Recommend copilot-requests: write for Copilot-targeted workflows in instruction docs

[Copilot]

This updates instruction surfaces so guidance is explicit when workflows target the Copilot coding agent: use permissions.copilot-requests: write for token-based Copilot auth. It also aligns the core permissions reference with current supported scope behavior.

• Creator guidance (.github/aw/create-agentic-workflow.md)

  • Added a rule under permissions guidance to recommend copilot-requests: write when targeting Copilot agent workflows.

• Updater guidance (.github/aw/update-agentic-workflow.md)

  • Added the same recommendation in update rules so existing workflow edits apply consistent auth guidance.

• Permissions reference (.github/aw/syntax-core.md)

  • Included copilot-requests in the documented available scopes.
  • Clarified exceptions to the “no write permissions” rule to include:
    • id-token: write (OIDC)
    • copilot-requests: write (Copilot agent auth via ${{ github.token }})

permissions:
  contents: read
  pull-requests: read
  copilot-requests: write

---

pr-sous-chef: refresh branch requested by run 27316532377.

Generated by 👨‍🍳 PR Sous Chef · 57.4 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷

[github-actions]

Hey @Copilot 👋 — nice, focused docs update! Adding copilot-requests: write guidance consistently across the create, update, and syntax-core instruction surfaces is exactly the kind of aligned, single-purpose change that's easy to review.

One automated checklist flag: no test files were touched. For a pure documentation PR like this one that only updates Markdown instruction files, that's completely expected — no test changes are needed. This is just a mechanical checklist result.

If you would like to do a quick consistency pass before this goes to maintainer review, here's an optional prompt:

Review the changes in .github/aw/create-agentic-workflow.md, .github/aw/update-agentic-workflow.md, and .github/aw/syntax-core.md introduced in PR #38410. Verify that:
1. The `copilot-requests: write` guidance is worded consistently across all three files.
2. The additions do not contradict any existing permission guidance (e.g., the 'no write permissions' rule in syntax-core.md).
3. The exception list in syntax-core.md now accurately reflects both `id-token: write` and `copilot-requests: write`.
Report any inconsistencies found.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• patchdiff.githubusercontent.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "patchdiff.githubusercontent.com"

See Network Configuration for more information.

Generated by ✅ Contribution Check · 618.9 AIC · ⌖ 13.3 AIC · ⊞ 24.7K · ◷

[Copilot]

Pull request overview

Updates gh-aw instruction documentation to explicitly recommend using permissions.copilot-requests: write when workflows target the Copilot coding agent, and expands the core permissions reference to include the copilot-requests scope and related write-scope exceptions.

Changes:

• Add a Copilot-targeted permissions recommendation to the workflow creator and updater instruction prompts.
• Update the core syntax reference to document copilot-requests as an available permission scope and clarify write-scope exceptions.

Show a summary per file

File	Description
.github/aw/create-agentic-workflow.md	Adds creator guidance to include copilot-requests: write for Copilot-auth workflows.
.github/aw/update-agentic-workflow.md	Adds updater guidance to apply the same Copilot permissions recommendation on edits.
.github/aw/syntax-core.md	Updates core permissions documentation to include copilot-requests and clarify write exceptions.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 3

[github-actions]

Please refresh the branch, rerun checks, and summarize any remaining blockers.

Generated by 👨‍🍳 PR Sous Chef · 57.4 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷

[github-actions]

@copilot review all comments and address unresolved review feedback.

Triggered by pr-sous-chef run 27316532377.

Generated by 👨‍🍳 PR Sous Chef · 57.4 AIC · ⌖ 1 AIC · ⊞ 17.3K · ◷