[BUG] Cloud/Cowork sessions: git proxy now blocks all pushes — "not in this session's authorized repository set"; PAT pass-through no longer works (CCR_TEST_GITPROXY rollout?)

Open 💬 1 comment Opened Jul 10, 2026 by Loneplanet117

Summary

As of ~10 Jul 2026 (AEST), Cowork / remote cloud sessions can no longer push to GitHub repositories that aren't in the session's "authorized repository set" — including when the user supplies their own fine-grained PAT, which previously worked. The change appeared mid-session (pushes worked in the morning, then began failing a few hours later with no client-side change) and persists in fresh sessions.

Exact errors

git push (PAT embedded in remote URL, fine-grained, Contents R/W):

remote: access denied by the git proxy: Loneplanet117/portal-cw-brands is not in this session's authorized repository set, so the proxy will not inject a credential for it. To fix, add the repository to the session's sources.
fatal: unable to access 'https://github.com/Loneplanet117/portal-cw-brands.git/': The requested URL returned error: 403

REST API calls to api.github.com with the same PAT are also intercepted by the proxy:

{"message":"GitHub access to this repository is not enabled for this session. Use add_repo to request access.","documentation_url":"https://docs.anthropic.com/en/docs/claude-code/github-actions"}

The session's built-in credential also fails: requests using the environment's GITHUB_TOKEN return builtin injection failed.

Clones/fetches/reads still work fine. Only writes are blocked.

Evidence this is a server-side rollout

  • The session environment contains CCR_TEST_GITPROXY=1, which looks like a feature flag for new git-proxy enforcement.
  • Timeline: push worked on the morning of 10 Jul (AEST), was blocked mid-session the same day with no client-side change, and remains blocked in brand-new sessions (different container, fresh clone, same PAT).
  • The user did not change PAT scopes, repo permissions, or session configuration between the working and non-working states.

Impact

  • Established PAT-per-session workflows (user pastes a scoped PAT in chat; session pushes to a private repo) are broken with no self-service fix visible from the product.
  • The error text says "add the repository to the session's sources", and the API error says "Use add_repo to request access" — but in a Cowork desktop session there is no visible UI to add a GitHub repository as a session source, and no add_repo tool/command exists in the sandbox (not in PATH, not an available MCP tool in the session).
  • Docs (https://code.claude.com/docs/en/claude-code-on-the-web) describe GitHub App / /web-setup authorization for Claude Code on the web, but it's unclear how that maps to Cowork sessions, and no error surface points the user at it.

Expected behavior

Either (a) user-supplied credentials continue to work for repos the credential legitimately has access to, or (b) the product provides a clear, discoverable way to add a repository to a Cowork session's authorized set (and the proxy error points at it accurately).

Environment

  • Product: Cowork (Claude desktop app) → remote cloud sandbox session
  • Session: session_01YQvhPVCkNAFXKDFTmEpL2K (env CLAUDE_CODE_REMOTE_SESSION_ID=cse_01YQvhPVCkNAFXKDFTmEpL2K)
  • Env flags observed: CCR_TEST_GITPROXY=1, CCR_AGENT_PROXY_ENABLED=1, CCR_UPSTREAM_PROXY_ENABLED=1
  • Repo: private, Loneplanet117/portal-cw-brands
  • Date observed: 2026-07-09 → 2026-07-10 (AEST)

Repro steps

  1. Start a Cowork session from the Claude desktop app (no GitHub repo configured as a session source).
  2. git clone https://x-access-token:<fine-grained-PAT>@github.com/<owner>/<private-repo>.git → succeeds.
  3. Create a branch, empty commit, git push origin <branch> → 403 from the git proxy with the message above.
  4. The 403 originates from the sandbox git proxy ("remote: access denied by the git proxy"), not from GitHub — GitHub never evaluates the supplied PAT.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗