{"id":50809362,"url":"https://github.com/h8nc4y/windows-github-auth-diagnosis","last_synced_at":"2026-06-13T03:14:29.842Z","repository":{"id":364325062,"uuid":"1261252398","full_name":"h8nc4y/windows-github-auth-diagnosis","owner":"h8nc4y","description":"Codex skill for diagnosing Windows GitHub keyring false negatives","archived":false,"fork":false,"pushed_at":"2026-06-12T14:42:04.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-12T16:25:05.192Z","etag":null,"topics":["agent-tools","codex","github-authentication","powershell","windows"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/h8nc4y.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-06T12:47:20.000Z","updated_at":"2026-06-12T14:42:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/h8nc4y/windows-github-auth-diagnosis","commit_stats":null,"previous_names":["h8nc4y/windows-github-auth-diagnosis"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/h8nc4y/windows-github-auth-diagnosis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h8nc4y%2Fwindows-github-auth-diagnosis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h8nc4y%2Fwindows-github-auth-diagnosis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h8nc4y%2Fwindows-github-auth-diagnosis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h8nc4y%2Fwindows-github-auth-diagnosis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/h8nc4y","download_url":"https://codeload.github.com/h8nc4y/windows-github-auth-diagnosis/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h8nc4y%2Fwindows-github-auth-diagnosis/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34270546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-tools","codex","github-authentication","powershell","windows"],"created_at":"2026-06-13T03:14:28.779Z","updated_at":"2026-06-13T03:14:29.821Z","avatar_url":"https://github.com/h8nc4y.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# windows-github-auth-diagnosis\n\n[![Validate](https://github.com/h8nc4y/windows-github-auth-diagnosis/actions/workflows/validate.yml/badge.svg)](https://github.com/h8nc4y/windows-github-auth-diagnosis/actions/workflows/validate.yml)\n\nA Codex-style skill for diagnosing Windows GitHub authentication false negatives caused by agent or tool sandboxes that cannot read the Windows keyring.\n\n## What It Solves\n\nOn Windows, a sandboxed agent command can make GitHub authentication look broken even when GitHub CLI and Git are correctly authenticated in a normal terminal. This skill gives agents a conservative triage path so they do not immediately ask users to run `gh auth login`, enter OAuth, paste tokens, or reset credentials.\n\n## Who It Is For\n\n- Codex users and maintainers working on Windows.\n- Agent developers whose tools run `gh` or `git` inside a restricted sandbox.\n- Reviewers who need safe public summaries of GitHub authentication problems without exposing tokens, credentials, or real logs.\n\n## Install\n\nClone the repository:\n\n```bash\ngit clone https://github.com/h8nc4y/windows-github-auth-diagnosis.git\ncd windows-github-auth-diagnosis\n```\n\nManual Codex-style skill install on shells with POSIX syntax:\n\n```bash\ndest=\"${HOME}/.agents/skills/windows-github-auth-diagnosis\"\nif [ -e \"$dest\" ]; then\n  echo \"Install target already exists: $dest\"\n  exit 1\nfi\nmkdir -p \"$dest\"\ncp SKILL.md \"$dest/SKILL.md\"\n```\n\nManual Codex-style skill install from PowerShell:\n\n```powershell\n$dest = Join-Path $HOME '.agents\\skills\\windows-github-auth-diagnosis'\nif (Test-Path -LiteralPath $dest) {\n  throw \"Install target already exists: $dest\"\n}\nNew-Item -ItemType Directory -Path $dest | Out-Null\nCopy-Item -LiteralPath .\\SKILL.md -Destination (Join-Path $dest 'SKILL.md')\n```\n\nThe guard is intentional: do not overwrite an existing installed skill without reviewing the local copy first.\n\n## Manual Use\n\nUse the skill when a sandboxed GitHub command reports one of these symptoms:\n\n- HTTP 401 or Bad credentials from `gh auth status` or `gh api`.\n- An invalid default token reported by `gh`.\n- `SEC_E_NO_CREDENTIALS` from Git over HTTPS.\n- A push, fetch, pull, or `ls-remote` failure that appears to be credential-related only inside the sandbox.\n\nFollow the procedure in [SKILL.md](SKILL.md): confirm remote wiring, check credential helpers, then run keyring-capable proof commands without printing tokens.\n\n## Synthetic Examples\n\n- [Diagnosis checklist](examples/diagnosis-checklist.md)\n- [Final report template](examples/final-report-template.md)\n- [Issue-safe summary](examples/issue-safe-summary.md)\n\nThe examples use placeholders only. Do not replace them with secret values, raw auth logs, or customer data in public issues.\n\n## Safety Notes\n\n- Never print token values.\n- Do not use token display commands as part of diagnosis.\n- Do not enter OAuth or token-input loops based only on sandbox failures.\n- Do not post real authentication logs, credentials, cookies, screenshots, or customer data in public issues.\n- Treat each environment's cost, secret, OAuth, and data-handling policy as authoritative.\n\n## Limitations\n\n- This skill does not repair expired, revoked, or missing GitHub credentials.\n- It does not bypass branch protection, missing repository permission, missing token scopes, network outages, or agent approval-layer blocks.\n- It assumes a keyring-capable proof path exists. If every available path is sandboxed or blocked, report that limitation explicitly.\n- It focuses on GitHub CLI and Git over HTTPS on Windows. SSH-specific failures need separate diagnosis.\n\n## Non-Goals\n\n- No GitHub Release creation.\n- No Marketplace registration.\n- No package publishing.\n- No credential storage or token management.\n- No advice to rotate or reset credentials unless a real exposure or proven credential failure exists.\n\n## Validation\n\nRun the full local validation from the repository root:\n\n```powershell\npowershell -NoProfile -ExecutionPolicy Bypass -File .\\scripts\\validate-oss-readiness.ps1\npowershell -NoProfile -ExecutionPolicy Bypass -File .\\scripts\\test-scan-private-markers.ps1\npowershell -NoProfile -ExecutionPolicy Bypass -File .\\scripts\\scan-private-markers.ps1\n```\n\nIf `pwsh` is available, the same checks can be run with:\n\n```powershell\npwsh -NoProfile -File .\\scripts\\validate-oss-readiness.ps1\npwsh -NoProfile -File .\\scripts\\test-scan-private-markers.ps1\npwsh -NoProfile -File .\\scripts\\scan-private-markers.ps1\n```\n\nAlso run a skill frontmatter validation tool when available, and run Git whitespace checks before publishing:\n\n```bash\ngit diff --check\n```\n\nThe GitHub Actions workflow runs the same local validation, scan self-test, private-marker scan, and whitespace check on pull requests and pushes to `main`.\n\n## Contributing\n\nContributions are welcome when they make the diagnosis safer, clearer, or easier to verify. Read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request.\n\nKeep all examples synthetic. Do not include tokens, credentials, auth cookies, private keys, OAuth codes, raw credential logs, customer data, private repository names, internal paths, or screenshots of credential stores.\n\nFor local-only private markers, create an untracked `.private-markers.local` file with one literal marker per line, or set `WINDOWS_GITHUB_AUTH_DIAGNOSIS_PRIVATE_MARKERS` with newline-separated markers. The scanner reads these values but does not print the matched marker.\n\n## Security\n\nThis repository is about credential-sensitive behavior. If you find a vulnerability, unsafe guidance, or accidental secret exposure, follow [SECURITY.md](SECURITY.md) and use private reporting for sensitive details.\n\nPublic issues should summarize command classes, error classes, classification, and safe next steps only.\n\n## License\n\nMIT. See [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh8nc4y%2Fwindows-github-auth-diagnosis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fh8nc4y%2Fwindows-github-auth-diagnosis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh8nc4y%2Fwindows-github-auth-diagnosis/lists"}