fix: rewrite Copilot driver with OAuth device flow authentication#1017
Open
dmbutko wants to merge 2 commits intoRightNow-AI:mainfrom
Open
fix: rewrite Copilot driver with OAuth device flow authentication#1017dmbutko wants to merge 2 commits intoRightNow-AI:mainfrom
dmbutko wants to merge 2 commits intoRightNow-AI:mainfrom
Conversation
The Copilot LLM driver was broken - it expected users to provide a GITHUB_TOKEN env var, but no standard token type (PAT, gh CLI token) works with the Copilot token exchange endpoint. Changes: - Full rewrite of copilot.rs with OAuth device flow using Copilot's client ID (Iv1.b507a08c87ecfe98) - Three-layer token chain: ghu_ (8h) -> Copilot API token (30min), with automatic caching and refresh - Dynamic model fetching from Copilot API on daemon startup and on model_not_supported error - Init wizard: TUI auth screen with device code display, live model picker after authentication - set-key command: interactive device flow for github-copilot provider - Doctor: detects Copilot auth via persisted token file - Removed static Copilot model entries (now fetched dynamically) - Simplified driver instantiation (no env vars needed) Tested end-to-end with Copilot Enterprise: auth, token exchange, 43 models fetched, completions working with claude-opus-4.6-1m. Closes RightNow-AI#1014 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…pilot proxy The Copilot API proxy rejects conversations ending with an empty assistant message as unsupported 'assistant message prefill' when proxying Claude and Gemini models. GPT models are unaffected. Strips trailing empty assistant messages (no content, no tool calls) before sending the request. Applied in both complete() and stream() paths. Also reverts unused fixup_request method from copilot.rs since the fix belongs in the OpenAI driver layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Complete rewrite of the GitHub Copilot LLM driver to fix broken authentication and add proper OAuth device flow support.
Before: The driver expected a
GITHUB_TOKENenv var, but no standard token type (PAT, fine-grained PAT,ghCLI token) works with the Copilot token exchange endpoint. Users couldn't use Copilot at all.After: Zero-config authentication via OAuth device flow. User runs
openfang config set-key github-copilotor selects Copilot duringopenfang init, authorizes in their browser, and it just works.What changed
Driver (
copilot.rs) — full rewriteIv1.b507a08c87ecfe98)ghu_access token → Copilot API token (tid=...), both cached automatically~/.openfang/.copilot-tokens.json(0600 permissions)Editor-Version/Editor-Plugin-Version/Copilot-Integration-Idheadersendpoints.api) — works with Individual, Business, and Enterprise plansDynamic model catalog
{endpoints.api}/modelson daemon startupmodel_not_supportederror (retry once with updated list)copilot/gpt-4oandcopilot/gpt-4static entriesmerge_discovered_models()to populate catalog at runtimeInit wizard (
init_wizard.rs)CopilotAuthTUI step between provider selection and model picker[Enter]to open browser (doesn't auto-open)CLI integration
openfang config set-key github-copilot— runs interactive device flowopenfang doctor— checks for Copilot auth token file, shows ✔ if authenticatedmod.rs— no env vars neededModel catalog cleanup
copilot→gpt-4o)Testing
Tested end-to-end on Windows (x64 cross-compiled) with GitHub Copilot Enterprise:
copilot_internal/v2/token)openfang initfull wizard flowopenfang config set-key github-copilotopenfang doctoropenfang start(daemon boot with model fetch)/modelswitcher in chat TUIWhy not use the Copilot SDK?
The official
@github/copilot-sdkis TypeScript/Node and spawns the Copilot CLI as a subprocess. OpenFang is Rust and only needs Copilot as a completion endpoint. Direct API integration is simpler and has no Node.js dependency.Why this client ID?
Iv1.b507a08c87ecfe98is the VS Code Copilot extension's OAuth App client ID. Thecopilot_internal/v2/tokenendpoint only acceptsghu_tokens from this specific app — custom OAuth Apps producegho_tokens which are rejected with 404. This is the same approach used by shell-ask, aider, continue.dev, and every other non-SDK Copilot integration.Closes #1014