You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since gh-aw gateways all LLM inference through the API proxy sidecar (--enable-api-proxy), we should support running Copilot CLI in offline mode + BYOK so it talks directly to the sidecar without needing GitHub authentication.
When Copilot CLI supports offline/BYOK mode, the firewall should:
Configure Copilot CLI for offline mode — Set the appropriate env vars so Copilot CLI skips GitHub auth handshake and uses a direct API endpoint instead. This avoids the OAuth token exchange and reduces startup latency.
Point Copilot CLI at the sidecar — The API proxy sidecar already handles credential injection. Copilot CLI's BYOK endpoint config should point at http://172.30.0.30:10002 so requests flow: Agent → Sidecar (injects key) → Squid → upstream API.
Eliminate GitHub auth dependency for inference — With offline mode, the agent container wouldn't need COPILOT_GITHUB_TOKEN at all for LLM calls (it would still need GITHUB_TOKEN for MCP tools like issues/PRs). This simplifies the auth model and removes a failure mode.
Reduce allowed domains — If Copilot CLI doesn't need to do the OAuth handshake with api.github.com for token exchange, we could potentially remove GitHub API domains from the inference allow-list, tightening the network policy.
Benefits
Faster startup: No OAuth token exchange for LLM inference
Simpler auth model: Separate concerns — GITHUB_TOKEN for tools, BYOK key for inference
Better isolation: Agent never touches inference credentials
Context
Upstream issue: github/gh-aw-mcpg#3563
Since gh-aw gateways all LLM inference through the API proxy sidecar (
--enable-api-proxy), we should support running Copilot CLI in offline mode + BYOK so it talks directly to the sidecar without needing GitHub authentication.Reference: https://github.blog/changelog/2026-04-07-copilot-cli-now-supports-byok-and-local-models/
Current State
AWF already has partial BYOK support:
172.30.0.30) injects real API keys and forwards through SquidCOPILOT_API_KEYandCOPILOT_GITHUB_TOKENare held in the sidecar, never exposed to the agenthttp://172.30.0.30:10002for Copilot)resolveCopilotAuthToken()precedence logicWhat's Missing
When Copilot CLI supports offline/BYOK mode, the firewall should:
Configure Copilot CLI for offline mode — Set the appropriate env vars so Copilot CLI skips GitHub auth handshake and uses a direct API endpoint instead. This avoids the OAuth token exchange and reduces startup latency.
Point Copilot CLI at the sidecar — The API proxy sidecar already handles credential injection. Copilot CLI's BYOK endpoint config should point at
http://172.30.0.30:10002so requests flow: Agent → Sidecar (injects key) → Squid → upstream API.Eliminate GitHub auth dependency for inference — With offline mode, the agent container wouldn't need
COPILOT_GITHUB_TOKENat all for LLM calls (it would still needGITHUB_TOKENfor MCP tools like issues/PRs). This simplifies the auth model and removes a failure mode.Reduce allowed domains — If Copilot CLI doesn't need to do the OAuth handshake with
api.github.qkg1.topfor token exchange, we could potentially remove GitHub API domains from the inference allow-list, tightening the network policy.Benefits
GITHUB_TOKENfor tools, BYOK key for inferenceDependencies