Add permissions string shortcuts to included file schema

[Copilot]

The included file schema only supported verbose object syntax for permissions while main workflows supported both string shortcuts (read-all, write-all, read, write) and object form. This created UX inconsistency.

Changes

• Schema: Modified pkg/parser/schemas/included_file_schema.json to add string enum as first oneOf option, matching main workflow schema structure
• Tests: Added permissions_shortcut_included_test.go with integration tests covering all shortcuts, backward compatibility, and mixed usage scenarios

Example

Before (verbose only):

# included-security.md
---
permissions:
  contents: read
  issues: read
  pull-requests: read
---

After (shortcuts work):

# included-security.md
---
permissions: read-all
---

Object form remains fully supported for granular control.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Add permissions string shortcuts to included_file_schema.json</issue_title>
<issue_description>## Objective

Add string shortcut support for permissions in included files to match the UX of main workflows.

Context

Priority: HIGH
Category: UX Consistency / Feature Parity

Currently:

• Main Schema: Supports both string shortcuts ("read-all", "write-all", "read", "write") and object form
• Included Schema: Only supports object form

This creates an inconsistent UX where users must use verbose object syntax in included files even for simple cases.

Approach

1. Open pkg/parser/schemas/included_file_schema.json
2. Locate the permissions field definition
3. Change from single type to oneOf array with two options:
   • String enum: ["read-all", "write-all", "read", "write"]
   • Object form (existing definition)
4. Match the structure from main_workflow_schema.json permissions.oneOf
5. Rebuild binary with make build
6. Test with included files using string shortcuts

Files to Modify

• Update: pkg/parser/schemas/included_file_schema.json
  • Change permissions from object-only to oneOf[string enum, object]
  • Add string shortcuts: read-all, write-all, read, write

Example

After this change, users should be able to write:

# included-security.md
---
permissions: read-all
---

Instead of being forced to use:

---
permissions:
  contents: read
  issues: read
  # ... 13 more properties
---

Acceptance Criteria

• Included schema permissions field uses oneOf structure
• String shortcuts validate correctly: read-all, write-all, read, write
• Object form still works for granular permissions
• Schema structure matches main workflow schema
• Test workflows with string shortcuts compile successfully

Testing

Create test included file:

---
permissions: read-all
---

Compile and verify no validation errors.

---

AI generated by Planning Assistant
Related to #7944

AI generated by Plan Command for discussion #7935

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Add permissions string shortcuts to included_file_schema.json #7946

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.