@@ -144,6 +144,18 @@ Test workflow with lock-for-agent but no reaction.
144144 if strings .Contains (yamlContent , "GH_AW_LOCK_FOR_AGENT: \" true\" " ) {
145145 t .Error ("Generated YAML should not set GH_AW_LOCK_FOR_AGENT env var without reaction step" )
146146 }
147+
148+ // Verify activation job has issues: write permission for locking
149+ activationJobSection := extractJobSection (yamlContent , "activation" )
150+ if ! strings .Contains (activationJobSection , "issues: write" ) {
151+ t .Error ("Activation job should have issues: write permission when lock-for-agent is enabled" )
152+ }
153+
154+ // Verify conclusion job has issues: write permission for unlocking
155+ conclusionJobSection := extractJobSection (yamlContent , "conclusion" )
156+ if ! strings .Contains (conclusionJobSection , "issues: write" ) {
157+ t .Error ("Conclusion job should have issues: write permission when lock-for-agent is enabled" )
158+ }
147159}
148160
149161func TestLockForAgentDisabled (t * testing.T ) {
@@ -204,6 +216,71 @@ Test workflow without lock-for-agent.
204216 if strings .Contains (yamlContent , "GH_AW_LOCK_FOR_AGENT: \" true\" " ) {
205217 t .Error ("Generated YAML should not set GH_AW_LOCK_FOR_AGENT env var when lock-for-agent is disabled" )
206218 }
219+
220+ // Verify activation job has issues: write permission due to reaction (not lock-for-agent)
221+ activationJobSection := extractJobSection (yamlContent , "activation" )
222+ if ! strings .Contains (activationJobSection , "issues: write" ) {
223+ t .Error ("Activation job should have issues: write permission when reaction is enabled" )
224+ }
225+ }
226+
227+ func TestLockForAgentDisabledWithoutReaction (t * testing.T ) {
228+ // Create temporary directory for test files
229+ tmpDir := testutil .TempDir (t , "lock-disabled-no-reaction-test" )
230+
231+ // Create a test markdown file without lock-for-agent and without reaction
232+ testContent := `---
233+ on:
234+ issues:
235+ types: [opened]
236+ engine: copilot
237+ safe-outputs:
238+ add-comment: {}
239+ ---
240+
241+ # Test Without Lock For Agent and Without Reaction
242+
243+ Test workflow without lock-for-agent and without reaction.
244+ `
245+
246+ testFile := filepath .Join (tmpDir , "test-no-lock-no-reaction.md" )
247+ if err := os .WriteFile (testFile , []byte (testContent ), 0644 ); err != nil {
248+ t .Fatal (err )
249+ }
250+
251+ compiler := NewCompiler (false , "" , "test" )
252+
253+ // Parse the workflow
254+ workflowData , err := compiler .ParseWorkflowFile (testFile )
255+ if err != nil {
256+ t .Fatalf ("Failed to parse workflow: %v" , err )
257+ }
258+
259+ // Verify lock-for-agent field is false by default
260+ if workflowData .LockForAgent {
261+ t .Error ("Expected LockForAgent to be false by default" )
262+ }
263+
264+ // Generate YAML and verify it does not contain lock/unlock steps
265+ yamlContent , err := compiler .generateYAML (workflowData , testFile )
266+ if err != nil {
267+ t .Fatalf ("Failed to generate YAML: %v" , err )
268+ }
269+
270+ // Lock and unlock steps should not be present
271+ if strings .Contains (yamlContent , "Lock issue for agent workflow" ) {
272+ t .Error ("Generated YAML should not contain lock step when lock-for-agent is disabled" )
273+ }
274+
275+ if strings .Contains (yamlContent , "Unlock issue after agent workflow" ) {
276+ t .Error ("Generated YAML should not contain unlock step when lock-for-agent is disabled" )
277+ }
278+
279+ // Verify activation job does NOT have issues: write permission (no reaction and no lock-for-agent)
280+ activationJobSection := extractJobSection (yamlContent , "activation" )
281+ if strings .Contains (activationJobSection , "issues: write" ) {
282+ t .Error ("Activation job should NOT have issues: write permission when lock-for-agent is disabled and no reaction is configured" )
283+ }
207284}
208285
209286func TestLockForAgentOnPullRequest (t * testing.T ) {
0 commit comments