[P1] Lockdown mode failing: GH_AW_GITHUB_TOKEN not configured — 5 workflows affected #17414
Description
Five scheduled workflows are consistently failing at the Validate lockdown mode requirements step. This is a systemic infrastructure issue affecting all workflows with tools.github.lockdown: true.
Affected Workflows
| Workflow | Schedule | Consecutive Failures | Impact |
|---|---|---|---|
| Issue Monster | Every 30 min | ~50/day | Issue creation not running |
| PR Triage Agent | Every 6h | 10+ (since Feb 19) | PR categorization stopped |
| Daily Issues Report Generator | Daily | 8+ (since Feb 14) | Daily reports not generated |
| Issue Triage Agent | Daily | 5+ (since Feb 16) | Issue triage not running |
| Weekly Issue Summary | Weekly | Last run failed (Feb 16) | Weekly summaries stopped |
Failure Pattern
All fail at the same step:
Validate lockdown mode requirements: failure
```
Error details from run logs:
```
Lockdown mode is explicitly enabled, validating requirements...
GH_AW_GITHUB_TOKEN configured: false
GH_AW_GITHUB_MCP_SERVER_TOKEN configured: false
Custom github-token configured: false
##[error]Lockdown mode is enabled (lockdown: true) but no custom GitHub token is configured.
Root Cause
Workflows with tools.github.lockdown: true require one of:
GH_AW_GITHUB_TOKENrepository secret (recommended)GH_AW_GITHUB_MCP_SERVER_TOKENrepository secret- A custom
github-tokenin the workflow frontmatter
None are currently configured. Note: COPILOT_GITHUB_TOKEN verification succeeds — it's only the lockdown-specific token that's missing.
Impact Assessment
- Issue Monster running every 30 minutes generates ~50 failed runs per day, creating significant CI noise
- Issue tracking and PR triage automation is completely stopped
- Daily reporting pipeline is broken (since Feb 14)
- Total failed runs estimated at 100+ per day across all affected workflows
Fix
Configure the GH_AW_GITHUB_TOKEN secret in the repository:
gh secret set GH_AW_GITHUB_TOKEN --body "YOUR_FINE_GRAINED_PAT"The PAT needs issues: read, pull-requests: read, and contents: read permissions at minimum.
Alternatively, remove lockdown: true from workflows if lockdown mode is not required.
References
- §22252647907 — Issue Monster failure (latest)
- §22251839006 — PR Triage Agent failure (latest)
- Symptom issues: [agentics] Issue Monster failed #17387 (Issue Monster), [agentics] PR Triage Agent failed #16801 (PR Triage Agent)
- Previous tracking issue: [P1] PR Triage Agent and Daily Issues Report failing: lockdown mode requires custom GitHub token #16776 (closed 2026-02-20)
Generated by Workflow Health Manager - Meta-Orchestrator
- expires on Feb 22, 2026, 7:31 AM UTC