Skip to content

witqq/copilot-mcp-test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Copilot SDK + MCP Server Test

Validates that GitHub Copilot SDK (headless mode) can connect to an HTTP MCP server with Bearer token authentication.

Prerequisites

  • Node.js 22+
  • GitHub Copilot CLI installed and authenticated (copilot auth login)

Setup

npm install

Get a Moira MCP token

If you already have a Moira OAuth token in your Copilot keychain:

# Find the token hash for moira-mcp.com
HASH=$(echo -n "https://moira-mcp.com" | shasum -a 256 | cut -d' ' -f1)

# Extract from macOS Keychain
TOKEN_JSON=$(security find-generic-password -s "copilot-mcp-oauth" -a "$HASH" -w 2>/dev/null)

# Parse access token
ACCESS_TOKEN=$(echo "$TOKEN_JSON" | python3 -c "import json,sys; print(json.load(sys.stdin)['accessToken'])")

# If token is expired, refresh it:
REFRESH_TOKEN=$(echo "$TOKEN_JSON" | python3 -c "import json,sys; print(json.load(sys.stdin)['refreshToken'])")
CLIENT_ID="JniFhUYBokCPFVhqawfRCGQPirBGcAMi"

NEW_TOKEN=$(curl -s -X POST "https://moira-mcp.com/api/auth/mcp/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token" \
  -d "refresh_token=$REFRESH_TOKEN" \
  -d "client_id=$CLIENT_ID")

ACCESS_TOKEN=$(echo "$NEW_TOKEN" | python3 -c "import json,sys; print(json.load(sys.stdin)['access_token'])")

Run

# Pass token as env var
MCP_TOKEN="$ACCESS_TOKEN" npm start

# Or as argument
node index.js "$ACCESS_TOKEN"

# Custom prompt
PROMPT="What tools do you have?" MCP_TOKEN="$ACCESS_TOKEN" npm start

Expected output

Starting Copilot SDK with MCP server...
  Model: gpt-5-mini
  MCP:   https://moira-mcp.com/mcp
  Token: KZddma...kqOB

Session: <uuid>
Prompt:  List all available Moira workflows...
────────────────────────────────────────────────────────────
<agent response with Moira workflow list>
[tokens: ~26000/128000]
────────────────────────────────────────────────────────────
Done.

If you see [tokens: ~26000/128000] (significantly more than ~17000 baseline), MCP tools are loaded. If the agent uses moira-list tool and returns workflow data — full success.

How it works

  1. Copilot SDK spawns CLI subprocess in --headless --stdio mode
  2. createSession() passes mcpServers config with Bearer token in headers
  3. CLI creates HTTP MCP client, sends Authorization header with every request
  4. MCP server authenticates via Bearer token (bypasses OAuth flow)
  5. Tools are loaded into agent context (~10 Moira tools)

Known limitation

Copilot CLI headless mode sets onOAuthRequired = undefined, so the normal OAuth flow doesn't work. Passing pre-obtained Bearer tokens via headers is the workaround.

About

Test: Copilot SDK headless mode + MCP server with Bearer token auth

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages