opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 12 hours ago verified publisher icon anomalyco

hallucinating "workflow doesn't have access to a GitHub token" despite successfully creating PRs

Open elithrar opened this issue 3 weeks ago • 5 comments

When using the GitHub Action to create a PR, the model includes text claiming "The workflow doesn't have access to a GitHub token for creating PRs via API" — but this statement appeared inside a PR that was successfully created via the API.

The PR creation works — opencode/the model seem to be hallucinating. This is using anthropic/claude-opus-4-5

  • PR was created successfully with author opencode-agent, proper timestamps, etc.
  • workflow has correct permissions (pull-requests: write, id-token: write, etc.)
  • the github workflow is unmodified from the default opencode version
  • generates stale/template text that doesn't match reality

Screenshots below from the failure mode + asking /oc to analyze.

I understand the github CLI + action well enough at this point from my other (unrelated) PRs and don’t see anything in opencode that would directly cause this.

Image Image Image Image Image

elithrar avatar Dec 17 '25 14:12 elithrar

What's in use today?

TallTed avatar Nov 21 '25 17:11 TallTed

What's in use today?

https://tinyurl.com/ on the current (soon to be retired) playground. There was some concerned raised (somewhere....) about that service no longer being trustworthy.

I'm open to suggestions--including that we run one ourselves (via a Cloudflare Worker). The risk (anywhere), though, is responsibility over the (very long term) storage and privacy of that storage. We could (of course) state that shortened URLs only last for so long (sadly...) and that one should not use it for anything "private" (...which is always true of such a service...but saying it might help folks...or us if/when it's misused).

Anyhow. Happy to entertain ideas!

BigBlueHat avatar Nov 21 '25 21:11 BigBlueHat

Tinyurl.com is fine, in my experience.

Bit.ly (a/k/a Bitly.com, for those who dislike using the Libya TLD), likewise.

I haven't heard any trustworthiness worries about either ... which doesn't mean such worries may not be grounded.

I'm sure there are others.

TallTed avatar Nov 21 '25 21:11 TallTed

This site doesn't really need to provide that service. Though it is nice. People can grab the direct long long URL and shorten it themselves. It was easy to implement long ago. At some point tinyurl broke their API. Not sure what the state is now. They also have a far different business model than before. They now (conditionally?) redirect through other services to ensure ecommerce related URLs have their affiliate info added or existing info changed to theirs. Maybe only for the root URL. Maybe it would change URLs in JSON params? I haven't checked. But the concept of ever not redirecting to exactly what you shortened is a red flag unless you are aware and ok with that.

davidlehn avatar Nov 22 '25 00:11 davidlehn

Mostly, I think it's a question of (long term) trust...which likely means our best option would be to implement it ourselves--if we bring it back. Either way, I'll take the above commentary as license to move forward with out. We can always bring it back if/when there seems to be cause to.

BigBlueHat avatar Dec 05 '25 17:12 BigBlueHat