Problem
Copilot CLI 1.0.21 introduced a startup model validation step: when COPILOT_MODEL is set in the agent environment, the CLI calls GET /models before executing. This endpoint does not accept classic PATs (ghp_*), causing the agent to fail at startup with exit code 1 — before any useful work begins.
AWF propagates COPILOT_GITHUB_TOKEN into the agent environment and, when the DIFC/CLI proxy is active, routes Copilot API calls through it. AWF currently has no mechanism to detect this failure mode or warn users before it manifests.
Context
Original github/gh-aw issue: github/gh-aw#25593
Affected scope:
COPILOT_MODEL is set in the agent environmentCOPILOT_GITHUB_TOKEN is a classic PAT (ghp_*)- Workflows not setting
COPILOT_MODEL are unaffected
Introduced in gh-aw v0.67.3 (Copilot CLI 1.0.21). Copilot CLI 1.0.20 did not perform model validation.
Root Cause
In src/docker-manager.ts, AWF injects COPILOT_GITHUB_TOKEN into the agent environment (line ~1506) and, when the API proxy is active, COPILOT_API_URL points to the sidecar. The sidecar forwards calls to the GitHub Copilot API. Classic PATs lack the OAuth scope required by the /models validation endpoint — this is a GitHub API restriction outside AWF's control.
AWF has no pre-flight check for the combination of:
- Classic PAT token (detectable by
ghp_ prefix)
COPILOT_MODEL being set in the injected environment
Proposed Solution
-
Early warning in src/cli.ts or src/docker-manager.ts: Before starting containers, detect if COPILOT_MODEL is set alongside a ghp_-prefixed COPILOT_GITHUB_TOKEN. Emit a clear [WARN] message explaining that the /models validation step in Copilot CLI 1.0.21+ rejects classic PATs and the workflow will likely fail.
-
Document in docs/environment.md: Add a note to the COPILOT_GITHUB_TOKEN section explaining the COPILOT_MODEL + classic PAT incompatibility introduced in Copilot CLI 1.0.21.
-
Optionally: Investigate whether the CLI proxy's Copilot API forwarding path can intercept the 401 from /models and surface a more actionable error in the AWF logs rather than letting the agent exit silently.
Generated by Firewall Issue Dispatcher · ● 1.4M · ◷
Problem
Copilot CLI 1.0.21 introduced a startup model validation step: when
COPILOT_MODELis set in the agent environment, the CLI callsGET /modelsbefore executing. This endpoint does not accept classic PATs (ghp_*), causing the agent to fail at startup with exit code 1 — before any useful work begins.AWF propagates
COPILOT_GITHUB_TOKENinto the agent environment and, when the DIFC/CLI proxy is active, routes Copilot API calls through it. AWF currently has no mechanism to detect this failure mode or warn users before it manifests.Context
Original
github/gh-awissue: github/gh-aw#25593Affected scope:
COPILOT_MODELis set in the agent environmentCOPILOT_GITHUB_TOKENis a classic PAT (ghp_*)COPILOT_MODELare unaffectedIntroduced in gh-aw v0.67.3 (Copilot CLI 1.0.21). Copilot CLI 1.0.20 did not perform model validation.
Root Cause
In
src/docker-manager.ts, AWF injectsCOPILOT_GITHUB_TOKENinto the agent environment (line ~1506) and, when the API proxy is active,COPILOT_API_URLpoints to the sidecar. The sidecar forwards calls to the GitHub Copilot API. Classic PATs lack the OAuth scope required by the/modelsvalidation endpoint — this is a GitHub API restriction outside AWF's control.AWF has no pre-flight check for the combination of:
ghp_prefix)COPILOT_MODELbeing set in the injected environmentProposed Solution
Early warning in
src/cli.tsorsrc/docker-manager.ts: Before starting containers, detect ifCOPILOT_MODELis set alongside aghp_-prefixedCOPILOT_GITHUB_TOKEN. Emit a clear[WARN]message explaining that the/modelsvalidation step in Copilot CLI 1.0.21+ rejects classic PATs and the workflow will likely fail.Document in
docs/environment.md: Add a note to theCOPILOT_GITHUB_TOKENsection explaining theCOPILOT_MODEL+ classic PAT incompatibility introduced in Copilot CLI 1.0.21.Optionally: Investigate whether the CLI proxy's Copilot API forwarding path can intercept the 401 from
/modelsand surface a more actionable error in the AWF logs rather than letting the agent exit silently.