GitHub App authentication is broken

[Dan-Wuensch]

Relates to: https://hackerone.com/reports/3460042

Our AI-powered code review app that uses hosted GitHub MCP is down pending a fix

GitHub MCP Server no longer supports GitHub App authentication due to a recent change that forces all agents to perform a user check via GET https://api.github.com/user, which does not support GitHub App auth.

When an agent starts a session, it is now instructed to always call get_me first, which makes a call to GET https://api.github.com/user. This endpoint requires user-scoped authentication (PAT or OAuth) and returns a 403 error for GitHub App tokens since GitHub Apps authenticate as the app installation, not as a specific user.
Impact: Automated agentic code reviews that rely on GitHub MCP are now failing for all teams.

Possible root cause:

#1091 introduced pkg/github/instructions.go which appends the instruction "Always call 'get_me' first to understand current user permissions and context."

Before this change, LLMs would only call get_me if they determined it was relevant. After the change, LLMs are instructed to always call get_me first when the context toolset is enabled, breaking GitHub App integrations since the first tool call will always fail with 403.

Steps To Reproduce:

1. Run Codename Goose or another agent with GitHub MCP configured in a GitHub Action (see example goose config below and example code in https://block.github.io/goose/docs/tutorials/cicd/)
2. Use actions/create-github-app-token@v1 with app-id set to the github_app_id and "private-key" to the github_client_secret
3. Ask the agent to use GitHub MCP to review or summarize a particular PR
4. Observe failure due to 403 calling /users API endpoint

Example error:

I'll help you review PR #289. Let me start by getting the PR details and understanding the changes.
  ─── get_me | github ──────────────────────────
  
  ─── pull_request_read | github ──────────────────────────
  method: get
  owner: my-org
  pullNumber: 420
  repo: my-repo
  
  -32603: Mcp error: 0: GET https://api.github.com/user: 403 Resource not accessible by integration []The tool calling loop was interrupted. How would you like to proceed?
    error: The error above was an exception we were not able to handle.
  These errors are often related to connection or authentication
  We've removed the conversation up to the most recent user message
  - depending on the error you may be able to continue

Example ~/.config/goose/config.yaml:

mkdir -p ~/.config/goose
        cat <<EOF > ~/.config/goose/config.yaml
        GOOSE_PROVIDER: aws_bedrock
        GOOSE_MODEL: MyInferenceProfileArnGoesHere
        extensions:
          developer:
            enabled: true
            name: developer
            type: builtin
          github:
            enabled: true
            name: github
            description: Allows access to pull requests for review
            headers:
              Authorization: Bearer $GITHUB_TOKEN
            timeout: 300
            type: streamable_http
            uri: https://api.githubcopilot.com/mcp/
        EOF

[Dan-Wuensch]

MCP for our GitHub App appears to be working again today.

If there was a recent deployment, perhaps it was fixed by 5cd95dc (#1401)?

Breaking change:

if slices.Contains(enabledToolsets, "context") {
	instructions = append(instructions, "Always call 'get_me' first to understand current user permissions and context.")
}

Possible fix (?)

if cfg.DynamicToolsets {
		enabledToolsets = github.RemoveToolset(enabledToolsets, github.ToolsetMetadataAll.ID)
   to		enabledToolsets = github.RemoveToolset(enabledToolsets, github.ToolsetMetadataDefault.ID)

In any case, it does not appear to be making the calls to get_me https://api.github.com/user at the moment. I'll monitor over the next day or two and close if we are still able to operate the code reviews.