fix: improve GitHub Copilot integration
This commit is contained in:
Peter Steinberger
@@ -1,4 +1,4 @@
|
||||
import { intro, note, outro, spinner } from "@clack/prompts";
|
||||
import { intro, note, outro, select, spinner, text, isCancel } from "@clack/prompts";
|
||||
|
||||
import { ensureAuthProfileStore, upsertAuthProfile } from "../agents/auth-profiles.js";
|
||||
import { updateConfig } from "../commands/models/shared.js";
|
||||
@@ -6,10 +6,22 @@ import { applyAuthProfileConfig } from "../commands/onboard-auth.js";
|
||||
import { CONFIG_PATH_CLAWDBOT } from "../config/config.js";
|
||||
import type { RuntimeEnv } from "../runtime.js";
|
||||
import { stylePromptTitle } from "../terminal/prompt-style.js";
|
||||
import {
|
||||
normalizeGithubCopilotDomain,
|
||||
resolveGithubCopilotBaseUrl,
|
||||
resolveGithubCopilotUserAgent,
|
||||
} from "./github-copilot-utils.js";
|
||||
|
||||
const CLIENT_ID = "Iv1.b507a08c87ecfe98";
|
||||
const DEVICE_CODE_URL = "https://github.com/login/device/code";
|
||||
const ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
|
||||
const CLIENT_ID = "Ov23li8tweQw6odWQebz";
|
||||
const DEFAULT_DOMAIN = "github.com";
|
||||
const OAUTH_POLLING_SAFETY_MARGIN_MS = 3000;
|
||||
|
||||
function getUrls(domain: string) {
|
||||
return {
|
||||
deviceCodeUrl: `https://${domain}/login/device/code`,
|
||||
accessTokenUrl: `https://${domain}/login/oauth/access_token`,
|
||||
};
|
||||
}
|
||||
|
||||
type DeviceCodeResponse = {
|
||||
device_code: string;
|
||||
@@ -38,17 +50,21 @@ function parseJsonResponse<T>(value: unknown): T {
|
||||
return value as T;
|
||||
}
|
||||
|
||||
async function requestDeviceCode(params: { scope: string }): Promise<DeviceCodeResponse> {
|
||||
const body = new URLSearchParams({
|
||||
async function requestDeviceCode(params: {
|
||||
scope: string;
|
||||
domain: string;
|
||||
}): Promise<DeviceCodeResponse> {
|
||||
const body = JSON.stringify({
|
||||
client_id: CLIENT_ID,
|
||||
scope: params.scope,
|
||||
});
|
||||
|
||||
const res = await fetch(DEVICE_CODE_URL, {
|
||||
const res = await fetch(getUrls(params.domain).deviceCodeUrl, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
Accept: "application/json",
|
||||
"Content-Type": "application/x-www-form-urlencoded",
|
||||
"Content-Type": "application/json",
|
||||
"User-Agent": resolveGithubCopilotUserAgent(),
|
||||
},
|
||||
body,
|
||||
});
|
||||
@@ -65,24 +81,27 @@ async function requestDeviceCode(params: { scope: string }): Promise<DeviceCodeR
|
||||
}
|
||||
|
||||
async function pollForAccessToken(params: {
|
||||
domain: string;
|
||||
deviceCode: string;
|
||||
intervalMs: number;
|
||||
expiresAt: number;
|
||||
}): Promise<string> {
|
||||
const bodyBase = new URLSearchParams({
|
||||
const bodyBase = {
|
||||
client_id: CLIENT_ID,
|
||||
device_code: params.deviceCode,
|
||||
grant_type: "urn:ietf:params:oauth:grant-type:device_code",
|
||||
});
|
||||
};
|
||||
const urls = getUrls(params.domain);
|
||||
|
||||
while (Date.now() < params.expiresAt) {
|
||||
const res = await fetch(ACCESS_TOKEN_URL, {
|
||||
const res = await fetch(urls.accessTokenUrl, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
Accept: "application/json",
|
||||
"Content-Type": "application/x-www-form-urlencoded",
|
||||
"Content-Type": "application/json",
|
||||
"User-Agent": resolveGithubCopilotUserAgent(),
|
||||
},
|
||||
body: bodyBase,
|
||||
body: JSON.stringify(bodyBase),
|
||||
});
|
||||
|
||||
if (!res.ok) {
|
||||
@@ -96,11 +115,14 @@ async function pollForAccessToken(params: {
|
||||
|
||||
const err = "error" in json ? json.error : "unknown";
|
||||
if (err === "authorization_pending") {
|
||||
await new Promise((r) => setTimeout(r, params.intervalMs));
|
||||
await new Promise((r) => setTimeout(r, params.intervalMs + OAUTH_POLLING_SAFETY_MARGIN_MS));
|
||||
continue;
|
||||
}
|
||||
if (err === "slow_down") {
|
||||
await new Promise((r) => setTimeout(r, params.intervalMs + 2000));
|
||||
const serverInterval =
|
||||
"interval" in json && typeof json.interval === "number" ? json.interval : undefined;
|
||||
const nextInterval = serverInterval ? serverInterval * 1000 : params.intervalMs + 5000;
|
||||
await new Promise((r) => setTimeout(r, nextInterval + OAUTH_POLLING_SAFETY_MARGIN_MS));
|
||||
continue;
|
||||
}
|
||||
if (err === "expired_token") {
|
||||
@@ -137,9 +159,42 @@ export async function githubCopilotLoginCommand(
|
||||
);
|
||||
}
|
||||
|
||||
const deployment = await select({
|
||||
message: "Select GitHub deployment type",
|
||||
options: [
|
||||
{ label: "GitHub.com", value: DEFAULT_DOMAIN, hint: "Public" },
|
||||
{ label: "GitHub Enterprise", value: "enterprise", hint: "Data residency or self-hosted" },
|
||||
],
|
||||
});
|
||||
if (isCancel(deployment)) {
|
||||
throw new Error("GitHub login cancelled");
|
||||
}
|
||||
|
||||
let domain = DEFAULT_DOMAIN;
|
||||
let enterpriseDomain: string | null = null;
|
||||
if (deployment === "enterprise") {
|
||||
const enterpriseInput = await text({
|
||||
message: "Enter your GitHub Enterprise URL or domain",
|
||||
placeholder: "company.ghe.com or https://company.ghe.com",
|
||||
validate: (value) => {
|
||||
if (!value) return "URL or domain is required";
|
||||
return normalizeGithubCopilotDomain(value) ? undefined : "Enter a valid URL or domain";
|
||||
},
|
||||
});
|
||||
if (isCancel(enterpriseInput)) {
|
||||
throw new Error("GitHub login cancelled");
|
||||
}
|
||||
const normalized = normalizeGithubCopilotDomain(enterpriseInput);
|
||||
if (!normalized) {
|
||||
throw new Error("Invalid GitHub Enterprise URL/domain");
|
||||
}
|
||||
enterpriseDomain = normalized;
|
||||
domain = normalized;
|
||||
}
|
||||
|
||||
const spin = spinner();
|
||||
spin.start("Requesting device code from GitHub...");
|
||||
const device = await requestDeviceCode({ scope: "read:user" });
|
||||
const device = await requestDeviceCode({ scope: "read:user", domain });
|
||||
spin.stop("Device code ready");
|
||||
|
||||
note(
|
||||
@@ -153,6 +208,7 @@ export async function githubCopilotLoginCommand(
|
||||
const polling = spinner();
|
||||
polling.start("Waiting for GitHub authorization...");
|
||||
const accessToken = await pollForAccessToken({
|
||||
domain,
|
||||
deviceCode: device.device_code,
|
||||
intervalMs,
|
||||
expiresAt,
|
||||
@@ -162,11 +218,13 @@ export async function githubCopilotLoginCommand(
|
||||
upsertAuthProfile({
|
||||
profileId,
|
||||
credential: {
|
||||
type: "token",
|
||||
type: "oauth",
|
||||
provider: "github-copilot",
|
||||
token: accessToken,
|
||||
// GitHub device flow token doesn't reliably include expiry here.
|
||||
// Leave expires unset; we'll exchange into Copilot token plus expiry later.
|
||||
refresh: accessToken,
|
||||
access: accessToken,
|
||||
// Copilot access tokens are treated as non-expiring (see resolveApiKeyForProfile).
|
||||
expires: 0,
|
||||
enterpriseUrl: enterpriseDomain ?? undefined,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -174,12 +232,13 @@ export async function githubCopilotLoginCommand(
|
||||
applyAuthProfileConfig(cfg, {
|
||||
provider: "github-copilot",
|
||||
profileId,
|
||||
mode: "token",
|
||||
mode: "oauth",
|
||||
}),
|
||||
);
|
||||
|
||||
runtime.log(`Updated ${CONFIG_PATH_CLAWDBOT}`);
|
||||
runtime.log(`Auth profile: ${profileId} (github-copilot/token)`);
|
||||
runtime.log(`Auth profile: ${profileId} (github-copilot/oauth)`);
|
||||
runtime.log(`Base URL: ${resolveGithubCopilotBaseUrl(enterpriseDomain ?? undefined)}`);
|
||||
|
||||
outro("Done");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user