Rename ValidatePermissions to ValidateIncludedPermissions in imports.go

pkg/workflow/compiler.go

@@ -673,7 +673,7 @@ func (c *Compiler) ParseWorkflowFile(markdownPath string) (*WorkflowData, error)
 	// Extract top-level permissions first
 	topLevelPermissions := c.extractPermissions(result.Frontmatter)
 	if importsResult.MergedPermissions != "" {
-		if err := c.ValidatePermissions(topLevelPermissions, importsResult.MergedPermissions); err != nil {
+		if err := c.ValidateIncludedPermissions(topLevelPermissions, importsResult.MergedPermissions); err != nil {
 			return nil, fmt.Errorf("permission validation failed: %w", err)
 		}
 	}

pkg/workflow/imports.go

@@ -155,10 +155,15 @@ func (c *Compiler) MergeNetworkPermissions(topNetwork *NetworkPermissions, impor
 	return result, nil
 }
 
-// ValidatePermissions validates that the main workflow permissions satisfy the imported workflow requirements
+// ValidateIncludedPermissions validates that the main workflow permissions satisfy the imported workflow requirements
+// This function is specifically used when merging included/imported workflow files to ensure the main workflow
+// has sufficient permissions to support the requirements from all imported files.
 // Takes the top-level permissions YAML string and imported permissions JSON string
 // Returns an error if the main workflow permissions are insufficient
-func (c *Compiler) ValidatePermissions(topPermissionsYAML string, importedPermissionsJSON string) error {
+//
+// Use ValidatePermissions (in permissions_validator.go) for general permission validation against GitHub MCP toolsets.
+// Use ValidateIncludedPermissions (this function) when validating permissions from included/imported workflow files.
+func (c *Compiler) ValidateIncludedPermissions(topPermissionsYAML string, importedPermissionsJSON string) error {
 	importsLog.Print("Validating permissions from imports")
 
 	// If no imported permissions, no validation needed

pkg/workflow/permissions_import_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/githubnext/gh-aw/pkg/parser"
 )
 
-func TestValidatePermissions(t *testing.T) {
+func TestValidateIncludedPermissions(t *testing.T) {
 	tests := []struct {
 		name                string
 		topPermissionsYAML  string
@@ -73,17 +73,17 @@ func TestValidatePermissions(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			compiler := NewCompiler(false, "", "test")
-			err := compiler.ValidatePermissions(tt.topPermissionsYAML, tt.importedPermissions)
+			err := compiler.ValidateIncludedPermissions(tt.topPermissionsYAML, tt.importedPermissions)
 
 			if tt.expectError {
 				if err == nil {
-					t.Errorf("ValidatePermissions() expected error but got none")
+					t.Errorf("ValidateIncludedPermissions() expected error but got none")
 				} else if tt.errorContains != "" && !strings.Contains(err.Error(), tt.errorContains) {
-					t.Errorf("ValidatePermissions() error should contain '%s', got: %v", tt.errorContains, err)
+					t.Errorf("ValidateIncludedPermissions() error should contain '%s', got: %v", tt.errorContains, err)
 				}
 			} else {
 				if err != nil {
-					t.Errorf("ValidatePermissions() unexpected error: %v", err)
+					t.Errorf("ValidateIncludedPermissions() unexpected error: %v", err)
 				}
 			}
 		})

pkg/workflow/permissions_validator.go

@@ -89,7 +89,12 @@ type PermissionsValidationResult struct {
 	MissingToolsetDetails map[string][]PermissionScope        // Maps toolset name to missing permissions
 }
 
-// ValidatePermissions validates that permissions match the required GitHub MCP toolsets
+// ValidatePermissions validates that workflow permissions match the required GitHub MCP toolsets
+// This is the general-purpose permission validator used during workflow compilation to check
+// that the declared permissions are sufficient for the GitHub MCP toolsets being used.
+//
+// Use ValidatePermissions (this function) for general permission validation against GitHub MCP toolsets.
+// Use ValidateIncludedPermissions (in imports.go) when validating permissions from included/imported workflow files.
 func ValidatePermissions(permissions *Permissions, githubTool any) *PermissionsValidationResult {
 	permissionsValidatorLog.Print("Starting permissions validation")