This repository was archived by the owner on May 20, 2026. It is now read-only.
Enable BYOK for Business/Enterprise users with client_byok policy#5047
Closed
pierceboggan wants to merge 2 commits into
Closed
Enable BYOK for Business/Enterprise users with client_byok policy#5047pierceboggan wants to merge 2 commits into
pierceboggan wants to merge 2 commits into
Conversation
Add isClientBYOKEnabled() to CopilotToken that checks for the client_byok=1 token value. Update isBYOKEnabled() to also allow BYOK when this policy flag is set, enabling business and enterprise users whose org has the client_byok policy enabled. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Set 'github.copilot.clientByokEnabled' context key from the copilot token's client_byok flag. VS Code core reads this context key in chatEntitlementService to ungate the 'Add Models' button for business/enterprise users whose org has the client_byok policy. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Enables BYOK (Bring Your Own Key) availability for Business/Enterprise users when the server-minted Copilot token includes a client_byok=1 flag, and surfaces this state to VS Code core via a new context key.
Changes:
- Added
CopilotToken.isClientBYOKEnabled()to read theclient_byoktoken field. - Updated BYOK gating logic to allow BYOK when
client_byok=1(still disabled on GHE). - Added a
github.copilot.clientByokEnabledcontext key update path and unit tests covering the new BYOK gating behavior.
Show a summary per file
| File | Description |
|---|---|
| src/platform/authentication/common/copilotToken.ts | Adds a helper to detect client_byok=1 from the token fields. |
| src/extension/contextKeys/vscode-node/contextKeys.contribution.ts | Introduces and updates a new context key (github.copilot.clientByokEnabled) for VS Code core UI enablement. |
| src/extension/byok/common/byokProvider.ts | Expands BYOK eligibility to include tokens with client_byok=1 (dotcom-only). |
| src/extension/byok/common/test/byokProvider.spec.ts | Adds unit coverage for BYOK enablement across individual/business + dotcom/GHE scenarios. |
Copilot's findings
- Files reviewed: 4/4 changed files
- Comments generated: 1
Comment on lines
+201
to
+208
| private async _updateClientByokEnabledContext() { | ||
| try { | ||
| const copilotToken = await this._authenticationService.getCopilotToken(); | ||
| commands.executeCommand('setContext', clientByokEnabledContextKey, copilotToken.isClientBYOKEnabled()); | ||
| } catch (e) { | ||
| commands.executeCommand('setContext', clientByokEnabledContextKey, undefined); | ||
| } | ||
| } |
There was a problem hiding this comment.
github.copilot.clientByokEnabled is only updated via _onAuthenticationChange(). On initial activation, ContextKeysContribution starts this._inspectContext() before registering onDidAuthenticationChange, so the first token-mint event can be missed and this context key may remain unset until a later auth refresh. Consider also updating this key during startup (e.g., call _updateClientByokEnabledContext() from the constructor after listener registration, and/or set it after the successful getCopilotToken() in _inspectContext()).
scutuatua-crypto
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enables BYOK (Bring Your Own Key) model configuration for Business and Enterprise SKU users whose organization has the BYOK policy enabled.
Changes
1.
copilotToken. Readclient_byokclaimtsisClientBYOKEnabled()method toCopilotTokenthat checks forclient_byok=1in the token claims2.
contextKeys.contribution. Set context key for VS Code coretsgithub.copilot.clientByokEnabledcontext key based onisClientBYOKEnabled()Behavior
client_byok=1claim is only present in Copilot tokens for these plans when the BYOK policy is enabledusersCompanion PR
github.copilot.clientByokEnabledcontext key to enable the Add Models button308553