Compiled lock file requests broader permissions than workflow needs (discussions:write, pull-requests:write)

[deyaaeldeen]

Summary

The gh aw compile command generates a lock file where the activation job requests permissions that are broader than what the source workflow declares or needs. Specifically, the compiled workflow includes discussions: write and pull-requests: write even when the source workflow only operates on issues.

Reproduction

1. Create a workflow that only needs issue permissions:

on:
  issues:
    types: [opened]

permissions: read-all

tools:
  github:
    toolsets: [issues]

safe-outputs:
  add-labels:
    max: 7
    target: "*"
  add-comment:
    max: 2
    target: "*"
  assign-to-user:
    max: 1
    target: "*"
  close-issue:
    max: 1
    target: "*"

2. Run gh aw compile

3. Inspect the generated lock file — the activation job includes:

permissions:
  actions: write
  checks: write
  contents: write
  discussions: write
  issues: write
  pull-requests: write

Expected behavior

The compiled lock file should follow the principle of least privilege and only request permissions that are actually needed by the workflow. For an issue-triage workflow, discussions: write and pull-requests: write are unnecessary and increase blast radius if the workflow or its dependencies are compromised.

Actual behavior

The compiler injects a fixed set of broad write permissions into the activation job regardless of the workflow's declared scope.

Environment

• gh-aw version: v0.68.3