Skip to content

post-review.sh fails with 422 when REVIEW_TOKEN undefined after PR #2389 #2990

Description

@rh-hemartin

What happens

Review agent runs complete successfully, but post-review.sh fails to submit the formal GitHub review with:

Error: submitting review: create pull request review on #NNNN: github api: 422 Unprocessable Entity

This occurs when the PR author matches the GitHub Actions workflow identity. The agent completes all analysis, posts/updates comments, and minimizes stale reviews, but fails at final review submission.

Example failures across 9 days:

Root cause

PR #2389 moved token minting from workflows into the fullsend binary for sandbox use, removing REVIEW_TOKEN and REVIEW_GH_TOKEN from reusable-review.yml. However, post-review.sh still expects REVIEW_TOKEN:

# internal/scaffold/fullsend-repo/scripts/post-review.sh:21
: "${REVIEW_TOKEN:?REVIEW_TOKEN is required}"

When REVIEW_TOKEN is undefined, fullsend post-review falls back to GITHUB_TOKEN (default Actions token):

// internal/cli/postreview.go:65-66
if token == "" {
    token = os.Getenv("GITHUB_TOKEN")
}

GitHub's default GITHUB_TOKEN is scoped to the workflow initiator. When the PR author matches the workflow identity, GitHub API rejects the review submission with 422 (authors cannot review their own PRs).

What should happen

post-review.sh should use a minted token with pull-requests:write permission, not the default GITHUB_TOKEN. The token minting added in PR #2389 for sandbox use needs to extend to post-script forge operations.

Context

Metadata

Metadata

Assignees

No one assigned

    Labels

    agent/reviewReview agentcomponent/mintToken mint and cross-boundary credentialscomponent/runnerAgent runner behavior and lifecyclepriority/highSignificant impact, address soonready-to-codeTriaged and ready for the code agenttype/bugConfirmed defect in existing behavior

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions