Write Mode
Threat Model
Write mode introduces mutation risk (issue/PR changes, metadata updates). Risks include unauthorized action, accidental mass updates, and audit evasion.
Default Posture
WRITE_MODE=false by default.- When enabled, writes require repository whitelist membership by default.
- Optional opt-in:
WRITE_ALLOW_ALL_TOKEN_REPOS=true allows writes to any repo the token can access.
- Policy engine remains authoritative and may deny specific write tools.
Supported Write Tools
create_issue (optional milestone id or title)update_issue (optional milestone; 0 clears it)create_issue_commentcreate_pr_commentedit_issue_commentadd_labelsremove_labelsassign_issuecreate_labelupdate_labelcreate_pull_requestcreate_releaseedit_releasecreate_branchcreate_milestone
Not supported (explicitly forbidden): merge actions, branch/label/release deletion,
force push, repo/admin management, and repository content writes (file create/edit,
commits). Gitea Projects (Kanban boards) are unsupported because the Gitea REST API
exposes no project endpoints.
Enablement Steps
- Set
WRITE_MODE=true.
- Choose one:
WRITE_REPOSITORY_WHITELIST=owner/repo,... (recommended)WRITE_ALLOW_ALL_TOKEN_REPOS=true (broader scope)
- Review policy file for write-tool scope.
- Verify audit logging and alerting before rollout.
Safe Operations
- Start with one repository in whitelist.
- Use narrowly scoped bot credentials.
- Require peer review for whitelist/policy changes.
- Disable write mode during incident response if abuse is suspected.
Risk Tradeoffs
Write mode improves automation and triage speed but increases blast radius. Use least privilege, tight policy, and strong monitoring.