[Bug] Claude Web's GitHub API proxy also blocks GitHub Copilot

Open 💬 0 comments Opened Jul 12, 2026 by lennart-bos

Bug Description

Title

[BUG] Claude Code web/remote sandbox: GitHub API proxy rejects GitHub Copilot CLI's internal auth endpoint (/copilot_internal/*) pre-authentication

Summary

Running GitHub Copilot CLI (copilot) from inside a Claude Code on the web / Claude Code Remote session fails authentication unconditionally, regardless of token validity. This prevents Claude Code from delegating tasks/reviews to Github Copilot using copilot -p "prompt here". The session's GitHub egress proxy intercepts all api.github.com traffic and only recognizes a small allowlist of paths (/user, /repos/{owner}/{repo}/...). Copilot CLI's own auth handshake calls /copilot_internal/user to validate its token, which isn't in that allowlist, so the proxy rejects the request with a synthesized 403 before any credential is even inspected — no token, valid or otherwise, can work around it.

Environment

  • Claude Code on the web / Claude Code Remote (cloud session)
  • Proxy TLS cert issuer observed: CN=CCR Upstream Proxy CA (staging); O=Anthropic
  • Node.js v22.22.2
  • GitHub Copilot CLI 1.0.70
  • Trigger: any Claude Code plugin/skill that shells out to copilot -p ... (e.g. a Copilot-relay skill that lets Claude delegate tasks to a Copilot CLI session)

Reproduction (no authentication required — this is host/path-level, not credential-level)

$ curl -sS https://api.github.com/
{}

$ curl -sS https://api.github.com/user -w "\n%{http_code}\n"
{ ...real GitHub profile data for the session's connected account, no Authorization header sent... }
200

$ curl -sS https://api.github.com/copilot_internal/user -w "\n%{http_code}\n"
{"message":"This GitHub API path is not available: sessions are bound to their configured repositories. Use repository-scoped endpoints (repos/{owner}/{repo}/...).","documentation_url":"https://docs.anthropic.com/en/docs/claude-code/github-actions"}
403

The docs.anthropic.com link in the error body confirms this response is synthesized by Anthropic's proxy, not passed through from GitHub — GitHub's own API errors always link to docs.github.com. No Authorization header was sent in any of the above requests, yet the last call returns byte-for-byte the same error that copilot CLI surfaces when given a real, valid GitHub PAT that is confirmed to authenticate copilot successfully on a non-sandboxed machine.

Impact

Any tool or plugin that shells out to copilot CLI cannot authenticate inside a Claude Code web/remote session, because Copilot's internal token-validation call (/copilot_internal/user) has no path in the proxy's allowlist. This surfaces to the user as a confusing "Authentication token found but could not be validated" / bad-token error, with no indication it's actually a platform-level sandboxing limitation rather than a credentials problem.

Relation to other issues

Related to but distinct from #10108, which reported api.github.com blocked entirely at the host level (bare 403 + x-deny-reason: host_not_allowed header, no JSON body). That's not what's happening here: the host is reachable, /user works and returns real data, /repos/* is recognized (even if not enabled for this session), and the rejection is path-specific with a fully-formed, Anthropic-authored JSON body pointing at Anthropic's own docs. The proxy appears to have evolved since #10108 into a more selective per-path allowlist — progress, but that allowlist still has no entry for GitHub's Copilot-specific API surface.

Suggested fix

Either:

  1. Pass through /copilot_internal/* (and other unrecognized api.github.com paths) using the caller-supplied token instead of rejecting outright, or
  2. Document this as a known limitation of Claude Code web/remote sessions (e.g. in the network-config / claude-code-on-the-web docs) so plugin authors know Copilot-CLI-based tools aren't supported there.

Environment Info

  • Platform: darwin
  • Terminal: iTerm.app
  • Version: 2.1.205
  • Feedback ID: ce4d7ae8-6c2b-4ecc-8b9f-398cde41ae8f

Errors

Error: Authentication token found but could not be validated.

  Failed to fetch PAT user login (403): GitHub returned: This GitHub API path is not available: sessions are bound to their configured repositories. Use repository-scoped endpoints (repos/{owner}/{repo}/...).

Your token may still be valid. Check your network connection and try again.

To authenticate, you can use any of the following methods:
  • Start 'copilot' and run the '/login' command
  • Set the COPILOT_GITHUB_TOKEN, GH_TOKEN, or GITHUB_TOKEN environment variable
  • Run 'gh auth login' to authenticate with the GitHub CLI

View original on GitHub ↗