Skip to content

feat(copilot): add GitHub Copilot CLI support#436

Merged
dpup merged 8 commits into
majorcontext:mainfrom
abezzub-dr:abezzub-dr/copilot-cli-support
Jul 8, 2026
Merged

feat(copilot): add GitHub Copilot CLI support#436
dpup merged 8 commits into
majorcontext:mainfrom
abezzub-dr:abezzub-dr/copilot-cli-support

Conversation

@abezzub-dr

@abezzub-dr abezzub-dr commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

First-class support for running GitHub Copilot CLI (@github/copilot) inside Moat containers with the same credential-injection model as Claude Code, Codex, Gemini, and Pi.

What this adds

moat copilot command — launches Copilot CLI in an isolated container. Interactive and non-interactive (-p) modes, --model, --experimental, --autopilot, and --allow-all (default: true) flags. Passes --allow-all by default because the container provides isolation.

GitHub grant reusemoat copilot uses the existing github grant and does not create a separate Copilot credential. moat grant github remains the setup command; moat grant copilot now points users to moat grant github. Tokens still need Copilot access (GitHub CLI OAuth for an account with Copilot, or a fine-grained PAT with "Copilot Requests").

Proxy credential injection — injects the github grant token on all GitHub and Copilot API hosts needed by Copilot:

  • api.github.com (auth, GitHub API, MCP registry)
  • api.githubcopilot.com (model inference)
  • api.business.githubcopilot.com (enterprise/business model traffic, memory)
  • api.mcp.github.com (MCP server registry)
  • github.com (HTTPS git via Basic auth)

The container receives only format-valid placeholders in COPILOT_GITHUB_TOKEN and GH_TOKEN.

Grant normalization and pre-run validationmoat copilot normalizes any explicit legacy copilot grant in moat.yaml/flags to github, then validates the stored GitHub token against api.github.com/copilot_internal/user before building or starting a container. The Copilot provider no longer has a dead credential-acquisition path that can overwrite the GitHub credential.

Container stagingmoat-init.sh copies ~/.copilot/config.json (pre-trusts /workspace), runtime context via COPILOT_CUSTOM_INSTRUCTIONS_DIRS, and disables auto-update.

copilot: config blockcopilot.model, copilot.experimental, copilot.autopilot in moat.yaml.

Integration points touched

Area Change
internal/providers/copilot/ New agent provider package (agent, CLI, constants, Copilot host injection, Copilot access validation)
internal/providers/register.go Register copilot provider
internal/credential/types.go Keep Copilot out of stored credential provider list
internal/credential/provider.go Add CopilotTokenPlaceholder
internal/config/config.go Add CopilotConfig struct
internal/deps/registry.yaml Add copilot-cli dependency
internal/deps/scripts/moat-init.sh Add MOAT_COPILOT_INIT staging block
internal/run/imageneeds.go Trigger copilot init for copilot-cli dep
internal/run/manager_create.go Wire staging, cleanup, isAIAgent, GitHub-token Copilot host injection, and pre-run Copilot access validation
internal/run/manager_agentinit.go Add setupCopilotStaging, update local MCP grant error message
internal/run/manager_resources_test.go Expand Apple memory-default test to cover copilot
internal/run/run.go Add CopilotConfigTempDir
internal/run/manager_cleanup.go Include copilot staging dir in cleanup

Spike findings

  • Copilot CLI (@github/copilot v1.0.69) honors HTTP_PROXY/HTTPS_PROXY and routes all GitHub/model traffic through the proxy.
  • Copilot CLI accepts COPILOT_GITHUB_TOKEN > GH_TOKEN > GITHUB_TOKEN for auth. Classic PATs (ghp_) are not supported by Copilot CLI.
  • First auth check hits api.github.com/copilot_internal/user; model traffic goes to api.business.githubcopilot.com.
  • Copilot reads custom CA certs from /etc/ssl/certs/ca-certificates.crt on Linux (matches Moat's existing CA mount).
  • Config dir is ~/.copilot/ (overridable via COPILOT_HOME).

Validation

  • go test ./internal/providers/copilot ./internal/run ./internal/daemon ./cmd/moat/cli — pass
  • make lint — 0 issues
  • Tested live with moat copilot against the pricing-monorepo
  • Addressed code review findings (staging cleanup, Apple memory default, api.mcp.github.com, GetCredentialName contract, local MCP error message, GitHub grant reuse, pre-run Copilot access validation, dead grant path removal, excluded-host assertions, detector/validator parity coverage, missing-github failure, Copilot staging credential plumbing)

Documentation

  • docs/content/guides/17-copilot.md — Running GitHub Copilot CLI guide
  • docs/content/reference/01-cli.mdmoat copilot command reference
  • docs/content/reference/02-moat-yaml.mdcopilot: config section
  • docs/content/reference/04-grants.md — GitHub grant behavior for Copilot runs
  • README.md — Agent list and command table
  • CHANGELOG.md — Unreleased entry

abezzub and others added 5 commits July 8, 2026 15:06
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Document why copilot-proxy and telemetry hosts are excluded from injection
- Fix filterGitHubGrant backing-array mutation (use make instead of [:0])
- Use constants in NetworkHosts() instead of string literals
- Add companion test for CLI --model flag overriding config
- Add comment explaining two-path grant insertion flow
- Fix Use string to include [-- initial-prompt]

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@abezzub-dr

Copy link
Copy Markdown
Contributor Author

@dpup this runs in docker and apple containers. PR review for this ran using copilot in moat.

Comment thread docs/content/guides/17-copilot.md Outdated
Run `moat grant copilot` to configure authentication:

```bash
moat grant copilot

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You think this should be separate from moat grant github? Is it logically separate auth?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I asked the bot the same and it told me that copilot uses the same api endpoint underneath. so it just ignores github grant if it exists when copilot is granted and running.

Or do you prefer to just have moat grant github and use that for copilot? I think that should be possible.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I was thinking this might just use the existing github grant.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpup updated the PR to use github grant. The only caveat is we don't know at grant time if user plans to use copilot or not. So now at startup we check if github token has access to copilot if moat is starting with copilot provider.

abezzub and others added 3 commits July 8, 2026 17:18
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@dpup dpup merged commit cdd9c7e into majorcontext:main Jul 8, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants