Skip to content

002: Fix Agent Workflow Push Permission (Resolved)

Problem

The fix agent's GitHub App token lacked the workflows write permission, causing git push to fail silently when commits included .github/workflows/ changes. The agent reported success but no commit appeared on the PR.

Resolution

Granted workflows write permission on the fullsend-agent[bot] GitHub App. CODEOWNERS rule on .github/workflows/ ensures human approval is still required at merge time — the agent can push workflow changes, but they can't be merged without owner review.

Guardrails

  • CODEOWNERS: .github/workflows/ requires owner group approval
  • The fix agent can iterate on workflow files during the review/fix loop
  • Final merge is gated on human approval for any PR touching workflows