api-proxy: inject X-Initiator: agent default on all Copilot-bound requests to prevent billing inflation

[Copilot]

In BYOK/api-proxy mode, absent X-Initiator headers cause the Copilot API to bill every request as a user-initiated premium turn (~14x cost vs. the expected ~7% user / ~93% agent split in agentic workflows).

Changes

• containers/api-proxy/server.js — In proxyRequest(), after assembling outgoing headers, inject X-Initiator: agent for all Copilot-bound requests when the client hasn't supplied the header. The check uses targetHost.endsWith('githubcopilot.com') rather than the provider name so that OpenCode requests delegated to the Copilot backend are also covered (both api.githubcopilot.com and api.enterprise.githubcopilot.com). Client-supplied values are passed through unchanged, preserving correct behaviour for standard Copilot CLI flows.

if (targetHost.endsWith('githubcopilot.com') && !headers['x-initiator']) {
  headers['x-initiator'] = 'agent';
}

• containers/api-proxy/server.test.js — Seven new tests covering: header injected when absent on direct Copilot requests, header injected on enterprise Copilot host, header injected when OpenCode routes to the Copilot backend (provider='opencode', Copilot target host), client-set value preserved on direct Copilot and OpenCode→Copilot requests, no injection for non-Copilot providers, and no injection when OpenCode routes to a non-Copilot backend.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	86.45%	86.53%	📈 +0.08%
Statements	86.38%	86.46%	📈 +0.08%
Functions	90.61%	90.61%	➡️ +0.00%
Branches	79.23%	79.27%	📈 +0.04%

📁 Per-file Coverage Changes (2 files)

File	Lines (Before → After)	Statements (Before → After)
src/container-cleanup.ts	77.3% → 77.5% (+0.12%)	77.0% → 77.1% (+0.11%)
src/container-lifecycle.ts	86.1% → 87.2% (+1.09%)	86.3% → 87.4% (+1.08%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR updates the api-proxy to add a default X-Initiator: agent header on Copilot HTTP requests and adds unit tests around that behavior. In the broader api-proxy architecture, it changes request forwarding behavior in the shared proxy layer and extends the main server test suite.

Changes:

• Add default x-initiator injection in proxyRequest() for requests identified as Copilot.
• Preserve an existing client-supplied x-initiator value instead of overwriting it.
• Add tests covering direct Copilot injection, preservation, and non-Copilot no-op behavior.

Show a summary per file

File	Description
containers/api-proxy/server.js	Adds the new x-initiator defaulting logic in the shared HTTP proxy path.
containers/api-proxy/server.test.js	Imports proxyRequest and adds unit tests for the new header-injection behavior.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 2

[lpcox]

@copilot address the review feedback

[Copilot]

@copilot address the review feedback

Done in cdccf31. Changed the check from provider === 'copilot' to targetHost.endsWith('githubcopilot.com') so the header is injected regardless of which adapter name is in play — this covers both direct Copilot requests and the OpenCode→Copilot routing path (including api.enterprise.githubcopilot.com). Added regression tests for the OpenCode→Copilot case and for OpenCode→non-Copilot (verifying no injection).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.example.com
  • Triggering command: /opt/hostedtoolcache/node/20.20.2/x64/bin/node node /home/REDACTED/work/gh-aw-firewall/gh-aw-firewall/containers/api-proxy/node_modules/.bin/jest --verbose --ci server.test.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ timeout/no response
PostgreSQL pg_isready	❌ no response
PostgreSQL SELECT 1	❌ connection failed

Overall: FAIL — host.docker.internal was not reachable on ports 6379 or 5432 from this runner environment.

🔌 Service connectivity validated by Smoke Services

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP (list PRs)	✅ PR #2538 returned
GitHub.com HTTP	⚠️ Pre-step output not expanded (template variable unresolved)
File write/read	⚠️ Pre-step output not expanded (template variable unresolved)
BYOK inference (api-proxy → api.githubcopilot.com)	✅ Responding via BYOK offline mode

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

PR author: @Copilot · Assignees: @lpcox, @Copilot

Overall: PARTIAL — BYOK inference and MCP ✅; pre-step smoke data unexpanded in template.

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

🔬 Smoke Test Results

Test	Status
GitHub MCP connectivity	✅
GitHub.com HTTP connectivity	⚠️ template not expanded
File write/read	⚠️ template not expanded

PR: api-proxy: inject X-Initiator: agent default on all Copilot-bound requests to prevent billing inflation
Author: @Copilot | Assignees: @lpcox, @Copilot

Overall: PARTIAL — MCP ✅, pre-computed test data unavailable (workflow template vars not substituted).

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke Test Results:
✅ GitHub MCP Testing (last 2 merged PRs reviewed)
✅ Playwright Testing (github.com title verification)
✅ File Writing Testing (temp file creation)
✅ Bash Tool Testing (file verification)

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	all passed	✅ PASS
Node.js	execa	✅	all passed	✅ PASS
Node.js	p-limit	✅	all passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2571 · ● 1.5M · ◷

[github-actions]

🧪 Chroot Version Comparison Results

Runtime	Host Version	Chroot Version	Match?
Python	Python 3.12.13	Python 3.12.3	❌ NO
Node.js	v24.14.1	v20.20.2	❌ NO
Go	go1.22.12	go1.22.12	✅ YES

Overall: ❌ Not all tests passed. Python and Node.js versions differ between host and chroot.

Tested by Smoke Chroot

[github-actions]

Codex Smoke Test

api-proxy: inject X-Initiator: agent default on all Copilot-bound requests to prevent billing inflation
fix: one-shot-token.so fails to load on musl/Alpine hosts (ARC runners)
GitHub PR review ✅ | SafeInputs GH ❌ | Playwright ✅ | Tavily ❌ | File/Bash ✅ | Discussion ✅ | Build ✅
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex