fix: use gh CLI for reliable API access in issue duplication detector

[lpcox]

Problem

The Issue Duplication Detector has been failing on every single run since at least May 11 with 401 Bad Credentials from the GitHub MCP server. Analysis of 10+ runs confirms this is a persistent failure, not transient.

Root Cause

The GitHub MCP server receives its token via the secret chain:

secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN

The GH_AW_GITHUB_MCP_SERVER_TOKEN secret appears to be expired/revoked. Since it exists and is non-empty, it takes priority in the || chain, preventing the fallback to the working automatic GITHUB_TOKEN.

Fix

Updated the workflow prompt to use the gh CLI (which uses the automatic GITHUB_TOKEN via GH_TOKEN env var) for all GitHub API operations instead of relying on the GitHub MCP server tools. The gh CLI is available in the AWF sandbox via the bash tool and has reliable authentication.

Recommendation

Additionally, the GH_AW_GITHUB_MCP_SERVER_TOKEN repo secret should be either:

1. Deleted — so all workflows using the GitHub MCP server fall through to the automatic GITHUB_TOKEN (sufficient for read-only operations)
2. Rotated — with a fresh, valid PAT

This would fix the MCP tool authentication for ALL workflows that use tools.github, not just this one.

Evidence

Every run since May 11 shows:

GET https://api.github.com/repos/github/gh-aw-firewall/issues/XXXX: 401 Bad credentials

Fixes #3233

[Copilot]

Pull request overview

Updates the Issue Duplication Detector agentic workflow instructions to avoid GitHub MCP tool authentication failures by switching GitHub API interactions to the gh CLI.

Changes:

• Replaces “fetch issue” step with a gh issue view ... --json ... command.
• Replaces “search for duplicates” guidance with gh search issues / gh issue list examples.
• Adds a guideline to prefer gh CLI over MCP tools for GitHub API access.

Show a summary per file

File	Description
.github/workflows/issue-duplication-detector.md	Changes the workflow prompt to use gh CLI for issue fetching/searching to bypass failing MCP auth.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

.github/workflows/issue-duplication-detector.md:58

• Same concern for the gh search issues / gh issue list commands: unless GH_TOKEN is explicitly set for bash or the workflow imports/uses safeinputs-gh, these calls may run unauthenticated. Consider updating the prompt to use safeinputs-gh (or explicitly export GH_TOKEN before invoking gh).

4. **Search for potential duplicates via GitHub API**: Always search GitHub for issues with similar keywords, whether or not the cache had data. Use the `gh` CLI for reliable API access:
   ```bash
   gh search issues "<key terms>" --repo ${{ github.repository }} --state open --limit 10 --json number,title,body
   gh issue list --repo ${{ github.repository }} --state open --limit 20 --json number,title,body,labels

</details>


- **Files reviewed:** 1/1 changed files
- **Comments generated:** 2

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ Timeout (no response on host.docker.internal:6379)
PostgreSQL pg_isready	❌ No response on host.docker.internal:5432
PostgreSQL SELECT 1	❌ Timeout

Overall: FAIL — host.docker.internal is not reachable from this environment. Service containers appear unreachable.

🔌 Service connectivity validated by Smoke Services

[lpcox]

@copilot address review feedback

[Copilot]

@copilot address review feedback

Addressed in 9b7bf00:

1. Authentication: Imported shared/gh.md and replaced all bare gh bash commands with safeinputs-gh tool calls. The safeinputs-gh tool sets GH_TOKEN from GITHUB_TOKEN via the safe-inputs env definition in shared/gh.md.

2. Pagination guideline: Updated from MCP's perPage to --limit (for gh issue list/gh search issues) and --paginate/--per-page (for gh api).

Lock file was recompiled to include the shared/gh.md runtime-import.

[github-actions]

🔍 Smoke Test Results

Test	Status
GitHub MCP connectivity	❌ 401 Bad credentials
GitHub.com HTTP connectivity	⚠️ Template variable not expanded
File write/read	⚠️ Template variable not expanded

Overall: FAIL — Workflow template variables (${{ steps.smoke-data.outputs.* }}) were not substituted before reaching the agent, and GitHub MCP returned 401. The smoke test infrastructure needs to be fixed before results can be verified.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test: Copilot BYOK (Offline) Mode

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

Test	Result
GitHub MCP connectivity	❌ (401 Bad credentials — GitHub MCP unavailable)
GitHub.com HTTP	❌ (template variables not expanded in prompt)
File write/read	❌ (template variables not expanded in prompt)
BYOK inference	✅ (agent responding via api-proxy sidecar)

Overall: FAIL — Pre-step template variables (${{ steps.smoke-data.outputs.* }}) were not expanded before being passed to the agent, and GitHub MCP tools returned 401. Only BYOK inference confirmed working.

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test Results

Test Results:

• ❌ GitHub API: HTTP 401 - Authentication failed (network isolation)
• ✅ Playwright: GitHub.com loaded successfully (title contains 'GitHub')
• ✅ File verify: Smoke test token file confirmed

Total: 2/3 PASSED — GitHub API test failed due to network constraints in the sandboxed environment.

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test Codex
PRs: Codex: remove openai-proxy env_key requirement in postprocessed lock workflows (#3234); refactor: split main-action.ts into validate-options and build-config modules (#3229)
✅ GitHub PR review (local git fallback)
❌ safeinputs-gh unavailable; ✅ Playwright title check; ❌ Tavily search unavailable
✅ file write/read; ❌ discussion query unavailable/skipped
✅ npm ci && npm run build
Overall: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note: Java Maven required a custom local repo path (-Dmaven.repo.local=/tmp/...) due to /home/runner/.m2/repository being owned by root in this environment.

Generated by Build Test Suite for issue #3235 · ● 7.4M · ◷

[github-actions]

Smoke Test Results (Gemini)

• GitHub MCP Testing: ❌ (mcpscripts not found)
• GitHub.com Connectivity: ❌ (curl code 35: SSL wrong version number)
• File Writing Testing: ✅
• Bash Tool Testing: ✅

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini