From 245dd4dcf0bb40aa78f4277b838df9d4f152adcf Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 12 May 2026 13:22:56 -0400 Subject: [PATCH] fix: add actions:read permission to retro role The retro agent needs to access workflow run logs and download artifacts to analyze agent behavior, but was getting 403 Forbidden errors. The rolePermissions map was missing "actions": "read" for the retro role, despite the design spec explicitly stating the agent should have read access to workflow runs and artifacts. Fixes #834 Co-Authored-By: Claude Sonnet 4.5 --- internal/mint/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/mint/main.go b/internal/mint/main.go index 1f01f0888..a616dd938 100644 --- a/internal/mint/main.go +++ b/internal/mint/main.go @@ -684,7 +684,7 @@ var rolePermissions = map[string]map[string]string{ "coder": {"contents": "write", "pull_requests": "write", "issues": "write", "checks": "read", "metadata": "read"}, "review": {"contents": "read", "pull_requests": "write", "issues": "write", "checks": "read", "metadata": "read"}, "fix": {"contents": "write", "pull_requests": "write", "issues": "write", "metadata": "read"}, - "retro": {"contents": "read", "pull_requests": "read", "issues": "write", "metadata": "read"}, + "retro": {"actions": "read", "contents": "read", "pull_requests": "read", "issues": "write", "metadata": "read"}, "prioritize": {"contents": "read", "issues": "write", "organization_projects": "write", "metadata": "read"}, "fullsend": {"actions": "write", "contents": "write", "pull_requests": "write", "workflows": "write", "metadata": "read"}, }