2, 2026 15:40
@pelikhan pelikhan closed this Feb 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[agentics] Issue Monster failed

2 participants

@pelikhan