[P1] Lockdown token failures: Issue Monster, PR Triage Agent, Daily Issues Report, Org Health Report

### Problem

Four high-frequency agentic workflows continue to fail due to **lockdown mode** requiring `GH_AW_GITHUB_TOKEN` which is not configured as a repository secret. This is an ongoing issue (Day 16+).

Previous tracking issue #20315 was auto-closed on 2026-03-11 (expiry). This is a fresh tracking issue.

### Affected Workflows

| Workflow | Frequency | Last Failure | Run # | Impact |
|---|---|---|---|---|
| **Issue Monster** | Every 30 min | 2026-03-12T07:25Z | #2733 | Issue tracking down — ~50+ failures/day |
| **PR Triage Agent** | Every 6h | 2026-03-12T06:24Z | #196 | PR triage not running |
| **Daily Issues Report** | Daily | 2026-03-12T01:59Z | #130 | Daily metrics missing |
| **Org Health Report** | Weekly | 2026-03-09T08:26Z | #28 | Weekly org health missing |

### Error Message

```
Lockdown mode is enabled (lockdown: true) but no custom GitHub token is configured.

Please configure one of the following as a repository secret:
  - GH_AW_GITHUB_TOKEN (recommended)
  - GH_AW_GITHUB_MCP_SERVER_TOKEN (alternative)
  - Custom github-token in your workflow frontmatter

See: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/auth.mdx
```

### Root Cause

These workflows use `lockdown: true` in their MCP configuration (which requires GitHub API access via a fine-grained PAT), but `GH_AW_GITHUB_TOKEN` is not set as a repository secret.

### Fix Options

**Option 1 (Recommended)**: Configure `GH_AW_GITHUB_TOKEN` secret
```bash
gh aw secrets set GH_AW_GITHUB_TOKEN --value "YOUR_FINE_GRAINED_PAT"
```
The PAT needs: `issues: read/write`, `pull_requests: read/write`, `contents: read`.

**Option 2**: Remove `lockdown: true` from affected workflow frontmatter (reduces security posture).

**Option 3**: Add `github-token: $\{\{ secrets.GITHUB_TOKEN }}` to the affected workflows' MCP config.

### History

- Previous tracking issues #20315 (Mar 10), #18919, #18952 — all expired/closed
- **NO CURRENT FIX PATH** — manual admin intervention required to provision the token
- Ongoing since ~Feb 25, 2026 (Day 16+)

### References

- [§22991093860](https://github.com/github/gh-aw/actions/runs/22991093860) — Issue Monster run #2733 (today)
- [§22989408565](https://github.com/github/gh-aw/actions/runs/22989408565) — PR Triage Agent run #196 (today)
- Docs: https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/auth.mdx
Related to #19352




> Generated by [Workflow Health Manager - Meta-Orchestrator](https://github.com/github/gh-aw/actions/runs/22991171595) · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fworkflow-health-manager%22&type=issues)
> - [x] expires  on Mar 13, 2026, 7:45 AM UTC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[P1] Lockdown token failures: Issue Monster, PR Triage Agent, Daily Issues Report, Org Health Report #20643

Problem

Affected Workflows

Error Message

Root Cause

Fix Options

History

References

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Workflow	Frequency	Last Failure	Run #	Impact
Issue Monster	Every 30 min	2026-03-12T07:25Z	#2733	Issue tracking down — ~50+ failures/day
PR Triage Agent	Every 6h	2026-03-12T06:24Z	#196	PR triage not running
Daily Issues Report	Daily	2026-03-12T01:59Z	#130	Daily metrics missing
Org Health Report	Weekly	2026-03-09T08:26Z	#28	Weekly org health missing

[P1] Lockdown token failures: Issue Monster, PR Triage Agent, Daily Issues Report, Org Health Report #20643

Description

Problem

Affected Workflows

Error Message

Root Cause

Fix Options

History

References

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions