Enable BYOK in air-gapped scenarios/without GitHub auth#317428
Merged
Conversation
Co-authored-by: Copilot <copilot@github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates VS Code’s Copilot Chat integration to better support BYOK (bring-your-own-key) usage in air‑gapped / signed-out scenarios by avoiding hard dependencies on GitHub authentication for parts of the extension that don’t strictly require it.
Changes:
- Adjusts sign-in UI surfacing and welcome messaging so BYOK availability suppresses GitHub-auth-specific warnings.
- Adds “no GitHub auth” guards/fallbacks in Copilot extension components (model metadata fetch, embeddings, prompt JSON rendering).
- Changes conversation feature activation logic to allow activation when non-Copilot (BYOK) chat models are present.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/chat/browser/chatSetup/chatSetupContributions.ts | Tweaks Accounts menu sign-in action label/visibility logic. |
| extensions/copilot/src/platform/endpoint/node/modelMetadataFetcher.ts | Stops model metadata fetch when Copilot token acquisition fails (BYOK-only). |
| extensions/copilot/src/platform/embeddings/common/remoteEmbeddingsComputer.ts | Adds early auth guard for remote embeddings requests. |
| extensions/copilot/src/extension/prompts/node/base/promptRenderer.ts | Falls back to a stub endpoint when utility model resolution fails during JSON rendering. |
| extensions/copilot/src/extension/prompt/node/chatMLFetcher.ts | Loosens Copilot token dependency for BYOK endpoints (but see comments). |
| extensions/copilot/src/extension/conversation/vscode-node/languageModelAccess.ts | Prevents registering LM/embeddings features without a GitHub session. |
| extensions/copilot/src/extension/conversation/vscode-node/conversationFeature.ts | Activates conversation features based on BYOK model presence; adds auth gating for search providers (but contains issues). |
| extensions/copilot/src/extension/conversation/vscode-node/chatParticipants.ts | Avoids resolving the utility endpoint unless a quota fallback is needed. |
| extensions/copilot/src/extension/chatSessions/copilotcli/node/copilotCli.ts | Skips CLI model fetch without a GitHub session. |
| extensions/copilot/src/extension/authentication/vscode-node/authentication.contribution.ts | Alters permissive-auth upgrade flow behavior when signed out. |
| extensions/copilot/package.json | Hides Copilot auth-related welcome messages when BYOK models are present. |
Copilot's findings
Comments suppressed due to low confidence (1)
extensions/copilot/src/extension/conversation/vscode-node/conversationFeature.ts:222
- Same typo here:
anyGithubSessionshould beanyGitHubSessionto match the authentication service API and avoid a compile error.
// Don't register for no auth user or or BYOK-only users
if (!this.authenticationService.anyGithubSession || this.authenticationService.copilotToken?.isNoAuthUser) {
this.logService.debug('ConversationFeature: Skipping settings search provider registration - no GitHub session available');
return;
- Files reviewed: 11/11 changed files
- Comments generated: 6
dmitrivMS
changed the title
This was referenced May 20, 2026
Closed
Co-authored-by: Copilot <copilot@github.com>
dmitrivMS
changed the title
Contributor
There was a problem hiding this comment.
Copilot's findings
Comments suppressed due to low confidence (2)
extensions/copilot/src/extension/conversation/vscode-node/conversationFeature.ts:199
- In BYOK-only mode,
registerSearchProvider()sets_searchProviderRegistered = truebefore checking for a GitHub session and then returns early. If the user later signs in, the provider will never register because the flag blocks future attempts and activation doesn’t re-run. Consider only setting_searchProviderRegisteredafter successful registration, or re-attempting registration when auth becomes available (and/or clearing the flag on auth change).
This issue also appears on line 208 of the same file.
private registerSearchProvider(): IDisposable | undefined {
if (this._searchProviderRegistered) {
return;
} else {
this._searchProviderRegistered = true;
// Don't register for no auth user or BYOK-only users
if (!this.authenticationService.anyGitHubSession || this.authenticationService.copilotToken?.isNoAuthUser) {
this.logService.debug('ConversationFeature: Skipping search provider registration - no GitHub session available');
return;
}
extensions/copilot/src/extension/conversation/vscode-node/conversationFeature.ts:220
- Same issue as
registerSearchProvider():_settingsSearchProviderRegisteredis set before the GitHub-session guard and can prevent later registration when the feature was activated via BYOK first and the user signs in afterwards. Defer setting the flag until after registration succeeds, or re-run registration on auth/session changes.
private registerSettingsSearchProvider(): IDisposable | undefined {
if (this._settingsSearchProviderRegistered) {
return;
}
this._settingsSearchProviderRegistered = true;
// Don't register for no auth user or or BYOK-only users
if (!this.authenticationService.anyGitHubSession || this.authenticationService.copilotToken?.isNoAuthUser) {
this.logService.debug('ConversationFeature: Skipping settings search provider registration - no GitHub session available');
return;
}
- Files reviewed: 21/21 changed files
- Comments generated: 2
vritant24
reviewed
May 20, 2026
vritant24
reviewed
May 20, 2026
vritant24
reviewed
May 20, 2026
vritant24
reviewed
May 20, 2026
Contributor
|
Base:
|
Co-authored-by: Copilot <copilot@github.com>
vritant24
previously approved these changes
May 20, 2026
…ithout GitHub sign-in.
Co-authored-by: Copilot <copilot@github.com>
vritant24
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Air-gapped BYOK: enable chat and some other AI functionality when user is not authenticated (with or without utility models enabled).
Fixes #246551
Fixes #275591
Fixes #313461
Fixes #272843
Related #294708
Fixes https://github.com/microsoft/vscode-internalbacklog/issues/7044
Related https://github.com/microsoft/vscode-internalbacklog/issues/5892