[BUG] Claude Code on the web: git push and GitHub MCP refuse changes under .github/workflows/ — proxy OAuth token missing workflow scope
What's Wrong?
In a cloud (Claude Code on the web) session linked to a GitHub repository that ships GitHub Actions, neither git push nor the GitHub MCP write tools can land a commit that modifies any file under .github/workflows/. Both paths return the same GitHub-side rejection:
refusing to allow an OAuth App to create or update workflow.github/workflows/<file>.ymlwithoutworkflowscope
This is a hard wall for the most legitimate kind of cloud-session task there is: fixing a broken CI workflow. The session has done all the analysis and produced a correct one-line patch, then can neither push it nor write it via the MCP API. The only workarounds (manual push from a local machine, or restructuring the fix to avoid touching the workflow file) defeat the point of running the session in the cloud in the first place.
Detailed symptoms
- Both write surfaces fail with the same OAuth-scope error.
git push against origin (which is configured as http://local_proxy@127.0.0.1:36213/git/<owner>/<repo>):
``.github/workflows/<file>.yml
To http://127.0.0.1:36213/git/<owner>/<repo>
! [remote rejected] <branch> -> <branch>
(refusing to allow an OAuth App to create or update workflow without workflow scope)``
error: failed to push some refs to 'http://127.0.0.1:36213/git/<owner>/<repo>'
mcp__github__create_or_update_file and mcp__github__push_files:
``.github/workflows/<file>.yml
failed to create/update file: PUT https://api.github.com/repos/<owner>/<repo>/contents/.github/workflows/<file>.yml:
403 refusing to allow an OAuth App to create or update workflow without workflow scope``
The shared "OAuth App" wording in both errors strongly suggests the in-container git proxy and the GitHub MCP server are backed by the same OAuth credential — and that credential was issued without the workflow scope.
- The Claude GitHub App being installed on the repo does not help. The user confirmed the Claude GitHub App has full repo access. But the proxy/MCP path doesn't use the App installation token; it uses an OAuth App credential bound to the user's session. The two are independent identities, and only the App one has the right permissions.
- The failure happens only at the push step, after the model has already:
- read the workflow file,
- identified the bug,
- edited the file,
- committed locally,
- drafted (and agreed with the user on) the fix.
So the entire session budget is spent producing a commit that GitHub then refuses. There's no early signal that workflow-file edits will be unpushable — git commit succeeds, MCP file-write attempts only fail at PUT, and nothing in the harness warns ahead of time.
- Retry logic doesn't help. The environment's git-push retry policy is scoped to network errors; this is an authorization error from GitHub, so retries return the identical refusal.
- The stop-hook keeps firing about the unpushed commit, but there is no in-session action that resolves it — only the user can push from outside.
- Side effect: when probing alternative paths, the model created a placeholder branch on the remote via
mcp__github__create_branch(which is not gated by the workflow-scope check — only the file write is). So a no-op branch is left behind on the remote even though the actual fix can't be pushed. This is harmless but a little untidy.
Reproduction
- Start a Claude Code on the web session against a repo that has
.github/workflows/*.yml. - Have Claude edit and commit a change to one of those workflow files.
- Have Claude
git pushthe branch, or callmcp__github__create_or_update_file/mcp__github__push_filesagainst the same path.
Expected: the commit lands.
Actual: both paths fail with refusing to allow an OAuth App to create or update workflow ... without 'workflow' scope.
Environment
CLAUDE_CODE_REMOTE_ENVIRONMENT_TYPE=cloud_defaultCLAUDE_CODE_VERSION=2.1.42- Git remote:
http://local_proxy@127.0.0.1:36213/git/<owner>/<repo>(proxy-mediated) - GitHub MCP server: standard
mcp__github__*tools - Claude GitHub App: installed and authorized on the repo
Expected behavior
Either:
- Add
workflowscope to the proxy/MCP OAuth token when the linked repo contains GitHub Actions workflows (cheapest fix, scoped to repos that need it), or - Prefer the Claude GitHub App installation token over the OAuth App token for write paths against repos where the App is installed (best long-term — installation tokens already carry the right per-repo permissions and avoid the OAuth scope drift entirely), or
- At minimum, fail fast: detect on session start that the OAuth credential lacks
workflowscope while the repo has workflows, and surface a warning so Claude doesn't waste a session producing an unpushable commit.
Impact
Blocks legitimate CI-fix tasks in cloud sessions. Silent until push time, so the full task budget is spent before the failure surfaces.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗