diff --git a/actions/setup/js/handle_agent_failure.cjs b/actions/setup/js/handle_agent_failure.cjs index c71ad6a8c72..c9153cb0185 100644 --- a/actions/setup/js/handle_agent_failure.cjs +++ b/actions/setup/js/handle_agent_failure.cjs @@ -243,6 +243,7 @@ function buildFailureMatchCategories(options) { * @param {boolean} options.hasDailyAICExceeded * @param {boolean} options.aiCreditsRateLimitError * @param {boolean} options.maxAICreditsExceeded + * @param {boolean} options.hasAssignmentErrors * @returns {string} */ function buildFailureIssueTitle(options) { @@ -260,6 +261,7 @@ function buildFailureIssueTitle(options) { if (options.hasMissingSafeOutputs) return `[aw] ${workflowName} produced no safe outputs`; if (options.hasMissingTool) return `[aw] ${workflowName} is missing required tool`; if (options.hasMissingData) return `[aw] ${workflowName} is missing required data`; + if (options.hasAssignmentErrors) return `[aw] ${workflowName} failed to assign agent`; return `[aw] ${workflowName} failed`; } @@ -2058,9 +2060,9 @@ function buildAssignmentErrorsContext(assignmentErrors) { } context += "\nTo resolve this, verify the agent token and Copilot access configuration:\n"; - context += "- Configure a valid `GH_AW_AGENT_TOKEN` with `issues: write` and `pull-requests: write` plus active Copilot entitlement\n"; - context += "- If your org supports it, add `permissions: { copilot-requests: write }` to use org inference without a personal token\n"; - context += "- Docs: https://github.github.com/gh-aw/reference/engines/#github-copilot-default\n\n"; + context += "- Configure a valid `GH_AW_AGENT_TOKEN` as a fine-grained PAT with **Agent tasks: read and write** permission (GitHub App installation tokens are not supported)\n"; + context += "- Ensure Copilot coding agent is enabled for this repository and a Copilot Business or Enterprise subscription is active\n"; + context += "- Docs: https://github.github.com/gh-aw/reference/copilot-cloud-agent/#authentication\n\n"; return context; } @@ -2990,6 +2992,7 @@ async function main() { hasDailyAICExceeded, aiCreditsRateLimitError, maxAICreditsExceeded, + hasAssignmentErrors, }); const failureCategories = buildFailureMatchCategories({ agentConclusion, diff --git a/actions/setup/js/handle_agent_failure.test.cjs b/actions/setup/js/handle_agent_failure.test.cjs index 1278d212261..bdc677758a8 100644 --- a/actions/setup/js/handle_agent_failure.test.cjs +++ b/actions/setup/js/handle_agent_failure.test.cjs @@ -87,6 +87,7 @@ describe("handle_agent_failure", () => { hasDailyAICExceeded: false, aiCreditsRateLimitError: false, maxAICreditsExceeded: false, + hasAssignmentErrors: false, }; const cases = [ @@ -103,6 +104,7 @@ describe("handle_agent_failure", () => { { flag: "hasMissingSafeOutputs", expected: "[aw] Test Workflow produced no safe outputs" }, { flag: "hasMissingTool", expected: "[aw] Test Workflow is missing required tool" }, { flag: "hasMissingData", expected: "[aw] Test Workflow is missing required data" }, + { flag: "hasAssignmentErrors", expected: "[aw] Test Workflow failed to assign agent" }, ]; it.each(cases)("returns expected title for isolated $flag", ({ flag, expected }) => { @@ -1339,8 +1341,9 @@ describe("handle_agent_failure", () => { expect(result).toContain("Issue #42 (agent: copilot): Bad credentials"); expect(result).toContain("PR #7 (agent: copilot): copilot coding agent is not available for this repository"); expect(result).toContain("GH_AW_AGENT_TOKEN"); - expect(result).toContain("copilot-requests: write"); - expect(result).toContain("https://github.github.com/gh-aw/reference/engines/#github-copilot-default"); + expect(result).toContain("Agent tasks: read and write"); + expect(result).not.toContain("copilot-requests: write"); + expect(result).toContain("https://github.github.com/gh-aw/reference/copilot-cloud-agent/#authentication"); }); }); diff --git a/docs/src/content/docs/reference/copilot-cloud-agent.mdx b/docs/src/content/docs/reference/copilot-cloud-agent.mdx index 09710bf3597..4d448372bf8 100644 --- a/docs/src/content/docs/reference/copilot-cloud-agent.mdx +++ b/docs/src/content/docs/reference/copilot-cloud-agent.mdx @@ -91,10 +91,10 @@ Both safe outputs require a fine-grained PAT. The default `GITHUB_TOKEN` lacks t The required token type and permissions depend on whether you own the repository or an organization owns it. -1. **Create the PAT** with **Repository permissions**: Actions, Contents, Issues, Pull requests (all Write). +1. **Create the PAT** with **Repository permissions**: Actions, Contents, Agent tasks (read and write). - - [User-owned repositories](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&issues=write&pull_requests=write): Resource owner = your user account; Repository access = "Public repositories" or specific repos - - [Organization-owned repositories](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&issues=write&pull_requests=write): Resource owner = the organization; Repository access = specific repositories that will use the workflow + - [User-owned repositories](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&agent_tasks=write): Resource owner = your user account; Repository access = "Public repositories" or specific repos + - [Organization-owned repositories](https://github.com/settings/personal-access-tokens/new?name=GH_AW_AGENT_TOKEN&description=GitHub+Agentic+Workflows+-+Agent+assignment&actions=write&contents=write&agent_tasks=write): Resource owner = the organization; Repository access = specific repositories that will use the workflow 2. Add to repository secrets: