From 7f0f860056c7b0e15d5ba96201678a5dea0f6bcf Mon Sep 17 00:00:00 2001
From: harsh mahajan <harshmahajan2345@gmail.com>
Date: Tue, 16 Jun 2026 17:21:35 +0530
Subject: [PATCH 1/2] fix: include status code and response body in GitHub
 token error

---
 src/VCS/Adapter/Git/GitHub.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/VCS/Adapter/Git/GitHub.php b/src/VCS/Adapter/Git/GitHub.php
index 608712e0..26a6b397 100644
--- a/src/VCS/Adapter/Git/GitHub.php
+++ b/src/VCS/Adapter/Git/GitHub.php
@@ -636,8 +636,9 @@ protected function generateAccessToken(string $privateKey, ?string $appId): void
         $this->jwtToken = $token;
         $response = $this->call(self::METHOD_POST, '/app/installations/' . $this->installationId . '/access_tokens', ['Authorization' => 'Bearer ' . $token]);
         $responseBody = $response['body'] ?? [];
+        $statusCode = $response['headers']['status-code'] ?? 0;
         if (!array_key_exists('token', $responseBody)) {
-            throw new Exception('Failed to retrieve access token from GitHub API.');
+            throw new Exception('Failed to retrieve access token from GitHub API. Status: ' . $statusCode . '. Response: ' . \json_encode($responseBody));
         }
         $this->accessToken = $responseBody['token'] ?? '';
     }

From 9d53fb7d74aa66053c7077c16622afaa85c83a86 Mon Sep 17 00:00:00 2001
From: harsh mahajan <harshmahajan2345@gmail.com>
Date: Tue, 16 Jun 2026 17:31:34 +0530
Subject: [PATCH 2/2] fix: only expose safe fields from GitHub error response

---
 src/VCS/Adapter/Git/GitHub.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/VCS/Adapter/Git/GitHub.php b/src/VCS/Adapter/Git/GitHub.php
index 26a6b397..403e874f 100644
--- a/src/VCS/Adapter/Git/GitHub.php
+++ b/src/VCS/Adapter/Git/GitHub.php
@@ -638,7 +638,8 @@ protected function generateAccessToken(string $privateKey, ?string $appId): void
         $responseBody = $response['body'] ?? [];
         $statusCode = $response['headers']['status-code'] ?? 0;
         if (!array_key_exists('token', $responseBody)) {
-            throw new Exception('Failed to retrieve access token from GitHub API. Status: ' . $statusCode . '. Response: ' . \json_encode($responseBody));
+            $safeBody = \is_array($responseBody) ? \json_encode(\array_intersect_key($responseBody, \array_flip(['message', 'documentation_url']))) : '';
+            throw new Exception('Failed to retrieve access token from GitHub API. Status: ' . $statusCode . '. Response: ' . $safeBody);
         }
         $this->accessToken = $responseBody['token'] ?? '';
     }