git-copilot-commit 0.4.4__tar.gz → 0.4.6__tar.gz

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: git-copilot-commit
-Version: 0.4.4
+Version: 0.4.6
 Summary: Automatically generate and commit changes using copilot
 Author-email: Dheepak Krishnamurthy <1813121+kdheepak@users.noreply.github.com>
 License-File: LICENSE
@@ -8,6 +8,7 @@ Requires-Python: >=3.12
 Requires-Dist: httpx>=0.28.0
 Requires-Dist: platformdirs>=4.0.0
 Requires-Dist: rich>=14.0.0
+Requires-Dist: truststore>=0.10.4
 Requires-Dist: typer>=0.16.0
 Description-Content-Type: text/markdown
 
@@ -77,6 +78,12 @@ pipx install git-copilot-commit
    uvx git-copilot-commit authenticate
    ```
 
+   If your cached GitHub token is revoked or expires, refresh it with:
+
+   ```bash
+   uvx git-copilot-commit authenticate --force
+   ```
+
 2. Make changes in your repository.
 
 3. Generate and commit:

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/README.md

@@ -64,6 +64,12 @@ pipx install git-copilot-commit
    uvx git-copilot-commit authenticate
    ```
 
+   If your cached GitHub token is revoked or expires, refresh it with:
+
+   ```bash
+   uvx git-copilot-commit authenticate --force
+   ```
+
 2. Make changes in your repository.
 
 3. Generate and commit:

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/pyproject.toml

@@ -12,6 +12,7 @@ dependencies = [
   "rich>=14.0.0",
   "typer>=0.16.0",
   "platformdirs>=4.0.0",
+  "truststore>=0.10.4",
 ]
 
 [project.scripts]

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/src/git_copilot_commit/cli.py

@@ -3,6 +3,7 @@ git-copilot-commit - AI-powered Git commit assistant
 """
 
 from pathlib import Path
+from typing import Annotated
 
 import rich
 import typer
@@ -18,6 +19,27 @@ from . import github_copilot
 console = Console()
 app = typer.Typer(help=__doc__, add_completion=False)
 
+CA_BUNDLE_HELP = (
+    "Path to a custom CA bundle (PEM). Use this to test internal / company CAs."
+)
+NATIVE_TLS_HELP = (
+    "Use the OS's native certificate store via 'truststore' for httpx instead of "
+    "the Python bundle. Ignored if --ca-bundle or --insecure is used."
+)
+
+CaBundleOption = Annotated[
+    str | None,
+    typer.Option("--ca-bundle", metavar="PATH", help=CA_BUNDLE_HELP),
+]
+InsecureOption = Annotated[
+    bool,
+    typer.Option("--insecure", help="Disable SSL certificate verification."),
+]
+NativeTlsOption = Annotated[
+    bool,
+    typer.Option("--native-tls/--no-native-tls", help=NATIVE_TLS_HELP),
+]
+
 
 def version_callback(value: bool):
     if value:
@@ -84,8 +106,24 @@ def load_system_prompt() -> str:
     raise typer.Exit(1)
 
 
+def build_http_client_config(
+    *,
+    ca_bundle: str | None,
+    insecure: bool,
+    native_tls: bool,
+) -> github_copilot.HttpClientConfig:
+    return github_copilot.HttpClientConfig(
+        native_tls=native_tls,
+        insecure=insecure,
+        ca_bundle=ca_bundle,
+    )
+
+
 def generate_commit_message(
-    repo: GitRepository, model: str | None = None, context: str = ""
+    repo: GitRepository,
+    model: str | None = None,
+    context: str = "",
+    http_client_config: github_copilot.HttpClientConfig | None = None,
 ) -> str:
     """Generate a conventional commit message using Copilot API."""
 
@@ -127,6 +165,7 @@ def generate_commit_message(
 {prompt}
             """,
         model=model,
+        http_client_config=http_client_config,
     )
 
 
@@ -151,6 +190,32 @@ def commit_with_retry_no_verify(
         raise typer.Exit(1)
 
 
+@app.command("authenticate")
+@app.command("login", hidden=True)
+def authenticate(
+    force: bool = typer.Option(
+        False, "--force", help="Replace cached GitHub Copilot credentials"
+    ),
+    ca_bundle: CaBundleOption = None,
+    insecure: InsecureOption = False,
+    native_tls: NativeTlsOption = False,
+):
+    """Authenticate with GitHub Copilot and cache credentials locally."""
+    http_client_config = build_http_client_config(
+        ca_bundle=ca_bundle,
+        insecure=insecure,
+        native_tls=native_tls,
+    )
+    try:
+        github_copilot.login(
+            force=force,
+            http_client_config=http_client_config,
+        )
+    except github_copilot.CopilotError as exc:
+        console.print(f"[red]Authentication failed: {exc}[/red]")
+        raise typer.Exit(1)
+
+
 @app.command()
 def commit(
     all_files: bool = typer.Option(
@@ -168,6 +233,9 @@ def commit(
         "-c",
         help="Optional user-provided context to guide commit message",
     ),
+    ca_bundle: CaBundleOption = None,
+    insecure: InsecureOption = False,
+    native_tls: NativeTlsOption = False,
 ):
     """
     Generate commit message based on changes in the current git repository and commit them.
@@ -180,11 +248,24 @@ def commit(
 
     try:
         existing_credentials = github_copilot.load_credentials()
-    except Exception as _:
+    except github_copilot.CopilotError:
         existing_credentials = None
 
+    http_client_config = build_http_client_config(
+        ca_bundle=ca_bundle,
+        insecure=insecure,
+        native_tls=native_tls,
+    )
+
     if existing_credentials is None:
-        github_copilot.login()
+        try:
+            github_copilot.login(
+                force=True,
+                http_client_config=http_client_config,
+            )
+        except github_copilot.CopilotError as exc:
+            console.print(f"[red]Authentication failed: {exc}[/red]")
+            raise typer.Exit(1)
 
     # Load settings and use default model if none provided
     settings = Settings()
@@ -228,11 +309,25 @@ def commit(
             Panel(context.strip(), title="User Context", border_style="magenta")
         )
 
-    # Generate or use provided commit message
-    with console.status(
-        "[yellow]Generating commit message based on [bold]`git diff --staged`[/] ...[/yellow]"
-    ):
-        commit_message = generate_commit_message(repo, model, context=context)
+    try:
+        github_copilot.ensure_auth_ready(
+            model=model,
+            http_client_config=http_client_config,
+        )
+
+        # Generate or use provided commit message
+        with console.status(
+            "[yellow]Generating commit message based on [bold]`git diff --staged`[/] ...[/yellow]"
+        ):
+            commit_message = generate_commit_message(
+                repo,
+                model,
+                context=context,
+                http_client_config=http_client_config,
+            )
+    except github_copilot.CopilotError as exc:
+        console.print(f"[red]Could not generate a commit message: {exc}[/red]")
+        raise typer.Exit(1)
 
     console.print("[yellow]Generated commit message.[/yellow]")
 

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/src/git_copilot_commit/github_copilot.py

@@ -10,15 +10,15 @@ import uuid
 from dataclasses import dataclass
 from datetime import datetime
 from pathlib import Path
-from typing import Any
+from typing import Any, Callable, TypeVar
 
 import httpx
-import typer
 from rich.console import Console
 from rich.panel import Panel
 from rich.table import Table
 
 APP_NAME = "github-copilot-commit"
+CLI_AUTH_COMMAND = "git-copilot-commit authenticate"
 DEFAULT_GITHUB_DOMAIN = "github.com"
 USER_AGENT = "GitHubCopilotChat/0.35.0"
 EDITOR_VERSION = "vscode/1.107.0"
@@ -41,20 +41,25 @@ DEFAULT_MODEL_PREFERENCES = (
     "gpt-4o",
 )
 
-app = typer.Typer(
-    add_completion=False,
-    no_args_is_help=True,
-    help="General-purpose GitHub Copilot CLI.",
-)
-
 console = Console()
-console_err = Console(stderr=True)
+T = TypeVar("T")
 
 
 class CopilotError(RuntimeError):
     pass
 
 
+class CopilotHttpError(CopilotError):
+    def __init__(
+        self, status_code: int, reason_phrase: str, detail: str | None = None
+    ) -> None:
+        self.status_code = status_code
+        self.reason_phrase = reason_phrase
+        self.detail = detail
+        suffix = f": {detail}" if detail else ""
+        super().__init__(f"{status_code} {reason_phrase}{suffix}")
+
+
 @dataclass(slots=True)
 class DeviceCodeResponse:
     device_code: str
@@ -151,6 +156,25 @@ class CopilotModel:
         )
 
 
+@dataclass(frozen=True, slots=True)
+class HttpClientConfig:
+    native_tls: bool = False
+    insecure: bool = False
+    ca_bundle: str | None = None
+
+    @property
+    def use_native_tls(self) -> bool:
+        return self.native_tls and not self.insecure and self.ca_bundle is None
+
+    @property
+    def verify(self) -> bool | str:
+        if self.insecure:
+            return False
+        if self.ca_bundle:
+            return self.ca_bundle
+        return True
+
+
 @dataclass(slots=True)
 class GitHubViewer:
     login: str
@@ -259,8 +283,34 @@ def get_github_copilot_base_url(
     return "https://api.individual.githubcopilot.com"
 
 
-def make_http_client() -> httpx.Client:
+_NATIVE_TLS_ENABLED = False
+
+
+def _maybe_enable_native_tls(native_tls: bool) -> None:
+    """
+    Globally switch httpx/requests to use the OS certificate store via truststore.
+    Safe to call multiple times; it no-ops after the first.
+    """
+    global _NATIVE_TLS_ENABLED
+    if not native_tls or _NATIVE_TLS_ENABLED:
+        return
+
+    try:
+        import truststore
+
+        truststore.inject_into_ssl()
+    except Exception as _:
+        return
+
+    _NATIVE_TLS_ENABLED = True
+
+
+def make_http_client(http_client_config: HttpClientConfig | None = None) -> httpx.Client:
+    config = http_client_config or HttpClientConfig()
+    _maybe_enable_native_tls(config.use_native_tls)
+
     return httpx.Client(
+        verify=config.verify,
         follow_redirects=True,
         timeout=httpx.Timeout(30.0, connect=10.0),
     )
@@ -290,8 +340,7 @@ def request_json(
         detail = response.text.strip()
         if len(detail) > 400:
             detail = f"{detail[:397]}..."
-        suffix = f": {detail}" if detail else ""
-        raise CopilotError(f"{response.status_code} {response.reason_phrase}{suffix}")
+        raise CopilotHttpError(response.status_code, response.reason_phrase, detail)
 
     content_type = response.headers.get("content-type", "")
     if "application/json" not in content_type:
@@ -364,10 +413,9 @@ def iter_sse_events(response: httpx.Response, url: str):
             yield payload
 
 
-def load_credentials() -> CopilotCredentials | None:
-    path = credentials_path()
+def read_json_object(path: Path) -> dict[str, Any] | None:
     if not path.exists():
-        return
+        return None
 
     try:
         raw = json.loads(path.read_text(encoding="utf-8"))
@@ -379,11 +427,23 @@ def load_credentials() -> CopilotCredentials | None:
     if not isinstance(raw, dict):
         raise CopilotError(f"Cached credentials in {path} are not a JSON object.")
 
+    return raw
+
+
+def load_stored_credentials_from_path(path: Path) -> CopilotCredentials | None:
+    raw = read_json_object(path)
+    if raw is None:
+        return None
+
     return CopilotCredentials.from_dict(raw)
 
 
+def load_credentials() -> CopilotCredentials | None:
+    return load_stored_credentials_from_path(credentials_path())
+
+
 def save_credentials(credentials: CopilotCredentials) -> Path:
-    path = credentials_path()
+    path = credentials_path().expanduser()
     path.parent.mkdir(parents=True, exist_ok=True)
     payload = json.dumps(credentials.to_dict(), indent=2, sort_keys=True)
     path.write_text(f"{payload}\n", encoding="utf-8")
@@ -573,7 +633,7 @@ def ensure_fresh_credentials(client: httpx.Client) -> CopilotCredentials:
     credentials = load_credentials()
     if credentials is None:
         raise CopilotError(
-            f"No cached Copilot credentials found. Run `{Path(__file__).name} auth login` first."
+            f"No cached Copilot credentials found. Run `{CLI_AUTH_COMMAND}` first."
         )
 
     if not credentials.is_expired():
@@ -588,6 +648,23 @@ def ensure_fresh_credentials(client: httpx.Client) -> CopilotCredentials:
     return refreshed
 
 
+def should_reauthenticate(exc: CopilotError) -> bool:
+    if isinstance(exc, CopilotHttpError):
+        return exc.status_code == 401
+
+    message = str(exc)
+    retryable_prefixes = (
+        "No cached Copilot credentials found.",
+        "Cached GitHub access token is missing or invalid.",
+        "Cached Copilot token is missing or invalid.",
+        "Cached Copilot expiration timestamp is missing or invalid.",
+        "Cached enterprise domain is invalid.",
+        "Unable to read cached credentials from ",
+        "Cached credentials in ",
+    )
+    return any(message.startswith(prefix) for prefix in retryable_prefixes)
+
+
 def copilot_request_headers(
     access_token: str,
     *,
@@ -886,9 +963,8 @@ def responses_completion(
                 detail = response.read().decode("utf-8", errors="replace").strip()
                 if len(detail) > 400:
                     detail = f"{detail[:397]}..."
-                suffix = f": {detail}" if detail else ""
-                raise CopilotError(
-                    f"{response.status_code} {response.reason_phrase}{suffix}"
+                raise CopilotHttpError(
+                    response.status_code, response.reason_phrase, detail
                 )
 
             content_type = response.headers.get("content-type", "")
@@ -1101,20 +1177,31 @@ def print_login_summary(
     console.print(Panel.fit(table, title="Login Summary"))
 
 
-def login(enterprise_domain: str | None = None, force: bool = False) -> None:
+def login(
+    enterprise_domain: str | None = None,
+    force: bool = False,
+    *,
+    http_client_config: HttpClientConfig | None = None,
+) -> None:
     """Authenticate with GitHub and cache Copilot credentials locally."""
     normalized_domain = normalize_domain(enterprise_domain)
     if enterprise_domain and not normalized_domain:
         raise CopilotError("Invalid GitHub Enterprise hostname.")
 
-    existing = load_credentials()
+    existing: CopilotCredentials | None = None
+    try:
+        existing = load_credentials()
+    except CopilotError:
+        if not force:
+            raise
+
     if existing and not force:
         raise CopilotError(
             f"Cached credentials already exist at {credentials_path()}. Re-run with --force to replace them."
         )
 
     domain = normalized_domain or DEFAULT_GITHUB_DOMAIN
-    with make_http_client() as client:
+    with make_http_client(http_client_config) as client:
         device = start_device_flow(client, domain)
 
         console.print(
@@ -1162,16 +1249,61 @@ def login(enterprise_domain: str | None = None, force: bool = False) -> None:
         console.print(f"[yellow]Warning:[/yellow] {warning}")
 
 
-def ask(prompt: str, model: str | None = None) -> str:
-    """Send a prompt to GitHub Copilot and print the reply."""
-    with make_http_client() as client:
+def _ask_once(client: httpx.Client, prompt: str, model: str | None = None) -> str:
+    credentials = ensure_fresh_credentials(client)
+    all_models = list_models(client, credentials)
+
+    selected_model = pick_model(all_models, model)
+    return complete_text_prompt(
+        client,
+        credentials,
+        model=selected_model,
+        prompt=prompt,
+    )
+
+
+def _with_reauthentication(
+    action: Callable[[httpx.Client], T],
+    *,
+    http_client_config: HttpClientConfig | None = None,
+) -> T:
+    try:
+        with make_http_client(http_client_config) as client:
+            return action(client)
+    except CopilotError as exc:
+        if not should_reauthenticate(exc):
+            raise
+
+    console.print(
+        "[yellow]Cached GitHub Copilot credentials are missing or no longer valid. Starting authentication...[/yellow]"
+    )
+    login(force=True, http_client_config=http_client_config)
+
+    with make_http_client(http_client_config) as client:
+        return action(client)
+
+
+def ensure_auth_ready(
+    model: str | None = None,
+    *,
+    http_client_config: HttpClientConfig | None = None,
+) -> None:
+    def validate(client: httpx.Client) -> None:
         credentials = ensure_fresh_credentials(client)
         all_models = list_models(client, credentials)
+        pick_model(all_models, model)
 
-        selected_model = pick_model(all_models, model)
-        return complete_text_prompt(
-            client,
-            credentials,
-            model=selected_model,
-            prompt=prompt,
-        )
+    _with_reauthentication(validate, http_client_config=http_client_config)
+
+
+def ask(
+    prompt: str,
+    model: str | None = None,
+    *,
+    http_client_config: HttpClientConfig | None = None,
+) -> str:
+    """Send a prompt to GitHub Copilot and print the reply."""
+    return _with_reauthentication(
+        lambda client: _ask_once(client, prompt, model),
+        http_client_config=http_client_config,
+    )

{git_copilot_commit-0.4.4 → git_copilot_commit-0.4.6}/uv.lock

@@ -53,6 +53,7 @@ dependencies = [
     { name = "httpx" },
     { name = "platformdirs" },
     { name = "rich" },
+    { name = "truststore" },
     { name = "typer" },
 ]
 
@@ -61,6 +62,7 @@ requires-dist = [
     { name = "httpx", specifier = ">=0.28.0" },
     { name = "platformdirs", specifier = ">=4.0.0" },
     { name = "rich", specifier = ">=14.0.0" },
+    { name = "truststore", specifier = ">=0.10.4" },
     { name = "typer", specifier = ">=0.16.0" },
 ]
 
@@ -180,6 +182,15 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/e9/44/75a9c9421471a6c4805dbf2356f7c181a29c1879239abab1ea2cc8f38b40/sniffio-1.3.1-py3-none-any.whl", hash = "sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2", size = 10235, upload-time = "2024-02-25T23:20:01.196Z" },
 ]
 
+[[package]]
+name = "truststore"
+version = "0.10.4"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/53/a3/1585216310e344e8102c22482f6060c7a6ea0322b63e026372e6dcefcfd6/truststore-0.10.4.tar.gz", hash = "sha256:9d91bd436463ad5e4ee4aba766628dd6cd7010cf3e2461756b3303710eebc301", size = 26169, upload-time = "2025-08-12T18:49:02.73Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/19/97/56608b2249fe206a67cd573bc93cd9896e1efb9e98bce9c163bcdc704b88/truststore-0.10.4-py3-none-any.whl", hash = "sha256:adaeaecf1cbb5f4de3b1959b42d41f6fab57b2b1666adb59e89cb0b53361d981", size = 18660, upload-time = "2025-08-12T18:49:01.46Z" },
+]
+
 [[package]]
 name = "typer"
 version = "0.16.0"