Where does the bug appear (feature/product)?
Background Agent (GitHub, Slack, Web, Linear)
Describe the Bug
Background Agents spawned via the API can clone repositories, create branches, and push commits, but cannot interact with the GitHub API for PR comments, PR reviews, or issue operations. All attempts fail with:
GraphQL: Resource not accessible by integration (addPullRequestReview)
and
Resource not accessible by integration
This occurs on both the GraphQL (addPullRequestReview) and REST (POST /repos/.../issues/.../comments) endpoints.
The Cursor GitHub App is installed at the organization level with All repositories selected and the following permissions:
- Read access to actions, commit statuses, deployments, members, metadata, packages, and pages
- Read and write access to checks, code, discussions, issues, pull requests, and workflows
The token the agent receives clearly has git push access but is missing the scopes needed for GitHub API operations (issues, pull requests).
Steps to Reproduce
- Install Cursor GitHub App at org level → All repositories → full read/write permissions.
- Generate a Background Agents API key from the Cursor dashboard (Integrations).
- Spawn an agent via the API targeting a branch on an org repo:
curl -X POST "https://api.cursor.com/v0/agents" \ -H "Authorization: Bearer $CURSOR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "prompt": { "text": "Review PR #633 and leave a comment with your findings." }, "source": { "repository": "https://github.com/<org>/<repo>", "ref": "dependabot/npm_and_yarn/some-package-2.0.0" } }' - Agent clones the repo and creates a working branch (e.g.,
cursor/eslint-import-resolver-analysis-5147) — this succeeds. - Agent pushes commits to the branch — this succeeds.
- Agent attempts to comment on the PR via
gh pr commentorgh pr review— this fails withResource not accessible by integration.
The agent itself recognizes the failure and outputs:
“I could not post directly to PR #633 because this environment’s GitHub token lacks comment permissions (Resource not accessible by integration on both GraphQL and REST comment endpoints).”
Expected Behavior
Agents spawned via the Background Agents API should receive a GitHub installation token that includes all scopes granted to the Cursor GitHub App — including issues and pull requests write access. If the App has read/write on pull requests and issues, the agent should be able to post comments and reviews.
Operating System
MacOS
Version Information
Background Agents
For AI issues: which model did you use?
Codex 5.3 High
Additional Information
Confirmed not a user-side config issue
- GitHub App permissions are correct
- No org rulesets or branch protection rules blocking this
- The same PR can be commented on by GitHub Actions using
GITHUB_TOKENor a PAT — only the Cursor agent’s token fails - The agent successfully pushes to the repo, confirming git-level auth works
Related issues
This appears to be the same root cause as several other reported bugs where the agent’s runtime token doesn’t match the GitHub App’s configured permissions:
- Cloud Agents cannot load default branch and lose write access despite correct permissions
- Cloud agent having issue with GitHub Permissions — same token scope mismatch pattern
Not allowed to link remaining ones due to too many links but here are the titles…
- Failed to Create a GitHub Pull Request from Cursor Web
- Cloud Agents “Access Denied” error despite correct OAuth and org config
- Background Agent Can’t read GitHub issues
- Background agent cannot create GitHub issue
Does this stop you from using Cursor
Sometimes - I can sometimes use Cursor