fix(aw): Issue Arborist - re-apply curl REST API workaround for DIFC proxy /meta block#8507
Conversation
…proxy /meta block The agentic-workflows reset in #8491 reverted the Issue Arborist 'Fetch issues data' step back to `gh issue list`, which immediately fails in CI because the gh CLI hits `/meta` against the corporate DIFC proxy and gets HTTP 403, breaking the entire run before the MCP server can start (zero-byte rpc-messages.jsonl). Re-apply the same fix as #8185: call the GitHub Search REST API directly with curl, using GH_AW_ORIGINAL_GITHUB_API_URL to bypass the proxy. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the Issue Arborist agentic workflow to avoid gh CLI failures caused by the DIFC proxy blocking the /meta endpoint, by switching the “Fetch issues data” pre-agent step to call the GitHub Search REST API via curl, and regenerating the compiled lock workflow.
Changes:
- Replace
gh issue listwith acurlcall toGET /search/issuesand normalize the response shape withjq. - Add
GH_AW_ORIGINAL_GITHUB_API_URL/GH_AW_GITHUB_REPOSITORYenv vars to drive the REST call reliably. - Regenerate
.github/workflows/issue-arborist.lock.ymlviagh aw compile issue-arborist --strict.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/issue-arborist.md | Switches issue-fetching from gh issue list to curl + Search REST API to bypass /meta proxy blocking. |
| .github/workflows/issue-arborist.lock.yml | Regenerated compiled workflow to reflect the updated source workflow definition. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 1
| curl -s \ | ||
| -H "Authorization: Bearer ${GITHUB_TOKEN}" \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| --get \ | ||
| --data-urlencode "q=repo:${GH_AW_GITHUB_REPOSITORY} is:issue is:open -is:sub-issue" \ |
Evangelink
left a comment
Evangelink
left a comment
There was a problem hiding this comment.
✅ 21/21 dimensions clean — no findings.
This PR correctly re-applies the DIFC proxy workaround from #8185 that was inadvertently lost during the upstream workflow reset in #8491.
Technical Review Summary
Changes:
- Replaced
gh issue listwith directcurlcall to GitHub Search API - Added
jqtransformation to normalize REST API response format - Implemented proper error handling with
|| echo '[]'fallback - Regenerated lock file (removed DIFC proxy infrastructure since it's no longer requested in source
.md)
Verification:
- ✓
curlcommand properly uses--data-urlencodeto prevent query injection - ✓ Bearer token correctly passed in Authorization header
- ✓ All shell variables properly quoted
- ✓
jqtransformation correctly maps REST API fields to expected format (snake_case → camelCase, lowercase → uppercase state) - ✓ Fallback to empty array
[]on any failure prevents workflow abortion - ✓ Lock file changes are mechanical compilation artifacts (updated heredoc delimiters, removed unused DIFC proxy steps)
Correctness:
The workaround is sound: gh issue list internally calls /meta for server-type detection, which the corporate DIFC proxy blocks. By using curl directly against the documented GitHub REST API endpoint, the workflow bypasses the gh CLI entirely and avoids the /meta call.
The lock file correctly no longer includes DIFC proxy start/stop steps because the source .md file (after the upstream reset) doesn't explicitly request DIFC proxy infrastructure — the compiler generates only what's needed.
Scope:
Appropriately narrow — re-applies a proven fix without scope creep.
Generated by Expert Code Review (on open) for issue #8507 · ● 7.4M
…v0.3.12+ ships Per githubnext/agentics#339, the DIFC proxy /meta block was fixed in gh-aw-mcpg v0.3.12. main already pins ghcr.io/github/gh-aw-mcpg:v0.3.17 (via gh-aw v0.75.0), which lets `gh issue list` go through the proxy again, so we no longer need the curl + REST API workaround from #8507 / #8185. Reverts the workflow source to upstream (githubnext/agentics) and regenerates the lockfile with gh-aw v0.75.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The agentic-workflows reset in #8491 reverted the Issue Arborist
Fetch issues datastep back togh issue list, which immediately fails in CI because the gh CLI hits/metaagainst the corporate DIFC proxy and gets HTTP 403. That breaks the run before the MCP server can start, which is what produces theERR_SYSTEM: rpc-messages.jsonl is present but zero bytes — MCP telemetry capture failedannotation seen in run 26294701799.Re-applies the same fix as #8185: call the GitHub Search REST API directly with
curl, usingGH_AW_ORIGINAL_GITHUB_API_URLto bypass the DIFC proxy. The lock file is regenerated viagh aw compile issue-arborist --strict.