fix: address copilot reviewer comments on github-app permissions

Copilot · pelikhan · web-flow · commit 77fbde1a0148 · 2026-03-31T00:25:19.000Z
- parseAppConfig: log warnings for non-string permission values and non-map permissions entries instead of silently dropping them - compiler_github_mcp_steps: normalize permission level (trim+lowercase) and emit a warning for any level that isn't "read" or "none" before skipping it - validateGitHubMCPAppPermissionsNoWrite: broaden validation to reject all invalid levels (not just "write") after normalization; list both write-specific and generic invalid scopes with separate explanations in the error message - warnGitHubAppPermissionsUnsupportedContexts: new function that emits a compile-time warning when permissions is set in safe-outputs.github-app, on.github-app, or the top-level github-app fallback (where it has no effect); called from compiler.go after the no-write check - schema: keep permissions in $defs.github_app (allOf+additionalProperties:false conflict prevents scoping via allOf) but update its description to clarify it only takes effect for tools.github.github-app; scoping enforced at runtime via the new warning function - test: update write-rejection assertion strings to match the new error format Agent-Logs-Url: https://github.com/github/gh-aw/sessions/293c96f3-a7d6-461b-88c3-8ded806c935c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -3599,18 +3599,7 @@
                 },
                 "github-app": {
                   "$ref": "#/$defs/github_app",
-                  "description": "GitHub App configuration for token minting. When configured, a GitHub App installation access token is minted at workflow start and used instead of the default token. This token overrides any custom github-token setting and provides fine-grained permissions matching the agent job requirements.",
-                  "examples": [
-                    {
-                      "app-id": "${{ vars.APP_ID }}",
-                      "private-key": "${{ secrets.APP_PRIVATE_KEY }}"
-                    },
-                    {
-                      "app-id": "${{ vars.APP_ID }}",
-                      "private-key": "${{ secrets.APP_PRIVATE_KEY }}",
-                      "repositories": ["repo1", "repo2"]
-                    }
-                  ]
+                  "description": "GitHub App configuration for token minting. When configured, a GitHub App installation access token is minted at workflow start and used instead of the default token. This token overrides any custom github-token setting and provides fine-grained permissions matching the agent job requirements."
                 }
               },
               "additionalProperties": false,
@@ -9580,7 +9569,8 @@
           }
         },
         "permissions": {
-          "$ref": "#/$defs/github_app_permissions"
+          "$ref": "#/$defs/github_app_permissions",
+          "description": "Optional extra GitHub App-only permissions to merge into the minted token. Only takes effect for tools.github.github-app; ignored in other github-app contexts."
         }
       },
       "required": ["app-id", "private-key"],
diff --git a/pkg/workflow/compiler.go b/pkg/workflow/compiler.go
@@ -156,6 +156,9 @@ func (c *Compiler) validateWorkflowData(workflowData *WorkflowData, markdownPath
 		return formatCompilerError(markdownPath, "error", err.Error(), err)
 	}
 
+	// Warn when github-app.permissions is set in contexts that don't support it
+	warnGitHubAppPermissionsUnsupportedContexts(workflowData)
+
 	// Validate agent file exists if specified in engine config
 	log.Printf("Validating agent file if specified")
 	if err := c.validateAgentFile(workflowData, markdownPath); err != nil {
diff --git a/pkg/workflow/compiler_github_mcp_steps.go b/pkg/workflow/compiler_github_mcp_steps.go
@@ -114,7 +114,13 @@ func (c *Compiler) generateGitHubMCPAppTokenMintingStep(yaml *strings.Builder, d
 				fmt.Fprintln(os.Stderr, console.FormatWarningMessage(msg))
 				continue
 			}
-			permissions.Set(scope, PermissionLevel(val))
+			level := strings.ToLower(strings.TrimSpace(val))
+			if level != string(PermissionRead) && level != string(PermissionNone) {
+				msg := fmt.Sprintf("Unknown permission level %q for scope %q in tools.github.github-app.permissions. Valid levels are: read, none.", val, key)
+				fmt.Fprintln(os.Stderr, console.FormatWarningMessage(msg))
+				continue
+			}
+			permissions.Set(scope, PermissionLevel(level))
 		}
 	}
 
diff --git a/pkg/workflow/github_app_permissions_validation.go b/pkg/workflow/github_app_permissions_validation.go
@@ -2,8 +2,12 @@ package workflow
 
 import (
 	"errors"
+	"fmt"
+	"os"
 	"sort"
 	"strings"
+
+	"github.com/github/gh-aw/pkg/console"
 )
 
 var githubAppPermissionsLog = newValidationLogger("github_app_permissions")
@@ -109,11 +113,12 @@ func formatWriteOnAppScopesError(scopes []PermissionScope) error {
 	return errors.New(strings.Join(lines, "\n"))
 }
 
-// validateGitHubMCPAppPermissionsNoWrite validates that no scope in
-// tools.github.github-app.permissions is set to "write".
+// validateGitHubMCPAppPermissionsNoWrite validates that every scope in
+// tools.github.github-app.permissions is set to "read" or "none" (after trimming/lowercasing).
 // The schema allows "write" so that editors can offer it as a completion, but
 // the compiler must reject it because GitHub App-only scopes have no write-level
 // semantics in this context — write operations must go through safe-outputs.
+// Any other unrecognised level is also rejected here.
 func validateGitHubMCPAppPermissionsNoWrite(workflowData *WorkflowData) error {
 	if workflowData.ParsedTools == nil ||
 		workflowData.ParsedTools.GitHub == nil ||
@@ -125,32 +130,84 @@ func validateGitHubMCPAppPermissionsNoWrite(workflowData *WorkflowData) error {
 		return nil
 	}
 
+	var invalidScopes []string
 	var writeScopes []string
 	for scope, level := range app.Permissions {
-		if level == string(PermissionWrite) {
-			writeScopes = append(writeScopes, scope)
+		normalized := strings.ToLower(strings.TrimSpace(level))
+		switch normalized {
+		case string(PermissionRead), string(PermissionNone):
+			// valid
+		default:
+			invalidScopes = append(invalidScopes, scope+" (level: "+level+")")
+			if normalized == string(PermissionWrite) {
+				writeScopes = append(writeScopes, scope)
+			}
 		}
 	}
-	if len(writeScopes) == 0 {
+	if len(invalidScopes) == 0 {
 		return nil
 	}
+	sort.Strings(invalidScopes)
 	sort.Strings(writeScopes)
 
 	var lines []string
-	lines = append(lines, `"write" is not allowed in tools.github.github-app.permissions.`)
-	lines = append(lines, "GitHub App-only scopes in this section must be declared as \"read\" or \"none\".")
-	lines = append(lines, "Write operations must be performed via safe-outputs, not through declared permissions.")
+	lines = append(lines, "Invalid permission levels in tools.github.github-app.permissions.")
+	lines = append(lines, "Each permission level must be exactly \"read\" or \"none\".")
+	if len(writeScopes) > 0 {
+		lines = append(lines, "")
+		lines = append(lines, `"write" is not allowed: write operations must be performed via safe-outputs.`)
+		lines = append(lines, "")
+		lines = append(lines, "The following scopes were declared with \"write\" access:")
+		lines = append(lines, "")
+		for _, s := range writeScopes {
+			lines = append(lines, "  - "+s)
+		}
+	}
 	lines = append(lines, "")
-	lines = append(lines, "The following scopes were declared with \"write\" access:")
+	lines = append(lines, "The following scopes have invalid permission levels:")
 	lines = append(lines, "")
-	for _, s := range writeScopes {
+	for _, s := range invalidScopes {
 		lines = append(lines, "  - "+s)
 	}
 	lines = append(lines, "")
-	lines = append(lines, "Change the permission level to \"read\" for read-only access, or remove the entry.")
+	lines = append(lines, "Change the permission level to \"read\" for read-only access, or \"none\" to disable the scope.")
 	return errors.New(strings.Join(lines, "\n"))
 }
 
+// warnGitHubAppPermissionsUnsupportedContexts emits a warning when
+// tools.github.github-app.permissions is set in contexts that do not support it.
+// The permissions field only takes effect for the GitHub MCP token minting step;
+// it is silently ignored if set on safe-outputs.github-app, on.github-app, or the
+// top-level github-app fallback.
+func warnGitHubAppPermissionsUnsupportedContexts(workflowData *WorkflowData) {
+	type context struct {
+		label string
+		app   *GitHubAppConfig
+	}
+	unsupported := []context{
+		{"safe-outputs.github-app", safeOutputsGitHubApp(workflowData)},
+		{"on.github-app", workflowData.ActivationGitHubApp},
+		{"github-app (top-level fallback)", workflowData.TopLevelGitHubApp},
+	}
+	for _, ctx := range unsupported {
+		if ctx.app != nil && len(ctx.app.Permissions) > 0 {
+			msg := fmt.Sprintf(
+				"The 'permissions' field under '%s' has no effect. "+
+					"Extra GitHub App permissions only apply to tools.github.github-app.",
+				ctx.label,
+			)
+			fmt.Fprintln(os.Stderr, console.FormatWarningMessage(msg))
+		}
+	}
+}
+
+func safeOutputsGitHubApp(workflowData *WorkflowData) *GitHubAppConfig {
+	if workflowData.SafeOutputs == nil {
+		return nil
+	}
+	return workflowData.SafeOutputs.GitHubApp
+}
+
 func hasGitHubAppConfigured(workflowData *WorkflowData) bool {
 	// Check tools.github.github-app
 	if workflowData.ParsedTools != nil &&
diff --git a/pkg/workflow/github_mcp_app_token_test.go b/pkg/workflow/github_mcp_app_token_test.go
@@ -525,6 +525,7 @@ Test that write is rejected in tools.github.github-app.permissions.
 
 	err = compiler.CompileWorkflow(testFile)
 	require.Error(t, err, "Compiler should reject write in tools.github.github-app.permissions")
-	assert.Contains(t, err.Error(), `"write" is not allowed in tools.github.github-app.permissions`, "Error should mention that write is not allowed")
+	assert.Contains(t, err.Error(), "Invalid permission levels in tools.github.github-app.permissions", "Error should mention invalid permission levels")
+	assert.Contains(t, err.Error(), `"write" is not allowed`, "Error should mention that write is not allowed")
 	assert.Contains(t, err.Error(), "members", "Error should mention the offending scope")
 }
diff --git a/pkg/workflow/safe_outputs_app_config.go b/pkg/workflow/safe_outputs_app_config.go
@@ -73,8 +73,12 @@ func parseAppConfig(appMap map[string]any) *GitHubAppConfig {
 			for key, val := range permsMap {
 				if valStr, ok := val.(string); ok {
 					appConfig.Permissions[key] = valStr
+				} else {
+					safeOutputsAppLog.Printf("Ignoring github-app.permissions[%q]: expected string value, got %T", key, val)
 				}
 			}
+		} else {
+			safeOutputsAppLog.Printf("Ignoring github-app.permissions: expected object, got %T", perms)
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -156,6 +156,9 @@ func (c Compiler) validateWorkflowData(workflowData WorkflowData, markdownPath`
`156`	`156`	`return formatCompilerError(markdownPath, "error", err.Error(), err)`
`157`	`157`	`}`
`158`	`158`
	`159`	`+ // Warn when github-app.permissions is set in contexts that don't support it`
	`160`	`+ warnGitHubAppPermissionsUnsupportedContexts(workflowData)`
	`161`	`+`
`159`	`162`	`// Validate agent file exists if specified in engine config`
`160`	`163`	`log.Printf("Validating agent file if specified")`
`161`	`164`	`if err := c.validateAgentFile(workflowData, markdownPath); err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,13 @@ func (c Compiler) generateGitHubMCPAppTokenMintingStep(yaml strings.Builder, d`
`114`	`114`	`fmt.Fprintln(os.Stderr, console.FormatWarningMessage(msg))`
`115`	`115`	`continue`
`116`	`116`	`}`
`117`		`- permissions.Set(scope, PermissionLevel(val))`
	`117`	`+ level := strings.ToLower(strings.TrimSpace(val))`
	`118`	`+ if level != string(PermissionRead) && level != string(PermissionNone) {`
	`119`	`+ msg := fmt.Sprintf("Unknown permission level %q for scope %q in tools.github.github-app.permissions. Valid levels are: read, none.", val, key)`
	`120`	`+ fmt.Fprintln(os.Stderr, console.FormatWarningMessage(msg))`
	`121`	`+ continue`
	`122`	`+ }`
	`123`	`+ permissions.Set(scope, PermissionLevel(level))`
`118`	`124`	`}`
`119`	`125`	`}`
`120`	`126`
Original file line number	Diff line number	Diff line change
`@@ -525,6 +525,7 @@ Test that write is rejected in tools.github.github-app.permissions.`
`525`	`525`
`526`	`526`	`err = compiler.CompileWorkflow(testFile)`
`527`	`527`	`require.Error(t, err, "Compiler should reject write in tools.github.github-app.permissions")`
`528`		- assert.Contains(t, err.Error(), `"write" is not allowed in tools.github.github-app.permissions`, "Error should mention that write is not allowed")
	`528`	`+ assert.Contains(t, err.Error(), "Invalid permission levels in tools.github.github-app.permissions", "Error should mention invalid permission levels")`
	`529`	+ assert.Contains(t, err.Error(), `"write" is not allowed`, "Error should mention that write is not allowed")
`529`	`530`	`assert.Contains(t, err.Error(), "members", "Error should mention the offending scope")`
`530`	`531`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,12 @@ func parseAppConfig(appMap map[string]any) *GitHubAppConfig {`
`73`	`73`	`for key, val := range permsMap {`
`74`	`74`	`if valStr, ok := val.(string); ok {`
`75`	`75`	`appConfig.Permissions[key] = valStr`
	`76`	`+ } else {`
	`77`	`+ safeOutputsAppLog.Printf("Ignoring github-app.permissions[%q]: expected string value, got %T", key, val)`
`76`	`78`	`}`
`77`	`79`	`}`
	`80`	`+ } else {`
	`81`	`+ safeOutputsAppLog.Printf("Ignoring github-app.permissions: expected object, got %T", perms)`
`78`	`82`	`}`
`79`	`83`	`}`
`80`	`84`