feat(copilot): add Copilot request executor and model registry [3/5]

[jeffnash]

Summary

Implements the Copilot request executor with header injection and dynamic model registry.

Changes

• Copilot executor with VS Code version headers and integration IDs
• Agent header logic (X-Copilot-Initiator detection)
• Vision request header for image inputs
• Dynamic model fetching and aliasing from Copilot API
• Management API endpoints for auth files
• Copilot types for API responses
• Cache eviction on auth removal to prevent memory leaks

Stack

This is PR 3/5 in the Copilot feature stack:

1. Infrastructure & Config (feat(copilot): add shared infrastructure and config [1/5] #380)
2. Auth Flow (feat(copilot): implement GitHub Copilot authentication flow [2/5] #381)
3. [This PR] Executor & Models
4. Gemini Reasoning
5. Tests

Depends on: #381 - merge that first

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[gemini-code-assist]

Summary of Changes

Hello @jeffnash, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the system's capabilities by integrating GitHub Copilot support. It introduces a robust framework for authenticating with Copilot, executing requests, and dynamically managing available models. The changes ensure seamless interaction with Copilot's various API endpoints, including proper header handling for different request types and account configurations.

Highlights

• Copilot Request Executor: Introduces a dedicated executor for GitHub Copilot API requests, handling token management, dynamic model fetching, and specific header injection for VS Code versions and integration IDs.
• Dynamic Model Registry: Enables dynamic fetching and aliasing of models from the Copilot API, providing up-to-date model information and fallback static models if dynamic fetching fails.
• Copilot Authentication Flow: Implements the GitHub Copilot OAuth2 device code authentication flow, allowing users to log in via CLI or a new management API endpoint, with support for individual, business, and enterprise account types.
• Agent Header Logic & Vision Support: Adds sophisticated logic for detecting and injecting the X-Copilot-Initiator header (agent vs. user) based on request payload, and includes support for vision requests with appropriate headers.
• Management API Endpoints: New management API endpoints are added for CRUD operations on Copilot API key configurations and for initiating the Copilot authentication URL.
• Cache Eviction: Implements cache eviction mechanisms for Copilot models and Gemini reasoning data upon authentication removal, preventing memory leaks and ensuring data consistency.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant new functionality for GitHub Copilot integration. It adds the core authentication flow using device codes, a request executor that handles Copilot-specific headers, and a dynamic model registry. The changes are well-structured, with new packages for Copilot authentication and shared types. I've identified a critical compilation error due to a duplicated struct definition, a potential race condition in a new management handler, and a couple of places where error handling could be improved. Overall, this is a solid implementation of a complex feature.

[gemini-code-assist]

The CopilotKey struct is defined multiple times. This will cause a compilation error due to redeclaration. Please remove the duplicate definitions.

[gemini-code-assist]

The PutCopilotKeys function modifies h.cfg.CopilotKey, which is a shared configuration object. Other handler functions like PatchCopilotKey and DeleteCopilotKey use a mutex to protect concurrent access. To prevent potential race conditions, this function should also use a mutex lock.

func (h *Handler) PutCopilotKeys(c *gin.Context) {
	data, err := c.GetRawData()
	if err != nil {
		c.JSON(400, gin.H{"error": "failed to read body"})
		return
	}
	var arr []config.CopilotKey
	if err = json.Unmarshal(data, &arr); err != nil {
		var obj struct {
			Items []config.CopilotKey `json:"items"`
		}
		if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 {
			c.JSON(400, gin.H{"error": "invalid body"})
			return
		}
		arr = obj.Items
	}
	// Normalize entries
	filtered := make([]config.CopilotKey, 0, len(arr))
	for i := range arr {
		entry := arr[i]
		entry.AccountType = strings.TrimSpace(entry.AccountType)
		entry.ProxyURL = strings.TrimSpace(entry.ProxyURL)
		filtered = append(filtered, entry)
	}
	h.mu.Lock()
	defer h.mu.Unlock()
	h.cfg.CopilotKey = filtered
	h.cfg.SanitizeCopilotKeys()
	h.persist(c)
}

[gemini-code-assist]

This configuration block for copilot-api-key is duplicated. It seems to be a copy-paste error. Please remove the redundant blocks to avoid confusion for users configuring the service.

[gemini-code-assist]

The error from json.Marshal is being ignored. While it's unlikely to fail when marshalling a map[string]string, it's best practice to handle potential errors to prevent unexpected behavior.

	bodyBytes, err := json.Marshal(reqBody)
	if err != nil {
		return nil, fmt.Errorf("%w: failed to marshal request body: %v", ErrDeviceCodeFailed, err)
	}

[gemini-code-assist]

The error from json.Marshal is being ignored. While it's unlikely to fail when marshalling a map[string]string, it's best practice to handle potential errors to prevent unexpected behavior.

	bodyBytes, err := json.Marshal(reqBody)
	if err != nil {
		return "", fmt.Errorf("failed to marshal access token request: %w", err)
	}

[jeffnash]

@luispater just saw your rule on no 3p resellers, I could disable all non-copilot models (i.e. keep raptor-mini + oswe) and commit the gemini PR + dynamic model fetching and other models in the registry to the new repo.

also curious about how this works since iFlow has qwen, kimi, glm, and others