diff --git a/CHANGELOG.md b/CHANGELOG.md index 635e5619291..c35704c069b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -68,6 +68,7 @@ Docs: https://docs.openclaw.ai - Gateway/plugin routes: keep gateway-auth plugin runtime routes on write-only fallback scopes unless a trusted-proxy caller explicitly declares narrower `x-openclaw-scopes`, so plugin HTTP handlers no longer mint admin-level runtime scopes on missing or untrusted HTTP scope headers. (#59815) Thanks @pgondhi987. - Agents/exec approvals: let `exec-approvals.json` agent security override stricter gateway tool defaults so approved subagents can use `security: "full"` without falling back to allowlist enforcement again. (#60310) Thanks @lml2468. - Tasks/maintenance: reconcile stale cron and chat-backed CLI task rows against live cron-job and agent-run ownership instead of treating any persisted session key as proof that the task is still running. (#60310) Thanks @lml2468. +- Providers/GitHub Copilot: send IDE identity headers on runtime model requests and GitHub token exchange so IDE-authenticated Copilot runs stop failing with missing `Editor-Version`. (#60641) Thanks @VACInc and @vincentkoc. - Prompt caching: route Codex Responses and Anthropic Vertex through boundary-aware cache shaping, and report the actual outbound system prompt in cache traces so cache reuse and misses line up with what providers really receive. Thanks @vincentkoc. ## 2026.4.2 diff --git a/extensions/github-copilot/stream.test.ts b/extensions/github-copilot/stream.test.ts index 578460472e5..f48043f4da5 100644 --- a/extensions/github-copilot/stream.test.ts +++ b/extensions/github-copilot/stream.test.ts @@ -1,4 +1,5 @@ import { describe, expect, it, vi } from "vitest"; +import { buildCopilotDynamicHeaders } from "openclaw/plugin-sdk/provider-stream"; import { wrapCopilotAnthropicStream } from "./stream.js"; describe("wrapCopilotAnthropicStream", () => { @@ -33,6 +34,10 @@ describe("wrapCopilotAnthropicStream", () => { }, ], } as never; + const expectedCopilotHeaders = buildCopilotDynamicHeaders({ + messages: context.messages as Parameters[0]["messages"], + hasImages: true, + }); wrapped( { @@ -49,9 +54,7 @@ describe("wrapCopilotAnthropicStream", () => { expect(baseStreamFn).toHaveBeenCalledOnce(); expect(baseStreamFn.mock.calls[0]?.[2]).toMatchObject({ headers: { - "X-Initiator": "user", - "Openai-Intent": "conversation-edits", - "Copilot-Vision-Request": "true", + ...expectedCopilotHeaders, "X-Test": "1", }, }); diff --git a/src/agents/copilot-dynamic-headers.ts b/src/agents/copilot-dynamic-headers.ts index c6551ebb64a..647198b5f51 100644 --- a/src/agents/copilot-dynamic-headers.ts +++ b/src/agents/copilot-dynamic-headers.ts @@ -1,5 +1,9 @@ import type { Context } from "@mariozechner/pi-ai"; +export const COPILOT_EDITOR_VERSION = "vscode/1.96.2"; +export const COPILOT_USER_AGENT = "GitHubCopilotChat/0.26.7"; +export const COPILOT_GITHUB_API_VERSION = "2025-04-01"; + function inferCopilotInitiator(messages: Context["messages"]): "agent" | "user" { const last = messages[messages.length - 1]; return last && last.role !== "user" ? "agent" : "user"; @@ -17,11 +21,24 @@ export function hasCopilotVisionInput(messages: Context["messages"]): boolean { }); } +export function buildCopilotIdeHeaders( + params: { + includeApiVersion?: boolean; + } = {}, +): Record { + return { + "Editor-Version": COPILOT_EDITOR_VERSION, + "User-Agent": COPILOT_USER_AGENT, + ...(params.includeApiVersion ? { "X-Github-Api-Version": COPILOT_GITHUB_API_VERSION } : {}), + }; +} + export function buildCopilotDynamicHeaders(params: { messages: Context["messages"]; hasImages: boolean; }): Record { return { + ...buildCopilotIdeHeaders(), "X-Initiator": inferCopilotInitiator(params.messages), "Openai-Intent": "conversation-edits", ...(params.hasImages ? { "Copilot-Vision-Request": "true" } : {}), diff --git a/src/agents/github-copilot-token.test.ts b/src/agents/github-copilot-token.test.ts index daba16f4947..ef871b7d2c9 100644 --- a/src/agents/github-copilot-token.test.ts +++ b/src/agents/github-copilot-token.test.ts @@ -1,4 +1,5 @@ import { describe, expect, it, vi } from "vitest"; +import { buildCopilotIdeHeaders } from "./copilot-dynamic-headers.js"; import { deriveCopilotApiBaseUrlFromToken, resolveCopilotApiToken, @@ -45,4 +46,34 @@ describe("resolveCopilotApiToken", () => { expect(result.expiresAt).toBe(12_345_678_901_000); }); + + it("sends IDE headers when exchanging the GitHub token", async () => { + const fetchImpl = vi.fn(async () => ({ + ok: true, + json: async () => ({ + token: "copilot-token", + expires_at: Math.floor(Date.now() / 1000) + 3600, + }), + })); + + await resolveCopilotApiToken({ + githubToken: "github-token", + cachePath: "/tmp/github-copilot-token-test.json", + loadJsonFileImpl: () => undefined, + saveJsonFileImpl: () => undefined, + fetchImpl: fetchImpl as unknown as typeof fetch, + }); + + expect(fetchImpl).toHaveBeenCalledWith( + "https://api.github.com/copilot_internal/v2/token", + expect.objectContaining({ + method: "GET", + headers: expect.objectContaining({ + Accept: "application/json", + Authorization: "Bearer github-token", + ...buildCopilotIdeHeaders({ includeApiVersion: true }), + }), + }), + ); + }); }); diff --git a/src/agents/github-copilot-token.ts b/src/agents/github-copilot-token.ts index d600a7d72da..f1874cd9df3 100644 --- a/src/agents/github-copilot-token.ts +++ b/src/agents/github-copilot-token.ts @@ -1,6 +1,7 @@ import path from "node:path"; import { resolveStateDir } from "../config/paths.js"; import { loadJsonFile, saveJsonFile } from "../infra/json-file.js"; +import { buildCopilotIdeHeaders } from "./copilot-dynamic-headers.js"; import { resolveProviderEndpoint } from "./provider-attribution.js"; const COPILOT_TOKEN_URL = "https://api.github.com/copilot_internal/v2/token"; @@ -135,6 +136,7 @@ export async function resolveCopilotApiToken(params: { headers: { Accept: "application/json", Authorization: `Bearer ${params.githubToken}`, + ...buildCopilotIdeHeaders({ includeApiVersion: true }), }, });