From 23f1de5addb816113fb8b6665ea6421ecbc55d1c Mon Sep 17 00:00:00 2001
From: Samuel Briole <samuel.briole@gmail.com>
Date: Thu, 12 Mar 2026 19:34:50 +0100
Subject: [PATCH] fix(github): skip assertPermissions when use_github_token is
 true

GitHub App bot actors (e.g. my-bot[bot]) return permission: none from
the collaborators API because Apps authenticate via installation tokens,
not as traditional collaborators.

When use_github_token is true, the caller is providing their own
GITHUB_TOKEN and managing authentication directly, making the
collaborator-level permission check both unnecessary and broken for
bot actors.

Closes #17224
---
 packages/opencode/src/cli/cmd/github.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/opencode/src/cli/cmd/github.ts b/packages/opencode/src/cli/cmd/github.ts
index edd9d756109..36ead8660f2 100644
--- a/packages/opencode/src/cli/cmd/github.ts
+++ b/packages/opencode/src/cli/cmd/github.ts
@@ -540,7 +540,12 @@ export const GithubRunCommand = cmd({
         }
         // Skip permission check and reactions for repo events (no actor to check, no issue to react to)
         if (isUserEvent) {
-          await assertPermissions()
+          // Skip permission check when using a custom GitHub token, since the caller
+          // manages their own auth and the collaborator API returns "none" for GitHub
+          // App bot actors (e.g. my-bot[bot]) even though they have valid installation tokens.
+          if (!useGithubToken) {
+            await assertPermissions()
+          }
           await addReaction(commentType)
         }