feat(copilot): add GitHub Copilot CLI support#436
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Document why copilot-proxy and telemetry hosts are excluded from injection - Fix filterGitHubGrant backing-array mutation (use make instead of [:0]) - Use constants in NetworkHosts() instead of string literals - Add companion test for CLI --model flag overriding config - Add comment explaining two-path grant insertion flow - Fix Use string to include [-- initial-prompt] Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@dpup this runs in docker and apple containers. PR review for this ran using copilot in moat. |
| Run `moat grant copilot` to configure authentication: | ||
|
|
||
| ```bash | ||
| moat grant copilot |
There was a problem hiding this comment.
You think this should be separate from moat grant github? Is it logically separate auth?
There was a problem hiding this comment.
I asked the bot the same and it told me that copilot uses the same api endpoint underneath. so it just ignores github grant if it exists when copilot is granted and running.
Or do you prefer to just have moat grant github and use that for copilot? I think that should be possible.
There was a problem hiding this comment.
Yeah, I was thinking this might just use the existing github grant.
There was a problem hiding this comment.
@dpup updated the PR to use github grant. The only caveat is we don't know at grant time if user plans to use copilot or not. So now at startup we check if github token has access to copilot if moat is starting with copilot provider.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Summary
First-class support for running GitHub Copilot CLI (
@github/copilot) inside Moat containers with the same credential-injection model as Claude Code, Codex, Gemini, and Pi.What this adds
moat copilotcommand — launches Copilot CLI in an isolated container. Interactive and non-interactive (-p) modes,--model,--experimental,--autopilot, and--allow-all(default: true) flags. Passes--allow-allby default because the container provides isolation.GitHub grant reuse —
moat copilotuses the existinggithubgrant and does not create a separate Copilot credential.moat grant githubremains the setup command;moat grant copilotnow points users tomoat grant github. Tokens still need Copilot access (GitHub CLI OAuth for an account with Copilot, or a fine-grained PAT with "Copilot Requests").Proxy credential injection — injects the
githubgrant token on all GitHub and Copilot API hosts needed by Copilot:api.github.com(auth, GitHub API, MCP registry)api.githubcopilot.com(model inference)api.business.githubcopilot.com(enterprise/business model traffic, memory)api.mcp.github.com(MCP server registry)github.com(HTTPS git via Basic auth)The container receives only format-valid placeholders in
COPILOT_GITHUB_TOKENandGH_TOKEN.Grant normalization and pre-run validation —
moat copilotnormalizes any explicit legacycopilotgrant in moat.yaml/flags togithub, then validates the stored GitHub token againstapi.github.com/copilot_internal/userbefore building or starting a container. The Copilot provider no longer has a dead credential-acquisition path that can overwrite the GitHub credential.Container staging —
moat-init.shcopies~/.copilot/config.json(pre-trusts/workspace), runtime context viaCOPILOT_CUSTOM_INSTRUCTIONS_DIRS, and disables auto-update.copilot:config block —copilot.model,copilot.experimental,copilot.autopilotin moat.yaml.Integration points touched
internal/providers/copilot/internal/providers/register.gointernal/credential/types.gointernal/credential/provider.goCopilotTokenPlaceholderinternal/config/config.goCopilotConfigstructinternal/deps/registry.yamlcopilot-clidependencyinternal/deps/scripts/moat-init.shMOAT_COPILOT_INITstaging blockinternal/run/imageneeds.gocopilot-clidepinternal/run/manager_create.goisAIAgent, GitHub-token Copilot host injection, and pre-run Copilot access validationinternal/run/manager_agentinit.gosetupCopilotStaging, update local MCP grant error messageinternal/run/manager_resources_test.gointernal/run/run.goCopilotConfigTempDirinternal/run/manager_cleanup.goSpike findings
@github/copilotv1.0.69) honorsHTTP_PROXY/HTTPS_PROXYand routes all GitHub/model traffic through the proxy.COPILOT_GITHUB_TOKEN>GH_TOKEN>GITHUB_TOKENfor auth. Classic PATs (ghp_) are not supported by Copilot CLI.api.github.com/copilot_internal/user; model traffic goes toapi.business.githubcopilot.com./etc/ssl/certs/ca-certificates.crton Linux (matches Moat's existing CA mount).~/.copilot/(overridable viaCOPILOT_HOME).Validation
go test ./internal/providers/copilot ./internal/run ./internal/daemon ./cmd/moat/cli— passmake lint— 0 issuesmoat copilotagainst the pricing-monorepoapi.mcp.github.com,GetCredentialNamecontract, local MCP error message, GitHub grant reuse, pre-run Copilot access validation, dead grant path removal, excluded-host assertions, detector/validator parity coverage, missing-github failure, Copilot staging credential plumbing)Documentation
docs/content/guides/17-copilot.md— Running GitHub Copilot CLI guidedocs/content/reference/01-cli.md—moat copilotcommand referencedocs/content/reference/02-moat-yaml.md—copilot:config sectiondocs/content/reference/04-grants.md— GitHub grant behavior for Copilot runsREADME.md— Agent list and command tableCHANGELOG.md— Unreleased entry