[cli-tools-test] logs tool returns cryptic "exit status 1" error when GitHub CLI authentication is missing

[github-actions]

Problem Description

The logs MCP tool (and gh aw logs CLI command) fails with an unhelpful error message when GitHub CLI authentication is not configured. The underlying gh run list command exits with status 1 and prints an actionable message to stderr, but this information is not surfaced to the user.

Command/Tool

• Tool: logs
• MCP error: McpError: MCP error -32603: calling "tools/call": failed to download workflow logs: exit status 1

Steps to Reproduce

1. Run the logs MCP tool in an environment where GH_TOKEN/GITHUB_TOKEN is not set
2. Observe the error output

MCP server 'agenticworkflows': McpError: MCP error -32603: calling "tools/call": failed to download workflow logs: exit status 1
```

## Expected Behavior

The error should include the underlying reason from the `gh` CLI, such as:

```
failed to download workflow logs: GitHub CLI authentication required.
To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable.
Example: env: GH_TOKEN: $\{\{ github.token }}

Actual Behavior

The error message exit status 1 is opaque and gives no indication of what went wrong or how to fix it. Users are left to guess why logs download failed.

Root Cause

The logs download command runs gh run list (or similar), which exits with status 1 and prints an actionable message to stderr. However, the calling code only captures the exit code without capturing stderr output.

Fix Suggestion

Capture the combined stdout/stderr from the gh CLI subprocess and include it in the error message. Using cmd.CombinedOutput() instead of cmd.Run() (or ensuring stderr is captured) would surface the actionable message from gh.

Environment

• Repository: github/gh-aw
• Run ID: 22979850751
• Date: 2026-03-11
• gh version: 2.87.3

Impact

• Severity: Medium
• Frequency: Always (when GH_TOKEN is not set)
• Workaround: Ensure GH_TOKEN or GITHUB_TOKEN is set in the environment

Additional Context

This was discovered during daily exploratory testing of the audit, logs, and compile MCP tools. The compile and audit tools work correctly. All logs-related test cases (basic download, filtered queries, edge cases) failed with the same cryptic error, making it impossible to verify log download functionality without first diagnosing the authentication issue manually.

Generated by Daily CLI Tools Exploratory Tester · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

• expires on Mar 18, 2026, 11:57 PM UTC