Enforce read-only permissions by default with dangerous-permissions-write feature flag

[Copilot]

Implementation: Dangerous Permissions Write Feature

This PR implements a new security feature that treats write permissions as a compilation error unless explicitly allowed via the dangerous-permissions-write feature flag.

Changes

1. Feature Flag (pkg/constants/constants.go)

   • Added DangerousPermissionsWriteFeatureFlag constant
   • Added test coverage for the new feature flag

2. Validation (pkg/workflow/dangerous_permissions_validation.go)

   • Created validateDangerousPermissions() function
   • Validates top-level workflow permissions
   • Returns clear error messages with fix suggestions
   • Comprehensive test coverage

3. Compiler Integration (pkg/workflow/compiler.go)

   • Integrated validation into the compilation pipeline
   • Runs after feature flag validation
   • Provides formatted error output

4. Codemod Tool (pkg/cli/fix_codemods.go)

   • Added write-permissions-to-read-migration codemod
   • Automatically converts write permissions to read
   • Handles both explicit and shorthand formats
   • Available via gh aw fix --write
   • Resolved merge conflict with agent-task-to-agent-session codemod (both codemods now included)

5. Documentation (docs/src/content/docs/reference/permissions.md)

   • Documented the new validation policy
   • Provided migration guide with examples
   • Explained scope and security implications
   • Added codemod usage instructions

6. Test Updates

   • Updated test workflows to use feature flag where needed
   • Maintains backward compatibility for existing tests
   • Ensures compilation succeeds with feature flag enabled

7. Merge from main

   • Merged latest changes from main branch (multiple times)
   • Resolved conflicts in auto-generated files and fix_codemods.go
   • Up to date with main branch as of commit c251e71
   • Ran make recompile successfully

8. Formatting

   • Ran make fmt to fix Go formatting issues
   • Fixed alignment in test structs
   • Ran make lint - all checks pass

Testing

✅ All validation tests pass
✅ Compilation correctly rejects write permissions without feature flag
✅ Compilation correctly allows write permissions with feature flag enabled
✅ Error messages are clear and actionable
✅ Codemod successfully converts all permission formats
✅ Documentation is complete and accurate
✅ Go formatting and linting pass
✅ All workflows recompiled successfully

Migration Path

For existing workflows with write permissions:

Option 1: Use the codemod (recommended)

gh aw fix workflow.md --write

Option 2: Add feature flag (use with caution)

features:
  dangerous-permissions-write: true

Security Implications

• Enforces the security-first design principle
• Prevents accidental write permissions in AI workflows
• Encourages use of safe-outputs for write operations
• Provides clear escape hatch for legitimate use cases

Original prompt

Treat write permissions as compilation error in workflows unless the feature "dangerous-permissions-write" is set to true in features.

• update compiler

• create codemod to convert any "write" permissions to read

• document new feature flag

• does not apply to custom jobs or safe-outputs.job

  permissions:
  content: write # error!

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot remove version mention

[Copilot]

Removed version mention in c5fd39e

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main in f5f7e9d

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main in abd9c1e

[pelikhan]

@copilot format , lint go

[Copilot]

@copilot format , lint go

Ran make fmt and make lint - all checks pass. Fixed formatting in 65a302b

[pelikhan]

@copilot merge main, recompile

[Copilot]

@copilot merge main, recompile

Merged main and ran make recompile in 9130ddc. Resolved merge conflict in fix_codemods.go by including both the write-permissions-to-read and agent-task-to-agent-session codemods.