What happened?
Description
Setting the common GITHUB_TOKEN environment variable (used by gh CLI, git, CI/CD) causes pi to list all GitHub Copilot models as
"available" in /model and --list-models, even though a standard GitHub PAT cannot authenticate with the Copilot API.
Steps to reproduce
- Set
GITHUB_TOKEN to any GitHub personal access token:
export GITHUB_TOKEN=github_pat_xxx
- Run pi --list-models
- Observe that 26 GitHub Copilot models are listed alongside the actually-configured providers
Expected behavior
GITHUB_TOKEN / GH_TOKEN are generic GitHub API tokens used by many developer tools. They should not be treated as valid Copilot
credentials. Only COPILOT_GITHUB_TOKEN (or OAuth login via /login) should unlock Copilot models.
Root cause
In env-api-keys.ts, the github-copilot provider checks three env vars:
if (provider === "github-copilot") {
return ["COPILOT_GITHUB_TOKEN", "GH_TOKEN", "GITHUB_TOKEN"];
}This feeds into AuthStorage.hasAuth() → ModelRegistry.getAvailable() → all 26 Copilot models appear, but they don't actually work when
selected.
Context
- pi version: 0.74.0
- OS: Windows (but reproducible on any OS)
- Many developers have GITHUB_TOKEN set globally for gh CLI, not for Copilot.
Suggested fix
Remove GH_TOKEN and GITHUB_TOKEN from the github-copilot env var list, keeping only COPILOT_GITHUB_TOKEN. Or at minimum, validate the
token against the Copilot API before listing models.
Steps to reproduce
- Set
GITHUB_TOKEN to any GitHub personal access token:
export GITHUB_TOKEN=github_pat_xxx
- Run pi --list-models
- Observe that 26 GitHub Copilot models are listed alongside the actually-configured providers
Expected behavior
No response
Version
v0.74.0
What happened?
Description
Setting the common
GITHUB_TOKENenvironment variable (used byghCLI, git, CI/CD) causes pi to list all GitHub Copilot models as"available" in
/modeland--list-models, even though a standard GitHub PAT cannot authenticate with the Copilot API.Steps to reproduce
GITHUB_TOKENto any GitHub personal access token:export GITHUB_TOKEN=github_pat_xxxExpected behavior
GITHUB_TOKEN / GH_TOKEN are generic GitHub API tokens used by many developer tools. They should not be treated as valid Copilot
credentials. Only COPILOT_GITHUB_TOKEN (or OAuth login via /login) should unlock Copilot models.
Root cause
In env-api-keys.ts, the github-copilot provider checks three env vars:
This feeds into AuthStorage.hasAuth() → ModelRegistry.getAvailable() → all 26 Copilot models appear, but they don't actually work when
selected.
Context
Suggested fix
Remove GH_TOKEN and GITHUB_TOKEN from the github-copilot env var list, keeping only COPILOT_GITHUB_TOKEN. Or at minimum, validate the
token against the Copilot API before listing models.
Steps to reproduce
GITHUB_TOKENto any GitHub personal access token:export GITHUB_TOKEN=github_pat_xxxExpected behavior
No response
Version
v0.74.0