We use Octokit to automate some workflows at work, but most of the time the issues we have is that the users haven't set-up their personal access token correctly, with the right scopes.
We would like to have a check before the app runs, to check if the token given has the right scope and give the engineer a meaningful error message right in the beginning, instead of failing later in the process.
Yes, the scopes for a personal access token is listed in the response header, you can access it like this
const { headers } = await octokit.request('HEAD /')
const scopes = headers['x-oauth-scopes'].split(', ')