Never suggest tools.github mode: remote in agent prompts#22709
Never suggest tools.github mode: remote in agent prompts#22709
tools.github mode: remote in agent prompts#22709Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/318d4f4f-0c0e-43e5-8aa5-260c9c51f556
tools.github mode: remote in agent prompts
There was a problem hiding this comment.
Pull request overview
This PR updates agent prompt and workflow documentation to prohibit recommending tools.github mode: remote, because it does not work with the GitHub Actions GITHUB_TOKEN and requires different authentication.
Changes:
- Removes
mode: remotefrom multiple “correct” configuration examples across agent/workflow docs. - Adds explicit guidance/warnings that
mode: remoteshould not be used in GitHub Actions contexts. - Updates reference docs for the
tools.github.modefield to steer readers to the supported default behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| AGENTS.md | Removes mode: remote from the “CORRECT” example and adds a “never use remote” key point. |
| .github/aw/create-agentic-workflow.md | Removes mode: remote from the recommended snippet and rewrites the mode guidance to prohibit remote in Actions. |
| .github/aw/upgrade-agentic-workflows.md | Updates the migration guidance to avoid including mode: remote in the new-format example and explains why. |
| .github/aw/runbooks/workflow-health.md | Removes mode: remote from multiple troubleshooting/configuration snippets. |
| .github/aw/github-mcp-server.md | Updates the example config to omit remote mode and adds a warning block against remote in Actions. |
| .github/aw/github-agentic-workflows.md | Updates the mode: field description to explicitly warn against remote mode with GITHUB_TOKEN. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Old format (deprecated) | ||
| mcp-servers: | ||
| github: | ||
| mode: remote | ||
|
|
||
| # New format | ||
| # New format (do NOT include mode: remote - it does not work with GitHub Actions token) | ||
| tools: | ||
| github: | ||
| mode: remote | ||
| toolsets: [default] |
There was a problem hiding this comment.
The migration snippet still shows mode: remote in the "Old format (deprecated)" example. Since this doc is part of the guidance to copy/paste during upgrades, leaving mode: remote here undermines the stated rule to never suggest remote mode. Update the old-format example to avoid mode: remote (or add an explicit inline comment on that line that it must be removed/replaced because it won’t work with GITHUB_TOKEN).
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | ||
| ``` | ||
|
|
||
| > ⚠️ **Do NOT use `mode: remote`** in GitHub Actions workflows. Remote mode does not work with the GitHub Actions token (`GITHUB_TOKEN`) — it requires a special PAT or GitHub App token with MCP access. The default `mode: local` (Docker-based) works with `GITHUB_TOKEN` and should always be used. |
There was a problem hiding this comment.
This new warning calls the default mode: local "Docker-based", but earlier in this document local mode is described as running gh mcp as a local subprocess. Please reconcile these descriptions (either adjust the warning text or update the overview/authentication sections) so readers don’t get conflicting guidance about what “local” actually means.
| > ⚠️ **Do NOT use `mode: remote`** in GitHub Actions workflows. Remote mode does not work with the GitHub Actions token (`GITHUB_TOKEN`) — it requires a special PAT or GitHub App token with MCP access. The default `mode: local` (Docker-based) works with `GITHUB_TOKEN` and should always be used. | |
| > ⚠️ **Do NOT use `mode: remote`** in GitHub Actions workflows. Remote mode does not work with the GitHub Actions token (`GITHUB_TOKEN`) — it requires a special PAT or GitHub App token with MCP access. The default `mode: local` (which runs `gh mcp` as a local subprocess) works with `GITHUB_TOKEN` and should always be used. |
mode: remotefor GitHub tools does not work with the GitHub ActionsGITHUB_TOKEN— it requires a special PAT or GitHub App token with MCP access. Several agent prompt files were incorrectly showing it as the recommended/correct configuration.Changes
AGENTS.md— Removedmode: remotefrom the ✅ CORRECT example; added explicit "Never usemode: remote" bullet with explanationcreate-agentic-workflow.md— Removedmode: remotefrom the CORRECT example block; rewrote the Mode configuration note to prohibit remote modeupgrade-agentic-workflows.md— Migration example new-format no longer includesmode: remote; added inline comment explaining whyrunbooks/workflow-health.md— Removedmode: remotefrom all 8 resolution/quick-reference examplesgithub-mcp-server.md— Replacedmode: "remote"config example with local-only; addedgithub-agentic-workflows.md— Updatedmode:field docs to say "do NOT use remote"Before (multiple files showed this as correct):
After:
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.