Describe the bug
Adding a plugin marketplace from a private Azure DevOps HTTPS repository fails even though cloning the same repository manually succeeds using Git Credential Manager.
This appears to be a regression related to the v1.0.70 change:
Fail fast when marketplace plugin git auth needs a terminal prompt
The current implementation disables credential helpers entirely, including helpers that can authenticate non-interactively using cached credentials.
Environment
• GitHub Copilot CLI: 1.0.71-0
• OS: Windows
• Git: 2.54.0.vfs.0.4
• Git Credential Manager: 2.8.0
• Git host: Private Azure DevOps repository over HTTPS
Reproduction
copilot plugin marketplace add "https://dev.azure.com///_git/"
The equivalent interactive command also fails:
/plugin marketplace add https://dev.azure.com///_git/
Actual result
Failed to add marketplace: Failed to fetch git marketplace from the provided URL.
Please verify that the URL and reference are correct.
Details: Command failed: git clone --depth 1 --progress
Cloning into ''...
fatal: unable to get password from user
Expected result
Copilot CLI should use the configured Git credential chain. Cached credentials that require no interaction should continue to work.
If authentication would require an actual prompt, the operation can then fail immediately.
Investigation and root cause
The URL, repository permissions, Git configuration, and cached credentials were verified independently.
A normal clone succeeds:
git clone "https://dev.azure.com///_git/"
Git Credential Manager diagnostics also pass, and a credential can be returned with all interaction disabled:
$env:GIT_TERMINAL_PROMPT = "0"
$env:GCM_INTERACTIVE = "Never"
@"
protocol=https
host=dev.azure.com
path=//_git/
"@ | git credential fill
This successfully returns a cached username and credential.
Running the Copilot marketplace command with GIT_TRACE2_EVENT revealed the actual Git invocation:
git.exe
-c credential.helper=
-c core.askPass=
-c credential.interactive=never
clone --depth 1 --progress
The command-level setting:
-c credential.helper=
resets the credential-helper list and overrides both system and global configuration such as:
credential.helper=manager
Consequently, Git Credential Manager is never invoked. Git then cannot obtain a password because interactive prompting has also been disabled, resulting in:
fatal: unable to get password from user
This affects cached, fully non-interactive credentials—not only authentication flows that require a terminal prompt.
Suspected regression
Copilot CLI v1.0.70, released July 10, 2026, contains this release-note entry:
Fail fast when marketplace plugin git auth needs a terminal prompt
This behavior was reproduced with v1.0.71-0 and appears to be an overly broad implementation of that change.
The official marketplace documentation also supports arbitrary Git URLs but does not document that HTTPS credential helpers are disabled:
https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing
Workaround
Clone the repository manually, then register it as a local marketplace:
git clone "https://dev.azure.com/<organization>/<project>/_git/<repository>"
"$env:LOCALAPPDATA\copilot\marketplace-sources<marketplace>"
copilot plugin marketplace add `
"$env:LOCALAPPDATA\copilot\marketplace-sources<marketplace>"
This works because the manual clone uses Git Credential Manager normally.
SSH URLs may provide another workaround when Azure DevOps SSH authentication is configured. Embedding a PAT in the URL is not a desirable workaround because it can expose the token through command history, logs, process arguments, or saved marketplace configuration.
Suggested fix
Do not reset credential.helper when invoking Git. Preserve the configured credential chain while suppressing interactive prompting, for example by using:
GIT_TERMINAL_PROMPT=0
GCM_INTERACTIVE=Never
or an equivalent non-interactive configuration.
This would allow cached credential helpers to authenticate while still failing quickly when user interaction is genuinely required.
Affected version
GitHub Copilot CLI 1.0.70-0
Steps to reproduce the behavior
copilot plugin marketplace add "https://dev.azure.com///_git/"
The equivalent interactive command also fails:
/plugin marketplace add https://dev.azure.com///_git/
Actual result -
Failed to add marketplace: Failed to fetch git marketplace from the provided URL.
Please verify that the URL and reference are correct.
Details: Command failed: git clone --depth 1 --progress
Cloning into ''...
fatal: unable to get password from user
Expected behavior
Copilot CLI should use the configured Git credential chain. Cached credentials that require no interaction should continue to work.
If authentication would require an actual prompt, the operation can then fail immediately.
Additional context
No response
Describe the bug
Adding a plugin marketplace from a private Azure DevOps HTTPS repository fails even though cloning the same repository manually succeeds using Git Credential Manager.
This appears to be a regression related to the v1.0.70 change:
Fail fast when marketplace plugin git auth needs a terminal prompt
The current implementation disables credential helpers entirely, including helpers that can authenticate non-interactively using cached credentials.
Environment
• GitHub Copilot CLI: 1.0.71-0
• OS: Windows
• Git: 2.54.0.vfs.0.4
• Git Credential Manager: 2.8.0
• Git host: Private Azure DevOps repository over HTTPS
Reproduction
copilot plugin marketplace add "https://dev.azure.com///_git/"
The equivalent interactive command also fails:
/plugin marketplace add https://dev.azure.com///_git/
Actual result
Failed to add marketplace: Failed to fetch git marketplace from the provided URL.
Please verify that the URL and reference are correct.
Details: Command failed: git clone --depth 1 --progress
Cloning into ''...
fatal: unable to get password from user
Expected result
Copilot CLI should use the configured Git credential chain. Cached credentials that require no interaction should continue to work.
If authentication would require an actual prompt, the operation can then fail immediately.
Investigation and root cause
The URL, repository permissions, Git configuration, and cached credentials were verified independently.
A normal clone succeeds:
git clone "https://dev.azure.com///_git/"
Git Credential Manager diagnostics also pass, and a credential can be returned with all interaction disabled:
$env:GIT_TERMINAL_PROMPT = "0"
$env:GCM_INTERACTIVE = "Never"
@"
protocol=https
host=dev.azure.com
path=//_git/
"@ | git credential fill
This successfully returns a cached username and credential.
Running the Copilot marketplace command with GIT_TRACE2_EVENT revealed the actual Git invocation:
git.exe
-c credential.helper=
-c core.askPass=
-c credential.interactive=never
clone --depth 1 --progress
The command-level setting:
-c credential.helper=
resets the credential-helper list and overrides both system and global configuration such as:
credential.helper=manager
Consequently, Git Credential Manager is never invoked. Git then cannot obtain a password because interactive prompting has also been disabled, resulting in:
fatal: unable to get password from user
This affects cached, fully non-interactive credentials—not only authentication flows that require a terminal prompt.
Suspected regression
Copilot CLI v1.0.70, released July 10, 2026, contains this release-note entry:
Fail fast when marketplace plugin git auth needs a terminal prompt
This behavior was reproduced with v1.0.71-0 and appears to be an overly broad implementation of that change.
The official marketplace documentation also supports arbitrary Git URLs but does not document that HTTPS credential helpers are disabled:
https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing
Workaround
Clone the repository manually, then register it as a local marketplace:
git clone
"https://dev.azure.com/<organization>/<project>/_git/<repository>""$env:LOCALAPPDATA\copilot\marketplace-sources<marketplace>"
copilot plugin marketplace add `
"$env:LOCALAPPDATA\copilot\marketplace-sources<marketplace>"
This works because the manual clone uses Git Credential Manager normally.
SSH URLs may provide another workaround when Azure DevOps SSH authentication is configured. Embedding a PAT in the URL is not a desirable workaround because it can expose the token through command history, logs, process arguments, or saved marketplace configuration.
Suggested fix
Do not reset credential.helper when invoking Git. Preserve the configured credential chain while suppressing interactive prompting, for example by using:
GIT_TERMINAL_PROMPT=0
GCM_INTERACTIVE=Never
or an equivalent non-interactive configuration.
This would allow cached credential helpers to authenticate while still failing quickly when user interaction is genuinely required.
Affected version
GitHub Copilot CLI 1.0.70-0
Steps to reproduce the behavior
copilot plugin marketplace add "https://dev.azure.com///_git/"
The equivalent interactive command also fails:
/plugin marketplace add https://dev.azure.com///_git/
Actual result -
Failed to add marketplace: Failed to fetch git marketplace from the provided URL.
Please verify that the URL and reference are correct.
Details: Command failed: git clone --depth 1 --progress
Cloning into ''...
fatal: unable to get password from user
Expected behavior
Copilot CLI should use the configured Git credential chain. Cached credentials that require no interaction should continue to work.
If authentication would require an actual prompt, the operation can then fail immediately.
Additional context
No response