fix: restrict github-app.permissions to explicit app-only scopes with read/none only

Copilot · pelikhan · web-flow · commit a879f399f3aa · 2026-03-30T23:29:39.000Z
- Enumerate all GitHub App-only scopes explicitly instead of using additionalProperties - Only allow 'read' and 'none' values (not 'write') - Update override test to use a valid GitHub App-only scope (vulnerability-alerts)" Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3e32b3bc-7c8b-4f55-a88f-3d940a2ae8e6 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -9680,10 +9680,159 @@
         },
         "permissions": {
           "type": "object",
-          "description": "Optional extra permissions to merge into the minted token. These override the job-level permissions for the token (nested wins). Use this to add org-level permissions (e.g., members: read) that are not valid GitHub Actions scopes but are supported by GitHub Apps.",
-          "additionalProperties": {
-            "type": "string",
-            "enum": ["read", "write", "none"]
+          "description": "Optional extra GitHub App-only permissions to merge into the minted token. These are added on top of job-level permissions (nested wins). Use this for org-level permissions (e.g., members: read) that are not valid GitHub Actions scopes. Only 'read' and 'none' are allowed.",
+          "additionalProperties": false,
+          "properties": {
+            "administration": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for repository administration (read/none). GitHub App-only permission for repository administration."
+            },
+            "codespaces": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for Codespaces (read/none). GitHub App-only permission."
+            },
+            "codespaces-lifecycle-admin": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for Codespaces lifecycle administration (read/none). GitHub App-only permission."
+            },
+            "codespaces-metadata": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for Codespaces metadata (read/none). GitHub App-only permission."
+            },
+            "email-addresses": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for user email addresses (read/none). GitHub App-only permission."
+            },
+            "environments": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for repository environments (read/none). GitHub App-only permission."
+            },
+            "git-signing": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for git signing (read/none). GitHub App-only permission."
+            },
+            "members": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization members (read/none). Required for org team membership API calls."
+            },
+            "organization-administration": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization administration (read/none). GitHub App-only permission."
+            },
+            "organization-announcement-banners": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization announcement banners (read/none). GitHub App-only permission."
+            },
+            "organization-codespaces": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization Codespaces (read/none). GitHub App-only permission."
+            },
+            "organization-copilot": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization Copilot (read/none). GitHub App-only permission."
+            },
+            "organization-custom-org-roles": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization custom org roles (read/none). GitHub App-only permission."
+            },
+            "organization-custom-properties": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization custom properties (read/none). GitHub App-only permission."
+            },
+            "organization-custom-repository-roles": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization custom repository roles (read/none). GitHub App-only permission."
+            },
+            "organization-events": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization events (read/none). GitHub App-only permission."
+            },
+            "organization-hooks": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization webhooks (read/none). GitHub App-only permission."
+            },
+            "organization-members": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization members management (read/none). GitHub App-only permission."
+            },
+            "organization-packages": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization packages (read/none). GitHub App-only permission."
+            },
+            "organization-personal-access-token-requests": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization personal access token requests (read/none). GitHub App-only permission."
+            },
+            "organization-personal-access-tokens": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization personal access tokens (read/none). GitHub App-only permission."
+            },
+            "organization-plan": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization plan (read/none). GitHub App-only permission."
+            },
+            "organization-self-hosted-runners": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization self-hosted runners (read/none). GitHub App-only permission."
+            },
+            "organization-user-blocking": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for organization user blocking (read/none). GitHub App-only permission."
+            },
+            "repository-custom-properties": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for repository custom properties (read/none). GitHub App-only permission."
+            },
+            "repository-hooks": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for repository webhooks (read/none). GitHub App-only permission."
+            },
+            "single-file": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for single file access (read/none). GitHub App-only permission."
+            },
+            "team-discussions": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for team discussions (read/none). GitHub App-only permission."
+            },
+            "vulnerability-alerts": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for Dependabot vulnerability alerts (read/none). GitHub App-only permission."
+            },
+            "workflows": {
+              "type": "string",
+              "enum": ["read", "none"],
+              "description": "Permission level for GitHub Actions workflow files (read/none). GitHub App-only permission."
+            }
           },
           "examples": [
             {
diff --git a/pkg/workflow/github_mcp_app_token_test.go b/pkg/workflow/github_mcp_app_token_test.go
@@ -443,7 +443,8 @@ Test extra org-level permissions in GitHub App token.
 }
 
 // TestGitHubMCPAppTokenExtraPermissionsOverrideJobLevel tests that extra permissions
-// under tools.github.github-app.permissions override job-level permissions (nested wins).
+// under tools.github.github-app.permissions can suppress a GitHub App-only scope
+// that was set at job level by overriding it with 'none' (nested wins).
 func TestGitHubMCPAppTokenExtraPermissionsOverrideJobLevel(t *testing.T) {
 	compiler := NewCompilerWithVersion("1.0.0")
 
@@ -452,6 +453,7 @@ on: issues
 permissions:
   contents: read
   issues: read
+  vulnerability-alerts: read
 strict: false
 tools:
   github:
@@ -460,12 +462,12 @@ tools:
       app-id: ${{ vars.APP_ID }}
       private-key: ${{ secrets.APP_PRIVATE_KEY }}
       permissions:
-        contents: write
+        vulnerability-alerts: none
 ---
 
 # Test Workflow
 
-Test that nested permissions override job-level (nested wins).
+Test that nested permissions override job-level GitHub App-only scopes (nested wins).
 `
 
 	tmpDir := t.TempDir()
@@ -481,10 +483,11 @@ Test that nested permissions override job-level (nested wins).
 	require.NoError(t, err, "Failed to read lock file")
 	lockContent := string(content)
 
-	// The nested permission (write) should win over the job-level permission (read)
-	assert.Contains(t, lockContent, "permission-contents: write", "Nested contents: write should override job-level contents: read")
-	assert.NotContains(t, lockContent, "permission-contents: read", "Job-level contents: read should be overridden by nested write")
+	// The nested permission (none) should win over the job-level permission (read)
+	assert.Contains(t, lockContent, "permission-vulnerability-alerts: none", "Nested vulnerability-alerts: none should override job-level: read")
+	assert.NotContains(t, lockContent, "permission-vulnerability-alerts: read", "Job-level vulnerability-alerts: read should be overridden by nested none")
 
 	// Other job-level permissions should still be present
+	assert.Contains(t, lockContent, "permission-contents: read", "Unaffected job-level contents permission should still be present")
 	assert.Contains(t, lockContent, "permission-issues: read", "Unaffected job-level issues permission should still be present")
 }
