Hey @elijahthis, thank you for the PR. It looks like there are some issues with the tests. Could you have a look at those and @ mention me when it's ready for review? 🙏

Hey @elijahthis, thank you for the PR. It looks like there are some issues with the tests. Could you have a look at those and @ mention me when it's ready for review? 🙏

On it!

Hii @BagToad seems GitHub Actions was down when I pushed the last time. Just pushed an empty commit and checks all pass.

Ready for review !

Hi @BagToad
Any update on this?

Tested PR #12596 locally on Ubuntu 24.04 (linux/amd64) with Go 1.25.6.

Commands run:
gh pr checkout -R cli/cli 12596
go test ./...

Result:
All packages passed.

I also grepped the implementation: the missing-scope detection appears to rely on parsing the GraphQL error message text via requiredScopesFromServerMessage(...) (e.g. in api/client.go and pkg/cmd/project/shared/queries/queries.go), rather than deriving required scopes from a structured field/header.

This seems fine as a pragmatic fix, but it is potentially brittle if GitHub changes the wording. To reduce risk, it may be worth adding/keeping a regression test that uses the exact message shown in #12585 (including the addProjectV2ItemById case) to lock the behavior.

Thanks for the heads-up @BagToad ! Happy to try my hands at #12823 .

Hey @elijahthis, this PR appears to have introduced a regression that is now tracked in #12904.

The issue: GenerateScopeErrorForGQL() in api/client.go:184-186 rewrites INSUFFICIENT_SCOPES GraphQL errors inside handleResponse() before callers see the original error. This breaks ProjectsV2IgnorableError() (api/queries_projects_v2.go:328-339), which checks for the original API substring:

"field requires one of the following scopes: ['read:project']"

After rewriting, the error says:

"your authentication token is missing required scopes [read:project]"

The ignorable-error check no longer matches, so an optional projectItems query failure becomes fatal, breaking gh pr view, gh pr edit, etc. for any token without read:project (which was never required before).

Call chain: gh pr view/edit -> finder.Find() -> ProjectsV2ItemsForPullRequest() -> client.Query() -> handleResponse() rewrites error -> ProjectsV2IgnorableError() fails to match -> fatal error.

#12845 (cc @yuvrajangadsingh) further refactored this path but inherited the same issue.

Suggested fix: The simplest correct fix would be to move GenerateScopeErrorForGQL out of handleResponse() and into the specific callers that need fatal scope errors (e.g. gh issue create --project). The original behavior was correct: scope errors were non-fatal by default, and ProjectsV2IgnorableError could recognize and suppress them. Making all scope errors fatal at the lowest level, then expecting callers to un-fatalize them via brittle string matching, inverts that contract.

Alternatively, a typed ScopeError struct that ProjectsV2IgnorableError can check with errors.As would also work and be more future-proof.

@camjac251 good catch, yeah #12845 inherited this. opened #12913 to fix it, just removes the GenerateScopeErrorForGQL call from handleResponse so the original GraphQLError flows through to ProjectsV2IgnorableError. project commands still handle scope errors through their own handleError.

Hey @elijahthis, I've reverted this PR in #12915 because it unfortunately resulted in a pretty bad bug. Don't worry about it though, it was the result some nasty fragile code far away in the codebase that you never could have predicated, and was even hard to catch for us in review. I've reopened the original issue.