github-copilot-oauth 1.0.0 → 1.0.1

package/dist/index.js

@@ -1,30 +1,544 @@
-import {
-  COPILOT_HEADERS,
-  DEFAULT_GITHUB_COPILOT_CLIENT_ID,
-  GitHubCopilotOAuthError,
-  copilotBase,
-  copilotHeaders,
-  copilotModelHeaders,
-  copilotTokenExchangeHeaders,
-  copilotTokenExchangeUrl,
-  createGitHubCopilotClient,
-  createGitHubCopilotOAuthFetch,
-  createMemoryTokenStore,
-  exchangeGitHubCopilotToken,
-  githubOAuthUrls,
-  hasVisionInput,
-  isCopilotResponsesModel,
-  normalizeEnterpriseDomain,
-  startGitHubCopilotDeviceFlow
-} from "./chunk-CUD4IYWR.js";
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  COPILOT_HEADERS: () => COPILOT_HEADERS,
+  DEFAULT_GITHUB_COPILOT_CLIENT_ID: () => DEFAULT_GITHUB_COPILOT_CLIENT_ID,
+  GitHubCopilotOAuthError: () => GitHubCopilotOAuthError,
+  copilotBase: () => copilotBase,
+  copilotHeaders: () => copilotHeaders,
+  copilotModelHeaders: () => copilotModelHeaders,
+  copilotTokenExchangeHeaders: () => copilotTokenExchangeHeaders,
+  copilotTokenExchangeUrl: () => copilotTokenExchangeUrl,
+  createGitHubCopilot: () => createGitHubCopilot,
+  createGitHubCopilotClient: () => createGitHubCopilotClient,
+  createGitHubCopilotOAuthFetch: () => createGitHubCopilotOAuthFetch,
+  createMemoryTokenStore: () => createMemoryTokenStore,
+  exchangeGitHubCopilotToken: () => exchangeGitHubCopilotToken,
+  githubOAuthUrls: () => githubOAuthUrls,
+  hasVisionInput: () => hasVisionInput,
+  isCopilotResponsesModel: () => isCopilotResponsesModel,
+  normalizeEnterpriseDomain: () => normalizeEnterpriseDomain,
+  startGitHubCopilotDeviceFlow: () => startGitHubCopilotDeviceFlow
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types.ts
+var GitHubCopilotOAuthError = class extends Error {
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.name = "GitHubCopilotOAuthError";
+    this.code = code;
+  }
+};
+
+// src/enterprise.ts
+function normalizeEnterpriseDomain(enterpriseUrl, options = {}) {
+  const value = enterpriseUrl?.trim();
+  if (!value) {
+    return void 0;
+  }
+  let parsed;
+  try {
+    parsed = new URL(/^https?:\/\//i.test(value) ? value : `https://${value}`);
+  } catch (error) {
+    throw new GitHubCopilotOAuthError("unsupported", "Invalid GitHub Enterprise URL.", { cause: error });
+  }
+  if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+    throw new GitHubCopilotOAuthError("unsupported", "Invalid GitHub Enterprise URL protocol.");
+  }
+  if (parsed.username || parsed.password || parsed.port || parsed.pathname !== "/" || parsed.search || parsed.hash) {
+    throw new GitHubCopilotOAuthError("unsupported", "GitHub Enterprise URL must be a hostname only.");
+  }
+  const hostname = parsed.hostname.replace(/^\[|\]$/g, "").toLowerCase();
+  if (!hostname || isUnsafeEnterpriseHostname(hostname)) {
+    throw new GitHubCopilotOAuthError("unsupported", "Unsafe GitHub Enterprise hostname.");
+  }
+  if (hostname === "github.com") {
+    return void 0;
+  }
+  if (!options.allowEnterprise) {
+    throw new GitHubCopilotOAuthError("unsupported", "Custom GitHub Enterprise hosts are not enabled.");
+  }
+  return hostname;
+}
+function isUnsafeEnterpriseHostname(hostname) {
+  return hostname === "localhost" || hostname.endsWith(".localhost") || hostname.endsWith(".local") || hostname.includes(":") || /^\d+(?:\.\d+){3}$/.test(hostname);
+}
+function copilotBase(enterpriseUrl, options = {}) {
+  const domain = normalizeEnterpriseDomain(enterpriseUrl, options);
+  if (!domain) {
+    return "https://api.githubcopilot.com";
+  }
+  return `https://copilot-api.${domain}`;
+}
+function copilotTokenExchangeUrl(enterpriseUrl, options = {}) {
+  const domain = normalizeEnterpriseDomain(enterpriseUrl, options);
+  if (!domain) {
+    return "https://api.github.com/copilot_internal/v2/token";
+  }
+  return `https://api.${domain}/copilot_internal/v2/token`;
+}
+function githubOAuthUrls(enterpriseUrl, options = {}) {
+  const domain = normalizeEnterpriseDomain(enterpriseUrl, options) ?? "github.com";
+  return {
+    domain,
+    code: `https://${domain}/login/device/code`,
+    token: `https://${domain}/login/oauth/access_token`
+  };
+}
+
+// src/headers.ts
+var COPILOT_HEADERS = {
+  "User-Agent": "GitHubCopilotChat/0.35.0",
+  "Editor-Version": "vscode/1.107.0",
+  "Editor-Plugin-Version": "copilot-chat/0.35.0",
+  "Copilot-Integration-Id": "vscode-chat"
+};
+function copilotHeaders(accessToken, options) {
+  return {
+    ...COPILOT_HEADERS,
+    Authorization: `Bearer ${accessToken}`,
+    "Openai-Intent": "conversation-edits",
+    "X-Initiator": options?.initiator ?? "user",
+    ...options?.vision ? { "Copilot-Vision-Request": "true" } : {}
+  };
+}
+function copilotModelHeaders(accessToken) {
+  return {
+    ...COPILOT_HEADERS,
+    Authorization: `Bearer ${accessToken}`
+  };
+}
+function copilotTokenExchangeHeaders(githubToken) {
+  return {
+    Accept: "application/json",
+    Authorization: `Bearer ${githubToken}`,
+    ...COPILOT_HEADERS
+  };
+}
+
+// src/memory-token-store.ts
+function createMemoryTokenStore(initial) {
+  let current = initial;
+  return {
+    async load() {
+      return current;
+    },
+    async save(tokens) {
+      current = tokens;
+    }
+  };
+}
+
+// src/token-exchange.ts
+async function exchangeGitHubCopilotToken({
+  fetch,
+  githubToken,
+  enterpriseUrl,
+  allowEnterprise
+}) {
+  const response = await fetch(copilotTokenExchangeUrl(enterpriseUrl, { allowEnterprise }), {
+    headers: copilotTokenExchangeHeaders(githubToken)
+  });
+  if (!response.ok) {
+    throw new GitHubCopilotOAuthError(
+      "auth_failed",
+      `GitHub Copilot token exchange failed (${response.status}).`
+    );
+  }
+  const payload = await response.json();
+  if (typeof payload.token !== "string" || !payload.token.trim()) {
+    throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot token exchange did not return a token.");
+  }
+  if (typeof payload.expires_at !== "number" || !Number.isFinite(payload.expires_at) || payload.expires_at <= 0) {
+    throw new GitHubCopilotOAuthError(
+      "auth_failed",
+      "GitHub Copilot token exchange did not return a valid expiration."
+    );
+  }
+  return {
+    token: payload.token,
+    expiresAt: payload.expires_at * 1e3
+  };
+}
+
+// src/copilot-fetch.ts
+var DEFAULT_REFRESH_MARGIN_MS = 60 * 1e3;
+var DEFAULT_BROWSER_PROXY_BASE_URL = "/api/proxy/github-copilot";
+function pickFetch(customFetch) {
+  if (typeof customFetch === "function") {
+    return customFetch;
+  }
+  if (typeof globalThis.fetch === "function") {
+    return globalThis.fetch.bind(globalThis);
+  }
+  throw new GitHubCopilotOAuthError("fetch_required", "A fetch implementation is required for GitHub Copilot OAuth.");
+}
+function withoutTrailingSlash(value) {
+  return value.replace(/\/$/, "");
+}
+function createStore(settings) {
+  if (settings.tokenStore) {
+    return settings.tokenStore;
+  }
+  if (settings.tokens) {
+    return createMemoryTokenStore(settings.tokens);
+  }
+  throw new GitHubCopilotOAuthError(
+    "tokens_required",
+    "GitHub Copilot OAuth tokens are required. Pass `tokens` or `tokenStore`."
+  );
+}
+var TokenManager = class {
+  constructor(settings, store, fetch) {
+    this.settings = settings;
+    this.store = store;
+    this.fetch = fetch;
+  }
+  settings;
+  store;
+  fetch;
+  inflight;
+  current;
+  async token() {
+    if (this.inflight) {
+      return this.inflight;
+    }
+    this.inflight = this.loadToken().finally(() => {
+      this.inflight = void 0;
+    });
+    return this.inflight;
+  }
+  async githubToken() {
+    const tokens = this.current ?? await this.store.load();
+    if (!tokens?.githubToken) {
+      throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot OAuth token is missing.");
+    }
+    this.current = tokens;
+    return tokens.githubToken;
+  }
+  async loadToken() {
+    let tokens = this.current ?? await this.store.load();
+    if (!tokens?.githubToken) {
+      throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot OAuth token is missing.");
+    }
+    this.current = tokens;
+    const margin = this.settings.tokenRefreshMarginMs ?? DEFAULT_REFRESH_MARGIN_MS;
+    const expiresAt = tokens.copilotTokenExpiresAt ?? 0;
+    if (tokens.copilotToken && (expiresAt <= 0 || expiresAt > Date.now() + margin)) {
+      return { token: tokens.copilotToken, fromExchange: true };
+    }
+    try {
+      const exchanged = await exchangeGitHubCopilotToken({
+        fetch: this.fetch,
+        githubToken: tokens.githubToken,
+        enterpriseUrl: this.settings.enterpriseUrl ?? tokens.enterpriseUrl,
+        allowEnterprise: this.settings.allowEnterprise
+      });
+      tokens = {
+        ...tokens,
+        copilotToken: exchanged.token,
+        copilotTokenExpiresAt: exchanged.expiresAt
+      };
+      this.current = tokens;
+      await this.store.save(tokens);
+      await this.settings.onTokens?.(tokens);
+      return { token: exchanged.token, fromExchange: true };
+    } catch (error) {
+      if (this.settings.fallbackToGitHubToken === false) {
+        throw error;
+      }
+      return { token: tokens.githubToken, fromExchange: false };
+    }
+  }
+};
+async function readStoredTokens(settings) {
+  if (settings.tokens) {
+    return settings.tokens;
+  }
+  const tokenStore = settings.tokenStore;
+  if (typeof tokenStore?.getTokens === "function") {
+    return tokenStore.getTokens();
+  }
+  return void 0;
+}
+async function resolveBaseURL(settings) {
+  if (settings.baseURL) {
+    return withoutTrailingSlash(settings.baseURL);
+  }
+  const storedTokens = await readStoredTokens(settings);
+  const enterpriseUrl = settings.enterpriseUrl ?? settings.tokens?.enterpriseUrl ?? storedTokens?.enterpriseUrl;
+  return withoutTrailingSlash(copilotBase(enterpriseUrl, settings));
+}
+function resolveTargetUrl(input, baseURL) {
+  const base = new URL(baseURL);
+  const parsed = /^https?:\/\//.test(input) ? new URL(input) : new URL(input, "https://copilot.invalid");
+  let pathname = parsed.pathname;
+  const basePath = withoutTrailingSlash(base.pathname);
+  if (basePath && pathname.startsWith(`${basePath}/`)) {
+    pathname = pathname.slice(basePath.length);
+  }
+  if (pathname === "/v1") {
+    pathname = "/";
+  } else if (pathname.startsWith("/v1/")) {
+    pathname = pathname.slice(3);
+  }
+  if (!pathname.startsWith("/")) {
+    pathname = `/${pathname}`;
+  }
+  return `${base.origin}${basePath}${pathname}${parsed.search}`;
+}
+function browserOrigin() {
+  const maybeWindow = globalThis.window;
+  return typeof maybeWindow?.location?.origin === "string" ? maybeWindow.location.origin.replace(/\/$/, "") : void 0;
+}
+function resolveBrowserProxyUrl(target, baseURL, settings) {
+  const origin = browserOrigin();
+  if (!origin || settings.browserProxyBaseUrl === false) {
+    return void 0;
+  }
+  const proxyBase = settings.browserProxyBaseUrl ?? DEFAULT_BROWSER_PROXY_BASE_URL;
+  const absoluteProxyBase = /^https?:\/\//.test(proxyBase) ? proxyBase.replace(/\/$/, "") : `${origin}${proxyBase.startsWith("/") ? "" : "/"}${proxyBase}`.replace(/\/$/, "");
+  const upstreamBasePath = withoutTrailingSlash(new URL(baseURL).pathname);
+  let pathname = target.pathname;
+  if (upstreamBasePath && pathname.startsWith(`${upstreamBasePath}/`)) {
+    pathname = pathname.slice(upstreamBasePath.length);
+  }
+  return `${absoluteProxyBase}${pathname}${target.search}`;
+}
+async function readRequestParts(input, init) {
+  if (input instanceof Request) {
+    const headers = new Headers(input.headers);
+    if (init?.headers) {
+      new Headers(init.headers).forEach((value, key) => headers.set(key, value));
+    }
+    return {
+      url: input.url,
+      method: init?.method ?? input.method,
+      headers,
+      body: init?.body ?? (input.body == null ? void 0 : await input.clone().text()),
+      signal: init?.signal ?? input.signal
+    };
+  }
+  return {
+    url: String(input),
+    method: init?.method,
+    headers: new Headers(init?.headers),
+    body: init?.body,
+    signal: init?.signal
+  };
+}
+async function bodyToText(body) {
+  if (body == null) return void 0;
+  if (typeof body === "string") return body;
+  if (body instanceof URLSearchParams) return body.toString();
+  if (body instanceof FormData || body instanceof ReadableStream) return void 0;
+  if (body instanceof Blob) return body.text();
+  if (body instanceof ArrayBuffer) return new TextDecoder().decode(body);
+  if (ArrayBuffer.isView(body)) return new TextDecoder().decode(body);
+  return void 0;
+}
+function hasVisionInput(body) {
+  if (!body.trim()) {
+    return false;
+  }
+  try {
+    const payload = JSON.parse(body);
+    const chatVision = payload.messages?.some(
+      (item) => Array.isArray(item.content) && item.content.some((part) => part?.type === "image_url")
+    );
+    if (chatVision) {
+      return true;
+    }
+    return Boolean(
+      payload.input?.some((item) => Array.isArray(item.content) && item.content.some((part) => part?.type === "input_image"))
+    );
+  } catch {
+    return false;
+  }
+}
+function applyHeaders(headers, authToken, pathname, bodyText, settings) {
+  const vision = settings.vision ?? (typeof bodyText === "string" && hasVisionInput(bodyText));
+  const authHeaders = pathname.endsWith("/models") ? copilotModelHeaders(authToken) : copilotHeaders(authToken, { vision, initiator: settings.initiator });
+  headers.delete("authorization");
+  for (const [key, value] of Object.entries(authHeaders)) {
+    headers.set(key, value);
+  }
+}
+function createGitHubCopilotOAuthFetch(settings = {}) {
+  const fetch = pickFetch(settings.fetch);
+  const store = createStore(settings);
+  const manager = new TokenManager(settings, store, fetch);
+  return async (input, init) => {
+    const baseURL = await resolveBaseURL(settings);
+    const request = await readRequestParts(input, init);
+    const targetUrl = resolveTargetUrl(request.url, baseURL);
+    const target = new URL(targetUrl);
+    const bodyText = await bodyToText(request.body);
+    const body = bodyText ?? request.body;
+    const headers = new Headers(settings.headers);
+    request.headers.forEach((value, key) => headers.set(key, value));
+    const proxyUrl = resolveBrowserProxyUrl(target, baseURL, settings);
+    if (proxyUrl) {
+      headers.delete("authorization");
+      headers.set("Authorization", `Bearer ${await manager.githubToken()}`);
+      const enterpriseUrl = settings.enterpriseUrl ?? settings.tokens?.enterpriseUrl;
+      if (enterpriseUrl) headers.set("x-copilot-enterprise-url", enterpriseUrl);
+      return fetch(proxyUrl, {
+        method: request.method ?? init?.method,
+        headers,
+        body,
+        signal: request.signal ?? void 0
+      });
+    }
+    const token = await manager.token();
+    applyHeaders(headers, token.token, target.pathname, bodyText, settings);
+    const response = await fetch(target.toString(), {
+      method: request.method ?? init?.method,
+      headers,
+      body,
+      signal: request.signal ?? void 0
+    });
+    if (token.fromExchange && settings.fallbackToGitHubToken !== false && (response.status === 401 || response.status === 403)) {
+      const fallbackHeaders = new Headers(headers);
+      applyHeaders(fallbackHeaders, await manager.githubToken(), target.pathname, bodyText, settings);
+      return fetch(target.toString(), {
+        method: request.method ?? init?.method,
+        headers: fallbackHeaders,
+        body,
+        signal: request.signal ?? void 0
+      });
+    }
+    return response;
+  };
+}
+async function createGitHubCopilotClient(settings = {}) {
+  const baseURL = await resolveBaseURL(settings);
+  const fetch = createGitHubCopilotOAuthFetch(settings);
+  return {
+    baseURL,
+    fetch,
+    request: (path, init) => fetch(resolveTargetUrl(path, baseURL), init)
+  };
+}
+function isCopilotResponsesModel(modelId) {
+  const normalized = modelId.toLowerCase();
+  const match = /^gpt-(\d+)/.exec(normalized);
+  if (!match) {
+    return false;
+  }
+  const generation = Number(match[1]);
+  return generation >= 5 && !normalized.startsWith("gpt-5-mini");
+}
+
+// src/device-flow.ts
+var DEFAULT_GITHUB_COPILOT_CLIENT_ID = "Ov23li8tweQw6odWQebz";
+var POLL_BUFFER_MS = 3e3;
+function pickFetch2(customFetch) {
+  if (typeof customFetch === "function") {
+    return customFetch;
+  }
+  if (typeof globalThis.fetch === "function") {
+    return globalThis.fetch.bind(globalThis);
+  }
+  throw new GitHubCopilotOAuthError("fetch_required", "A fetch implementation is required for GitHub Copilot OAuth.");
+}
+async function startGitHubCopilotDeviceFlow(options = {}) {
+  const fetch = pickFetch2(options.fetch);
+  const sleep = options.sleep ?? ((ms) => new Promise((resolve) => setTimeout(resolve, ms)));
+  const clientId = options.clientId ?? DEFAULT_GITHUB_COPILOT_CLIENT_ID;
+  const urls = githubOAuthUrls(options.enterpriseUrl, { allowEnterprise: options.allowEnterprise });
+  const codeResponse = await fetch(urls.code, {
+    method: "POST",
+    headers: {
+      Accept: "application/json",
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      client_id: clientId,
+      scope: "read:user"
+    })
+  });
+  if (!codeResponse.ok) {
+    throw new GitHubCopilotOAuthError("auth_failed", "Failed to initiate GitHub Copilot authorization.");
+  }
+  const code = await codeResponse.json();
+  if (!code.verification_uri || !code.user_code || !code.device_code) {
+    throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot authorization response did not include a device code.");
+  }
+  return {
+    providerId: "github-copilot",
+    url: code.verification_uri,
+    code: code.user_code,
+    instructions: `Enter code: ${code.user_code}`,
+    async complete() {
+      while (true) {
+        const tokenResponse = await fetch(urls.token, {
+          method: "POST",
+          headers: {
+            Accept: "application/json",
+            "Content-Type": "application/x-www-form-urlencoded"
+          },
+          body: new URLSearchParams({
+            client_id: clientId,
+            device_code: code.device_code ?? "",
+            grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+          }).toString()
+        });
+        if (!tokenResponse.ok) {
+          throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot OAuth authorization failed.");
+        }
+        const token = await tokenResponse.json();
+        if (token.access_token) {
+          const result = {
+            githubToken: token.access_token,
+            ...urls.domain === "github.com" ? {} : { enterpriseUrl: urls.domain }
+          };
+          await options.tokenStore?.save(result);
+          return result;
+        }
+        if (token.error === "authorization_pending") {
+          await sleep((code.interval ?? 5) * 1e3 + POLL_BUFFER_MS);
+          continue;
+        }
+        if (token.error === "slow_down") {
+          const nextInterval = token.interval && token.interval > 0 ? token.interval : (code.interval ?? 5) + 5;
+          await sleep(nextInterval * 1e3 + POLL_BUFFER_MS);
+          continue;
+        }
+        throw new GitHubCopilotOAuthError("auth_failed", "GitHub Copilot OAuth authorization failed.");
+      }
+    }
+  };
+}
 
 // src/provider.ts
-import { createOpenAI } from "@ai-sdk/openai";
-import { NoSuchModelError } from "@ai-sdk/provider";
+var import_openai = require("@ai-sdk/openai");
+var import_provider = require("@ai-sdk/provider");
 function createGitHubCopilot(settings = {}) {
   const providerName = settings.name ?? "github-copilot";
   const fetch = createGitHubCopilotOAuthFetch(settings);
-  const openai = createOpenAI({
+  const openai = (0, import_openai.createOpenAI)({
     apiKey: "oauth",
     baseURL: settings.baseURL ?? copilotBase(settings.enterpriseUrl ?? settings.tokens?.enterpriseUrl, settings),
     name: providerName,
@@ -41,16 +555,17 @@ function createGitHubCopilot(settings = {}) {
       chat: createChatModel,
       responses: createResponsesModel,
       embeddingModel: (modelId) => {
-        throw new NoSuchModelError({ modelId, modelType: "embeddingModel" });
+        throw new import_provider.NoSuchModelError({ modelId, modelType: "embeddingModel" });
       },
       imageModel: (modelId) => {
-        throw new NoSuchModelError({ modelId, modelType: "imageModel" });
+        throw new import_provider.NoSuchModelError({ modelId, modelType: "imageModel" });
       }
     }
   );
   return provider;
 }
-export {
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
   COPILOT_HEADERS,
   DEFAULT_GITHUB_COPILOT_CLIENT_ID,
   GitHubCopilotOAuthError,
@@ -69,5 +584,5 @@ export {
   isCopilotResponsesModel,
   normalizeEnterpriseDomain,
   startGitHubCopilotDeviceFlow
-};
+});
 //# sourceMappingURL=index.js.map