GitHub tools list_user_installations and list_app_installations fail with app installation auth #110
Description
Problem
The list_user_installations and list_app_installations tools fail when using GitHub App installation authentication (the default auth method in scout-agent).
Errors
list_user_installations:
Resource not accessible by integration - https://docs.github.com/rest/apps/installations#list-app-installations-accessible-to-the-user-access-token
list_app_installations:
A JSON web token could not be decoded - https://docs.github.com/rest
Root Cause
These two endpoints require different authentication than what authenticateApp() provides:
| Tool | Endpoint | Required Auth | What we provide |
|---|---|---|---|
list_user_installations |
GET /user/installations |
User access token (OAuth/PAT) | Installation token |
list_app_installations |
GET /app/installations |
App JWT (signed with private key) | Installation token |
When withContext({ appAuth }) is used, the authenticateApp() function exchanges the app JWT for an installation access token. This works for most repository operations, but these two endpoints specifically need different token types.
Suggested Solutions
- Remove these tools from the default toolset when using app auth, since they're not compatible
- Add a separate auth path for
list_app_installationsthat uses the raw JWT instead of exchanging it for an installation token - Document the limitation so users know these tools require user token auth
- Throw a more helpful error when these tools are called with incompatible auth (e.g., "This tool requires a user access token and is not compatible with GitHub App authentication")
Reproduction
- Set up scout-agent with GitHub App auth
- Call either
github_list_user_installationsorgithub_list_app_installations - Observe the errors above