Permission Denied Error #53
Description
We've deployed this workflow to our repo:
name: AI Moderator
on:
issues:
types: [opened, edited]
issue_comment:
types: [created, edited]
pull_request:
types: [opened, edited]
pull_request_review:
types: [submitted, edited]
pull_request_review_comment:
types: [created, edited]
discussion:
types: [created, edited]
discussion_comment:
types: [created, edited]
permissions:
models: read
issues: write
pull-requests: write
discussions: write
jobs:
moderate:
runs-on: ubuntu-latest
steps:
- name: AI Moderator
uses: github/ai-moderator@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
but it runs into a "PermissionDeniedError: 403" error. For example, the logs from this run:
2025-11-12T20:43:57.8954628Z Download action repository 'github/ai-moderator@v1' (SHA:81159c370785e295c97461ade67d7c33576e9319)
2025-11-12T20:43:58.7456173Z Complete job name: moderate
2025-11-12T20:43:58.8228652Z ##[group]Run github/ai-moderator@v1
2025-11-12T20:43:58.8229491Z with:
2025-11-12T20:43:58.8230049Z token: ***
2025-11-12T20:43:58.8230445Z spam-label: spam
2025-11-12T20:43:58.8230854Z ai-label: ai-generated
2025-11-12T20:43:58.8231547Z minimize-detected-comments: true
2025-11-12T20:43:58.8232034Z dry-run: false
2025-11-12T20:43:58.8232443Z enable-spam-detection: true
2025-11-12T20:43:58.8232922Z enable-link-spam-detection: true
2025-11-12T20:43:58.8233420Z enable-ai-detection: true
2025-11-12T20:43:58.8233934Z endpoint: https://models.github.ai/inference
2025-11-12T20:43:58.8234718Z ##[endgroup]
2025-11-12T20:43:58.9057632Z Evaluating content for spam and AI-generated content...
2025-11-12T20:43:59.3794512Z Error running prompt /home/runner/work/_actions/github/ai-moderator/v1/prompts/ai-detection.prompt.yml: PermissionDeniedError: 403 status code (no body)
2025-11-12T20:43:59.3798871Z at APIError.generate (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:31348:20)
2025-11-12T20:43:59.3802538Z at OpenAI.makeStatusError (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:37569:25)
2025-11-12T20:43:59.3806203Z at OpenAI.makeRequest (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:37714:30)
2025-11-12T20:43:59.3809412Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2025-11-12T20:43:59.3812593Z at async runPrompt (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:40780:26)
2025-11-12T20:43:59.3816373Z at async evaluateContent (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:40855:28)
2025-11-12T20:43:59.3819436Z at async run (file:///home/runner/work/_actions/github/ai-moderator/v1/dist/index.js:40982:23) {
2025-11-12T20:43:59.3821626Z status: 403,
2025-11-12T20:43:59.3822493Z headers: Headers {
2025-11-12T20:43:59.3823547Z vary: 'Origin',
2025-11-12T20:43:59.3824627Z date: 'Wed, 12 Nov 2025 20:43:59 GMT',
2025-11-12T20:43:59.3826086Z 'content-length': '0',
2025-11-12T20:43:59.3827393Z 'x-github-backend': 'Kubernetes',
2025-11-12T20:43:59.3829212Z 'x-github-request-id': 'E818:214979:1231E8C:14B513B:6914F18F',
2025-11-12T20:43:59.3831757Z server: 'github.com'
2025-11-12T20:43:59.3832925Z },
2025-11-12T20:43:59.3833826Z requestID: null,
2025-11-12T20:43:59.3834855Z error: undefined,
2025-11-12T20:43:59.3835902Z code: undefined,
2025-11-12T20:43:59.3836943Z param: undefined,
2025-11-12T20:43:59.3838021Z type: undefined
2025-11-12T20:43:59.3839041Z }
The Set up job step shows:
2025-11-12T20:43:57.4893351Z ##[group]GITHUB_TOKEN Permissions
2025-11-12T20:43:57.4895113Z Discussions: write
2025-11-12T20:43:57.4895601Z Issues: write
2025-11-12T20:43:57.4896476Z Metadata: read
2025-11-12T20:43:57.4896949Z Models: read
2025-11-12T20:43:57.4897377Z PullRequests: write
2025-11-12T20:43:57.4897895Z ##[endgroup]
This also happens for jobs triggered by an internal contributor.
Is this expected?