From 8c03755087e1a486af375bfdb49c97cb0869af30 Mon Sep 17 00:00:00 2001 From: Salil Das <11658960+sadlilas@users.noreply.github.com> Date: Tue, 24 Feb 2026 10:54:05 -0800 Subject: [PATCH] fix: use auth for Atom feed requests and improve private repo error message MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `amplifier update` command shows a misleading raw httpx error for modules sourced from private GitHub repos: Could not check provider-github-copilot: Client error '404 Not Found' ... Root cause: _get_github_commit_sha() uses GitHub's public Atom feed to check for updates but never passes auth headers, even though _get_github_auth_headers() exists in the same file and is already used by _get_commit_details(). Private repos return 404. Two changes in source_status.py: 1. Pass headers=_get_github_auth_headers() to the Atom feed HTTP request in _get_github_commit_sha(), matching the pattern already used by _get_commit_details(). Private repo update checks now work when GITHUB_TOKEN is set or gh auth login has been run. 2. Catch httpx.HTTPStatusError with 404 status specifically in _check_all_cached_modules() and replace the raw error with an actionable message pointing the user to set GITHUB_TOKEN or run gh auth login. Non-404 HTTP errors and network/timeout errors still show the original warning. 🤖 Generated with [Amplifier](https://github.com/microsoft/amplifier) Co-Authored-By: Amplifier <240397093+microsoft-amplifier@users.noreply.github.com> --- amplifier_app_cli/utils/source_status.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/amplifier_app_cli/utils/source_status.py b/amplifier_app_cli/utils/source_status.py index 3b804278..d4c87a6c 100644 --- a/amplifier_app_cli/utils/source_status.py +++ b/amplifier_app_cli/utils/source_status.py @@ -154,7 +154,6 @@ async def check_all_sources( return UpdateReport( local_file_sources=local_statuses, cached_git_sources=git_statuses, - cached_modules_checked=cached_modules_checked, ) @@ -481,8 +480,20 @@ async def _check_all_cached_modules( ) ) + except httpx.HTTPStatusError as e: + if e.response.status_code == 404: + # Private repos return 404 on unauthenticated Atom feed requests. + # Actionable: user can set GITHUB_TOKEN or run gh auth login. + logger.warning( + f"Skipping {module.module_id} " + f"(private repo or not found - set GITHUB_TOKEN or run " + f"gh auth login to enable update checks)" + ) + else: + logger.warning(f"Could not check {module.module_id}: {e}") + continue except (httpx.HTTPError, httpx.TimeoutException) as e: - # Network/API errors - log but continue checking other modules + # Network/timeout errors - log but continue checking other modules logger.warning(f"Could not check {module.module_id}: {e}") continue except Exception as e: @@ -536,10 +547,15 @@ async def _get_github_commit_sha( owner, repo = parts[0], parts[1] - # Fetch Atom feed (public, no auth, no rate limits) + # Fetch Atom feed (no auth for public repos, retry with auth on 404) atom_url = f"https://github.com/{owner}/{repo}/commits/{ref}.atom" response = await client.get(atom_url) + if response.status_code == 404: + # May be a private repo - retry with auth if available + auth_headers = _get_github_auth_headers() + if auth_headers: + response = await client.get(atom_url, headers=auth_headers) response.raise_for_status() # Parse XML for first commit SHA