Problem
When the DIFC proxy is used as the GH_HOST for the gh CLI (CLI proxy mode, port 18443), it returns HTTP 404 for all requests to /api/graphql. This means any gh CLI command that uses the GraphQL API fails silently.
Example failing command:
gh pr list --repo github/gh-aw-firewall --state merged --limit 2 --json title,number
Error:
HTTP 404: Not Found (https://localhost:18443/api/graphql)
Root Cause
The DIFC proxy in CLI proxy mode proxies GitHub REST API requests (/api/v3/*) but does not handle the GraphQL endpoint (/api/graphql), returning 404 for all GraphQL traffic.
Many core gh CLI commands use GraphQL under the hood, including:
gh pr listgh issue listgh pr viewgh search prsgh search issues
REST-based commands (e.g. gh api /repos/{owner}/{repo}/...) work correctly.
Evidence
Observed in smoke test run github/gh-aw-firewall#24738050353 — the CLI proxy (mcpg v0.2.22) is started with CLI_PROXY_POLICY={"allow-only":{"repos":"all","min-integrity":"none"}} on port 18443, and the gh CLI inside the agent container has GH_HOST=localhost:18443 (TCP tunnel to the DIFC proxy on the runner host).
From the cli-proxy access log:
{
"ts": "2026-04-21T18:00:05.317Z",
"event": "exec_done",
"args": ["pr", "list", "--repo", "github/gh-aw-firewall", "--state", "merged", "--limit", "2", "--json", "title,number"],
"exitCode": 1,
"stderrPreview": "HTTP 404: Not Found (https://localhost:18443/api/graphql)\n"
}Expected Behavior
The DIFC proxy should forward /api/graphql POST requests to https://api.github.com/graphql (applying the same write-control policy where applicable), so all gh CLI commands work transparently through the CLI proxy.
Impact
Any agentic workflow that uses the gh CLI with GraphQL-backed subcommands (pr list, issue list, etc.) via the CLI proxy sidecar will silently fail. Smoke tests pass only because the agent tolerates the failure, masking the issue in CI.
Problem
When the DIFC proxy is used as the
GH_HOSTfor theghCLI (CLI proxy mode, port 18443), it returns HTTP 404 for all requests to/api/graphql. This means anyghCLI command that uses the GraphQL API fails silently.Example failing command:
Error:
Root Cause
The DIFC proxy in CLI proxy mode proxies GitHub REST API requests (
/api/v3/*) but does not handle the GraphQL endpoint (/api/graphql), returning 404 for all GraphQL traffic.Many core
ghCLI commands use GraphQL under the hood, including:gh pr listgh issue listgh pr viewgh search prsgh search issuesREST-based commands (e.g.
gh api /repos/{owner}/{repo}/...) work correctly.Evidence
Observed in smoke test run github/gh-aw-firewall#24738050353 — the CLI proxy (mcpg v0.2.22) is started with
CLI_PROXY_POLICY={"allow-only":{"repos":"all","min-integrity":"none"}}on port 18443, and theghCLI inside the agent container hasGH_HOST=localhost:18443(TCP tunnel to the DIFC proxy on the runner host).From the cli-proxy access log:
{ "ts": "2026-04-21T18:00:05.317Z", "event": "exec_done", "args": ["pr", "list", "--repo", "github/gh-aw-firewall", "--state", "merged", "--limit", "2", "--json", "title,number"], "exitCode": 1, "stderrPreview": "HTTP 404: Not Found (https://localhost:18443/api/graphql)\n" }Expected Behavior
The DIFC proxy should forward
/api/graphqlPOST requests tohttps://api.github.com/graphql(applying the same write-control policy where applicable), so allghCLI commands work transparently through the CLI proxy.Impact
Any agentic workflow that uses the
ghCLI with GraphQL-backed subcommands (pr list,issue list, etc.) via the CLI proxy sidecar will silently fail. Smoke tests pass only because the agent tolerates the failure, masking the issue in CI.