Cloud Agents cannot load default branch during environment setup and lose write access to GitHub despite correct App installation and org permissions

Where does the bug appear (feature/product)?

Background Agent (GitHub, Slack, Web, Linear)

Describe the Bug

Cloud Agents fail to:

1. Load default branch during environment setup (“Error loading default branch”)
2. Write PR comments via Slack or Cloud Agent runs (403 Resource not accessible by integration or 401 Bad credentials)

GitHub App is installed at the org level, set to All repositories, enterprise workflow permissions are Read & Write, no rulesets or branch protections exist, and gh CLI confirms default branch is accessible.

This appears to be a backend GitHub App installation binding issue (stale or incorrect installation ID being used by Cloud Agents).

Fewer than 50 repos.

Failure occurs on different repos during multiple github integration install/uninstall cycles (sometimes one will work, then another)

Steps to Reproduce

1. Install Cursor GitHub App at org level with All repositories.
2. Reconnect GitHub integration inside Cursor Team workspace.
3. Go to Cloud Agents → Add Environment.
4. Select repository
5. Attempt to load default branch for setup run.

Result: “Error loading default branch.”

Additionally:

• From Slack, request agent to comment on a PR.
• Agent can read PR metadata.
• Comment attempt fails with:
  • 403 Resource not accessible by integration
  • or 401 Bad credentials

This behavior is inconsistent. It temporarily worked on one repo after reinstalling the GitHub App, then failed on that repo while working on another after a second reinstallation cycle. 3rd reinstallation cycle left no repos working.

Expected Behavior

Cloud Agents should:

• Successfully load the repository default branch during environment setup.
• Be able to post PR comments when GitHub App has read/write access to issues and pull requests.

GitHub App installation should remain consistently bound to the workspace.

Operating System

MacOS

Version Information

VSCode Version: 1.105.1
Cursor Version: 2026.0217.xxxxxx (CLI also tested)
Team Plan workspace

For AI issues: which model did you use?

Cloud Agent default (gpt-5.3-codex-high)

For AI issues: add Request ID with privacy disabled

Occurs across multiple Cloud Agent runs; can provide request IDs on request.

Additional Information

We have verified the following:

• Enterprise-level workflow permissions set to Read & Write
• No org rulesets
• No branch protection rules
• Cursor GitHub App installed once at org level
• App set to All repositories
• Fresh uninstall/reinstall cycle (waited before reconnecting)
• Fresh GitHub reconnect in Cursor
• Fresh incognito session
• gh CLI confirms default branch resolves:

The failure occurs before any Cloud Agent runtime spins up, indicating the issue is in the GitHub App installation token resolution inside Cursor backend.

This appears to be a stale or mismatched GitHub App installation ID being used server-side.

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

Hey, thanks for the detailed report. This is a known issue. The GitHub installation token for Cloud Agent doesn’t always get the right access scopes, which can cause both the “Error loading default branch” message and 403/401 errors when it tries to leave a PR comment.

A similar issue was discussed here: Background agent cannot create GitHub issue and here: Failed to Create a GitHub Pull Request from Cursor Web. The team is aware and is tracking it.

Could you share:

• The Request ID from one of the failed Cloud Agent runs (cursor.com/agents)

For now, the inconsistent behavior you’re seeing when you install and uninstall matches what we’re tracking. It looks like the installation token permissions on the backend may get “stuck.” Unfortunately, there isn’t a reliable workaround yet, but your report helps us prioritize this.

Let me know if you can share those IDs.