[cli-tools-test] 6 workflows fail compilation: toolsets: [all] requires missing vulnerability-alerts: read permission #22207
Description
Problem Description
6 workflows in the repository fail to compile with the current compiler. All have the same error: the compiler requires vulnerability-alerts: read permission when the dependabot GitHub toolset is active (directly or via toolsets: [all]), but none of these workflows declare that permission.
Since these workflows have existing .lock.yml files, they were previously compilable — this is a regression introduced when the compiler started enforcing this permission requirement.
Failing Workflows
| Workflow | Toolset Config | Missing Permission |
|---|---|---|
daily-firewall-report.md |
toolsets: [all] |
vulnerability-alerts: read |
deep-report.md |
toolsets: [all] |
vulnerability-alerts: read |
dependabot-go-checker.md |
toolsets: [default, dependabot] |
vulnerability-alerts: read |
github-mcp-structural-analysis.md |
toolsets: [all] |
vulnerability-alerts: read |
github-mcp-tools-report.md |
toolsets: [all] |
vulnerability-alerts: read |
security-review.md |
toolsets: [all] |
vulnerability-alerts: read |
Compiler Error (identical for all 6)
error: Missing required permissions for GitHub toolsets:
- vulnerability-alerts: read (required by dependabot)
To fix this, you can either:
Option 1: Add missing permissions to your workflow frontmatter:
permissions:
vulnerability-alerts: read
Option 2: Reduce the required toolsets in your workflow:
Remove or adjust toolsets that require these permissions:
- dependabot
```
### Root Cause Analysis
Five of the six workflows use `toolsets: [all]`, which implicitly includes the `dependabot` toolset. These workflows (e.g., `deep-report`, `security-review`) likely don't actually _use_ any Dependabot-specific tools — they just request all toolsets for convenience. Yet the compiler requires `vulnerability-alerts: read` for any workflow that includes the `dependabot` toolset, even passively via `[all]`.
The sixth workflow (`dependabot-go-checker`) explicitly uses `toolsets: [default, dependabot]` and genuinely needs this permission — it just hasn't been updated.
### Impact
- **Severity**: High — 6 workflows are broken/undeployable
- **Frequency**: Always (all 6 fail on every compile attempt)
- **Stale lock files**: The existing `.lock.yml` files are from a previous compiler version and no longer reflect the source `.md` files
- **CI risk**: Any PR that triggers recompilation will fail for these 6 workflows
### Steps to Reproduce
```
Use the agentic-workflows MCP "compile" tool with no workflow filter
Observed: 6 of 177 workflows fail with missing vulnerability-alerts: read permission.
Environment
- Repository: github/gh-aw
- Run ID: §23391469450
- Date: 2026-03-21
- Workflows tested: All 177 via
compileMCP tool
Suggested Fix
Option A — Update all 6 workflows to add vulnerability-alerts: read to their permissions block (correct for dependabot-go-checker; may be unnecessary for the others).
Option B — For workflows using toolsets: [all], only enforce permission requirements for toolsets whose tools are actually referenced in the workflow prompt. This avoids false positives from passive [all] usage.
Option C — Add a compiler warning instead of an error for toolsets: [all] cases where dependabot-specific tools aren't used in the workflow body.
Additional Context
Detected during daily exploratory testing of the compile MCP tool (run §23391469450). All other 171 workflows compiled successfully.
References:
Generated by Daily CLI Tools Exploratory Tester · ◷
- expires on Mar 28, 2026, 11:55 PM UTC