ghc-proxy 0.5.4 → 0.5.6

package/README.md

@@ -118,6 +118,7 @@ bunx ghc-proxy@latest debug          # Print diagnostic info (version, paths, to
 | `--proxy-env` | -- | `false` | Use `HTTP_PROXY`/`HTTPS_PROXY` from env (Node.js only; Bun reads proxy env natively) |
 | `--idle-timeout` | -- | `120` | Bun server idle timeout in seconds (`0` disables; Bun max is `255`; streaming routes disable idle timeout automatically) |
 | `--upstream-timeout` | -- | `1800` | Upstream request timeout in seconds (0 to disable) |
+| `--ghe-domain` | `--ghe` | -- | GitHub Enterprise Cloud company domain (e.g. `company.ghe.com`). Required for GHE.com device login on first run; persisted automatically for later runs. |
 
 ## Rate Limiting
 
@@ -147,6 +148,28 @@ bunx ghc-proxy@latest start --account-type enterprise
 
 This routes requests to the correct Copilot API endpoint for your plan. See the [GitHub docs on network routing](https://docs.github.com/en/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-access-to-github-copilot-in-your-organization/managing-github-copilot-access-to-your-organizations-network#configuring-copilot-subscription-based-network-routing-for-your-enterprise-or-organization) for details.
 
+### GitHub Enterprise Cloud (GHE.com)
+
+If your organization uses GitHub Enterprise Cloud (`*.ghe.com`), the standard GitHub device login URL differs from `github.com`. Pass your company's GHE domain on first auth:
+
+```bash
+bunx ghc-proxy@latest start --account-type enterprise --ghe-domain company.ghe.com
+```
+
+Or authenticate first, then start without the flag on subsequent runs:
+
+```bash
+# First run (authenticates and persists the domain)
+bunx ghc-proxy@latest auth --ghe-domain company.ghe.com
+
+# Later runs (domain is read from persisted config)
+bunx ghc-proxy@latest start --account-type enterprise
+```
+
+The proxy normalizes and persists the GHE domain automatically after a successful authentication, so you only need to pass `--ghe-domain` on the first run or when switching tenants.
+
+> **Note:** `--account-type enterprise` alone is not sufficient for GHE.com login — the proxy needs the company domain to construct the correct device login URL (`https://<company>.ghe.com/login/device`). GHE.com support is scoped to `*.ghe.com` only and does not apply to self-hosted GitHub Enterprise Server instances.
+
 ## Configuration
 
 The proxy reads an optional JSON config file at:

package/dist/main.mjs

@@ -5389,7 +5389,8 @@ const configFileSchema = object({
 		to: string()
 	})).optional(),
 	contextUpgrade: boolean().optional(),
-	contextUpgradeTokenThreshold: number().int().positive().optional()
+	contextUpgradeTokenThreshold: number().int().positive().optional(),
+	gheDomain: string().optional()
 }).passthrough();
 const KNOWN_CONFIG_KEYS = new Set(Object.keys(configFileSchema.shape));
 let cachedConfig = {};
@@ -5499,6 +5500,105 @@ async function applyConfigFilePermissions(filePath) {
 	}
 }
 
+//#endregion
+//#region src/lib/api-config.ts
+function standardHeaders() {
+	return {
+		"content-type": "application/json",
+		"accept": "application/json"
+	};
+}
+const COPILOT_VERSION = "0.26.7";
+const EDITOR_PLUGIN_VERSION = `copilot-chat/${COPILOT_VERSION}`;
+const USER_AGENT = `GitHubCopilotChat/${COPILOT_VERSION}`;
+const API_VERSION = "2025-04-01";
+const TRAILING_SLASHES_RE$1 = /\/+$/;
+/** Headers shared by both Copilot and GitHub API requests (editor identity + versioning) */
+function editorHeaders(config) {
+	return {
+		"editor-version": `vscode/${config.vsCodeVersion ?? "unknown"}`,
+		"editor-plugin-version": EDITOR_PLUGIN_VERSION,
+		"user-agent": USER_AGENT,
+		"x-github-api-version": API_VERSION,
+		"x-vscode-user-agent-library-version": "electron-fetch"
+	};
+}
+function copilotBaseUrl(config) {
+	if (config.copilotApiBase) return config.copilotApiBase.replace(TRAILING_SLASHES_RE$1, "");
+	return config.accountType === "individual" ? "https://api.githubcopilot.com" : `https://api.${config.accountType}.githubcopilot.com`;
+}
+function copilotHeaders(auth, config, options = {}) {
+	const requestContext = options.requestContext;
+	const headers = {
+		"Authorization": `Bearer ${auth.copilotToken}`,
+		"content-type": standardHeaders()["content-type"],
+		"copilot-integration-id": "vscode-chat",
+		...editorHeaders(config),
+		"openai-intent": "conversation-panel",
+		"x-request-id": randomUUID()
+	};
+	if (options.vision) headers["copilot-vision-request"] = "true";
+	if (options.initiator) headers["X-Initiator"] = options.initiator;
+	if (requestContext?.interactionType) headers["X-Interaction-Type"] = requestContext.interactionType;
+	if (requestContext?.agentTaskId) headers["X-Agent-Task-Id"] = requestContext.agentTaskId;
+	if (requestContext?.parentAgentTaskId) headers["X-Parent-Agent-Id"] = requestContext.parentAgentTaskId;
+	if (requestContext?.clientSessionId) headers["X-Client-Session-Id"] = requestContext.clientSessionId;
+	if (requestContext?.interactionId) headers["X-Interaction-Id"] = requestContext.interactionId;
+	if (requestContext?.clientMachineId) headers["X-Client-Machine-Id"] = requestContext.clientMachineId;
+	return headers;
+}
+const GITHUB_API_BASE_URL = "https://api.github.com";
+function githubHeaders(auth, config) {
+	return {
+		...standardHeaders(),
+		authorization: `token ${auth.githubToken}`,
+		...editorHeaders(config)
+	};
+}
+const GITHUB_BASE_URL = "https://github.com";
+const GITHUB_CLIENT_ID = "Iv1.b507a08c87ecfe98";
+const GITHUB_APP_SCOPES = ["read:user"].join(" ");
+
+//#endregion
+//#region src/lib/ghe-domain.ts
+const GHE_SUFFIX = ".ghe.com";
+/**
+* Normalize a GHE domain input to a lowercase bare domain.
+*
+* Accepted inputs: `company.ghe.com`, `https://company.ghe.com`,
+* `https://Company.GHE.com/`, etc.
+*
+* @returns Bare lowercase domain, e.g. `company.ghe.com`
+* @throws {Error} If the input is empty or does not end with `.ghe.com`
+*/
+function normalizeGheDomain(input) {
+	const trimmed = input.trim();
+	if (!trimmed) throw new Error("GHE domain must not be empty");
+	let domain;
+	try {
+		domain = (trimmed.includes("://") ? new URL(trimmed) : new URL(`https://${trimmed}`)).hostname.toLowerCase();
+	} catch {
+		throw new Error(`Invalid GHE domain: ${trimmed}`);
+	}
+	if (!domain.endsWith(GHE_SUFFIX) || domain === GHE_SUFFIX.slice(1)) throw new Error(`GHE domain must end with ${GHE_SUFFIX} (got "${domain}")`);
+	return domain;
+}
+/**
+* Build GitHub base URL and API base URL for a given GHE domain,
+* or return the public GitHub defaults when no domain is provided.
+*/
+function buildGitHubUrls(gheDomain) {
+	if (!gheDomain) return {
+		baseUrl: GITHUB_BASE_URL,
+		apiBaseUrl: GITHUB_API_BASE_URL
+	};
+	const domain = normalizeGheDomain(gheDomain);
+	return {
+		baseUrl: `https://${domain}`,
+		apiBaseUrl: `https://api.${domain}`
+	};
+}
+
 //#endregion
 //#region node_modules/fetch-event-stream/esm/deps/jsr.io/@std/streams/0.221.0/text_line_stream.js
 /**
@@ -5624,65 +5724,6 @@ async function* events(res, signal) {
 	}
 }
 
-//#endregion
-//#region src/lib/api-config.ts
-function standardHeaders() {
-	return {
-		"content-type": "application/json",
-		"accept": "application/json"
-	};
-}
-const COPILOT_VERSION = "0.26.7";
-const EDITOR_PLUGIN_VERSION = `copilot-chat/${COPILOT_VERSION}`;
-const USER_AGENT = `GitHubCopilotChat/${COPILOT_VERSION}`;
-const API_VERSION = "2025-04-01";
-const TRAILING_SLASHES_RE$1 = /\/+$/;
-/** Headers shared by both Copilot and GitHub API requests (editor identity + versioning) */
-function editorHeaders(config) {
-	return {
-		"editor-version": `vscode/${config.vsCodeVersion ?? "unknown"}`,
-		"editor-plugin-version": EDITOR_PLUGIN_VERSION,
-		"user-agent": USER_AGENT,
-		"x-github-api-version": API_VERSION,
-		"x-vscode-user-agent-library-version": "electron-fetch"
-	};
-}
-function copilotBaseUrl(config) {
-	if (config.copilotApiBase) return config.copilotApiBase.replace(TRAILING_SLASHES_RE$1, "");
-	return config.accountType === "individual" ? "https://api.githubcopilot.com" : `https://api.${config.accountType}.githubcopilot.com`;
-}
-function copilotHeaders(auth, config, options = {}) {
-	const requestContext = options.requestContext;
-	const headers = {
-		"Authorization": `Bearer ${auth.copilotToken}`,
-		"content-type": standardHeaders()["content-type"],
-		"copilot-integration-id": "vscode-chat",
-		...editorHeaders(config),
-		"openai-intent": "conversation-panel",
-		"x-request-id": randomUUID()
-	};
-	if (options.vision) headers["copilot-vision-request"] = "true";
-	if (options.initiator) headers["X-Initiator"] = options.initiator;
-	if (requestContext?.interactionType) headers["X-Interaction-Type"] = requestContext.interactionType;
-	if (requestContext?.agentTaskId) headers["X-Agent-Task-Id"] = requestContext.agentTaskId;
-	if (requestContext?.parentAgentTaskId) headers["X-Parent-Agent-Id"] = requestContext.parentAgentTaskId;
-	if (requestContext?.clientSessionId) headers["X-Client-Session-Id"] = requestContext.clientSessionId;
-	if (requestContext?.interactionId) headers["X-Interaction-Id"] = requestContext.interactionId;
-	if (requestContext?.clientMachineId) headers["X-Client-Machine-Id"] = requestContext.clientMachineId;
-	return headers;
-}
-const GITHUB_API_BASE_URL = "https://api.github.com";
-function githubHeaders(auth, config) {
-	return {
-		...standardHeaders(),
-		authorization: `token ${auth.githubToken}`,
-		...editorHeaders(config)
-	};
-}
-const GITHUB_BASE_URL = "https://github.com";
-const GITHUB_CLIENT_ID = "Iv1.b507a08c87ecfe98";
-const GITHUB_APP_SCOPES = ["read:user"].join(" ");
-
 //#endregion
 //#region src/lib/error.ts
 /**
@@ -5915,13 +5956,13 @@ var GitHubClient = class {
 		return await response.json();
 	}
 	async getCopilotUsage() {
-		return this.requestJson(`${GITHUB_API_BASE_URL}/copilot_internal/user`, { headers: githubHeaders(this.auth, this.config) }, "Failed to get Copilot usage");
+		return this.requestJson(`${this.config.githubApiBaseUrl ?? GITHUB_API_BASE_URL}/copilot_internal/user`, { headers: githubHeaders(this.auth, this.config) }, "Failed to get Copilot usage");
 	}
 	async getCopilotToken() {
-		return this.requestJson(`${GITHUB_API_BASE_URL}/copilot_internal/v2/token`, { headers: githubHeaders(this.auth, this.config) }, "Failed to get Copilot token");
+		return this.requestJson(`${this.config.githubApiBaseUrl ?? GITHUB_API_BASE_URL}/copilot_internal/v2/token`, { headers: githubHeaders(this.auth, this.config) }, "Failed to get Copilot token");
 	}
 	async getDeviceCode() {
-		return this.requestJson(`${GITHUB_BASE_URL}/login/device/code`, {
+		return this.requestJson(`${this.config.githubBaseUrl ?? GITHUB_BASE_URL}/login/device/code`, {
 			method: "POST",
 			headers: standardHeaders(),
 			body: JSON.stringify({
@@ -5935,7 +5976,7 @@ var GitHubClient = class {
 		const sleepDuration = (deviceCode.interval + 1) * 1e3;
 		consola.debug(`Polling access token with interval of ${sleepDuration}ms`);
 		for (let attempt = 0; attempt < MAX_POLL_ATTEMPTS; attempt++) {
-			const response = await this.fetchImpl(`${GITHUB_BASE_URL}/login/oauth/access_token`, {
+			const response = await this.fetchImpl(`${this.config.githubBaseUrl ?? GITHUB_BASE_URL}/login/oauth/access_token`, {
 				method: "POST",
 				headers: standardHeaders(),
 				body: JSON.stringify({
@@ -5957,7 +5998,7 @@ var GitHubClient = class {
 		throw new Error("Device code authorization timed out");
 	}
 	async getGitHubUser() {
-		return this.requestJson(`${GITHUB_API_BASE_URL}/user`, { headers: {
+		return this.requestJson(`${this.config.githubApiBaseUrl ?? GITHUB_API_BASE_URL}/user`, { headers: {
 			authorization: `token ${this.auth.githubToken}`,
 			...standardHeaders()
 		} }, "Failed to get GitHub user");
@@ -6277,10 +6318,13 @@ const state = {
 	responsesEmulator: responsesEmulatorState
 };
 function getClientConfig() {
+	const { baseUrl, apiBaseUrl } = buildGitHubUrls(state.auth.gheDomain);
 	return {
 		accountType: state.config.accountType,
 		vsCodeVersion: state.cache.vsCodeVersion,
-		copilotApiBase: state.auth.copilotApiBase
+		copilotApiBase: state.auth.copilotApiBase,
+		githubBaseUrl: baseUrl,
+		githubApiBaseUrl: apiBaseUrl
 	};
 }
 function createCopilotClient() {
@@ -6329,6 +6373,11 @@ async function setupGitHubToken(options) {
 	try {
 		await ensureVSCodeVersion();
 		const githubToken = getCachedConfig().githubToken?.trim() || "";
+		if (githubToken && !options?.force && isDomainChanged()) {
+			consola.warn("GHE domain changed — cached token is for a different GitHub instance. Re-authenticating...");
+			await setupGitHubToken({ force: true });
+			return;
+		}
 		if (githubToken && !options?.force) {
 			state.auth.githubToken = githubToken;
 			if (state.config.showToken) consola.info("GitHub token:", githubToken);
@@ -6352,6 +6401,7 @@ async function setupGitHubToken(options) {
 		const token = await githubClient.pollAccessToken(response);
 		await writeGithubToken(token);
 		state.auth.githubToken = token;
+		await writeConfigField("gheDomain", state.auth.gheDomain);
 		if (state.config.showToken) consola.info("GitHub token:", token);
 		await logUser();
 	} catch (error) {
@@ -6382,6 +6432,13 @@ function normalizeCopilotApiBase(value) {
 	if (!value) return;
 	return value.replace(TRAILING_SLASHES_RE, "");
 }
+/**
+* Detects whether the runtime GHE domain differs from the previously persisted one.
+* Both `undefined` means "public github.com" → no change → returns false.
+*/
+function isDomainChanged() {
+	return state.auth.gheDomain !== getCachedConfig().gheDomain;
+}
 async function ensureVSCodeVersion() {
 	if (!state.cache.vsCodeVersion) await cacheVSCodeVersion();
 }
@@ -6396,6 +6453,9 @@ async function runAuth(options) {
 	state.config.showToken = options.showToken;
 	await ensurePaths();
 	await readConfig();
+	state.auth.gheDomain = getCachedConfig().gheDomain;
+	if (options.gheDomain !== void 0) state.auth.gheDomain = options.gheDomain ? normalizeGheDomain(options.gheDomain) : void 0;
+	if (state.auth.gheDomain && state.config.accountType === "individual") state.config.accountType = "enterprise";
 	await cacheVSCodeVersion();
 	await setupGitHubToken({ force: true });
 	consola.success("GitHub token written to config.json");
@@ -6416,12 +6476,18 @@ const auth = defineCommand({
 			type: "boolean",
 			default: false,
 			description: "Show GitHub token on auth"
+		},
+		"ghe-domain": {
+			alias: "ghe",
+			type: "string",
+			description: "Company GHE domain for GitHub Enterprise Cloud (e.g. company.ghe.com)"
 		}
 	},
 	run({ args }) {
 		return runAuth({
 			verbose: args.verbose,
-			showToken: args["show-token"]
+			showToken: args["show-token"],
+			gheDomain: args["ghe-domain"]
 		});
 	}
 });
@@ -6436,6 +6502,7 @@ const checkUsage = defineCommand({
 	async run() {
 		await ensurePaths();
 		await readConfig();
+		state.auth.gheDomain = getCachedConfig().gheDomain;
 		await cacheVSCodeVersion();
 		await setupGitHubToken();
 		try {
@@ -6466,7 +6533,7 @@ const checkUsage = defineCommand({
 
 //#endregion
 //#region src/lib/version.ts
-const VERSION = "0.5.4";
+const VERSION = "0.5.6";
 
 //#endregion
 //#region src/debug.ts
@@ -6495,6 +6562,7 @@ async function checkConfigExists() {
 	}
 }
 async function getDebugInfo() {
+	await readConfig();
 	const configExists = await checkConfigExists();
 	return {
 		version: VERSION,
@@ -6504,7 +6572,8 @@ async function getDebugInfo() {
 			CONFIG_PATH: PATHS.CONFIG_PATH
 		},
 		configExists,
-		tokenExists: hasToken()
+		tokenExists: hasToken(),
+		gheDomain: getCachedConfig().gheDomain
 	};
 }
 function printDebugInfoPlain(info) {
@@ -6518,7 +6587,8 @@ Paths:
 - CONFIG_PATH: ${info.paths.CONFIG_PATH}
 
 Config exists: ${info.configExists ? "Yes" : "No"}
-Token exists: ${info.tokenExists ? "Yes" : "No"}`);
+Token exists: ${info.tokenExists ? "Yes" : "No"}
+GHE Domain: ${info.gheDomain ?? "none"}`);
 }
 async function runDebug(options) {
 	const debugInfo = await getDebugInfo();
@@ -51701,6 +51771,9 @@ async function runServer(options) {
 	state.config.upstreamTimeoutSeconds = options.upstreamTimeoutSeconds;
 	await ensurePaths();
 	await readConfig();
+	state.auth.gheDomain = getCachedConfig().gheDomain;
+	if (options.gheDomain !== void 0) state.auth.gheDomain = options.gheDomain ? normalizeGheDomain(options.gheDomain) : void 0;
+	if (state.auth.gheDomain && state.config.accountType === "individual") state.config.accountType = "enterprise";
 	await cacheVSCodeVersion();
 	if (!options.githubToken) await setupGitHubToken();
 	await setupCopilotToken();
@@ -51792,6 +51865,11 @@ const start = defineCommand({
 			type: "string",
 			default: "1800",
 			description: "Upstream request timeout in seconds (0 to disable)"
+		},
+		"ghe-domain": {
+			alias: "ghe",
+			type: "string",
+			description: "Company GHE domain for GitHub Enterprise Cloud (e.g. company.ghe.com)"
 		}
 	},
 	run({ args }) {
@@ -51810,7 +51888,8 @@ const start = defineCommand({
 			showToken: args["show-token"],
 			proxyEnv: args["proxy-env"],
 			idleTimeoutSeconds,
-			upstreamTimeoutSeconds
+			upstreamTimeoutSeconds,
+			gheDomain: args["ghe-domain"]
 		});
 	}
 });