{"slug": "would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read", "title": "Would you block a PR that changes GitHub Actions contents permission from read to write?", "summary": "A developer is evaluating whether a pull request that escalates GitHub Actions contents permission from read to write should be blocked, warned, or ignored. The tool Agent Gate flagged the change as a warning using its built-in default policy, without relying on an LLM. The developer argues that deterministic CI evidence is valuable for reviewing permission changes, especially in AI-generated PRs.", "body_md": "A sandbox PR changed one GitHub Actions workflow permission:\n\n```\npermissions:\n  contents: write\n```\n\nThe base branch had:\n\n```\npermissions:\n  contents: read\n```\n\nThat is the concrete case I am trying to calibrate.\n\nAgent Gate reported:\n\n```\nAgent Gate: NEEDS HUMAN DECISION\nDecision: warn\nWhy: contents permission increased from read to write.\nPath: .github/workflows/demo-release.yml\nRecommended next step: review the workflow permission change before merging.\nPolicy status: warning today; eligible to become a merge gate after tuning.\n\nRule: workflow/permission-escalation\nPolicy source: built-in default\n```\n\nLive PR comment proof:\n\n[https://github.com/sjh9714/agent-gate-install-smoke-20260617/pull/13#issuecomment-4828248162](https://github.com/sjh9714/agent-gate-install-smoke-20260617/pull/13#issuecomment-4828248162)\n\nWhat matters to me is that this did not depend on an LLM noticing the change.\n\nThe Action did not:\n\nThe first-run repo config was also absent. Agent Gate used its built-in default policy and recorded:\n\n```\nconfigSource: default\n```\n\nI am not trying to claim that the PR is automatically bad. A permission increase can be intentional.\n\nThe question is what CI should do when it sees this kind of boundary change.\n\nMy current default is:\n\nFor AI-generated PRs, I think deterministic CI evidence is useful because agent changes can touch workflow and security boundaries as part of ordinary work.\n\nBut this specific finding is broader than AI: any PR that raises GitHub Actions permissions may deserve deliberate review.\n\nQuestion:\n\nIn your repo, is this block, warn, or noise?\n\nWhat extra evidence would make it actionable?", "url": "https://wpnews.pro/news/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read", "canonical_source": "https://dev.to/sjh9714/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read-to-write-27hm", "published_at": "2026-06-30 05:52:53+00:00", "updated_at": "2026-06-30 06:18:40.442573+00:00", "lang": "en", "topics": ["developer-tools", "ai-safety", "ai-agents"], "entities": ["GitHub Actions", "Agent Gate", "sjh9714"], "alternates": {"html": "https://wpnews.pro/news/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read", "markdown": "https://wpnews.pro/news/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read.md", "text": "https://wpnews.pro/news/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read.txt", "jsonld": "https://wpnews.pro/news/would-you-block-a-pr-that-changes-github-actions-contents-permission-from-read.jsonld"}}