Replies: 2 comments 5 replies
-
|
I think the issue here is that two different routing modes are being mixed together.
But for GitHub Enterprise Copilot, you probably do not want Headroom to behave like an OpenAI/Anthropic BYOK proxy. You want it to preserve the GitHub Enterprise authentication flow and only proxy the Copilot/GitHub traffic correctly. A few things I would separate while debugging:
The key clue is the OAuth validation failure:
That sounds like the token itself may be valid, but the request path, hostname, or upstream target is not what The first thing I would check is the proxy logs for the OAuth validation request:
If that request is being routed through the BYOK/provider path, then the model settings will not fix it. The proxy needs a separate GitHub Enterprise Copilot mode or a config option that keeps GHE auth and Copilot routing separate from third-party provider routing. |
Beta Was this translation helpful? Give feedback.
-
|
Headroom's The core problem: GHE Copilot authenticates via OAuth tokens to your GHE instance, not via an independent API key. Headroom's Working approach — Use export GITHUB_TOKEN=$(gh auth token --hostname my-company.ghe.com)
headroom proxy --port 8787 --backend openai --no-telemetryThen configure Copilot to talk to Headroom by setting Copilot's provider to OpenAI and pointing it at the proxy: gh copilot config set model_provider openai
gh copilot config set openai_base_url http://127.0.0.1:8787/v1What this does: GHE Copilot sends requests to the Headroom proxy (OpenAI-compatible endpoint). Headroom then forwards them to your configured Important caveats:
Simplest recommendation: If you just want caching/metrics on GHE Copilot traffic, the |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone,
I am trying to set up Headroom for the GitHub Copilot CLI (gh copilot) within a GitHub Enterprise (GHE) environment (using a custom enterprise host instead of the public github.com).
However, I am running into authentication and routing issues depending on the approach. What I've tried:
Attempt 1: Using headroom wrap
When running:
headroom wrap copilot -i "Test 123 ..."The CLI fails immediately with a BYOK (Bring Your Own Key) error, prompting me for a model:
Note: Copilot BYOK requires a model. Pass --model <name> or set COPILOT_MODEL / COPILOT_PROVIDER_MODEL_ID.If I explicitly provide a model argument or env variable, Headroom routes the request to our internal endpoint but fails with an HTTP 401:
Authentication failed with provider at [http://127.0.0.1:8787/p/](http://127.0.0.1:8787/p/)... (HTTP 401). Check your COPILOT_PROVIDER_API_KEY.(Note: As GHE users, we don't have a static OpenAI/Anthropic API key; we use our GHE AI credits).
Attempt 2: Using manual HTTPS_PROXY and headroom proxy
I tried starting the proxy standalone with my GITHUB_TOKEN pointing to our GHE API URL:
And then routing copilot through it via environment variables:
This results in a network fetch error:
My Question:
Has anyone successfully wired up gh copilot via Headroom in a GitHub Enterprise environment?
What is the correct way to pass the GHE OAuth token/PAT and route the endpoints through Headroom without it defaulting to a BYOK third-party provider setup?
Any guide, environment variable checklist, or config snippet would be highly appreciated!
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions