Remove COPILOT_CLI_TOKEN environment variable support

[Copilot]

Removes support for the COPILOT_CLI_TOKEN environment variable. No backward compatibility maintained.

Changes

Code removal:

• Removed COPILOT_CLI_TOKEN from Copilot engine secrets list
• Removed COPILOT_CLI_TOKEN fallback from token precedence chain in getEffectiveCopilotGitHubToken()
• Removed COPILOT_CLI_TOKEN case handling in trial support

Token precedence (before → after):

// Before
return "${{ secrets.COPILOT_GITHUB_TOKEN || secrets.COPILOT_CLI_TOKEN || secrets.GH_AW_COPILOT_TOKEN || secrets.GH_AW_GITHUB_TOKEN }}"

// After
return "${{ secrets.COPILOT_GITHUB_TOKEN || secrets.GH_AW_COPILOT_TOKEN || secrets.GH_AW_GITHUB_TOKEN }}"

Documentation:

• Added deprecation warnings in docs/reference/tokens.md and docs/reference/engines.md
• Updated migration table to mark COPILOT_CLI_TOKEN as "Removed in v0.26+"
• Updated skills documentation (copilot-cli/SKILL.md, gh-agent-task/SKILL.md)

Tests:

• Updated secret validation, token precedence, and redaction tests
• Removed COPILOT_CLI_TOKEN test cases

Impact

Workflows using COPILOT_CLI_TOKEN will fail authentication. Users must migrate to COPILOT_GITHUB_TOKEN:

gh secret set COPILOT_GITHUB_TOKEN -a actions --body "<your-github-pat>"

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login oad-artifact.git ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet e/git se 1644637/b062/vetapi .cfg e/git -1 xterm-color om/org1/repo1 /home/REDACTED/.dotnet/tools/git it/ref/tags/v5 (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login 74/add_comment.js --jq 4007133/b001/importcfg.link se SgKyEYQt-p7NN/8Smcp ache/go/1.25.0/xadd git chec�� fd5c-dirty ache/go/1.25.0/x--registry (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login 11d628d41d032a28 ache/go/1.25.0/x--auto f81581896a570993f9037b78f99a510a725/log.json it/ref/tags/v5 (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Remove support for the COPILOT_CLI_TOKEN environnement variable. No backward compatibility.

Add a note in the docs of copilot about deprecation.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

Changeset

• Type: patch
• Description: Removed support for the COPILOT_CLI_TOKEN environment variable; documentation and tests updated. Users must migrate to COPILOT_GITHUB_TOKEN.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

📰🚀🔍👀📡🕵️ https://github.com/githubnext/gh-aw/actions/runs/20102107761

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

https://github.com/githubnext/gh-aw/tree/copilot/remove-copilot-cli-token

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Add human-friendly schedule format parser for cron expressions with shorthand, duration, UTC offset, and 12-hour time support #5999: Add human-friendly schedule format parser for cron expressions
• Update go-fan workflow to prioritize recently updated dependencies in round-robin selection #6027: Update go-fan workflow to prioritize recently updated dependencies

Tests:

• ✅ GitHub MCP: Retrieved PR data
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file creation
• ✅ Playwright MCP: Navigated to GitHub, verified title
• ✅ Cache Memory: Created and verified cache file
• ✅ gh CLI: Listed issues successfully

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #6030 🗺️

[github-actions]

Smoke Test: Copilot Engine - PASS

Last 2 merged PRs:

• Add human-friendly schedule format parser for cron expressions with shorthand, duration, UTC offset, and 12-hour time support #5999 Add human-friendly schedule format parser
• Update go-fan workflow to prioritize recently updated dependencies in round-robin selection #6027 Update go-fan workflow round-robin selection

✅ GitHub MCP - Last 2 PRs retrieved
✅ File Writing - Test file created successfully
✅ Bash Tool - File verification successful
✅ Cache Memory - Test file created and verified
✅ Available Tools - bash, view, create, edit, grep, glob, github-, safeoutputs-

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #6030 🗺️

[github-actions]

Smoke Test Results (Run 20102107816)

✅ Playwright MCP: Page title verified - "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ Cache Memory: Test file created and verified at /tmp/gh-aw/cache-memory/smoke-test-20102107816.txt
❌ Safe Input gh Tool: Failed with HTTP/HTTPS client error

Overall Status: FAIL (1/3 tests failed)

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #6030 🗺️

[github-actions]

Smoke Test Results

PRs: ❌ (safeinputs-gh tool HTTPS error)
File Write: ✅ Created /tmp/gh-aw/agent/smoke-test-copilot-20102107761.txt
Bash: ✅ File verified successfully
Serena MCP: ❌ (gh-aw binary not available in runner)
safeinputs-gh: ❌ (HTTP/HTTPS client error)

Status: ❌ FAIL - Safe input tools have configuration issues

📰🔥📋 https://github.com/githubnext/gh-aw/actions/runs/20102107761 fer issue #6030 🗺️

[github-actions]

Last merged PRs: Add human-friendly schedule format parser for cron expressions with shorthand, duration, UTC offset, and 12-hour time support; Update go-fan workflow to prioritize recently updated dependencies in round-robin selection
GitHub MCP: ✅
File write + read (/tmp/gh-aw/agent): ✅
Playwright title check: ✅
Cache memory file: ✅
safeinputs-gh issues list: ❌ (command not available)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #6030 🗺️