Skip to content

GitHub MCP issue_read tool unavailable when app token is scoped to multiple repositories #18115

New issue
New issue
Closed
#18159
Closed
GitHub MCP issue_read tool unavailable when app token is scoped to multiple repositories#18115
#18159
Assignees
pelikhancopilot-swe-agent
Labels
ai-inspectedcommunity
@benvillalobos

Description

@benvillalobos
benvillalobos
opened on Feb 24, 2026

Summary

When tools.github.app.repositories contains multiple repositories, the GitHub MCP issue_read tool becomes unavailable to the agent. The agent falls back to unauthenticated CLI/curl calls, which fail on private repos. Single-repo tokens work correctly.

Reproduction

Working configuration (single repo):

tools:
    github:
        toolsets: [issues]
        allowed: [issue_read]
        read-only: true
        app:
            app-id: ${{ secrets.CODE_REVIEW_APP_ID }}
            private-key: ${{ secrets.CODE_REVIEW_APP_PRIVATE_KEY }}
            owner: 'microsoft'
            repositories: ['vscode-engineering']

Broken configuration (two repos — only change):

tools:
    github:
        toolsets: [issues]
        allowed: [issue_read]
        read-only: true
        app:
            app-id: ${{ secrets.CODE_REVIEW_APP_ID }}
            private-key: ${{ secrets.CODE_REVIEW_APP_PRIVATE_KEY }}
            owner: 'microsoft'
            repositories: ['vscode', 'vscode-engineering']

Both compile successfully. The lock file diff between the two is minimal — only the repositories: value changes:

- repositories: vscode-engineering
+ repositories: vscode,vscode-engineering

This change appears in all three actions/create-github-app-token steps (agent, safe_outputs, conclusion). No other differences.

Evidence

Working run (single repo)

Run: 22346404501
Commit: dc74a432 ("Test only on vscode-engineering")
Result: Agent successfully called MCP issue_read on microsoft/vscode-engineering#1905

Failing run (two repos)

Run: 22346782685
Commit: 3c33ea38 ("compile with two repos")
Result: Agent could not use MCP tools at all ❌

Agent log from the failing run:

● Task: Read issue via gh CLI
  ● Get issue 1905 details from vscode-engineering repo
    $ gh issue view 1905 --repo microsoft/vscode-engineering --json
    title,body,labels,assignees,state,number 2>&1 || echo "FAILED"
    └ 5 lines...
● Task: Fetch issue via GitHub API
  ● Fetch GitHub issue data for issue 1905
    $ curl -s "https://api.github.com/repos/microsoft/vscode-engineering/issues/1905" 2>&1 | head -200
    └ 6 lines...
The repository is private and I cannot access the issue via unauthenticated API.
✗ missing_data
  Tool 'missing_data' does not exist.

The agent never attempted to use issue_read — it went straight to CLI/curl, suggesting the MCP tool wasn't available or the token was not passed through.

Lock File Analysis

The compiled lock file is structurally correct in both cases. The token generation step uses actions/create-github-app-token@v2.2.1:

- name: Generate GitHub App token
  id: github-mcp-app-token
  uses: actions/create-github-app-token@v2.2.1
  with:
    app-id: ${{ secrets.CODE_REVIEW_APP_ID }}
    private-key: ${{ secrets.CODE_REVIEW_APP_PRIVATE_KEY }}
    owner: microsoft
    repositories: vscode,vscode-engineering      # ← this format is valid per action docs
    permission-contents: read
    permission-issues: read

The token is then passed as GITHUB_MCP_SERVER_TOKEN to the agent job and wired into the MCP config:

{
  "mcpServers": {
    "github": {
      "type": "stdio",
      "container": "ghcr.io/github/github-mcp-server:v0.31.0",
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_MCP_SERVER_TOKEN}",
        "GITHUB_READ_ONLY": "1",
        "GITHUB_TOOLSETS": "issues"
      }
    }
  }
}

The plumbing is identical between the working and failing runs — only the repositories value differs.

Possible Root Causes

  1. Token generation succeeds but with reduced scope: actions/create-github-app-token may produce a token that doesn't cover all listed repos when the app's installation spans multiple repos.
  2. GitHub MCP server (github-mcp-server:v0.31.0) doesn't handle multi-repo tokens: The server may check the token's repo scope and fail if more than one is listed.
  3. Token generation step fails silently: The step may error internally but still produce a partial/empty output, causing the MCP server to start without auth.

The GitHub App (CODE_REVIEW) IS installed on both repos — confirmed by the single-repo runs working independently with either vscode or vscode-engineering.

Use Case

Cross-repository triage workflow in microsoft/vscode-engineering that reads issues from both microsoft/vscode and microsoft/vscode-engineering (repo is specified at dispatch time via repo_name input).

Environment

  • gh-aw: v0.50.0
  • github-mcp-server: v0.31.0
  • actions/create-github-app-token: v2.2.1
  • Repository: microsoft/vscode-engineering
  • Branch: bv/triage-aw2

two repos in scope —
the token forgets its keys,
one worked fine alone

Metadata

Metadata

Assignees

Labels

ai-inspectedcommunity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions