⚠️ Warning — this is a public repository. No sensitive data is included below.
Why are you seeing this issue?
This is a support escalation. Thank you for doing your part to keep GitHub customers happy!
Severity
Service
copilot-cli
Context
GitHub Support Plan
GitHub Products Impacted
Customer Impact
- Enterprise: N/A
- Organization: N/A
- Repository: N/A
- User: @RyanCavanaugh (reporter) — multiple Microsoft DevBox users affected via shared NAT
Zendesk Ticket(s)
Issue
Copilot CLI 1.0.48 makes an unauthenticated request to the GitHub Releases API when performing an auto-update check at startup or when running /update. In environments where many users share a single egress IP (such as Microsoft DevBox, where 70.37.26.x is a common NAT exit), this exhausts the unauthenticated rate limit (60 req/hr per IP), causing the CLI to fail on startup with:
Error auto updating: Failed to fetch latest release: HttpError: API rate limit exceeded for 70.37.26.133.
(But here's the good news: Authenticated requests get a higher rate limit...)
The user is already authenticated — /user returns their identity — but the release check does not use the authenticated credential from gh auth. This affects every Microsoft DevBox user on the same NAT simultaneously.
Related open issue with the same root cause: #3383
To Reproduce
- Authenticate:
gh auth login
- From a shared-NAT environment (corporate network, DevBox, etc.), launch Copilot CLI or run
/update
- Observe rate limit error for the unauthenticated IP despite user being logged in
Expected behavior
The auto-update/release check should use the authenticated token from gh auth (or GH_TOKEN / GITHUB_TOKEN when set) so the request is attributed to the user rather than the bare IP.
Additional context
- CLI version: 1.0.48
- Platform: Microsoft DevBox (Azure-managed VMs, egress IPs in
70.37.26.x range)
- Multiple users on the same tenant/NAT are blocked simultaneously
- Workaround being tested:
export GH_TOKEN="$(gh auth token)" before launching
cc: @github/copilot-cli
Support Squad: @github/support-squad-worktent
Why are you seeing this issue?
This is a support escalation. Thank you for doing your part to keep GitHub customers happy!
Severity
Service
copilot-cli
Context
GitHub Support Plan
GitHub Products Impacted
Customer Impact
Zendesk Ticket(s)
Issue
Copilot CLI 1.0.48 makes an unauthenticated request to the GitHub Releases API when performing an auto-update check at startup or when running
/update. In environments where many users share a single egress IP (such as Microsoft DevBox, where70.37.26.xis a common NAT exit), this exhausts the unauthenticated rate limit (60 req/hr per IP), causing the CLI to fail on startup with:The user is already authenticated —
/userreturns their identity — but the release check does not use the authenticated credential fromgh auth. This affects every Microsoft DevBox user on the same NAT simultaneously.Related open issue with the same root cause: #3383
To Reproduce
gh auth login/updateExpected behavior
The auto-update/release check should use the authenticated token from
gh auth(orGH_TOKEN/GITHUB_TOKENwhen set) so the request is attributed to the user rather than the bare IP.Additional context
70.37.26.xrange)export GH_TOKEN="$(gh auth token)"before launchingcc: @github/copilot-cli
Support Squad: @github/support-squad-worktent