Update @github/copilot to 1.0.64-1#1739
Merged
Merged
Conversation
- Updated nodejs and test harness dependencies - Re-ran code generators - Formatted generated code
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the monorepo’s pinned @github/copilot dependency to 1.0.64-1 and propagates the new upstream schemas through the repo’s language-specific code generators (Node/TS, Rust, Go, .NET, Java), resulting in regenerated RPC/session-event types and updated lockfiles.
Changes:
- Bumped
@github/copilotto^1.0.64-1across Node packages and Java codegen inputs (plus lockfile refreshes). - Regenerated SDK protocol surfaces to match updated schemas (notably: experimental citations,
llmInference.*RPCs, MCP OAuthhandlePendingRequest, and attachment binary-asset persistence fields). - Updated Java generated types and APIs (new records/enums + updated generated RPC namespace wiring) and refreshed the Java POM property that mirrors the reference implementation version.
Show a summary per file
| File | Description |
|---|---|
| test/harness/package.json | Bump harness devDependency on @github/copilot to ^1.0.64-1. |
| test/harness/package-lock.json | Lockfile update for @github/copilot@1.0.64-1 and transitive changes. |
| rust/src/generated/session_events.rs | Regenerated session-event types (citations, MCP OAuth additions, schema shape tweaks). |
| rust/src/generated/rpc.rs | Regenerated Rust RPC client (adds llmInference.*, MCP OAuth handlePendingRequest). |
| rust/src/generated/api_types.rs | Regenerated Rust API types/constants (new methods, attachment schema updates, etc.). |
| nodejs/src/generated/session-events.ts | Regenerated TS session-event types (citations, MCP OAuth additions, attachment updates). |
| nodejs/src/generated/rpc.ts | Regenerated TS RPC types + RPC builders (adds llmInference.*, MCP OAuth handlePendingRequest). |
| nodejs/samples/package-lock.json | Sample lockfile updated to @github/copilot ^1.0.64-1. |
| nodejs/package.json | Bump Node SDK dependency on @github/copilot to ^1.0.64-1. |
| nodejs/package-lock.json | Node SDK lockfile update for @github/copilot@1.0.64-1 and transitive changes. |
| java/src/generated/java/com/github/copilot/generated/ToolExecutionCompleteResult.java | Adds citableSources to tool result payload. |
| java/src/generated/java/com/github/copilot/generated/rpc/SessionMcpOauthHandlePendingRequestResult.java | New generated result record for MCP OAuth pending handling. |
| java/src/generated/java/com/github/copilot/generated/rpc/SessionMcpOauthHandlePendingRequestParams.java | New generated params record for MCP OAuth pending handling. |
| java/src/generated/java/com/github/copilot/generated/rpc/SessionMcpOauthApi.java | Adds handlePendingRequest API method to session MCP OAuth wrapper. |
| java/src/generated/java/com/github/copilot/generated/rpc/ServerRpc.java | Wires new server-scoped llmInference namespace. |
| java/src/generated/java/com/github/copilot/generated/rpc/ServerLlmInferenceApi.java | New generated llmInference.* server-scoped API wrapper. |
| java/src/generated/java/com/github/copilot/generated/rpc/SandboxConfig.java | Schema shape change: sandbox config becomes Object instead of Map. |
| java/src/generated/java/com/github/copilot/generated/rpc/ModelBillingTokenPricesLongContext.java | Adds cache read/write price fields + deprecation wording for old fields. |
| java/src/generated/java/com/github/copilot/generated/rpc/ModelBillingTokenPrices.java | Adds cache read/write price fields + maxPromptTokens and deprecation wording. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceSetProviderResult.java | New generated result record for llmInference.setProvider. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceHttpResponseStartResult.java | New generated result record for llmInference.httpResponseStart. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceHttpResponseStartParams.java | New generated params record for llmInference.httpResponseStart. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceHttpResponseChunkResult.java | New generated result record for llmInference.httpResponseChunk. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceHttpResponseChunkParams.java | New generated params record for llmInference.httpResponseChunk. |
| java/src/generated/java/com/github/copilot/generated/rpc/LlmInferenceHttpResponseChunkError.java | New generated error record used in llmInference.httpResponseChunk. |
| java/src/generated/java/com/github/copilot/generated/ModelCallFailureEvent.java | Adds structured 400-failure diagnostics fields to model failure event. |
| java/src/generated/java/com/github/copilot/generated/ModelCallFailureBadRequestKind.java | New enum for 400 bad-request classification. |
| java/src/generated/java/com/github/copilot/generated/McpOauthWWWAuthenticateParams.java | New record for parsed OAuth challenge params. |
| java/src/generated/java/com/github/copilot/generated/McpOauthRequiredEvent.java | Expands OAuth-required event payload with metadata + WWW-Authenticate params. |
| java/src/generated/java/com/github/copilot/generated/McpOauthCompletionOutcome.java | New enum for OAuth completion outcome. |
| java/src/generated/java/com/github/copilot/generated/McpOauthCompletedEvent.java | Adds OAuth completion outcome field. |
| java/src/generated/java/com/github/copilot/generated/CitationSpan.java | New generated citation type. |
| java/src/generated/java/com/github/copilot/generated/CitationSource.java | New generated citation type. |
| java/src/generated/java/com/github/copilot/generated/Citations.java | New generated citation container type. |
| java/src/generated/java/com/github/copilot/generated/CitationReference.java | New generated citation type. |
| java/src/generated/java/com/github/copilot/generated/CitationProvider.java | New generated enum for citation providers. |
| java/src/generated/java/com/github/copilot/generated/CitableSource.java | New generated tool-provided citable source type. |
| java/src/generated/java/com/github/copilot/generated/CanvasRegistryChangedCanvasAction.java | Schema shape change: inputSchema becomes Object. |
| java/src/generated/java/com/github/copilot/generated/CanvasRegistryChangedCanvas.java | Schema shape change: inputSchema becomes Object. |
| java/src/generated/java/com/github/copilot/generated/AssistantMessageEvent.java | Adds citations field to assistant message event payload. |
| java/scripts/codegen/package.json | Bumps codegen-time @github/copilot dependency to ^1.0.64-1. |
| java/scripts/codegen/package-lock.json | Lockfile update for Java codegen dependencies. |
| java/pom.xml | Updates the read-only mirrored ref-impl version property to ^1.0.64-1. |
| go/zsession_events.go | Updates Go public aliases for newly generated RPC/session-event types. |
| go/rpc/zsession_events.go | Regenerated Go session-event structs/types (citations, MCP OAuth additions, etc.). |
| go/rpc/zsession_encoding.go | Regenerated Go JSON encoding/decoding helpers (citation location union, etc.). |
| go/rpc/zrpc.go | Regenerated Go RPC types/APIs (adds llmInference server API, MCP OAuth pending handling). |
| go/rpc/zrpc_encoding.go | Regenerated Go RPC JSON encoding/decoding helpers (MCP OAuth pending response union, etc.). |
| dotnet/src/Generated/Rpc.cs | Regenerated .NET RPC/types (adds llmInference APIs, MCP OAuth pending handling, pricing fields, citations types). |
Copilot's findings
Files not reviewed (9)
- go/rpc/zrpc.go: Generated file
- go/rpc/zrpc_encoding.go: Generated file
- go/rpc/zsession_encoding.go: Generated file
- go/rpc/zsession_events.go: Generated file
- go/zsession_events.go: Generated file
- java/scripts/codegen/package-lock.json: Generated file
- nodejs/package-lock.json: Generated file
- nodejs/samples/package-lock.json: Generated file
- test/harness/package-lock.json: Generated file
- Files reviewed: 4/52 changed files
- Comments generated: 0
This comment has been minimized.
This comment has been minimized.
1.0.64-1 makes @github/copilot a thin loader; the runnable index.js, sdk/, schemas, and native binary moved into platform packages (@github/copilot-<platform>-<arch>, exactly one installed). Update all CLI path resolution to the platform package's index.js (Java uses the loader's npm-loader.js since Maven properties cannot glob). Also fix downstream type changes: SQLite params -> unknown, AssistantMessageEventData gains citations, and Go AttachmentBlob.Data -> *string. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
Use Path.Join instead of Path.Combine (never silently drops rooted arguments) and replace the foreach scan with a LINQ Select + FirstOrDefault when locating the platform package's index.js. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
|
Pr |
Format the Node client and update the Go billing test to assert the non-deprecated maxPromptTokens field. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use the regenerated enabled parameter name for session.permissions.urls.setUnrestrictedMode. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
Author
There was a problem hiding this comment.
Generated by SDK Consistency Review Agent for issue #1739 · sonnet46 5.1M
The nodejs-installation fallback in the Java test harness pointed at @github/copilot/npm-loader.js, which spawns the platform-specific native binary. The Go, Python, Rust, and .NET harnesses instead glob the installed @github/copilot-<platform> package and run its index.js under Node.js, the documented preferred entry point. Switch the Java fallback to the same copilot-* glob for cross-SDK consistency and resilience. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
The bundled CLI 1.0.64-1 gates third-party MCP servers behind the copilot user's is_mcp_enabled flag: a null/missing value disables them. The e2e harnesses register a per-token copilot user that omitted is_mcp_enabled, so the new runtime skipped non-default MCP servers (e.g. meta-echo). That made the model report the MCP tool as nonexistent, so the next /chat/completions request no longer matched a recorded snapshot and the replay proxy returned HTTP 500 (surfacing as CAPIError: 500 Proxy error), failing every MCP e2e test that exercises a third-party server. Default is_mcp_enabled to true when serving /copilot_internal/user for a registered token (explicit values still win), mirroring the connect-proxy mock. One shared change fixes the e2e harness for all language SDKs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
The 1.0.64-1 CLI gates MCP enablement on a GitHub API call (the MCP registry policy check via /copilot/mcp_registry, plus the /copilot_internal/user lookup that carries copilot_plan and is_mcp_enabled). The Node/Go/Python/.NET/Java e2e harnesses only redirected COPILOT_API_URL to the replay proxy, so these GitHub API calls escaped to the real api.github.com. On macOS CI runners that egress is slow/unreachable, so MCP policy resolution stalled and every MCP server timed out before reaching connected (macOS-only failures; ubuntu/windows reach api.github.com fast enough to pass). The Rust e2e harness already sets COPILOT_DEBUG_GITHUB_API_URL to the proxy and passes on macOS with the identical CLI and identical MCP lifecycle tests. Mirror that here so the GitHub API calls are served hermetically by the replay proxy: the CLI then reads copilot_plan=individual_pro, the MCP policy resolver short-circuits to allow-all, and the registry-policy network call is never made. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
The CLI authenticates and calls /copilot_internal/user at startup, which can race ahead of the per-test POST /config. The Go e2e harness spawns the CLI (ctx.NewClient) at the parent-test level, before any subtest's ConfigureForTest posts /config, so the user call reached the proxy while state was still nil and hit the 'not yet initialized' guard. That blocked the CLI's MCP enablement check and caused the macOS MCP e2e subtests to time out at 60s. Move the /copilot_internal/user read handler above the state guard, mirroring its write-side counterpart (/copilot-user-config). The handler only depends on the copilotUserByToken map, which is populated at NewTestContext independently of state, so this is safe and consistent. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
CLI 1.0.64-1 gates MCP enablement on the /copilot_internal/user response. Commit 9d696d2 routed that call directly to the replay proxy via COPILOT_DEBUG_GITHUB_API_URL, but the Java harness never registered a default user for the CLI's default token, so the proxy returned 401 'Bad credentials'. With no user, the third-party MCP policy resolver could not early-return allow-all and the MCP servers never reached CONNECTED, timing out McpAndAgentsTest after 60s. Register a default 'individual_pro' user at E2ETestContext.create(), matching the Go, Node, Python, and .NET harnesses. The proxy adds is_mcp_enabled:true (the global gate) and the snake_case copilot_plan makes the resolver early-return allow-all for non-org plans, avoiding a /copilot/mcp_registry call the proxy does not serve. Add a raw-map setCopilotUserByToken overload to CapiProxy so the registered user uses the same snake_case field shape the CLI reads; the existing 6-arg camelCase overload (used by per-session auth tests) is unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
Registering a default e2e user (commit 7b8b7e0) made the process-level fake token resolve to e2e-test-user, so PerSessionAuthTest.shouldBeUnauthenticatedWithoutToken saw a login and failed its assertNull. Mirror the Go and Node equivalents: build a fresh client with the global auth tokens (GH_TOKEN, GITHUB_TOKEN, COPILOT_SDK_AUTH_TOKEN) stripped and useLoggedInUser=false, so there is no identity to fall back to and login is legitimately null. Scoped to this one test; the default-user registration and CapiProxy overload are unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
SDK Consistency Review —
|
| Type | Purpose |
|---|---|
Citations / CitationSource / CitationSpan / CitationReference / CitableSource / CitationProvider |
Provider-agnostic citations on AssistantMessageEvent.data.citations |
McpOauthCompletionOutcome |
New outcome field on McpOauthCompletedEvent.data |
McpOauthWwwAuthenticateParams / resourceMetadata |
New fields on McpOauthRequiredEvent.data |
ModelCallFailureBadRequestKind |
New badRequestKind / errorCode / errorType fields on model-call-failure events |
⚠️ Consistency gap: CitationLocation variants (Java + Rust)
The CitationLocation discriminated union (variants: char, page, block) is strongly typed in four SDKs but falls back to a raw/opaque type in the other two:
| SDK | CitationReference.location type |
|---|---|
| Node.js | CitationLocation (union of CitationLocationChar | CitationLocationPage | CitationLocationBlock) |
| Python | CitationLocationChar | CitationLocationPage | CitationLocationBlock classes with union dispatch |
| Go | CitationLocation interface with typed variants |
| .NET | CitationLocation base class with [JsonDerivedType] for each variant |
| Java | Object (codegen falls back for multi-branch anyOf) |
| Rust | Option<serde_json::Value> |
This means Java and Rust consumers who need to inspect the location type (e.g., distinguish a character-range citation from a page citation) must parse the raw JSON manually, unlike users of the other four SDKs.
This appears to be a known codegen limitation — java.ts line ~578 explicitly documents that multi-branch anyOf without a discovered discriminator falls back to Object. The Java codegen does have discriminated-union support (via generatePolymorphicResultClass), so it may be worth investigating why CitationLocation's type discriminator isn't being picked up. If fixable, adding CitationLocationChar.java, CitationLocationPage.java, and CitationLocationBlock.java would bring Java to parity.
This is not blocking for the current PR (the types are experimental), but tracking it as a follow-up improvement would keep the SDKs consistent.
📝 Minor: Java test coverage gaps for new fields
Two existing Java tests don't yet exercise the newly added fields. These tests will still pass (Jackson sets missing enum/object fields to null), but they leave the new fields untested:
GeneratedEventTypesCoverageTest.testParseMcpOauthCompletedEvent— test JSON omits the newoutcomefield; a follow-up that assertsoutcome == McpOauthCompletionOutcome.TOKEN(orCANCELLED) would give confidence in deserialization.SessionEventDeserializationTest.testAssistantMessageEventAllFields— test JSON omits the newcitationsfield.
Again, not blocking, but worth tracking.
Generated by SDK Consistency Review Agent for issue #1739 · sonnet46 4M · ◷
stephentoub
approved these changes
Jun 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated update of
@github/copilotto version1.0.64-1.Changes
@github/copilotinnodejs/package.jsonandtest/harness/package.jsonscripts/codegen)Java Handwritten Code Adaptation Plan
If
java-sdk-testsCI fails on this PR, follow these steps:mvn clean,mvn verifyfromjava/locally or check thejava-sdk-testsworkflow run logs.java/src/main/java/com/github/copilot/sdk/):nullfor optional new fields).CopilotSession.javaif applicable.java/src/test/java/com/github/copilot/sdk/):cd java && mvn clean test-compile jar:jar && mvn verify -Dskip.test.harness=truecd java && mvn spotless:applyNext steps
When ready, click Ready for review to trigger CI checks.