Problem Description
The pr-code-quality-reviewer workflow fails to compile because it uses toolsets: [default] for the GitHub tool, which expands to include the issues toolset, but the workflow frontmatter only declares pull-requests: read — it does not declare issues: read.
This was discovered by the daily CLI tools exploratory tester via gh aw compile (bulk compile).
Command/Tool
- Tool: compile
- Command:
agenticworkflows compile (no workflow filter = bulk)
Steps to Reproduce
- Run
gh aw compile (or the MCP compile tool without a workflow filter)
- Observe compilation failure for
pr-code-quality-reviewer.md
Expected Behavior
Compilation succeeds (either the permission is declared, or the toolset is narrowed to not require issues).
Actual Behavior
.github/workflows/pr-code-quality-reviewer.md:1:1: error: Missing required permissions for GitHub toolsets:
- issues: read (required by issues)
To fix this, you can either:
Option 1: Add missing permissions to your workflow frontmatter:
permissions:
issues: read
See: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/permissions.md
Option 2: Reduce the required toolsets in your workflow:
Remove or adjust toolsets that require these permissions:
- issues
Root Cause
The default toolset (defined in the gh-aw compiler) expands to context,repos,issues,pull_requests. The workflow only declares:
permissions:
contents: read
pull-requests: read
copilot-requests: write
tools:
github:
mode: gh-proxy
toolsets:
- defaultThe issues toolset requires issues: read in permissions, which is absent.
Fix Options
Option A — Add issues: read to the permissions block (if the workflow legitimately needs issue-reading, e.g., for linked issues in PRs):
permissions:
contents: read
issues: read
pull-requests: read
copilot-requests: write
Option B — Replace default with an explicit narrower toolset that excludes issues:
tools:
github:
mode: gh-proxy
toolsets:
- pull_requests
- reposEnvironment
- Repository: github/gh-aw
- Run ID: 27490937947
- Date: 2026-06-14
- gh-aw version: 1.0.60
Impact
- Severity: Medium (compilation error, workflow cannot be deployed with strict compilation)
- Frequency: Always (reproducible every compile)
- Workaround: None — compile fails unless fixed
Additional Context
All 245 other workflows compiled successfully. This is the only compilation error found in the bulk compile run.
Generated by 🧪 Daily CLI Tools Exploratory Tester · 694.3 AIC · ⌖ 31 AIC · ⊞ 30.1K · ◷
Problem Description
The
pr-code-quality-reviewerworkflow fails to compile because it usestoolsets: [default]for the GitHub tool, which expands to include theissuestoolset, but the workflow frontmatter only declarespull-requests: read— it does not declareissues: read.This was discovered by the daily CLI tools exploratory tester via
gh aw compile(bulk compile).Command/Tool
agenticworkflows compile(no workflow filter = bulk)Steps to Reproduce
gh aw compile(or the MCP compile tool without a workflow filter)pr-code-quality-reviewer.mdExpected Behavior
Compilation succeeds (either the permission is declared, or the toolset is narrowed to not require
issues).Actual Behavior
Root Cause
The
defaulttoolset (defined in the gh-aw compiler) expands tocontext,repos,issues,pull_requests. The workflow only declares:The
issuestoolset requiresissues: readin permissions, which is absent.Fix Options
Option A — Add
issues: readto the permissions block (if the workflow legitimately needs issue-reading, e.g., for linked issues in PRs):Option B — Replace
defaultwith an explicit narrower toolset that excludesissues:Environment
Impact
Additional Context
All 245 other workflows compiled successfully. This is the only compilation error found in the bulk compile run.