austenstone · Copilot · Jan 9, 2026 · Jan 9, 2026 · Jan 9, 2026
diff --git a/README.md b/README.md
diff --git a/action.yml b/action.yml
@@ -5,10 +5,10 @@ branding:
   color: 'purple'
 inputs:
   copilot-token:
-    description: 'GitHub Personal Access Token (PAT) with "Copilot Requests" permission. The default github.token does NOT have Copilot access - you must provide a PAT with the "Copilot Requests" scope. See: https://github.com/settings/tokens/new?scopes=copilot'
+    description: 'GitHub Personal Access Token (PAT) with "Copilot Requests" permission. The default github.token does NOT have Copilot access - you must provide a user-owned PAT with the "Copilot Requests" scope. Note: Organization-owned fine-grained PATs cannot have this permission due to GitHub platform limitations. See: https://github.com/settings/tokens/new?scopes=copilot'
     required: true
   repo-token:
-    description: 'Token for standard GitHub repository operations (e.g., pushing commits, creating PRs). Defaults to copilot-token if not specified. You can use the default GITHUB_TOKEN here if you only need repo access.'
+    description: 'Token for standard GitHub repository operations (e.g., pushing commits, creating PRs). Defaults to copilot-token if not specified. For organization repositories, you can use the default GITHUB_TOKEN here while using a user PAT for copilot-token.'
     required: false
     default: ${{ github.token }}
   prompt:
Parameter	Description	Required	Default
`copilot-token`	PAT with "Copilot Requests" permission. The default `github.token` does NOT work — you must provide a PAT.	✅	-
`prompt`	Natural language prompt to send to GitHub Copilot	✅	-
`repo-token`	Token for standard GitHub repo operations (push, PRs). Falls back to `copilot-token` if not set. Can use default `GITHUB_TOKEN` here.	❌	`github.token`
`mcp-config`	MCP server configuration in JSON format	❌	-
`copilot-config`	GitHub Copilot CLI configuration (JSON)	❌	See below
`allow-all-tools`	Allow all tools without approval	❌	`true`
`allowed-tools`	Comma-separated list of tools to allow (e.g., `"shell(rm),shell(git push)"`)	❌	-
`denied-tools`	Comma-separated list of tools to deny (e.g., `"shell(rm),shell(git push)"`)	❌	-
`copilot-version`	Version of `@github/copilot` to install (e.g., `"latest"`, `"0.0.329"`)	❌	`latest`
`model`	AI model to use (e.g., `"claude-sonnet-4.5"`, `"gpt-5"`)	❌	-
`agent`	Specify a custom agent to use	❌	-
`additional-directories`	Comma-separated list of additional directories to trust (e.g., `"/tmp,/var/log"`)	❌	-
`disable-mcp-servers`	Comma-separated list of MCP servers to disable (e.g., `"github-mcp-server,custom-server"`)	❌	-
`enable-all-github-mcp-tools`	Enable all GitHub MCP tools	❌	`false`
`resume-session`	Resume from a previous session ID (use `"latest"` for most recent)	❌	-
`log-level`	Log level: `"none"`, `"error"`, `"warning"`, `"info"`, `"debug"`, `"all"`, `"default"`	❌	`all`
`upload-artifact`	Upload Copilot logs as workflow artifacts	❌	`true`
Workflow	Description
CI Fix	Automatically analyzes failed workflow runs and creates a pull request with fixes
Comment Trigger	Responds to issue comments starting with `/copilot` and executes the requested task
Dependabot Analysis	Reviews Dependabot PRs with detailed dependency analysis, breaking changes, and migration guidance
PR Review	Performs comprehensive autonomous code reviews on pull requests with severity-based feedback
Research	Conducts deep research on GitHub issues using Firecrawl to gather and synthesize information
Security Triage	Triages all security alerts (Dependabot, Secret Scanning, Code Scanning) into a single comprehensive report
Issue Triage	Automatically labels issues based on their title and content using existing repository labels
Usage Report	Generates comprehensive Copilot usage reports and analytics