Use dynamic API endpoint from Copilot token response

ericdallo · eca-agent · ericdallo · commit bbdcfbb5f222 · 2026-04-09T10:27:00.000-03:00
The copilot_internal/v2/token endpoint returns an `endpoints.api` field with the actual API URL the token is scoped to. For GHE instances this differs from the default api.githubcopilot.com, causing 401 "Bad credentials" errors on chat requests. Extract `endpoints.api` from the token response and store it in the auth state. The Copilot chat request path now prefers this dynamic URL over the static config default. Relates to #402 🤖 Generated with [eca](https://eca.dev) Co-Authored-By: eca <git@eca.dev>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Fix github-copilot retry loops in chats.
+- Fix Github Enterprise to use the proper url during prompts. #402
 
 ## 0.124.3
 
diff --git a/src/eca/llm_api.clj b/src/eca/llm_api.clj
@@ -242,7 +242,8 @@
          callbacks)
 
         (= "github-copilot" provider)
-        (let [copilot-headers (fn [user-initiator?]
+        (let [api-url (or (:api-url provider-auth) api-url)
+              copilot-headers (fn [user-initiator?]
                                 (merge {"openai-intent" "conversation-panel"
                                         "x-request-id" (str (random-uuid))
                                         "x-initiator" (if user-initiator? "user" "agent")
diff --git a/src/eca/llm_providers/copilot.clj b/src/eca/llm_providers/copilot.clj
@@ -73,8 +73,9 @@
                                 :http-client (client/merge-with-global-http-client {})
                                 :as :json})]
     (if-let [token (:token body)]
-      {:api-key token
-       :expires-at (:expires_at body)}
+      (cond-> {:api-key token
+               :expires-at (:expires_at body)}
+        (get-in body [:endpoints :api]) (assoc :api-url (get-in body [:endpoints :api])))
       (throw (ex-info (format "Error on copilot login: %s" body)
                       {:status status
                        :body body})))))
@@ -94,12 +95,11 @@
                       (get-in @db* [:auth "github-copilot" :step])))
           (let [result (try
                          (let [access-token (oauth-access-token provider-settings device-code)
-                               {:keys [api-key expires-at]} (oauth-renew-token provider-settings access-token)]
+                               token-data (oauth-renew-token provider-settings access-token)]
                            (swap! db* update-in [:auth "github-copilot"] merge
-                                  {:step :login/done
-                                   :access-token access-token
-                                   :api-key api-key
-                                   :expires-at expires-at})
+                                  (assoc token-data
+                                         :step :login/done
+                                         :access-token access-token))
                            (f.providers/sync-and-notify! "github-copilot" db* messenger metrics)
                            :done)
                          (catch Exception e
@@ -131,19 +131,16 @@
 (defmethod f.login/login-step ["github-copilot" :login/waiting-user-confirmation] [{:keys [db* provider config send-msg!] :as ctx}]
   (let [provider-settings (get-in config [:providers provider])
         access-token (oauth-access-token provider-settings (get-in @db* [:auth provider :device-code]))
-        {:keys [api-key expires-at]} (oauth-renew-token provider-settings access-token)]
-    (swap! db* update-in [:auth provider] merge {:step :login/done
-                                                 :access-token access-token
-                                                 :api-key api-key
-                                                 :expires-at expires-at})
+        token-data (oauth-renew-token provider-settings access-token)]
+    (swap! db* update-in [:auth provider] merge
+           (assoc token-data :step :login/done :access-token access-token))
     (f.login/login-done! ctx)
     (send-msg! (format "\nMake sure to enable the model you want to use at: %s/settings/copilot/features"
                        (github-base-url provider-settings)))))
 
 (defmethod f.login/login-step ["github-copilot" :login/renew-token] [{:keys [db* provider config] :as ctx}]
   (let [provider-settings (get-in config [:providers provider])
         access-token (get-in @db* [:auth provider :access-token])
-        {:keys [api-key expires-at]} (oauth-renew-token provider-settings access-token)]
-    (swap! db* update-in [:auth provider] merge {:api-key api-key
-                                                 :expires-at expires-at})
+        token-data (oauth-renew-token provider-settings access-token)]
+    (swap! db* update-in [:auth provider] merge token-data)
     (f.login/login-done! ctx :silent? true :skip-models-sync? true)))
diff --git a/test/eca/llm_providers/copilot_test.clj b/test/eca/llm_providers/copilot_test.clj
@@ -93,7 +93,8 @@
           (reset! req* req)
           {:status 200
            :body {:token      "copilot-api-key"
-                  :expires_at 9999999999}})
+                  :expires_at 9999999999
+                  :endpoints  {:api "https://copilot-proxy.ghe.example.com"}}})
 
         (let [access-token "gh-access-123"
               result (#'llm-providers.copilot/oauth-renew-token test-provider-settings access-token)]
@@ -110,7 +111,8 @@
                  (select-keys (:headers @req*) ["authorization" "Content-Type" "Accept" "editor-plugin-version"]))
               (str "Headers should include auth headers and access-token: " (:headers @req*)))
 
-          ;; response parsing
-          (is (= {:api-key   "copilot-api-key"
-                  :expires-at 9999999999}
+          ;; response parsing — includes api-url from endpoints.api
+          (is (= {:api-key    "copilot-api-key"
+                  :expires-at 9999999999
+                  :api-url    "https://copilot-proxy.ghe.example.com"}
                  result)))))))
