fix(github-copilot): send IDE auth headers on runtime requests (#60755)

* Fix Copilot IDE auth headers

* fix(github-copilot): align tests and changelog

* fix(changelog): scope copilot replacement entry

---------

Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com>

CHANGELOG.md

@@ -68,6 +68,7 @@ Docs: https://docs.openclaw.ai
 - Gateway/plugin routes: keep gateway-auth plugin runtime routes on write-only fallback scopes unless a trusted-proxy caller explicitly declares narrower `x-openclaw-scopes`, so plugin HTTP handlers no longer mint admin-level runtime scopes on missing or untrusted HTTP scope headers. (#59815) Thanks @pgondhi987.
 - Agents/exec approvals: let `exec-approvals.json` agent security override stricter gateway tool defaults so approved subagents can use `security: "full"` without falling back to allowlist enforcement again. (#60310) Thanks @lml2468.
 - Tasks/maintenance: reconcile stale cron and chat-backed CLI task rows against live cron-job and agent-run ownership instead of treating any persisted session key as proof that the task is still running. (#60310) Thanks @lml2468.
+- Providers/GitHub Copilot: send IDE identity headers on runtime model requests and GitHub token exchange so IDE-authenticated Copilot runs stop failing with missing `Editor-Version`. (#60641) Thanks @VACInc and @vincentkoc.
 - Prompt caching: route Codex Responses and Anthropic Vertex through boundary-aware cache shaping, and report the actual outbound system prompt in cache traces so cache reuse and misses line up with what providers really receive. Thanks @vincentkoc.
 
 ## 2026.4.2

extensions/github-copilot/stream.test.ts

@@ -1,4 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
+import { buildCopilotDynamicHeaders } from "openclaw/plugin-sdk/provider-stream";
 import { wrapCopilotAnthropicStream } from "./stream.js";
 
 describe("wrapCopilotAnthropicStream", () => {
@@ -33,6 +34,10 @@ describe("wrapCopilotAnthropicStream", () => {
         },
       ],
     } as never;
+    const expectedCopilotHeaders = buildCopilotDynamicHeaders({
+      messages: context.messages as Parameters<typeof buildCopilotDynamicHeaders>[0]["messages"],
+      hasImages: true,
+    });
 
     wrapped(
       {
@@ -49,9 +54,7 @@ describe("wrapCopilotAnthropicStream", () => {
     expect(baseStreamFn).toHaveBeenCalledOnce();
     expect(baseStreamFn.mock.calls[0]?.[2]).toMatchObject({
       headers: {
-        "X-Initiator": "user",
-        "Openai-Intent": "conversation-edits",
-        "Copilot-Vision-Request": "true",
+        ...expectedCopilotHeaders,
         "X-Test": "1",
       },
     });

src/agents/copilot-dynamic-headers.ts

@@ -1,5 +1,9 @@
 import type { Context } from "@mariozechner/pi-ai";
 
+export const COPILOT_EDITOR_VERSION = "vscode/1.96.2";
+export const COPILOT_USER_AGENT = "GitHubCopilotChat/0.26.7";
+export const COPILOT_GITHUB_API_VERSION = "2025-04-01";
+
 function inferCopilotInitiator(messages: Context["messages"]): "agent" | "user" {
   const last = messages[messages.length - 1];
   return last && last.role !== "user" ? "agent" : "user";
@@ -17,11 +21,24 @@ export function hasCopilotVisionInput(messages: Context["messages"]): boolean {
   });
 }
 
+export function buildCopilotIdeHeaders(
+  params: {
+    includeApiVersion?: boolean;
+  } = {},
+): Record<string, string> {
+  return {
+    "Editor-Version": COPILOT_EDITOR_VERSION,
+    "User-Agent": COPILOT_USER_AGENT,
+    ...(params.includeApiVersion ? { "X-Github-Api-Version": COPILOT_GITHUB_API_VERSION } : {}),
+  };
+}
+
 export function buildCopilotDynamicHeaders(params: {
   messages: Context["messages"];
   hasImages: boolean;
 }): Record<string, string> {
   return {
+    ...buildCopilotIdeHeaders(),
     "X-Initiator": inferCopilotInitiator(params.messages),
     "Openai-Intent": "conversation-edits",
     ...(params.hasImages ? { "Copilot-Vision-Request": "true" } : {}),

src/agents/github-copilot-token.test.ts

@@ -1,4 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
+import { buildCopilotIdeHeaders } from "./copilot-dynamic-headers.js";
 import {
   deriveCopilotApiBaseUrlFromToken,
   resolveCopilotApiToken,
@@ -45,4 +46,34 @@ describe("resolveCopilotApiToken", () => {
 
     expect(result.expiresAt).toBe(12_345_678_901_000);
   });
+
+  it("sends IDE headers when exchanging the GitHub token", async () => {
+    const fetchImpl = vi.fn(async () => ({
+      ok: true,
+      json: async () => ({
+        token: "copilot-token",
+        expires_at: Math.floor(Date.now() / 1000) + 3600,
+      }),
+    }));
+
+    await resolveCopilotApiToken({
+      githubToken: "github-token",
+      cachePath: "/tmp/github-copilot-token-test.json",
+      loadJsonFileImpl: () => undefined,
+      saveJsonFileImpl: () => undefined,
+      fetchImpl: fetchImpl as unknown as typeof fetch,
+    });
+
+    expect(fetchImpl).toHaveBeenCalledWith(
+      "https://api.github.com/copilot_internal/v2/token",
+      expect.objectContaining({
+        method: "GET",
+        headers: expect.objectContaining({
+          Accept: "application/json",
+          Authorization: "Bearer github-token",
+          ...buildCopilotIdeHeaders({ includeApiVersion: true }),
+        }),
+      }),
+    );
+  });
 });

src/agents/github-copilot-token.ts

@@ -1,6 +1,7 @@
 import path from "node:path";
 import { resolveStateDir } from "../config/paths.js";
 import { loadJsonFile, saveJsonFile } from "../infra/json-file.js";
+import { buildCopilotIdeHeaders } from "./copilot-dynamic-headers.js";
 import { resolveProviderEndpoint } from "./provider-attribution.js";
 
 const COPILOT_TOKEN_URL = "https://api.github.com/copilot_internal/v2/token";
@@ -135,6 +136,7 @@ export async function resolveCopilotApiToken(params: {
     headers: {
       Accept: "application/json",
       Authorization: `Bearer ${params.githubToken}`,
+      ...buildCopilotIdeHeaders({ includeApiVersion: true }),
     },
   });