[plan] Enable API caching and adopt pkg/auth for token management

[github-actions]

Objective

Enable built-in HTTP caching for GitHub API clients and migrate token management to use the pkg/auth package for consistent authentication handling.

Context

After migrating to native API clients, we can enable HTTP-level caching (complementing the existing application-level caching) and use the official auth package instead of manual environment variable handling.

Files to Modify

• Update: pkg/workflow/repository_features_validation.go - Add caching to API clients
• Update: pkg/workflow/github_cli.go - Replace manual token handling with pkg/auth
• Update: pkg/parser/remote_fetch.go - Enable caching for file downloads

Part 1: Enable API Caching

Current Implementation

client, err := api.DefaultRESTClient()

Target Implementation

opts := api.ClientOptions{
    EnableCache: true,
    CacheTTL:    5 * time.Minute,
}
client, err := api.NewRESTClient(opts)

Benefits: Reduces duplicate API calls, automatic cache invalidation

Part 2: Adopt pkg/auth for Token Management

Current Implementation (github_cli.go)

ghToken := os.Getenv("GH_TOKEN")
githubToken := os.Getenv("GITHUB_TOKEN")
if ghToken == "" && githubToken != "" {
    cmd.Env = append(os.Environ(), "GH_TOKEN="+githubToken)
}

Target Implementation

import "github.com/cli/go-gh/v2/pkg/auth"

token, tokenSource := auth.TokenForHost("github.com")
if token != "" {
    // Use token with API clients
}

Benefits: Supports multiple auth methods (OAuth, tokens), respects gh configuration

Approach

1. Phase 1 - Add Caching:

   • Update REST client creation to use ClientOptions
   • Set reasonable TTL (5 minutes for repository features)
   • Test that caching works with existing application-level cache

2. Phase 2 - Migrate Auth:

   • Import github.com/cli/go-gh/v2/pkg/auth
   • Replace manual environment variable handling
   • Update token passing to API clients
   • Test authentication flow with GH_TOKEN and GITHUB_TOKEN

3. Phase 3 - Test & Validate:

   • Verify caching reduces API calls in logs
   • Test auth works with different token sources
   • Ensure backward compatibility maintained

Acceptance Criteria

• API clients created with ClientOptions{EnableCache: true}
• Cache TTL set appropriately (5 minutes)
• Manual GH_TOKEN/GITHUB_TOKEN handling replaced with pkg/auth
• Token authentication works with both environment variables
• Debug logs show cache hits/misses (when DEBUG enabled)
• All tests pass (make test)
• Integration tests verify caching behavior

Expected Impact

• Performance: Further reduction in API calls via HTTP caching
• Consistency: Follows GitHub CLI authentication patterns
• Maintainability: Cleaner auth code aligned with upstream
• Flexibility: Supports future OAuth and other auth methods

Estimated Effort

1-1.5 hours (including testing)
Related to #5828

AI generated by Plan Command for discussion #5826

[copilot-swe-agent]

The agent encountered an error and was unable to start working on this issue: The token used to assign the agent doesn't have the necessary permissions. Please make sure your token has read and write access to actions, contents, issues, and pull requests, and has permission to assign issues to the target repository. Learn more: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr