[C#] MSBuild task to download Copilt CLI does not work with authenticated npm feeds #921
Description
By policy I'm required to not use the npmjs registry and use a private mirror. This mirror requires authentication.
The C# SDK uses MSBuild's DownloadFile task which does a raw unauthenticated HTTP GET. CopilotNpmRegistryUrl lets you redirect to a private feed, but there's no way to pass credentials.
Further, CopilotSkipCliDownload=true skips the download but ALSO skips _CopyCopilotCliToOutput and _RegisterCopilotCliForCopy so the CLI never lands in the build output. _CopilotCliBinaryPath is also unconditionally overwritten inside the target's PropertyGroup so you can't set it externally.
Possible fixes
1. Honor externally-set _CopilotCliBinaryPath
Add Condition="'$(_CopilotCliBinaryPath)' == ''" to the PropertyGroup that sets it. Users with a pre-downloaded binary just set the env var, download is skipped, copy-to-output still works.
2. Better: use npm instead of DownloadFile
If instead of using DownloadFile we Exec for npm, npm pack could use its native credential handling in conjunction with the already supported CopilotNpmRegistryUrl
3. Best: ship per-RID NuGet packages
Bundle the CLI binary in runtime-specific NuGet packages (GitHub.Copilot.CLI.win-x64, etc.) and use standard NuGet restore. No npm, no download. This is the idiomatic way to ship a native binary with NuGet. Scenarios that don't need a Copilot install can simply not add or exclude the native assets for the PackageReference.