fix: add Copilot IDE headers to resolved models

[efpiva]

Summary

Fixes GitHub Copilot Pi-native/default compaction requests by ensuring resolved GitHub Copilot models carry the required Copilot IDE headers into the lower-level Pi summarization path.

The default Pi compaction path calls session.compact() / Pi generateSummary() directly and does not go through OpenClaw's normal GitHub Copilot stream wrapper. Without these headers, Copilot can reject compaction summarization with:

400 bad request: missing Editor-Version header for IDE auth

Changes

• Add GitHub Copilot default request headers in src/agents/provider-request-config.ts:
  • Editor-Version
  • Editor-Plugin-Version
  • User-Agent
  • Copilot-Integration-Id
  • Openai-Organization
• Merge these defaults before discovered/provider/model/request headers so explicit config can still override them.
• Thread resolveProviderRequestConfig() through resolved model paths in src/agents/pi-embedded-runner/model.ts, including discovered/dynamic models without explicit provider config.
• Add regression tests for both dynamic and configured github-copilot/gpt-5.5 resolved model headers.

Reproduction / diagnostic evidence captured

Captured from local codeclaw-triage logs before this fix:

2026-05-15T09:22:17.295-07:00 [agent/embedded] [compaction-diag] start runId=7d62f863-752b-4974-8dc6-0db0d8308a45 sessionKey=agent:main:subagent:4dc753b0-294a-423c-88e1-cb44b960eaef diagId=ovf-mp74l0tc-0_sa6Q trigger=overflow provider=github-copilot/gpt-5.5 attempt=1 maxAttempts=3 pre.messages=59 pre.historyTextChars=234876 pre.toolResultChars=233408 pre.estTokens=62724
2026-05-15T09:22:17.484-07:00 [agent/embedded] [compaction-diag] end runId=7d62f863-752b-4974-8dc6-0db0d8308a45 sessionKey=agent:main:subagent:4dc753b0-294a-423c-88e1-cb44b960eaef diagId=ovf-mp74l0tc-0_sa6Q trigger=overflow provider=github-copilot/gpt-5.5 attempt=1 maxAttempts=3 outcome=failed reason=provider_error_4xx durationMs=6423
2026-05-15T09:22:17.486-07:00 [agent/embedded] auto-compaction failed for github-copilot/gpt-5.5: Turn prefix summarization failed: 400 bad request: missing Editor-Version header for IDE auth

Also captured same-symptom later failure:

2026-05-15T09:34:39.787-07:00 [agent/embedded] [compaction-diag] end runId=bd303136-0717-491f-8b7b-8683355b8686 sessionKey=agent:main:subagent:4dc753b0-294a-423c-88e1-cb44b960eaef diagId=ovf-mp750yhe-wHl9qw trigger=overflow provider=github-copilot/gpt-5.5 attempt=1 maxAttempts=3 outcome=failed reason=provider_error_4xx durationMs=5267
2026-05-15T09:34:39.789-07:00 [agent/embedded] auto-compaction failed for github-copilot/gpt-5.5: Summarization failed: 400 bad request: missing Editor-Version header for IDE auth

Local RED regression before implementation:

FAIL |agents| src/agents/pi-embedded-runner/model.test.ts > resolveModel > adds GitHub Copilot IDE headers to dynamic resolved model headers for Pi-native compaction
AssertionError: expected undefined to deeply equal { ... }

Evidence that the fix works locally

A local post-fix Pi-native compaction/header smoke test using @earendil-works/pi-coding-agent generateSummary() observed the expected outgoing headers. The test server would have returned the same missing Editor-Version header for IDE auth error if Editor-Version were absent.

{
  "result": "",
  "requestCount": 1,
  "url": "/v1/responses",
  "observedHeaders": {
    "editor-version": "vscode/1.107.0",
    "editor-plugin-version": "copilot-chat/0.35.0",
    "user-agent": "GitHubCopilotChat/0.35.0",
    "copilot-integration-id": "vscode-chat",
    "openai-organization": "github-copilot",
    "authorization": "<redacted>"
  }
}

Real behavior proof

• Behavior or issue addressed: GitHub Copilot Pi-native/default compaction requests now carry Copilot IDE headers, so compaction no longer fails with 400 bad request: missing Editor-Version header for IDE auth.

• Real environment tested: Live codeclaw-triage Docker container after installing a custom OpenClaw package built from combined proof branch codeclaw-proof-82023-82275 (https://github.com/efpiva/openclaw/tree/codeclaw-proof-82023-82275) at OpenClaw 2026.5.17 (db1c53a). The proof used the running Gateway in that container and the real GitHub Copilot provider.

• Exact steps or command run after this patch:

  docker exec --user codeclaw codeclaw-triage     HOME=/home/codeclaw openclaw agent       --agent main       --model github-copilot/gpt-5.4       --session-id codeclaw-proof-82275-gpt54-20260517T220327Z       --json --timeout 600       --message '<proof seed with repeated real conversation text>'
  
  docker exec --user codeclaw codeclaw-triage     HOME=/home/codeclaw openclaw gateway call sessions.compact       --json --timeout 900000       --params '{"key":"agent:main:explicit:codeclaw-proof-82275-gpt54-20260517t220327z"}'

• Evidence after fix:

  The live sessions.compact call returned ok: true and compacted: true:

  {
    "ok": true,
    "key": "agent:main:explicit:codeclaw-proof-82275-gpt54-20260517t220327z",
    "compacted": true,
    "result": {
      "tokensBefore": 28655,
      "tokensAfter": 15696,
      "firstKeptEntryId": "2ddaf766"
    }
  }

  The live Gateway logs show the compaction ran against GitHub Copilot and finished as compacted:

  2026-05-17T15:03:30.171-07:00 [agent/embedded] embedded run start: runId=4b8123ef-a8c6-475c-bff2-355414ed75da sessionId=codeclaw-proof-82275-gpt54-20260517T220327Z provider=github-copilot model=gpt-5.4 thinking=medium messageChannel=webchat
  2026-05-17T15:03:43.161-07:00 [agent/embedded] [compaction-diag] start runId=codeclaw-proof-82275-gpt54-20260517T220327Z sessionKey=agent:main:explicit:codeclaw-proof-82275-gpt54-20260517t220327z diagId=cmp-mpabnuo1-LTDAVg trigger=manual provider=github-copilot/gpt-5.4 attempt=1 maxAttempts=1 pre.messages=2 pre.historyTextChars=62180 pre.toolResultChars=0 pre.estTokens=15545
  2026-05-17T15:03:46.476-07:00 [agent/embedded] [compaction-diag] end runId=codeclaw-proof-82275-gpt54-20260517T220327Z sessionKey=agent:main:explicit:codeclaw-proof-82275-gpt54-20260517t220327z diagId=cmp-mpabnuo1-LTDAVg trigger=manual provider=github-copilot/gpt-5.4 attempt=1 maxAttempts=1 outcome=compacted reason=none durationMs=2803 retrying=false post.messages=3 post.historyTextChars=62180 post.toolResultChars=0 post.estTokens=15696 delta.messages=1 delta.historyTextChars=0 delta.toolResultChars=0 delta.estTokens=151
  

  A grep over the proof window found no missing Editor-Version failures:

  missing Editor-Version count in proof window: 0
  

• Observed result after fix: A live CodeClaw/OpenClaw session using GitHub Copilot compacted successfully through the Gateway. The compaction result reduced the effective token count from 28655 to 15696, and the previous missing Editor-Version header for IDE auth failure did not occur.

• What was not tested: I did not wait for a naturally occurring overflow-triggered CodeClaw compaction. The live proof explicitly invoked sessions.compact on a real Gateway session in the deployed CodeClaw container; this exercises the same Pi-native GitHub Copilot summarization/header path that previously emitted the missing Editor-Version error.

Validation

• pnpm exec vitest run src/agents/pi-embedded-runner/model.test.ts --config test/vitest/vitest.agents.config.ts
  • Test Files 1 passed (1)
  • Tests 84 passed (84)
• pnpm test:changed
  • passed 2 Vitest shards
• pnpm tsgo:core
• pnpm build
• pnpm format:check -- src/agents/provider-request-config.ts src/agents/pi-embedded-runner/model.ts src/agents/pi-embedded-runner/model.test.ts
• codex review --commit HEAD -c 'sandbox_mode="danger-full-access"'
  • Result: no actionable correctness issues found.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR adds default GitHub Copilot IDE request headers to resolved model request config, threads them through dynamic and configured Pi model resolution, and adds regression tests.

Reproducibility: yes. from source and supplied logs, though I did not rerun the live provider failure locally. Current main resolves Copilot models without synthesized IDE headers on the Pi compaction path, and Pi 0.75.1 forwards only resolved model/auth headers into generateSummary.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: The PR has strong live-output proof and a focused implementation, with final head validation left to normal merge gates.

Rank-up moves:

• Run final head CI or the listed focused checks before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Cosmic Proofling

        /\     /\            
      _/  \___/  \_          
     /  ( o   o )  \         
    |      \_/      |        
    |   /\  ===  /\ |        
     \_/  \_____/  \_/       
        _/|_| |_|\_          
       /__| | | |__\         
          ' ' ' '            
         /_/     \_\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: collects tiny proofs.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Cosmic Proofling in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body supplies redacted live Gateway output showing a real GitHub Copilot sessions.compact call succeeded after the fix and the previous missing Editor-Version error was absent.

Risk before merge
Why this matters: - Final merge should still rely on fresh CI or the listed focused checks on the exact head; this read-only review did not rerun validation commands.

Maintainer options:

1. Decide the mitigation before merge
   Land this focused header-resolution fix after normal maintainer review and final head validation, preserving explicit header override precedence.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair job is needed because this PR is already the focused implementation candidate and this review found no blocking defects.

Security
Cleared: The diff adds static provider headers and focused tests without changing dependencies, CI, secret storage, publishing, or downloaded-code execution paths.

Review details

Best possible solution:

Land this focused header-resolution fix after normal maintainer review and final head validation, preserving explicit header override precedence.

Do we have a high-confidence way to reproduce the issue?

Yes, from source and supplied logs, though I did not rerun the live provider failure locally. Current main resolves Copilot models without synthesized IDE headers on the Pi compaction path, and Pi 0.75.1 forwards only resolved model/auth headers into generateSummary.

Is this the best way to solve the issue?

Yes. The PR uses the shared request-config merge so discovered, provider, model, and request headers keep override precedence, and it covers both dynamic and configured Copilot resolved models; a later provider-boundary cleanup can be separate.

Label justifications:

• P1: The PR fixes a real GitHub Copilot compaction failure that can break active agent sessions when Pi-native summarization rejects missing IDE auth headers.

What I checked:

• Current main omits headers on dynamic resolved models: On current main, the no-provider-config branch returns only sanitized discovered model headers, so dynamic GitHub Copilot models do not get synthesized IDE headers before Pi compaction uses the model. (src/agents/pi-embedded-runner/model.ts:543, df8505b09d2e)
• Current main omits default headers from request config: resolveProviderRequestPolicyConfig currently merges discovered, provider, model, and request headers only; there is no GitHub Copilot default header source on main. (src/agents/provider-request-config.ts:644, df8505b09d2e)
• Existing Copilot header contract: The built-in compaction safeguard already builds Copilot dynamic headers, and its regression test expects Copilot-Integration-Id, Editor-Plugin-Version, Openai-Organization, User-Agent, and x-initiator in summarization headers. (src/agents/pi-hooks/compaction-safeguard.test.ts:1391, df8505b09d2e)
• Dependency contract checked: Pi 0.75.1 AgentSession.compact obtains request headers from modelRegistry.getApiKeyAndHeaders and passes them into compact(); Pi compaction then forwards those headers into generateSummary/completeSummarization, so resolved model headers are part of the real summarization request path.
• PR diff covers the failing branches: The PR head adds resolveProviderDefaultRequestHeaders(), merges those defaults before discovered/provider/model/request headers, threads resolveProviderRequestConfig through dynamic and configured resolved-model branches, and tests both dynamic and configured github-copilot/gpt-5.5 headers. (src/agents/provider-request-config.ts:396, 7f284b45e489)
• Real behavior proof supplied: The PR body includes redacted live CodeClaw/OpenClaw Gateway output where sessions.compact against the real GitHub Copilot provider returned ok:true and compacted:true, reduced tokens from 28655 to 15696, and found zero missing Editor-Version failures in the proof window. (7f284b45e489)

Likely related people:

• steipete: Recent current-main history touches provider request policy, Pi model discovery/cache, and GitHub Copilot model behavior around the affected path. (role: recent area contributor; confidence: high; commits: ec2d0772f1c3, dc7fab4dc5f6, 0b8ee4616df1; files: src/agents/provider-request-config.ts, src/agents/pi-embedded-runner/model.ts, extensions/github-copilot/models.ts)
• vincentkoc: Commit cdccbf2 added Copilot IDE auth headers on runtime requests, which is the provider contract this PR extends into Pi-native compaction. (role: introduced related behavior; confidence: high; commits: cdccbf2c1c8e, ea4265a82063; files: extensions/github-copilot/stream.ts, extensions/github-copilot/models.ts)
• efpiva: Beyond authoring this PR, commit 75405f6 added live Copilot catalog discovery and gpt-5.5 support, directly adjacent to dynamic resolved Copilot models. (role: recent Copilot model contributor; confidence: high; commits: 75405f64d0a7; files: extensions/github-copilot/models.ts, extensions/github-copilot/index.ts)
• Kaspre: Commit 4484000 recently changed provider request policy and SSRF trust in the same request-config surface touched by this PR. (role: adjacent provider-request contributor; confidence: medium; commits: 44840007d42d; files: src/agents/provider-request-config.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against df8505b09d2e.

[efpiva]

CodeClaw proof runtime update

The shared CodeClaw proof branch has been advanced while validating the Telegram topic follow-ups for PR #82023.

Current combined proof branch:

• https://github.com/efpiva/openclaw/tree/codeclaw-proof-82023-82275
• latest proof commit: 5d05443b6a8f
• live CodeClaw runtime rebuilt from that proof branch: OpenClaw 2026.5.17 (5d05443)

I re-verified that the rebuilt live runtime still contains the Copilot compaction/header fix from this PR:

• installed dist contains resolveProviderDefaultRequestHeaders in provider-request-config-*;
• installed dist also contains the latest Telegram proof symbols from PR feat(telegram): bind spawned subagents to forum topics #82023 (CURRENT_TOOL_PROGRESS_LINE_ID, previewsByRoute, and supportsAutomaticThreadBindingSpawn).

This does not change the earlier Real behavior proof for this PR: the CodeClaw live compaction proof remains the provider-backed sessions.compact run against GitHub Copilot that completed without the missing Editor-Version header failure. The update here is that the current live combined proof runtime has been rebuilt again and still includes this PR's header-resolution code.