push_to_pull_request_branch: git fetch still fails after clean_git_credentials.sh (v0.53.3)

[NicoAvanzDev]

Summary

push_to_pull_request_branch fails because the MCP gateway's generate_git_patch function runs git fetch origin <branch> after clean_git_credentials.sh has stripped authentication from the git remote URL.

This is the same root cause as #20511 and #18703. Issue #20511 was closed as completed, but #18703 reports the fix didn't work in v0.53.4, and #20005 reports it still fails in v0.55.0.

Environment

• gh aw version: v0.53.3
• Workflow trigger: pull_request (opened, synchronize, reopened)
• Safe output: push-to-pull-request-branch with max: 1

Reproduction

Minimal workflow:

---
on:
  pull_request:
    types: [opened, synchronize, reopened]
    branches: [master]

permissions:
  contents: read
  pull-requests: read
  actions: read

tools:
  github:
    toolsets: [repos, pull_requests]
  edit:

safe-outputs:
  push-to-pull-request-branch:
    max: 1
    if-no-changes: ignore

checkout:
  ref: ${{ github.head_ref }}
  fetch-depth: 1
---

# Doc Update Agent

Update docs based on PR changes. After committing, call `push-to-pull-request-branch`.

Error

The agent commits locally and calls the push_to_pull_request_branch tool. The MCP handler logs:

[generate_git_patch] Strategy 1 (incremental): Fetching origin/<branch>
[error] Git command failed: git fetch origin -- <branch>:refs/remotes/origin/<branch>
[error] Exit status: 128
[error] Stderr: fatal: could not read Username for 'https://github.com': No such device or address

The agent then records:

✓ Recorded missing tool: GitHub authentication / git push credentials
  Reason: The push_to_pull_request_branch tool repeatedly fails with
  "fatal: could not read Username for 'https://github.com': No such device or address"

Root cause analysis

In the compiled lock file:

1. Line 306 — Git credentials are configured: git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/..."
2. Line 660 — clean_git_credentials.sh strips them (intentionally, for sandbox security)
3. Line 669 — Copilot CLI agent starts — no git write credentials available
4. Agent calls push_to_pull_request_branch MCP tool
5. MCP handler's generate_git_patch runs git fetch origin <branch> — fails because credentials are gone

The safe-outputs job (line 1129) does reconfigure credentials independently, but it only runs after the agent job completes. The MCP tool needs to fetch during the agent job to compute the patch.

Expected behavior

The push_to_pull_request_branch MCP tool should authenticate its git operations using the GITHUB_TOKEN environment variable (which is available in the sandbox via the MCP gateway docker command) rather than relying on git credential helpers that were cleaned.

Relationship to other issues

• clean_git_credentials.sh breaks push_to_pull_request_branch #20511 — Same root cause, closed as completed, fix was to use env vars for git auth
• safeoutputs-push_to_pull_request_branch fails on fetch #18703 — Same bug, closed, but user reported fix didn't work in v0.53.4
• Network issues with - push-to-pull-request-branch #20005 — Same bug, still open, reproduced on v0.55.0

[pelikhan]

@copilot check if this one is covered.