Skip to content

Consider workflow scope or user-escalation pattern for merging PRs that modify workflow files#1825

Draft
Abishek-Newar wants to merge 1 commit into
github:mainfrom
Abishek-Newar:main
Draft

Consider workflow scope or user-escalation pattern for merging PRs that modify workflow files#1825
Abishek-Newar wants to merge 1 commit into
github:mainfrom
Abishek-Newar:main

Conversation

@Abishek-Newar

@Abishek-Newar Abishek-Newar commented Jan 16, 2026

Copy link
Copy Markdown

Summary

Add pre-flight file inspection to MergePullRequest to detect workflow files and return a clear error message before attempting merge operations that would fail due to missing workflow OAuth scope.

Why

Fixes #1815

What changed

  • Added Workflow scope constant to pkg/scopes/scopes.go
  • Added containsWorkflowFiles helper function to detect files in .github/workflows/ or .github/workflows-lab/
  • Modified MergePullRequest handler to check for workflow files before merge and return a descriptive error
  • Added test cases for workflow file detection scenarios

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • merge_pull_request now returns an error message when the PR contains workflow files, explaining the workflow scope requirement and suggesting alternatives.
  • New tool added

Prompts tested (tool changes only)

  • "Merge PR # 123 in owner/repo" (with workflow files - returns clear error)
  • "Merge pull request 456" (without workflow files - succeeds as before)

Security / limits

  • No security or limits impact
  • Auth / permissions considered
    The change proactively detects when the workflow scope would be required and provides guidance, rather than failing with a cryptic 403 error.
  • Data exposure, filtering, or token/size limits considered

Tool renaming

  • I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
    • I have added the new tool aliases in deprecated_tool_aliases.go
  • I am not renaming tools as part of this PR

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)
@Abishek-Newar Abishek-Newar requested a review from a team as a code owner January 16, 2026 12:08
@Abishek-Newar Abishek-Newar marked this pull request as draft January 19, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant