copilot-reverse 0.1.0 → 0.2.1

package/dist/cli/auth.js

@@ -1,9 +1,23 @@
 import { requestDeviceCode, pollForToken } from "../providers/copilot/auth.js";
 import { writeGhToken } from "../shared/creds.js";
-export async function runDeviceLogin(dir, fetchFn = fetch, log = console.log) {
+// Two-phase device login. `beginDeviceLogin` returns the verification code right away so a caller
+// can surface it to the user; `complete()` then blocks on authorization and writes the token.
+// Splitting these is what lets the TUI render the code while the poll is still pending — folding
+// both into one call buffers the code behind the blocking poll, and the user can't authorize a
+// code they can't see.
+export async function beginDeviceLogin(dir, fetchFn = fetch) {
     const code = await requestDeviceCode(fetchFn);
+    return {
+        code,
+        complete: async () => {
+            const token = await pollForToken(code.device_code, code.interval * 1000, fetchFn);
+            writeGhToken(token, dir);
+        },
+    };
+}
+export async function runDeviceLogin(dir, fetchFn = fetch, log = console.log) {
+    const { code, complete } = await beginDeviceLogin(dir, fetchFn);
     log(`\nOpen ${code.verification_uri} and enter code: ${code.user_code}\n`);
-    const token = await pollForToken(code.device_code, code.interval * 1000, fetchFn);
-    writeGhToken(token, dir);
+    await complete();
     log("GitHub authorization complete.");
 }

package/dist/cli/index.js

@@ -5,7 +5,7 @@ import { Command } from "commander";
 import { App } from "../tui/app.js";
 import { buildRegistry } from "../tui/slash/commands.js";
 import { DaemonClient } from "../tui/daemon-client.js";
-import { runDeviceLogin } from "./auth.js";
+import { runDeviceLogin, beginDeviceLogin } from "./auth.js";
 import { probeSupervisor } from "../daemon/lifecycle.js";
 import { startSupervisor } from "../supervisor/index.js";
 import { runAssistantTurn } from "../tui/assistant/runtime.js";
@@ -21,6 +21,7 @@ import { applyCodexToml } from "../tui/setup/codex-toml.js";
 import { claudeCopilotReverseEnv } from "../tui/setup/clients.js";
 import { dataDir } from "../shared/paths.js";
 import { defaultConfig } from "../shared/config.js";
+import { APP_VERSION } from "../version.js";
 const delay = (ms) => new Promise((r) => setTimeout(r, ms));
 const DEFAULT_MODEL = "gpt-4o"; // a valid Copilot model id; pass-through routing uses it as-is
 // Conservative context budget that drives the assistant's auto-compaction. Sized below the
@@ -70,17 +71,9 @@ async function launchTui() {
     const registry = buildRegistry({ client, quit }, endpoint, {
         dashboardUrl: `http://${cfg.bindHost}:${cfg.supervisorPort}/`,
         reportRepo: cfg.reportRepo,
-        appVersion: "0.1.0",
+        appVersion: APP_VERSION,
         platform: `${process.platform} node-${process.version}`,
         resetClient,
-        // Re-run device-code login, then restart the worker so it picks up the new token.
-        login: async () => {
-            const lines = [];
-            await runDeviceLogin(dataDir(), fetch, (m) => lines.push(m));
-            await client.restart().catch(() => { });
-            lines.push("worker restarting with the new token");
-            return lines;
-        },
         // Clear the stored token and restart the worker (it will report unauthenticated until re-login).
         logout: async () => {
             clearGhToken(dataDir());
@@ -88,9 +81,22 @@ async function launchTui() {
             return ["signed out — GitHub token removed", "run /login to sign in again"];
         },
     });
+    // Two-phase /login for the TUI: surface the device code immediately, poll in the background, then
+    // restart the worker so it picks up the new token. The blocking single-call form deadlocked the
+    // Repl (the code stayed hidden behind the poll, so the user could never authorize it).
+    const doLogin = async (show) => {
+        const { code, complete } = await beginDeviceLogin(dataDir());
+        show([`Open ${code.verification_uri} and enter code: ${code.user_code}`, "waiting for authorization…"]);
+        await complete();
+        // Re-point the token store at the freshly written GitHub token; the old store still holds the
+        // expired one and would 401 once its cached Copilot token rotates, breaking the model picker.
+        tokenStore = new CopilotTokenStore(readGhToken(dataDir()));
+        await client.restart().catch(() => { });
+        return ["GitHub authorization complete — worker restarting with the new token"];
+    };
     // Filled in below once we have a token; the assistant prefers a model's real window over the default.
     const modelLimits = {};
-    const tokenStore = new CopilotTokenStore(readGhToken(dataDir()));
+    let tokenStore = new CopilotTokenStore(readGhToken(dataDir()));
     const loadModels = async () => {
         const token = await tokenStore.get();
         const [ids, limits] = await Promise.all([fetchCopilotModels(token), fetchModelLimits(token)]);
@@ -121,7 +127,22 @@ async function launchTui() {
         maxInputTokens: DEFAULT_MAX_INPUT_TOKENS, modelLimits,
         listModels: loadModels,
         setupClient: async (c, s, m) => applyClient(c, s, m),
-    }, (c, p, print, abort) => runAssistantTurn(c, p, print, undefined, abort));
+    }, (c, p, print, abort) => runAssistantTurn(c, p, print, undefined, abort), undefined, 
+    // Pre-flight auth gate: block a turn (with an actionable hint) when there's no GitHub token, or
+    // the stored one no longer exchanges for a Copilot token — instead of firing a request that just
+    // hangs until the turn timeout. Reuses the long-lived tokenStore so a valid login is a cached,
+    // round-trip-free check between message bursts (its get() caches with a 60s skew).
+    async () => {
+        if (!readGhToken(dataDir()))
+            return "you're signed out — run /login to sign in before chatting";
+        try {
+            await tokenStore.get();
+            return null;
+        }
+        catch {
+            return "your GitHub login has expired — run /login to sign in again";
+        }
+    });
     const persistedModel = readChatModel(dataDir());
     app = render(React.createElement(App, {
         registry,
@@ -142,10 +163,11 @@ async function launchTui() {
         },
         onModelChange: (m) => writeChatModel(dataDir(), m),
         pickModelOnStart: !persistedModel,
+        login: doLogin,
     }));
 }
 const program = new Command();
-program.name("copilot-reverse").description("copilot-reverse: interactive Copilot proxy").version("0.1.0");
+program.name("copilot-reverse").description("copilot-reverse: interactive Copilot proxy").version(APP_VERSION);
 program.command("login").description("GitHub device-code login").action(() => runDeviceLogin(dataDir()));
 program.action(() => { void launchTui(); });
 program.parseAsync(process.argv);

package/dist/core/tool-xml.js

@@ -0,0 +1,92 @@
+import { randomUUID } from "node:crypto";
+// Opening sentinels that switch the parser into capture mode. The `antml:` namespaced variants are
+// the un-stripped originals; the bare forms are what survives when the namespace prefix is dropped.
+const TRIGGER_RE = /<(?:antml:)?(?:function_calls>|invoke\b)/;
+// Longest suffix of `s` that is a proper prefix of a trigger token — text we must hold back because
+// it might be the front of a sentinel split across chunk boundaries (e.g. "…<inv" then "oke name=").
+const PREFIX_TOKENS = ["<function_calls>", "<function_calls>", "<invoke", "<invoke"];
+function heldBackLen(s) {
+    let max = 0;
+    for (const t of PREFIX_TOKENS) {
+        for (let k = Math.min(s.length, t.length - 1); k > 0; k--) {
+            if (s.endsWith(t.slice(0, k))) {
+                if (k > max)
+                    max = k;
+                break;
+            }
+        }
+    }
+    return max;
+}
+// Index just past a `</tag>` (or `</tag>`) close, or -1 if not yet present in `s`.
+function closeIndex(s, tag) {
+    const m = new RegExp(`</(?:antml:)?${tag}>`).exec(s);
+    return m ? m.index + m[0].length : -1;
+}
+// A scalar parameter value is raw text in the XML; recover its intended type by trying JSON, so
+// `42`/`true`/`{"a":1}` become real values while a bare command string stays a string.
+function coerce(raw) {
+    const v = raw.replace(/^\n/, "").replace(/\n$/, "");
+    try {
+        return JSON.parse(v);
+    }
+    catch {
+        return v;
+    }
+}
+function parseInvokes(block) {
+    const tools = [];
+    const invokeRe = /<(?:antml:)?invoke\s+name="([^"]+)"\s*>([\s\S]*?)<\/(?:antml:)?invoke>/g;
+    for (let m = invokeRe.exec(block); m; m = invokeRe.exec(block)) {
+        const [, name, body] = m;
+        const input = {};
+        const paramRe = /<(?:antml:)?parameter\s+name="([^"]+)"\s*>([\s\S]*?)<\/(?:antml:)?parameter>/g;
+        for (let p = paramRe.exec(body); p; p = paramRe.exec(body))
+            input[p[1]] = coerce(p[2]);
+        tools.push({ id: `call_${randomUUID().replace(/-/g, "").slice(0, 24)}`, name, input });
+    }
+    return tools;
+}
+export class ToolCallExtractor {
+    buf = "";
+    capturing = false;
+    feed(chunk) {
+        this.buf += chunk;
+        const events = [];
+        for (;;) {
+            if (!this.capturing) {
+                const m = TRIGGER_RE.exec(this.buf);
+                if (!m) {
+                    // No trigger; emit everything except a possible partial-sentinel tail.
+                    const keep = heldBackLen(this.buf);
+                    const emit = this.buf.slice(0, this.buf.length - keep);
+                    if (emit)
+                        events.push({ kind: "text", text: emit });
+                    this.buf = keep ? this.buf.slice(this.buf.length - keep) : "";
+                    return events;
+                }
+                if (m.index > 0)
+                    events.push({ kind: "text", text: this.buf.slice(0, m.index) });
+                this.buf = this.buf.slice(m.index);
+                this.capturing = true;
+            }
+            const isWrapper = /^<(?:antml:)?function_calls>/.test(this.buf);
+            const end = closeIndex(this.buf, isWrapper ? "function_calls" : "invoke");
+            if (end < 0)
+                return events; // incomplete block — wait for more data
+            const block = this.buf.slice(0, end);
+            for (const tool of parseInvokes(block))
+                events.push({ kind: "tool", tool });
+            this.buf = this.buf.slice(end);
+            this.capturing = false; // a following <invoke> re-triggers via the passthrough branch
+        }
+    }
+    // Stream ended. Anything still buffered is an incomplete block we couldn't parse — emit it as
+    // text so nothing is silently dropped.
+    flush() {
+        const out = this.buf ? [{ kind: "text", text: this.buf }] : [];
+        this.buf = "";
+        this.capturing = false;
+        return out;
+    }
+}

package/dist/providers/copilot/adapter.js

@@ -1,4 +1,5 @@
 import { randomUUID } from "node:crypto";
+import { ToolCallExtractor } from "../../core/tool-xml.js";
 const CHAT_URL = "https://api.githubcopilot.com/chat/completions";
 // Canonical messages -> OpenAI wire messages (Copilot is OpenAI-shaped).
 function toWireMessages(messages) {
@@ -88,6 +89,27 @@ export class CopilotAdapter {
         let finishReason = "stop";
         let usage;
         const mapFinish = (f) => f === "tool_calls" ? "tool_use" : f === "length" ? "length" : "stop";
+        // Some models emit a tool call as inline XML text instead of native tool_calls (more likely on
+        // long/tool-heavy turns). When the request has tools, route assistant text through an extractor
+        // that recovers those blocks into structured tool calls; otherwise text passes straight through.
+        const extractor = req.tools?.length ? new ToolCallExtractor() : undefined;
+        let extractedTool = false;
+        let extIdx = 100; // separate index space so recovered tools never collide with native tool_calls
+        const toChunks = (events) => {
+            const out = [];
+            for (const ev of events) {
+                if (ev.kind === "text") {
+                    if (ev.text)
+                        out.push({ kind: "text", delta: ev.text, done: false });
+                    continue;
+                }
+                const index = extIdx++;
+                extractedTool = true;
+                out.push({ kind: "tool_use_start", index, id: ev.tool.id, name: ev.tool.name, done: false });
+                out.push({ kind: "tool_use_delta", index, argsDelta: JSON.stringify(ev.tool.input), done: false });
+            }
+            return out;
+        };
         for (;;) {
             const { value, done } = await reader.read();
             if (done)
@@ -101,6 +123,11 @@ export class CopilotAdapter {
                     continue;
                 const payload = line.slice(6).trim();
                 if (payload === "[DONE]") {
+                    if (extractor)
+                        for (const ch of toChunks(extractor.flush()))
+                            yield ch;
+                    if (extractedTool && finishReason === "stop")
+                        finishReason = "tool_use";
                     yield { kind: "done", done: true, finishReason, usage };
                     return;
                 }
@@ -122,8 +149,14 @@ export class CopilotAdapter {
                 const delta = choice.delta;
                 if (!delta)
                     continue;
-                if (delta.content)
-                    yield { kind: "text", delta: delta.content, done: false };
+                if (delta.content) {
+                    if (extractor) {
+                        for (const ch of toChunks(extractor.feed(delta.content)))
+                            yield ch;
+                    }
+                    else
+                        yield { kind: "text", delta: delta.content, done: false };
+                }
                 for (const tc of delta.tool_calls ?? []) {
                     const idx = tc.index ?? 0;
                     if (!startedTools.has(idx) && tc.function?.name) {
@@ -135,6 +168,11 @@ export class CopilotAdapter {
                 }
             }
         }
+        if (extractor)
+            for (const ch of toChunks(extractor.flush()))
+                yield ch;
+        if (extractedTool && finishReason === "stop")
+            finishReason = "tool_use";
         yield { kind: "done", done: true, finishReason, usage };
     }
 }

package/dist/tui/app.js

@@ -36,7 +36,7 @@ function ClientBadge({ name, status }) {
     const cell = (label, on) => (_jsxs(Text, { color: on ? theme.ready : theme.muted, children: [label, ":", on ? "✓" : "○"] }));
     return (_jsxs(Text, { color: theme.muted, children: [name, " ", cell("u", status.user), " ", cell("p", status.project)] }));
 }
-export function App({ registry, title, workerState = "starting", initialModel = "—", statusSource, readStatus, modelLimits, onChat, loadModels, setup, info, onModelChange, pickModelOnStart, }) {
+export function App({ registry, title, workerState = "starting", initialModel = "—", statusSource, readStatus, modelLimits, onChat, loadModels, setup, info, onModelChange, pickModelOnStart, login, }) {
     const cmds = registry.list().map((c) => ({ name: c.name, describe: c.describe }));
     const [entries, setEntries] = useState([
         { type: "system", text: "Type a message to chat with the assistant, or /help for commands." },
@@ -47,6 +47,7 @@ export function App({ registry, title, workerState = "starting", initialModel =
     const [screen, setScreen] = useState(pickModelOnStart && loadModels ? { kind: "model" } : null);
     const [, setNow] = useState(0); // ticks the live loading line while the assistant streams
     const abortRef = useRef(null); // current turn's interrupt handle
+    const loginInFlight = useRef(false); // guards against starting a second device-login flow
     const add = (e) => setEntries((p) => [...p, e].slice(-100));
     const refreshStatus = () => { if (readStatus)
         setStatus(readStatus()); };
@@ -95,6 +96,22 @@ export function App({ registry, title, workerState = "starting", initialModel =
             setScreen({ kind: "config" });
             return;
         }
+        if (t === "/login" && login) {
+            // Show the verification URL + code right away, then resolve a completion card once the user
+            // authorizes. Done as a special case (not a registry command) because the slash registry only
+            // renders a command's final return value — it can't surface the code mid-poll. Guarded so a
+            // double Enter doesn't start two device-code flows (polling a superseded code 401s).
+            if (loginInFlight.current) {
+                add({ type: "card", title: "/login", tone: "info", lines: ["already waiting for authorization…"] });
+                return;
+            }
+            loginInFlight.current = true;
+            void login((lines) => add({ type: "card", title: "/login", tone: "info", lines }))
+                .then((lines) => add({ type: "card", title: "/login", tone: "ok", lines }))
+                .catch((e) => add({ type: "card", title: "/login", tone: "error", lines: [`login failed: ${e instanceof Error ? e.message : String(e)}`] }))
+                .finally(() => { loginInFlight.current = false; });
+            return;
+        }
         if (setup && loadModels && (t === "/setup-claude" || t === "/setup-codex")) {
             setScreen({ kind: "setup", client: t === "/setup-claude" ? "claude" : "codex" });
             return;

package/dist/tui/assistant/on-chat.js

@@ -1,6 +1,15 @@
 const DEFAULT_TURN_TIMEOUT_MS = 120_000; // 2 minutes — a turn that hasn't replied by then is given up on
-export function makeOnChat(cfg, runner, timeoutMs = DEFAULT_TURN_TIMEOUT_MS) {
+export function makeOnChat(cfg, runner, timeoutMs = DEFAULT_TURN_TIMEOUT_MS, precheck) {
     return async (text, print, model, abort) => {
+        // Gate the turn on auth before firing a doomed request. Without this, a signed-out user's message
+        // hangs until the 120s timeout instead of getting an immediate, actionable hint.
+        if (precheck) {
+            const blocked = await precheck().catch(() => null); // a failed check must never wedge chat
+            if (blocked) {
+                print(blocked);
+                return;
+            }
+        }
         const ctrl = abort ?? new AbortController();
         let timedOut = false;
         // Race the turn against a hard timeout so a hung SDK/upstream can never block the UI forever.

package/dist/version.js

@@ -0,0 +1,2 @@
+// AUTO-GENERATED by scripts/gen-version.mjs from package.json — do not edit.
+export const APP_VERSION = "0.2.1";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "copilot-reverse",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "Interactive terminal app that exposes your GitHub Copilot subscription as local OpenAI- and Anthropic-compatible endpoints, with a self-healing daemon and a built-in assistant.",
   "type": "module",
   "license": "MIT",
@@ -32,12 +32,14 @@
     "llm"
   ],
   "scripts": {
+    "prebuild": "node scripts/gen-version.mjs",
     "build": "tsc -p tsconfig.json",
     "test": "vitest run",
     "test:coverage": "vitest run --coverage",
     "test:e2e": "vitest run e2e/copilot-reverse.e2e.test.ts tests/e2e",
     "test:integration": "vitest run --config vitest.integration.config.ts",
     "dev": "tsx src/cli/index.ts",
+    "changeset": "node scripts/changesets.mjs new",
     "prepublishOnly": "npm run build && npm run test"
   },
   "engines": {