From 8192648abc165ebde94142b13cc99703dc75b9c2 Mon Sep 17 00:00:00 2001
From: Jack Ye <yezhaoqin@gmail.com>
Date: Tue, 2 Dec 2025 14:45:42 -0800
Subject: [PATCH] ci: fix bot sophon access

---
 .../codex-update-lance-dependency.yml         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/codex-update-lance-dependency.yml b/.github/workflows/codex-update-lance-dependency.yml
index eafc9b817..b61f06924 100644
--- a/.github/workflows/codex-update-lance-dependency.yml
+++ b/.github/workflows/codex-update-lance-dependency.yml
@@ -99,6 +99,26 @@ jobs:
           printenv OPENAI_API_KEY | codex login --with-api-key
           codex --config shell_environment_policy.ignore_default_excludes=true exec --dangerously-bypass-approvals-and-sandbox "$(cat /tmp/codex-prompt.txt)"
 
+      - name: Debug token access
+        env:
+          GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
+        run: |
+          set -euo pipefail
+          echo "=== Checking authenticated user ==="
+          gh api user --jq '.login' || echo "Failed to get user info"
+
+          echo ""
+          echo "=== Listing repos in lancedb org that token can access ==="
+          gh repo list lancedb --limit 50 --json name,visibility --jq '.[] | "\(.name) (\(.visibility))"' || echo "Failed to list repos"
+
+          echo ""
+          echo "=== Checking if sophon repo exists and is accessible ==="
+          gh repo view lancedb/sophon --json name,visibility 2>&1 || echo "Cannot access lancedb/sophon"
+
+          echo ""
+          echo "=== Checking token scopes ==="
+          gh api -i user 2>&1 | grep -i "x-oauth-scopes" || echo "Could not determine token scopes"
+
       - name: Trigger sophon dependency update
         env:
           TAG: ${{ inputs.tag }}