fix: address review feedback — enforce maxRetries, wire abort signal, use cross-platform shell

1. Enforce maxRetries: track auto-fix attempts per query chain in toolHooks.ts
   and stop feeding errors back after the configured limit is reached.

2. Wire abort signal to subprocess: subscribe to AbortController signal in
   runCommand() and kill the process tree on abort. Uses detached process
   groups on Unix to ensure child processes are also terminated.

3. Replace hardcoded bash with shell:true: use Node's cross-platform shell
   resolution instead of spawn('bash', ['-c', ...]) so auto-fix commands
   work on Windows and non-bash environments.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/workflows/pr-checks.yml

@@ -29,6 +29,13 @@ jobs:
         with:
           bun-version: 1.3.11
 
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.12"
+          cache: "pip"
+          cache-dependency-path: python/requirements.txt
+
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
@@ -38,6 +45,12 @@ jobs:
       - name: Full unit test suite
         run: bun test --max-concurrency=1
 
+      - name: Install Python test dependencies
+        run: python -m pip install -r python/requirements.txt
+
+      - name: Python unit tests
+        run: python -m pytest -q python/tests
+
       - name: Suspicious PR intent scan
         run: bun run security:pr-scan -- --base ${{ github.event.pull_request.base.sha || 'origin/main' }}
       - name: Provider tests

python/requirements.txt

@@ -0,0 +1,3 @@
+pytest==7.4.4
+pytest-asyncio==0.23.3
+httpx==0.25.2

scripts/system-check.ts

@@ -118,14 +118,14 @@ function isLocalBaseUrl(baseUrl: string): boolean {
 }
 
 const GEMINI_DEFAULT_BASE_URL = 'https://generativelanguage.googleapis.com/v1beta/openai'
-const GITHUB_MODELS_DEFAULT_BASE = 'https://models.github.ai/inference'
+const GITHUB_COPILOT_BASE = 'https://api.githubcopilot.com'
 
 function currentBaseUrl(): string {
   if (isTruthy(process.env.CLAUDE_CODE_USE_GEMINI)) {
     return process.env.GEMINI_BASE_URL ?? GEMINI_DEFAULT_BASE_URL
   }
   if (isTruthy(process.env.CLAUDE_CODE_USE_GITHUB)) {
-    return process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE
+    return process.env.OPENAI_BASE_URL ?? GITHUB_COPILOT_BASE
   }
   return process.env.OPENAI_BASE_URL ?? 'https://api.openai.com/v1'
 }
@@ -157,7 +157,7 @@ function checkGeminiEnv(): CheckResult[] {
 
 function checkGithubEnv(): CheckResult[] {
   const results: CheckResult[] = []
-  const baseUrl = process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE
+  const baseUrl = process.env.OPENAI_BASE_URL ?? GITHUB_COPILOT_BASE
   results.push(pass('Provider mode', 'GitHub Models provider enabled.'))
 
   const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN
@@ -435,7 +435,7 @@ function serializeSafeEnvSummary(): Record<string, string | boolean> {
         process.env.OPENAI_MODEL ??
         '(unset, default: github:copilot → openai/gpt-4.1)',
       OPENAI_BASE_URL:
-        process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE,
+        process.env.OPENAI_BASE_URL ?? GITHUB_COPILOT_BASE,
       GITHUB_TOKEN_SET: Boolean(
         process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN,
       ),

src/commands.ts

@@ -136,6 +136,7 @@ import hooks from './commands/hooks/index.js'
 import files from './commands/files/index.js'
 import branch from './commands/branch/index.js'
 import agents from './commands/agents/index.js'
+import autoFix from './commands/auto-fix.js'
 import plugin from './commands/plugin/index.js'
 import reloadPlugins from './commands/reload-plugins/index.js'
 import rewind from './commands/rewind/index.js'
@@ -263,6 +264,7 @@ const COMMANDS = memoize((): Command[] => [
   addDir,
   advisor,
   agents,
+  autoFix,
   branch,
   btw,
   chrome,

src/commands/auto-fix.ts

@@ -0,0 +1,25 @@
+import type { Command } from '../types/command.js'
+
+const command: Command = {
+  name: 'auto-fix',
+  description: 'Configure auto-fix: run lint/test after AI edits',
+  isEnabled: () => true,
+  type: 'prompt',
+  progressMessage: 'Configuring auto-fix...',
+  contentLength: 0,
+  source: 'builtin',
+  async getPromptForCommand() {
+    return [
+      {
+        type: 'text',
+        text:
+          'The user wants to configure auto-fix settings. Auto-fix automatically runs lint and test commands after AI file edits, feeding errors back for self-repair.\n\n' +
+          'Current settings location: `.claude/settings.json` or `.claude/settings.local.json`\n\n' +
+          'Example configuration:\n```json\n{\n  "autoFix": {\n    "enabled": true,\n    "lint": "eslint . --fix",\n    "test": "bun test",\n    "maxRetries": 3,\n    "timeout": 30000\n  }\n}\n```\n\n' +
+          'Ask the user what lint and test commands they use, then help them set up the configuration.',
+      },
+    ]
+  },
+}
+
+export default command

src/commands/onboard-github/index.ts

@@ -4,7 +4,7 @@ const onboardGithub: Command = {
   name: 'onboard-github',
   aliases: ['onboarding-github', 'onboardgithub', 'onboardinggithub'],
   description:
-    'Interactive setup for GitHub Models: device login or PAT, saved to secure storage',
+    'Interactive setup for GitHub Copilot: OAuth device login stored in secure storage',
   type: 'local-jsx',
   load: () => import('./onboard-github.js'),
 }

src/commands/onboard-github/onboard-github.tsx

@@ -2,9 +2,9 @@ import * as React from 'react'
 import { useCallback, useState } from 'react'
 import { Select } from '../../components/CustomSelect/select.js'
 import { Spinner } from '../../components/Spinner.js'
-import TextInput from '../../components/TextInput.js'
 import { Box, Text } from '../../ink.js'
 import {
+  exchangeForCopilotToken,
   openVerificationUri,
   pollAccessToken,
   requestDeviceCode,
@@ -15,7 +15,7 @@ import {
   readGithubModelsToken,
   saveGithubModelsToken,
 } from '../../utils/githubModelsCredentials.js'
-import { updateSettingsForSource } from '../../utils/settings/settings.js'
+import { getSettingsForSource, updateSettingsForSource } from '../../utils/settings/settings.js'
 
 const DEFAULT_MODEL = 'github:copilot'
 const FORCE_RELOGIN_ARGS = new Set([
@@ -27,11 +27,25 @@ const FORCE_RELOGIN_ARGS = new Set([
   '--reauth',
 ])
 
-type Step =
-  | 'menu'
-  | 'device-busy'
-  | 'pat'
-  | 'error'
+type Step = 'menu' | 'device-busy' | 'error'
+
+const PROVIDER_SPECIFIC_KEYS = new Set([
+  'CLAUDE_CODE_USE_OPENAI',
+  'CLAUDE_CODE_USE_GEMINI',
+  'CLAUDE_CODE_USE_BEDROCK',
+  'CLAUDE_CODE_USE_VERTEX',
+  'CLAUDE_CODE_USE_FOUNDRY',
+  'OPENAI_BASE_URL',
+  'OPENAI_API_BASE',
+  'OPENAI_API_KEY',
+  'OPENAI_MODEL',
+  'GEMINI_API_KEY',
+  'GOOGLE_API_KEY',
+  'GEMINI_BASE_URL',
+  'GEMINI_MODEL',
+  'GEMINI_ACCESS_TOKEN',
+  'GEMINI_AUTH_MODE',
+])
 
 export function shouldForceGithubRelogin(args?: string): boolean {
   const normalized = (args ?? '').trim().toLowerCase()
@@ -41,15 +55,29 @@ export function shouldForceGithubRelogin(args?: string): boolean {
   return normalized.split(/\s+/).some(arg => FORCE_RELOGIN_ARGS.has(arg))
 }
 
+const GITHUB_PAT_PREFIXES = ['ghp_', 'gho_','ghs_', 'ghr_', 'github_pat_']
+
+function isGithubPat(token: string): boolean {
+  return GITHUB_PAT_PREFIXES.some(prefix => token.startsWith(prefix))
+}
+
 export function hasExistingGithubModelsLoginToken(
   env: NodeJS.ProcessEnv = process.env,
   storedToken?: string,
 ): boolean {
   const envToken = env.GITHUB_TOKEN?.trim() || env.GH_TOKEN?.trim()
   if (envToken) {
+    // PATs are no longer supported - require OAuth re-auth
+    if (isGithubPat(envToken)) {
+      return false
+    }
     return true
   }
   const persisted = (storedToken ?? readGithubModelsToken())?.trim()
+  // PATs are no longer supported - require OAuth re-auth
+  if (persisted && isGithubPat(persisted)) {
+    return false
+  }
   return Boolean(persisted)
 }
 
@@ -97,8 +125,21 @@ export function applyGithubOnboardingProcessEnv(
 }
 
 function mergeUserSettingsEnv(model: string): { ok: boolean; detail?: string } {
+  const currentSettings = getSettingsForSource('userSettings')
+  const currentEnv = currentSettings?.env ?? {}
+
+  const newEnv: Record<string, string> = {}
+  for (const [key, value] of Object.entries(currentEnv)) {
+    if (!PROVIDER_SPECIFIC_KEYS.has(key)) {
+      newEnv[key] = value
+    }
+  }
+
+  newEnv.CLAUDE_CODE_USE_GITHUB = '1'
+  newEnv.OPENAI_MODEL = model
+
   const { error } = updateSettingsForSource('userSettings', {
-    env: buildGithubOnboardingSettingsEnv(model) as any,
+    env: newEnv,
   })
   if (error) {
     return { ok: false, detail: error.message }
@@ -143,12 +184,14 @@ function OnboardGithub(props: {
     user_code: string
     verification_uri: string
   } | null>(null)
-  const [patDraft, setPatDraft] = useState('')
-  const [cursorOffset, setCursorOffset] = useState(0)
 
   const finalize = useCallback(
-    async (token: string, model: string = DEFAULT_MODEL) => {
-      const saved = saveGithubModelsToken(token)
+    async (
+      token: string,
+      model: string = DEFAULT_MODEL,
+      oauthToken?: string,
+    ) => {
+      const saved = saveGithubModelsToken(token, oauthToken)
       if (!saved.success) {
         setErrorMsg(saved.warning ?? 'Could not save token to secure storage.')
         setStep('error')
@@ -165,8 +208,18 @@ function OnboardGithub(props: {
         setStep('error')
         return
       }
+      // Clear stale provider-specific env vars from the current session
+      // so resolveProviderRequest() doesn't pick up a previous provider's
+      // base URL or key after onboarding completes.
+      for (const key of PROVIDER_SPECIFIC_KEYS) {
+        delete process.env[key]
+      }
+      process.env.CLAUDE_CODE_USE_GITHUB = '1'
+      process.env.OPENAI_MODEL = model.trim() || DEFAULT_MODEL
+      hydrateGithubModelsTokenFromSecureStorage()
+      onChangeAPIKey()
       onDone(
-        'GitHub Models onboard complete. Token stored in secure storage; user settings updated. Restart if the model does not switch.',
+        'GitHub Copilot onboard complete. Copilot token and OAuth token stored in secure storage (Windows/Linux: ~/.claude/.credentials.json, macOS: Keychain fallback to ~/.claude/.credentials.json); user settings updated. Restart if the model does not switch.',
         { display: 'user' },
       )
     },
@@ -184,11 +237,12 @@ function OnboardGithub(props: {
         verification_uri: device.verification_uri,
       })
       await openVerificationUri(device.verification_uri)
-      const token = await pollAccessToken(device.device_code, {
+      const oauthToken = await pollAccessToken(device.device_code, {
         initialInterval: device.interval,
         timeoutSeconds: device.expires_in,
       })
-      await finalize(token, DEFAULT_MODEL)
+      const copilotToken = await exchangeForCopilotToken(oauthToken)
+      await finalize(copilotToken.token, DEFAULT_MODEL, oauthToken)
     } catch (e) {
       setErrorMsg(e instanceof Error ? e.message : String(e))
       setStep('error')
@@ -227,7 +281,7 @@ function OnboardGithub(props: {
   if (step === 'device-busy') {
     return (
       <Box flexDirection="column" gap={1}>
-        <Text>GitHub device login</Text>
+        <Text>GitHub Copilot sign-in</Text>
         {deviceHint ? (
           <>
             <Text>
@@ -246,43 +300,11 @@ function OnboardGithub(props: {
     )
   }
 
-  if (step === 'pat') {
-    return (
-      <Box flexDirection="column" gap={1}>
-        <Text>Paste a GitHub personal access token with access to GitHub Models.</Text>
-        <Text dimColor>Input is masked. Enter to submit; Esc to go back.</Text>
-        <TextInput
-          value={patDraft}
-          mask="*"
-          onChange={setPatDraft}
-          onSubmit={async (value: string) => {
-            const t = value.trim()
-            if (!t) {
-              return
-            }
-            await finalize(t, DEFAULT_MODEL)
-          }}
-          onExit={() => {
-            setStep('menu')
-            setPatDraft('')
-          }}
-          columns={80}
-          cursorOffset={cursorOffset}
-          onChangeCursorOffset={setCursorOffset}
-        />
-      </Box>
-    )
-  }
-
   const menuOptions = [
     {
-      label: 'Sign in with browser (device code)',
+      label: 'Sign in with browser',
       value: 'device' as const,
     },
-    {
-      label: 'Paste personal access token',
-      value: 'pat' as const,
-    },
     {
       label: 'Cancel',
       value: 'cancel' as const,
@@ -291,7 +313,7 @@ function OnboardGithub(props: {
 
   return (
     <Box flexDirection="column" gap={1}>
-      <Text bold>GitHub Models setup</Text>
+      <Text bold>GitHub Copilot setup</Text>
       <Text dimColor>
         Stores your token in the OS credential store (macOS Keychain when available)
         and enables CLAUDE_CODE_USE_GITHUB in your user settings - no export
@@ -304,10 +326,6 @@ function OnboardGithub(props: {
             onDone('GitHub onboard cancelled', { display: 'system' })
             return
           }
-          if (v === 'pat') {
-            setStep('pat')
-            return
-          }
           void runDeviceFlow()
         }}
       />

src/components/CustomSelect/use-multi-select-state.ts

@@ -1,5 +1,4 @@
 import { useCallback, useState } from 'react'
-import { isDeepStrictEqual } from 'util'
 import { useRegisterOverlay } from '../../context/overlayContext.js'
 import type { InputEvent } from '../../ink/events/input-event.js'
 // eslint-disable-next-line custom-rules/prefer-use-keybindings -- raw space/arrow multiselect input
@@ -9,6 +8,7 @@ import {
   normalizeFullWidthSpace,
 } from '../../utils/stringUtils.js'
 import type { OptionWithDescription } from './select.js'
+import { optionsNavigateEqual } from './use-select-navigation.js'
 import { useSelectNavigation } from './use-select-navigation.js'
 
 export type UseMultiSelectStateProps<T> = {
@@ -174,7 +174,7 @@ export function useMultiSelectState<T>({
   // and the deleted ui/useMultiSelectState.ts — without this, MCPServerDesktopImportDialog
   // keeps colliding servers checked after getAllMcpConfigs() resolves.
   const [lastOptions, setLastOptions] = useState(options)
-  if (options !== lastOptions && !isDeepStrictEqual(options, lastOptions)) {
+  if (options !== lastOptions && !optionsNavigateEqual(options, lastOptions)) {
     setSelectedValues(defaultValue)
     setLastOptions(options)
   }

src/components/CustomSelect/use-select-navigation.ts

@@ -6,10 +6,34 @@ import {
   useRef,
   useState,
 } from 'react'
-import { isDeepStrictEqual } from 'util'
 import OptionMap from './option-map.js'
 import type { OptionWithDescription } from './select.js'
 
+/**
+ * Compare two option arrays for structural equality on properties that
+ * affect navigation behavior. ReactNode `label` and function `onChange`
+ * are intentionally excluded — they are identity-unstable (new reference
+ * each render) but don't change navigation semantics.
+ */
+export function optionsNavigateEqual<T>(
+  a: OptionWithDescription<T>[],
+  b: OptionWithDescription<T>[],
+): boolean {
+  if (a.length !== b.length) return false
+  for (let i = 0; i < a.length; i++) {
+    const ao = a[i]!
+    const bo = b[i]!
+    if (
+      ao.value !== bo.value ||
+      ao.disabled !== bo.disabled ||
+      ao.type !== bo.type
+    ) {
+      return false
+    }
+  }
+  return true
+}
+
 type State<T> = {
   /**
    * Map where key is option's value and value is option's index.
@@ -524,7 +548,7 @@ export function useSelectNavigation<T>({
 
   const [lastOptions, setLastOptions] = useState(options)
 
-  if (options !== lastOptions && !isDeepStrictEqual(options, lastOptions)) {
+  if (options !== lastOptions && !optionsNavigateEqual(options, lastOptions)) {
     dispatch({
       type: 'reset',
       state: createDefaultState({

src/components/HelpV2/HelpV2.tsx

@@ -112,7 +112,7 @@ export function HelpV2(t0) {
     }
     tabs.push(t6);
     if (false && antOnlyCommands.length > 0) {
-      let t7;
+    let t7;
       if ($[26] !== antOnlyCommands || $[27] !== close || $[28] !== columns || $[29] !== maxHeight) {
         t7 = <Tab key="internal-only" title="[internal-only]"><Commands commands={antOnlyCommands} maxHeight={maxHeight} columns={columns} title="Browse internal-only commands:" onCancel={close} /></Tab>;
         $[26] = antOnlyCommands;

src/components/StartupScreen.ts

@@ -95,8 +95,8 @@ function detectProvider(): { name: string; model: string; baseUrl: string; isLoc
   if (useGithub) {
     const model = process.env.OPENAI_MODEL || 'github:copilot'
     const baseUrl =
-      process.env.OPENAI_BASE_URL || 'https://models.github.ai/inference'
-    return { name: 'GitHub Models', model, baseUrl, isLocal: false }
+      process.env.OPENAI_BASE_URL || 'https://api.githubcopilot.com'
+    return { name: 'GitHub Copilot', model, baseUrl, isLocal: false }
   }
 
   if (useOpenAI) {

src/components/agents/generateAgent.ts

@@ -68,11 +68,11 @@ When a user describes what they want an agent to do, you will:
       assistant: "Now let me use the test-runner agent to run the tests"
     </example>
     - <example>
-      Context: User is creating an agent to respond to the word "hello" with a friendly jok.
-      user: "Hello"
-      assistant: "I'm going to use the ${AGENT_TOOL_NAME} tool to launch the greeting-responder agent to respond with a friendly joke"
+      Context: User is creating an agent for Claude Code product questions.
+      user: "How do I configure Claude Code hooks?"
+      assistant: "I'm going to use the ${AGENT_TOOL_NAME} tool to launch the claude-code-guide agent to answer the question"
       <commentary>
-      Since the user is greeting, use the greeting-responder agent to respond with a friendly joke. 
+      Since the user is asking how to use Claude Code, use the claude-code-guide agent.
       </commentary>
     </example>
   - If the user mentioned or implied that the agent should be used proactively, you should include examples of this.

src/entrypoints/cli.tsx

@@ -8,6 +8,34 @@ import {
   validateProviderEnvOrExit,
 } from '../utils/providerValidation.js'
 
+// OpenClaude: polyfill globalThis.File for Node < 20.
+// undici v7 references `File` at module evaluation time (webidl type
+// assertions). Node 18 lacks the global, causing a ReferenceError inside
+// the bundled __commonJS require chain which deadlocks the process when a
+// proxy is configured (configureGlobalAgents → require_undici).
+// eslint-disable-next-line custom-rules/no-top-level-side-effects
+if (typeof globalThis.File === 'undefined') {
+  try {
+    // Node 18.13+ exposes File in node:buffer but not as a global.
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { File: NodeFile } = require('node:buffer')
+    // @ts-expect-error -- polyfilling missing global
+    globalThis.File = NodeFile
+  } catch {
+    // Absolute fallback: stub so `MakeTypeAssertion(File)` doesn't throw.
+    // @ts-expect-error -- minimal polyfill
+    globalThis.File = class File extends Blob {
+      name: string
+      lastModified: number
+      constructor(parts: BlobPart[], name: string, opts?: FilePropertyBag) {
+        super(parts, opts)
+        this.name = name
+        this.lastModified = opts?.lastModified ?? Date.now()
+      }
+    }
+  }
+}
+
 // OpenClaude: disable experimental API betas by default.
 // Tool search (defer_loading), global cache scope, and context management
 // require internal API support not available to external accounts → 500.
@@ -68,15 +96,16 @@ async function main(): Promise<void> {
     }
   }
 
+  // Enable configs first so we can read settings
   {
     const { enableConfigs } = await import('../utils/config.js')
     enableConfigs()
+  }
+
+  // Apply settings.env from user settings (includes GitHub provider settings from /onboard-github)
+  {
     const { applySafeConfigEnvironmentVariables } = await import('../utils/managedEnv.js')
     applySafeConfigEnvironmentVariables()
-    const { hydrateGeminiAccessTokenFromSecureStorage } = await import('../utils/geminiCredentials.js')
-    hydrateGeminiAccessTokenFromSecureStorage()
-    const { hydrateGithubModelsTokenFromSecureStorage } = await import('../utils/githubModelsCredentials.js')
-    hydrateGithubModelsTokenFromSecureStorage()
   }
 
   const startupEnv = await buildStartupEnvFromProfile({
@@ -93,6 +122,16 @@ async function main(): Promise<void> {
     }
   }
 
+  // Hydrate GitHub credentials after profile is applied so CLAUDE_CODE_USE_GITHUB from profile is available
+  {
+    const {
+      hydrateGithubModelsTokenFromSecureStorage,
+      refreshGithubModelsTokenIfNeeded,
+    } = await import('../utils/githubModelsCredentials.js')
+    await refreshGithubModelsTokenIfNeeded()
+    hydrateGithubModelsTokenFromSecureStorage()
+  }
+
   await validateProviderEnvOrExit()
 
   // Print the gradient startup screen before the Ink UI loads

src/screens/REPL.tsx

@@ -238,6 +238,7 @@ import { usePromptsFromClaudeInChrome } from 'src/hooks/usePromptsFromClaudeInCh
 import { getTipToShowOnSpinner, recordShownTip } from 'src/services/tips/tipScheduler.js';
 import type { Theme } from 'src/utils/theme.js';
 import { isPromptTypingSuppressionActive } from './replInputSuppression.js';
+import { shouldRunStartupChecks } from './replStartupGates.js';
 import { checkAndDisableBypassPermissionsIfNeeded, checkAndDisableAutoModeIfNeeded, useKickOffCheckAndDisableBypassPermissionsIfNeeded, useKickOffCheckAndDisableAutoModeIfNeeded } from 'src/utils/permissions/bypassPermissionsKillswitch.js';
 import { SandboxManager } from 'src/utils/sandbox/sandbox-adapter.js';
 import { SANDBOX_NETWORK_ACCESS_TOOL_NAME } from 'src/cli/structuredIO.js';
@@ -792,10 +793,8 @@ export function REPL({
   // accepts, and only then is the REPL component mounted and this effect runs.
   // This ensures that plugin installations from repository and user settings only
   // happen after explicit user consent to trust the current working directory.
-  useEffect(() => {
-    if (isRemoteSession) return;
-    void performStartupChecks(setAppState);
-  }, [setAppState, isRemoteSession]);
+  // Deferring startup checks is handled below (after promptTypingSuppressionActive
+  // is declared) to avoid temporal dead zone issues.
 
   // Allow Claude in Chrome MCP to send prompts through MCP notifications
   // and sync permission mode changes to the Chrome extension
@@ -1429,6 +1428,25 @@ export function REPL({
   const activeRemote = sshRemote.isRemoteMode ? sshRemote : directConnect.isRemoteMode ? directConnect : remoteSession;
   const [pastedContents, setPastedContents] = useState<Record<number, PastedContent>>({});
   const [submitCount, setSubmitCount] = useState(0);
+
+  // Defer startup checks until the user has submitted their first message.
+  // A timeout or grace period is insufficient (issue #363): if the user pauses
+  // before typing, startup checks can still fire and recommendation dialogs
+  // steal focus. Only the user's first submission guarantees the prompt was
+  // the first thing they interacted with.
+  const startupChecksStartedRef = React.useRef(false);
+  const hasHadFirstSubmission = (submitCount ?? 0) > 0;
+  useEffect(() => {
+    if (isRemoteSession) return;
+    if (startupChecksStartedRef.current) return;
+    if (!shouldRunStartupChecks({
+      isRemoteSession,
+      hasStarted: startupChecksStartedRef.current,
+      hasHadFirstSubmission,
+    })) return;
+    startupChecksStartedRef.current = true;
+    void performStartupChecks(setAppState);
+  }, [setAppState, isRemoteSession, hasHadFirstSubmission]);
   // Ref instead of state to avoid triggering React re-renders on every
   // streaming text_delta. The spinner reads this via its animation timer.
   const responseLengthRef = useRef(0);
@@ -2061,13 +2079,14 @@ export function REPL({
     if (allowDialogsWithAnimation && showRemoteCallout) return 'remote-callout';
 
     // LSP plugin recommendation (lowest priority - non-blocking suggestion)
-    if (allowDialogsWithAnimation && lspRecommendation) return 'lsp-recommendation';
+    // Suppress during startup window to prevent stealing focus from the prompt (issue #363)
+    if (allowDialogsWithAnimation && lspRecommendation && startupChecksStartedRef.current) return 'lsp-recommendation';
 
     // Plugin hint from CLI/SDK stderr (same priority band as LSP rec)
-    if (allowDialogsWithAnimation && hintRecommendation) return 'plugin-hint';
+    if (allowDialogsWithAnimation && hintRecommendation && startupChecksStartedRef.current) return 'plugin-hint';
 
     // Desktop app upsell (max 3 launches, lowest priority)
-    if (allowDialogsWithAnimation && showDesktopUpsellStartup) return 'desktop-upsell';
+    if (allowDialogsWithAnimation && showDesktopUpsellStartup && startupChecksStartedRef.current) return 'desktop-upsell';
     return undefined;
   }
   const focusedInputDialog = getFocusedInputDialog();

src/screens/replStartupGates.test.ts

@@ -0,0 +1,53 @@
+import { describe, expect, test } from 'bun:test'
+
+import { shouldRunStartupChecks } from './replStartupGates.js'
+
+describe('shouldRunStartupChecks', () => {
+  test('runs checks after first message submission', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: false,
+      hasStarted: false,
+      hasHadFirstSubmission: true,
+    })).toBe(true)
+  })
+
+  test('skips checks in remote sessions even after submission', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: true,
+      hasStarted: false,
+      hasHadFirstSubmission: true,
+    })).toBe(false)
+  })
+
+  test('skips checks if already started', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: false,
+      hasStarted: true,
+      hasHadFirstSubmission: true,
+    })).toBe(false)
+  })
+
+  test('does not run checks before first submission', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: false,
+      hasStarted: false,
+      hasHadFirstSubmission: false,
+    })).toBe(false)
+  })
+
+  test('does not run checks when idle before first submission', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: false,
+      hasStarted: false,
+      hasHadFirstSubmission: false,
+    })).toBe(false)
+  })
+
+  test('skips checks in remote session regardless of other conditions', () => {
+    expect(shouldRunStartupChecks({
+      isRemoteSession: true,
+      hasStarted: false,
+      hasHadFirstSubmission: false,
+    })).toBe(false)
+  })
+})

src/screens/replStartupGates.ts

@@ -0,0 +1,35 @@
+/**
+ * Startup gates for the REPL.
+ *
+ * Prevents startup plugin checks and recommendation dialogs from stealing
+ * focus before the user has interacted with the prompt.
+ *
+ * This addresses the root cause of issue #363: on mount, performStartupChecks
+ * triggers plugin loading, which populates trackedFiles, which triggers
+ * useLspPluginRecommendation to surface an LSP recommendation dialog. Since
+ * promptTypingSuppressionActive is false before the user has typed anything,
+ * getFocusedInputDialog() returns the dialog, unmounting PromptInput entirely.
+ *
+ * The fix gates startup checks on actual prompt interaction. A pure timeout
+ * or grace period is insufficient because pausing before typing would still
+ * allow dialogs to steal focus. Only the user's first submission guarantees
+ * the prompt is no longer in the vulnerable pre-interaction window.
+ */
+
+/**
+ * Determines whether startup checks should run.
+ *
+ * Startup checks are deferred until the user has submitted their first
+ * message. This guarantees the prompt was the first thing the user interacted
+ * with, so no recommendation dialog can steal focus before the first keystroke.
+ */
+export function shouldRunStartupChecks(options: {
+  isRemoteSession: boolean;
+  hasStarted: boolean;
+  hasHadFirstSubmission: boolean;
+}): boolean {
+  if (options.isRemoteSession) return false;
+  if (options.hasStarted) return false;
+  if (!options.hasHadFirstSubmission) return false;
+  return true;
+}

src/services/api/client.test.ts

@@ -18,6 +18,7 @@ const originalEnv = {
   GEMINI_API_KEY: process.env.GEMINI_API_KEY,
   GEMINI_MODEL: process.env.GEMINI_MODEL,
   GEMINI_BASE_URL: process.env.GEMINI_BASE_URL,
+  GEMINI_AUTH_MODE: process.env.GEMINI_AUTH_MODE,
   GOOGLE_API_KEY: process.env.GOOGLE_API_KEY,
   OPENAI_API_KEY: process.env.OPENAI_API_KEY,
   OPENAI_BASE_URL: process.env.OPENAI_BASE_URL,
@@ -32,6 +33,7 @@ beforeEach(() => {
   process.env.GEMINI_API_KEY = 'gemini-test-key'
   process.env.GEMINI_MODEL = 'gemini-2.0-flash'
   process.env.GEMINI_BASE_URL = 'https://gemini.example/v1beta/openai'
+  process.env.GEMINI_AUTH_MODE = 'api-key'
 
   delete process.env.GOOGLE_API_KEY
   delete process.env.OPENAI_API_KEY
@@ -47,6 +49,7 @@ afterEach(() => {
   process.env.GEMINI_API_KEY = originalEnv.GEMINI_API_KEY
   process.env.GEMINI_MODEL = originalEnv.GEMINI_MODEL
   process.env.GEMINI_BASE_URL = originalEnv.GEMINI_BASE_URL
+  process.env.GEMINI_AUTH_MODE = originalEnv.GEMINI_AUTH_MODE
   process.env.GOOGLE_API_KEY = originalEnv.GOOGLE_API_KEY
   process.env.OPENAI_API_KEY = originalEnv.OPENAI_API_KEY
   process.env.OPENAI_BASE_URL = originalEnv.OPENAI_BASE_URL

src/services/api/codexShim.test.ts

@@ -17,16 +17,23 @@ const tempDirs: string[] = []
 const originalEnv = {
   OPENAI_BASE_URL: process.env.OPENAI_BASE_URL,
   OPENAI_API_BASE: process.env.OPENAI_API_BASE,
+  CLAUDE_CODE_USE_GITHUB: process.env.CLAUDE_CODE_USE_GITHUB,
 }
 
 afterEach(() => {
+  if (originalEnv.OPENAI_BASE_URL === undefined) delete process.env.OPENAI_BASE_URL
+  else process.env.OPENAI_BASE_URL = originalEnv.OPENAI_BASE_URL
+
+  if (originalEnv.OPENAI_API_BASE === undefined) delete process.env.OPENAI_API_BASE
+  else process.env.OPENAI_API_BASE = originalEnv.OPENAI_API_BASE
+
+  if (originalEnv.CLAUDE_CODE_USE_GITHUB === undefined) delete process.env.CLAUDE_CODE_USE_GITHUB
+  else process.env.CLAUDE_CODE_USE_GITHUB = originalEnv.CLAUDE_CODE_USE_GITHUB
+
   while (tempDirs.length > 0) {
     const dir = tempDirs.pop()
     if (dir) rmSync(dir, { recursive: true, force: true })
   }
-
-  process.env.OPENAI_BASE_URL = originalEnv.OPENAI_BASE_URL
-  process.env.OPENAI_API_BASE = originalEnv.OPENAI_API_BASE
 })
 
 function createTempAuthJson(payload: Record<string, unknown>): string {
@@ -71,6 +78,7 @@ describe('Codex provider config', () => {
   test('resolves codexplan alias to Codex transport with reasoning', () => {
     delete process.env.OPENAI_BASE_URL
     delete process.env.OPENAI_API_BASE
+    delete process.env.CLAUDE_CODE_USE_GITHUB
 
     const resolved = resolveProviderRequest({ model: 'codexplan' })
     expect(resolved.transport).toBe('codex_responses')
@@ -201,6 +209,117 @@ describe('Codex request translation', () => {
     ])
   })
 
+  test('preserves Grep tool pattern field in Codex strict schemas', () => {
+    const tools = convertToolsToResponsesTools([
+      {
+        name: 'Grep',
+        description: 'Search file contents',
+        input_schema: {
+          type: 'object',
+          properties: {
+            pattern: { type: 'string', description: 'Search pattern' },
+            path: { type: 'string' },
+          },
+          required: ['pattern'],
+          additionalProperties: false,
+        },
+      },
+    ])
+
+    expect(tools).toEqual([
+      {
+        type: 'function',
+        name: 'Grep',
+        description: 'Search file contents',
+        parameters: {
+          type: 'object',
+          properties: {
+            pattern: { type: 'string', description: 'Search pattern' },
+            path: { type: 'string' },
+          },
+          required: ['pattern', 'path'],
+          additionalProperties: false,
+        },
+        strict: true,
+      },
+    ])
+  })
+
+  test('preserves Glob tool pattern field in Codex strict schemas', () => {
+    const tools = convertToolsToResponsesTools([
+      {
+        name: 'Glob',
+        description: 'Find files by pattern',
+        input_schema: {
+          type: 'object',
+          properties: {
+            pattern: { type: 'string', description: 'Glob pattern' },
+            path: { type: 'string' },
+          },
+          required: ['pattern'],
+          additionalProperties: false,
+        },
+      },
+    ])
+
+    expect(tools).toEqual([
+      {
+        type: 'function',
+        name: 'Glob',
+        description: 'Find files by pattern',
+        parameters: {
+          type: 'object',
+          properties: {
+            pattern: { type: 'string', description: 'Glob pattern' },
+            path: { type: 'string' },
+          },
+          required: ['pattern', 'path'],
+          additionalProperties: false,
+        },
+        strict: true,
+      },
+    ])
+  })
+
+  test('strips validator pattern keyword but keeps string field named pattern in Codex schemas', () => {
+    const tools = convertToolsToResponsesTools([
+      {
+        name: 'RegexProbe',
+        description: 'Probe regex schema handling',
+        input_schema: {
+          type: 'object',
+          properties: {
+            pattern: {
+              type: 'string',
+              pattern: '^[a-z]+$',
+            },
+          },
+          required: ['pattern'],
+          additionalProperties: false,
+        },
+      },
+    ])
+
+    expect(tools).toEqual([
+      {
+        type: 'function',
+        name: 'RegexProbe',
+        description: 'Probe regex schema handling',
+        parameters: {
+          type: 'object',
+          properties: {
+            pattern: {
+              type: 'string',
+            },
+          },
+          required: ['pattern'],
+          additionalProperties: false,
+        },
+        strict: true,
+      },
+    ])
+  })
+
   test('removes unsupported uri format from strict Responses schemas', () => {
     const tools = convertToolsToResponsesTools([
       {

src/services/api/openaiShim.test.ts

@@ -261,6 +261,73 @@ test('preserves Gemini tool call extra_content in follow-up requests', async ()
   })
 })
 
+test('preserves Grep tool pattern field in OpenAI-compatible schemas', async () => {
+  let requestBody: Record<string, unknown> | undefined
+
+  globalThis.fetch = (async (_input, init) => {
+    requestBody = JSON.parse(String(init?.body))
+
+    return new Response(
+      JSON.stringify({
+        id: 'chatcmpl-grep-schema',
+        model: 'qwen/qwen3.6-plus',
+        choices: [
+          {
+            message: {
+              role: 'assistant',
+              content: 'done',
+            },
+            finish_reason: 'stop',
+          },
+        ],
+        usage: {
+          prompt_tokens: 12,
+          completion_tokens: 4,
+          total_tokens: 16,
+        },
+      }),
+      {
+        headers: {
+          'Content-Type': 'application/json',
+        },
+      },
+    )
+  }) as FetchType
+
+  const client = createOpenAIShimClient({}) as OpenAIShimClient
+
+  await client.beta.messages.create({
+    model: 'qwen/qwen3.6-plus',
+    system: 'test system',
+    messages: [{ role: 'user', content: 'Use Grep' }],
+    tools: [
+      {
+        name: 'Grep',
+        description: 'Search file contents',
+        input_schema: {
+          type: 'object',
+          properties: {
+            pattern: { type: 'string', description: 'Search pattern' },
+            path: { type: 'string' },
+          },
+          required: ['pattern'],
+          additionalProperties: false,
+        },
+      },
+    ],
+    max_tokens: 64,
+    stream: false,
+  })
+
+  const tools = requestBody?.tools as Array<Record<string, unknown>> | undefined
+  const grepTool = tools?.find(tool => (tool.function as Record<string, unknown>)?.name === 'Grep') as
+    | { function?: { parameters?: { properties?: Record<string, unknown>; required?: string[] } } }
+    | undefined
+
+  expect(Object.keys(grepTool?.function?.parameters?.properties ?? {})).toContain('pattern')
+  expect(grepTool?.function?.parameters?.required).toContain('pattern')
+})
+
 test('does not infer Gemini mode from OPENAI_BASE_URL path substrings', async () => {
   let capturedAuthorization: string | null = null
 
@@ -1739,12 +1806,70 @@ test('sanitizes malformed MCP tool schemas before sending them to OpenAI', async
     | undefined
 
   expect(parameters?.additionalProperties).toBe(false)
-  expect(parameters?.required).toEqual(['priority'])
+  // No required[] in the original schema → none added (optional properties must not be forced required)
+  expect(parameters?.required).toEqual([])
   expect(properties?.priority?.type).toBe('integer')
   expect(properties?.priority?.enum).toEqual([0, 1, 2, 3])
   expect(properties?.priority).not.toHaveProperty('default')
 })
 
+test('optional tool properties are not added to required[] — fixes Groq/Azure 400 tool_use_failed', async () => {
+  // Regression test for: all optional properties being sent as required in strict mode,
+  // causing providers like Groq to reject valid tool calls where the model omits optional args.
+  let requestBody: Record<string, unknown> | undefined
+
+  globalThis.fetch = (async (_input, init) => {
+    requestBody = JSON.parse(String(init?.body))
+
+    return new Response(
+      JSON.stringify({
+        id: 'chatcmpl-4',
+        model: 'gpt-4o',
+        choices: [{ message: { role: 'assistant', content: 'ok' }, finish_reason: 'stop' }],
+        usage: { prompt_tokens: 5, completion_tokens: 2, total_tokens: 7 },
+      }),
+      { headers: { 'Content-Type': 'application/json' } },
+    )
+  }) as FetchType
+
+  const client = createOpenAIShimClient({}) as OpenAIShimClient
+
+  await client.beta.messages.create({
+    model: 'gpt-4o',
+    messages: [{ role: 'user', content: 'read a file' }],
+    tools: [
+      {
+        name: 'Read',
+        description: 'Read a file',
+        input_schema: {
+          type: 'object',
+          properties: {
+            file_path: { type: 'string', description: 'Absolute path to file' },
+            offset: { type: 'number', description: 'Line to start from' },
+            limit: { type: 'number', description: 'Max lines to read' },
+            pages: { type: 'string', description: 'Page range for PDFs' },
+          },
+          required: ['file_path'],
+        },
+      },
+    ],
+    max_tokens: 16,
+    stream: false,
+  })
+
+  const parameters = (
+    requestBody?.tools as Array<{ function?: { parameters?: Record<string, unknown> } }>
+  )?.[0]?.function?.parameters
+
+  expect(parameters?.required).toEqual(['file_path'])
+
+  const required = parameters?.required as string[] | undefined
+  expect(required).not.toContain('offset')
+  expect(required).not.toContain('limit')
+  expect(required).not.toContain('pages')
+  expect(parameters?.additionalProperties).toBe(false)
+})
+
 // ---------------------------------------------------------------------------
 // Issue #202 — consecutive role coalescing (Devstral, Mistral strict templates)
 // ---------------------------------------------------------------------------
@@ -1782,7 +1907,7 @@ test('coalesces consecutive user messages to avoid alternation errors (issue #20
     stream: false,
   })
 
-  expect(sentMessages?.length).toBe(2) // system + 1 merged user
+  expect(sentMessages?.length).toBe(2)
   expect(sentMessages?.[0]?.role).toBe('system')
   expect(sentMessages?.[1]?.role).toBe('user')
   const userContent = sentMessages?.[1]?.content as string
@@ -1816,9 +1941,8 @@ test('coalesces consecutive assistant messages preserving tool_calls (issue #202
     stream: false,
   })
 
-  // system + user + merged assistant + tool
   const assistantMsgs = sentMessages?.filter(m => m.role === 'assistant')
-  expect(assistantMsgs?.length).toBe(1) // two assistant turns merged into one
+  expect(assistantMsgs?.length).toBe(1)
   expect(assistantMsgs?.[0]?.tool_calls?.length).toBeGreaterThan(0)
 })
 
@@ -1908,8 +2032,6 @@ test('non-streaming: empty string content does not fall through to reasoning_con
     stream: false,
   })) as { content: Array<Record<string, unknown>> }
 
-  // reasoning_content should be a thinking block, and also used as text
-  // since content is empty string (treated as absent)
   expect(result.content).toEqual([
     { type: 'thinking', thinking: 'Chain of thought here.' },
     { type: 'text', text: 'Chain of thought here.' },
@@ -2037,7 +2159,6 @@ test('streaming: thinking block closed before tool call', async () => {
 
   const types = events.map(e => e.type)
 
-  // Verify thinking block is started, then closed, then tool call starts
   const thinkingStartIdx = types.indexOf('content_block_start')
   const firstStopIdx = types.indexOf('content_block_stop')
   const toolStartIdx = types.indexOf(
@@ -2049,7 +2170,6 @@ test('streaming: thinking block closed before tool call', async () => {
   expect(firstStopIdx).toBeGreaterThan(thinkingStartIdx)
   expect(toolStartIdx).toBeGreaterThan(firstStopIdx)
 
-  // Verify thinking block start content
   const thinkingStart = events[thinkingStartIdx] as {
     content_block?: Record<string, unknown>
   }

src/services/api/openaiShim.ts

@@ -15,9 +15,9 @@
  *   OPENAI_MODEL=gpt-4o              — default model override
  *   CODEX_API_KEY / ~/.codex/auth.json — Codex auth for codexplan/codexspark
  *
- * GitHub Models (models.github.ai), OpenAI-compatible:
+ * GitHub Copilot API (api.githubcopilot.com), OpenAI-compatible:
  *   CLAUDE_CODE_USE_GITHUB=1         — enable GitHub inference (no need for USE_OPENAI)
- *   GITHUB_TOKEN or GH_TOKEN         — PAT with models access (mapped to Bearer auth)
+ *   GITHUB_TOKEN or GH_TOKEN         — Copilot API token (mapped to Bearer auth)
  *   OPENAI_MODEL                     — optional; use github:copilot or openai/gpt-4.1 style IDs
  */
 
@@ -29,7 +29,9 @@ import { hydrateGithubModelsTokenFromSecureStorage } from '../../utils/githubMod
 import {
   codexStreamToAnthropic,
   collectCodexCompletedResponse,
+  convertAnthropicMessagesToResponsesInput,
   convertCodexResponseToAnthropicMessage,
+  convertToolsToResponsesTools,
   performCodexRequest,
   type AnthropicStreamEvent,
   type AnthropicUsage,
@@ -39,6 +41,7 @@ import {
   isLocalProviderUrl,
   resolveCodexApiCredentials,
   resolveProviderRequest,
+  getGithubEndpointType,
 } from './providerConfig.js'
 import { sanitizeSchemaForOpenAICompat } from '../../utils/schemaSanitizer.js'
 import { redactSecretValueForDisplay } from '../../utils/providerProfile.js'
@@ -55,13 +58,19 @@ type SecretValueSource = Partial<{
   GEMINI_ACCESS_TOKEN: string
 }>
 
-const GITHUB_MODELS_DEFAULT_BASE = 'https://models.github.ai/inference'
-const GITHUB_API_VERSION = '2022-11-28'
+const GITHUB_COPILOT_BASE = 'https://api.githubcopilot.com'
 const GITHUB_429_MAX_RETRIES = 3
 const GITHUB_429_BASE_DELAY_SEC = 1
 const GITHUB_429_MAX_DELAY_SEC = 32
 const GEMINI_API_HOST = 'generativelanguage.googleapis.com'
 
+const COPILOT_HEADERS: Record<string, string> = {
+  'User-Agent': 'GitHubCopilotChat/0.26.7',
+  'Editor-Version': 'vscode/1.99.3',
+  'Editor-Plugin-Version': 'copilot-chat/0.26.7',
+  'Copilot-Integration-Id': 'vscode-chat',
+}
+
 function isGithubModelsMode(): boolean {
   return isEnvTruthy(process.env.CLAUDE_CODE_USE_GITHUB)
 }
@@ -195,10 +204,12 @@ function convertContentBlocks(
         // handled separately
         break
       case 'thinking':
-        // Append thinking as text with a marker for models that support reasoning
-        if (block.thinking) {
-          parts.push({ type: 'text', text: `<thinking>${block.thinking}</thinking>` })
-        }
+      case 'redacted_thinking':
+        // Strip thinking blocks for OpenAI-compatible providers.
+        // These are Anthropic-specific content types that 3P providers
+        // don't understand. Serializing them as <thinking> text corrupts
+        // multi-turn context: the model sees the tags as part of its
+        // previous reply and may mimic or misattribute them.
         break
       default:
         if (block.text) {
@@ -410,11 +421,13 @@ function normalizeSchemaForOpenAI(
     record.properties = normalizedProps
 
     if (strict) {
-      // OpenAI strict mode requires every property to be listed in required[]
-      const allKeys = Object.keys(normalizedProps)
-      record.required = Array.from(new Set([...existingRequired, ...allKeys]))
-      // OpenAI strict mode requires additionalProperties: false on all object
-      // schemas — override unconditionally to ensure nested objects comply.
+      // Keep only the properties that were originally marked required in the schema.
+      // Adding every property to required[] (the previous behaviour) caused strict
+      // OpenAI-compatible providers (Groq, Azure, etc.) to reject tool calls because
+      // the model correctly omits optional arguments — but the provider treats them
+      // as missing required fields and returns a 400 / tool_use_failed error.
+      record.required = existingRequired.filter(k => k in normalizedProps)
+      // additionalProperties: false is still required by strict-mode providers.
       record.additionalProperties = false
     } else {
       // For Gemini: keep only existing required keys that are present in properties
@@ -942,8 +955,9 @@ class OpenAIShimMessages {
       httpResponse = response
 
       if (params.stream) {
+        const isResponsesStream = response.url?.includes('/responses')
         return new OpenAIShimStream(
-          request.transport === 'codex_responses'
+          (request.transport === 'codex_responses' || isResponsesStream)
             ? codexStreamToAnthropic(response, request.resolvedModel)
             : openaiStreamToAnthropic(response, request.resolvedModel),
         )
@@ -957,8 +971,38 @@ class OpenAIShimMessages {
         )
       }
 
-      const data = await response.json()
-      return self._convertNonStreamingResponse(data, request.resolvedModel)
+      const isResponsesNonStream = response.url?.includes('/responses')
+      if (isResponsesNonStream || (request.transport === 'chat_completions' && isGithubModelsMode())) {
+        const contentType = response.headers.get('content-type') ?? ''
+        if (contentType.includes('application/json')) {
+          const parsed = await response.json() as Record<string, unknown>
+          if (
+            parsed &&
+            typeof parsed === 'object' &&
+            ('output' in parsed || 'incomplete_details' in parsed)
+          ) {
+            return convertCodexResponseToAnthropicMessage(
+              parsed,
+              request.resolvedModel,
+            )
+          }
+          return self._convertNonStreamingResponse(parsed, request.resolvedModel)
+        }
+      }
+
+      const contentType = response.headers.get('content-type') ?? ''
+      if (contentType.includes('application/json')) {
+        const data = await response.json()
+        return self._convertNonStreamingResponse(data, request.resolvedModel)
+      }
+
+      const textBody = await response.text().catch(() => '')
+      throw APIError.generate(
+        response.status,
+        undefined,
+        `OpenAI API error ${response.status}: unexpected response: ${textBody.slice(0, 500)}`,
+        response.headers as unknown as Headers,
+      )
     })()
 
       ; (promise as unknown as Record<string, unknown>).withResponse =
@@ -980,7 +1024,36 @@ class OpenAIShimMessages {
     params: ShimCreateParams,
     options?: { signal?: AbortSignal; headers?: Record<string, string> },
   ): Promise<Response> {
-    if (request.transport === 'codex_responses') {
+    const githubEndpointType = getGithubEndpointType(request.baseUrl)
+    const isGithubMode = isGithubModelsMode()
+    const isGithubWithCodexTransport = isGithubMode && request.transport === 'codex_responses'
+    const isGithubCopilotEndpoint = isGithubMode && githubEndpointType === 'copilot'
+
+    if (isGithubWithCodexTransport) {
+      const apiKey = this.providerOverride?.apiKey ?? process.env.OPENAI_API_KEY ?? ''
+      if (!apiKey) {
+        throw new Error(
+          'GitHub Copilot auth is required. Run /onboard-github to sign in.',
+        )
+      }
+
+      return performCodexRequest({
+        request,
+        credentials: {
+          apiKey,
+          source: 'env',
+        },
+        params,
+        defaultHeaders: {
+          ...this.defaultHeaders,
+          ...(options?.headers ?? {}),
+          ...COPILOT_HEADERS,
+        },
+        signal: options?.signal,
+      })
+    }
+
+    if (request.transport === 'codex_responses' && !isGithubMode) {
       const credentials = resolveCodexApiCredentials()
       if (!credentials.apiKey) {
         const authHint = credentials.authPath
@@ -1054,6 +1127,10 @@ class OpenAIShimMessages {
     }
 
     const isGithub = isGithubModelsMode()
+    const githubEndpointType = getGithubEndpointType(request.baseUrl)
+    const isGithubCopilot = isGithub && githubEndpointType === 'copilot'
+    const isGithubModels = isGithub && (githubEndpointType === 'models' || githubEndpointType === 'custom')
+
     if (isGithub && body.max_completion_tokens !== undefined) {
       body.max_tokens = body.max_completion_tokens
       delete body.max_completion_tokens
@@ -1119,15 +1196,17 @@ class OpenAIShimMessages {
       const geminiCredential = await resolveGeminiCredential(process.env)
       if (geminiCredential.kind !== 'none') {
         headers.Authorization = `Bearer ${geminiCredential.credential}`
-        if (geminiCredential.projectId) {
+        if (geminiCredential.kind !== 'api-key' && 'projectId' in geminiCredential && geminiCredential.projectId) {
           headers['x-goog-user-project'] = geminiCredential.projectId
         }
       }
     }
 
-    if (isGithub) {
-      headers.Accept = 'application/vnd.github.v3+json'
-      headers['X-GitHub-Api-Version'] = GITHUB_API_VERSION
+    if (isGithubCopilot) {
+      Object.assign(headers, COPILOT_HEADERS)
+    } else if (isGithubModels) {
+      headers['Accept'] = 'application/vnd.github+json'
+      headers['X-GitHub-Api-Version'] = '2022-11-28'
     }
 
     // Build the chat completions URL
@@ -1179,9 +1258,82 @@ class OpenAIShimMessages {
         await sleepMs(delaySec * 1000)
         continue
       }
+      // Read body exactly once here — Response body is a stream that can only
+      // be consumed a single time.
       const errorBody = await response.text().catch(() => 'unknown error')
       const rateHint =
         isGithub && response.status === 429 ? formatRetryAfterHint(response) : ''
+
+      // If GitHub Copilot returns error about /chat/completions,
+      // try the /responses endpoint (needed for GPT-5+ models)
+      if (isGithub && response.status === 400) {
+        if (errorBody.includes('/chat/completions') || errorBody.includes('not accessible')) {
+          const responsesUrl = `${request.baseUrl}/responses`
+          const responsesBody: Record<string, unknown> = {
+            model: request.resolvedModel,
+            input: convertAnthropicMessagesToResponsesInput(
+              params.messages as Array<{
+                role?: string
+                message?: { role?: string; content?: unknown }
+                content?: unknown
+              }>,
+            ),
+            stream: params.stream ?? false,
+          }
+
+          if (!Array.isArray(responsesBody.input) || responsesBody.input.length === 0) {
+            responsesBody.input = [
+              {
+                type: 'message',
+                role: 'user',
+                content: [{ type: 'input_text', text: '' }],
+              },
+            ]
+          }
+
+          const systemText = convertSystemPrompt(params.system)
+          if (systemText) {
+            responsesBody.instructions = systemText
+          }
+
+          if (body.max_tokens !== undefined) {
+            responsesBody.max_output_tokens = body.max_tokens
+          }
+
+          if (params.tools && params.tools.length > 0) {
+            const convertedTools = convertToolsToResponsesTools(
+              params.tools as Array<{
+                name?: string
+                description?: string
+                input_schema?: Record<string, unknown>
+              }>,
+            )
+            if (convertedTools.length > 0) {
+              responsesBody.tools = convertedTools
+            }
+          }
+
+          const responsesResponse = await fetch(responsesUrl, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(responsesBody),
+            signal: options?.signal,
+          })
+          if (responsesResponse.ok) {
+            return responsesResponse
+          }
+          const responsesErrorBody = await responsesResponse.text().catch(() => 'unknown error')
+          let responsesErrorResponse: object | undefined
+          try { responsesErrorResponse = JSON.parse(responsesErrorBody) } catch { /* raw text */ }
+          throw APIError.generate(
+            responsesResponse.status,
+            responsesErrorResponse,
+            `OpenAI API error ${responsesResponse.status}: ${responsesErrorBody}`,
+            responsesResponse.headers,
+          )
+        }
+      }
+
       let errorResponse: object | undefined
       try { errorResponse = JSON.parse(errorBody) } catch { /* raw text */ }
       throw APIError.generate(
@@ -1349,7 +1501,7 @@ export function createOpenAIShimClient(options: {
       process.env.OPENAI_MODEL = process.env.GEMINI_MODEL
     }
   } else if (isEnvTruthy(process.env.CLAUDE_CODE_USE_GITHUB)) {
-    process.env.OPENAI_BASE_URL ??= GITHUB_MODELS_DEFAULT_BASE
+    process.env.OPENAI_BASE_URL ??= GITHUB_COPILOT_BASE
     process.env.OPENAI_API_KEY ??=
       process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN ?? ''
   }

src/services/api/providerConfig.github.test.ts

@@ -23,6 +23,9 @@ test.each([
   ['github:gpt-4o', 'gpt-4o'],
   ['gpt-4o', 'gpt-4o'],
   ['github:copilot?reasoning=high', DEFAULT_GITHUB_MODELS_API_MODEL],
+  // normalizeGithubModelsApiModel preserves provider prefix for models.github.ai compatibility
+  ['github:openai/gpt-4.1', 'openai/gpt-4.1'],
+  ['openai/gpt-4.1', 'openai/gpt-4.1'],
 ] as const)('normalizeGithubModelsApiModel(%s) -> %s', (input, expected) => {
   expect(normalizeGithubModelsApiModel(input)).toBe(expected)
 })
@@ -34,6 +37,20 @@ test('resolveProviderRequest applies GitHub normalization when CLAUDE_CODE_USE_G
   expect(r.transport).toBe('chat_completions')
 })
 
+test('resolveProviderRequest routes GitHub GPT-5 codex models to responses transport', () => {
+  process.env.CLAUDE_CODE_USE_GITHUB = '1'
+  const r = resolveProviderRequest({ model: 'gpt-5.3-codex' })
+  expect(r.resolvedModel).toBe('gpt-5.3-codex')
+  expect(r.transport).toBe('codex_responses')
+})
+
+test('resolveProviderRequest keeps gpt-5-mini on chat_completions for GitHub', () => {
+  process.env.CLAUDE_CODE_USE_GITHUB = '1'
+  const r = resolveProviderRequest({ model: 'gpt-5-mini' })
+  expect(r.resolvedModel).toBe('gpt-5-mini')
+  expect(r.transport).toBe('chat_completions')
+})
+
 test('resolveProviderRequest leaves model unchanged without GitHub flag', () => {
   delete process.env.CLAUDE_CODE_USE_GITHUB
   const r = resolveProviderRequest({ model: 'github:gpt-4o' })

src/services/api/providerConfig.ts

@@ -7,8 +7,8 @@ import { isEnvTruthy } from '../../utils/envUtils.js'
 
 export const DEFAULT_OPENAI_BASE_URL = 'https://api.openai.com/v1'
 export const DEFAULT_CODEX_BASE_URL = 'https://chatgpt.com/backend-api/codex'
-/** Default GitHub Models API model when user selects copilot / github:copilot */
-export const DEFAULT_GITHUB_MODELS_API_MODEL = 'openai/gpt-4.1'
+/** Default GitHub Copilot API model when user selects copilot / github:copilot */
+export const DEFAULT_GITHUB_MODELS_API_MODEL = 'gpt-4o'
 
 const CODEX_ALIAS_MODELS: Record<
   string,
@@ -227,6 +227,21 @@ export function shouldUseCodexTransport(
   return isCodexBaseUrl(explicitBaseUrl) || (!explicitBaseUrl && isCodexAlias(model))
 }
 
+function shouldUseGithubResponsesApi(model: string): boolean {
+  const normalized = model.trim().toLowerCase()
+
+  // Codex-branded models require /responses.
+  if (normalized.includes('codex')) return true
+
+  // GPT-5+ models use /responses, except gpt-5-mini.
+  const match = /^gpt-(\d+)/.exec(normalized)
+  if (!match) return false
+  const major = Number(match[1])
+  if (major < 5) return false
+  if (normalized.startsWith('gpt-5-mini')) return false
+  return true
+}
+
 export function isLocalProviderUrl(baseUrl: string | undefined): boolean {
   if (!baseUrl) return false
   try {
@@ -280,19 +295,61 @@ export function isCodexBaseUrl(baseUrl: string | undefined): boolean {
 }
 
 /**
- * Normalize user model string for GitHub Models inference (models.github.ai).
- * Mirrors runtime devsper `github._normalize_model_id`.
+ * Normalize user model string for GitHub Copilot API inference.
+ * Mirrors how Copilot resolves model IDs internally.
  */
-export function normalizeGithubModelsApiModel(requestedModel: string): string {
+export function normalizeGithubCopilotModel(requestedModel: string): string {
   const noQuery = requestedModel.split('?', 1)[0] ?? requestedModel
   const segment =
     noQuery.includes(':') ? noQuery.split(':', 2)[1]!.trim() : noQuery.trim()
   if (!segment || segment.toLowerCase() === 'copilot') {
     return DEFAULT_GITHUB_MODELS_API_MODEL
   }
+  // Strip provider prefix if present (e.g., "openai/gpt-4o" -> "gpt-4o")
+  const slashIndex = segment.indexOf('/')
+  if (slashIndex !== -1) {
+    return segment.slice(slashIndex + 1)
+  }
   return segment
 }
 
+/**
+ * Normalize user model string for GitHub Models API inference.
+ * Only normalizes the default alias, preserves provider-qualified models.
+ */
+export function normalizeGithubModelsApiModel(requestedModel: string): string {
+  const noQuery = requestedModel.split('?', 1)[0] ?? requestedModel
+  const segment =
+    noQuery.includes(':') ? noQuery.split(':', 2)[1]!.trim() : noQuery.trim()
+  // Only normalize the default alias for GitHub Models
+  if (!segment || segment.toLowerCase() === 'copilot') {
+    return DEFAULT_GITHUB_MODELS_API_MODEL
+  }
+  // Preserve provider prefix for GitHub Models (e.g., "openai/gpt-4.1" stays as-is)
+  return segment
+}
+
+export const GITHUB_COPILOT_BASE_URL = 'https://api.githubcopilot.com'
+export const GITHUB_MODELS_BASE_URL = 'https://models.github.ai/inference'
+
+export function getGithubEndpointType(
+  baseUrl: string | undefined,
+): 'copilot' | 'models' | 'custom' {
+  if (!baseUrl) return 'copilot'
+  try {
+    const hostname = new URL(baseUrl).hostname.toLowerCase()
+    if (hostname === 'api.githubcopilot.com') {
+      return 'copilot'
+    }
+    if (hostname === 'models.github.ai' || hostname.endsWith('.github.ai')) {
+      return 'models'
+    }
+    return 'custom'
+  } catch {
+    return 'copilot'
+  }
+}
+
 export function resolveProviderRequest(options?: {
   model?: string
   baseUrl?: string
@@ -310,31 +367,49 @@ export function resolveProviderRequest(options?: {
     asEnvUrl(options?.baseUrl) ??
     asEnvUrl(process.env.OPENAI_BASE_URL) ??
     asEnvUrl(process.env.OPENAI_API_BASE)
+
+  const githubEndpointType = isGithubMode
+    ? getGithubEndpointType(rawBaseUrl)
+    : 'custom'
+  const isGithubCopilot = isGithubMode && githubEndpointType === 'copilot'
+  const isGithubModels = isGithubMode && githubEndpointType === 'models'
+  const isGithubCustom = isGithubMode && githubEndpointType === 'custom'
+
+  const githubResolvedModel = isGithubMode
+    ? normalizeGithubModelsApiModel(requestedModel)
+    : requestedModel
+
   const transport: ProviderTransport =
-    shouldUseCodexTransport(requestedModel, rawBaseUrl)
+    shouldUseCodexTransport(requestedModel, rawBaseUrl) ||
+      (isGithubCopilot && shouldUseGithubResponsesApi(githubResolvedModel))
       ? 'codex_responses'
       : 'chat_completions'
 
-  const resolvedModel =
-    transport === 'chat_completions' &&
-    isEnvTruthy(process.env.CLAUDE_CODE_USE_GITHUB)
-      ? normalizeGithubModelsApiModel(requestedModel)
-      : descriptor.baseModel
+  // For GitHub Copilot API, normalize to real model ID (e.g., "github:copilot" -> "gpt-4o")
+  // For GitHub Models/custom endpoints:
+  //   - Normalize default alias (github:copilot -> gpt-4o)
+  //   - Preserve provider-qualified models (openai/gpt-4.1 stays as-is)
+  const resolvedModel = isGithubCopilot
+    ? normalizeGithubCopilotModel(descriptor.baseModel)
+    : (isGithubModels || isGithubCustom
+      ? normalizeGithubModelsApiModel(descriptor.baseModel)
+      : descriptor.baseModel)
 
   const reasoning = options?.reasoningEffortOverride
     ? { effort: options.reasoningEffortOverride }
     : descriptor.reasoning
 
-
   return {
     transport,
     requestedModel,
     resolvedModel,
     baseUrl:
       (rawBaseUrl ??
-        (transport === 'codex_responses'
-          ? DEFAULT_CODEX_BASE_URL
-          : DEFAULT_OPENAI_BASE_URL)
+        (isGithubCopilot && transport === 'codex_responses'
+          ? GITHUB_COPILOT_BASE_URL
+          : (isGithubMode
+            ? GITHUB_COPILOT_BASE_URL
+            : DEFAULT_OPENAI_BASE_URL))
       ).replace(/\/+$/, ''),
     reasoning,
   }

src/services/api/withRetry.test.ts

@@ -1,4 +1,4 @@
-import { afterEach, describe, expect, mock, test } from 'bun:test'
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test'
 import { APIError } from '@anthropic-ai/sdk'
 
 // Helper to build a mock APIError with specific headers
@@ -15,15 +15,27 @@ function makeError(headers: Record<string, string>): APIError {
 
 // Save/restore env vars between tests
 const originalEnv = { ...process.env }
+
+const envKeys = [
+  'CLAUDE_CODE_USE_OPENAI',
+  'CLAUDE_CODE_USE_GEMINI',
+  'CLAUDE_CODE_USE_GITHUB',
+  'CLAUDE_CODE_USE_BEDROCK',
+  'CLAUDE_CODE_USE_VERTEX',
+  'CLAUDE_CODE_USE_FOUNDRY',
+  'OPENAI_MODEL',
+  'OPENAI_BASE_URL',
+  'OPENAI_API_BASE',
+] as const
+
+beforeEach(() => {
+  for (const key of envKeys) {
+    delete process.env[key]
+  }
+})
+
 afterEach(() => {
-  for (const key of [
-    'CLAUDE_CODE_USE_OPENAI',
-    'CLAUDE_CODE_USE_GEMINI',
-    'CLAUDE_CODE_USE_GITHUB',
-    'CLAUDE_CODE_USE_BEDROCK',
-    'CLAUDE_CODE_USE_VERTEX',
-    'CLAUDE_CODE_USE_FOUNDRY',
-  ]) {
+  for (const key of envKeys) {
     if (originalEnv[key] === undefined) delete process.env[key]
     else process.env[key] = originalEnv[key]
   }

src/services/autoFix/autoFixConfig.test.ts

@@ -0,0 +1,106 @@
+import { describe, expect, test } from 'bun:test'
+import { AutoFixConfigSchema, getAutoFixConfig, type AutoFixConfig } from './autoFixConfig.js'
+
+describe('AutoFixConfigSchema', () => {
+  test('parses valid full config', () => {
+    const input = {
+      enabled: true,
+      lint: 'eslint . --fix',
+      test: 'bun test',
+      maxRetries: 3,
+      timeout: 30000,
+    }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.enabled).toBe(true)
+      expect(result.data.lint).toBe('eslint . --fix')
+      expect(result.data.test).toBe('bun test')
+      expect(result.data.maxRetries).toBe(3)
+      expect(result.data.timeout).toBe(30000)
+    }
+  })
+
+  test('parses minimal config with defaults', () => {
+    const input = { enabled: true, lint: 'eslint .' }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.maxRetries).toBe(3)
+      expect(result.data.timeout).toBe(30000)
+      expect(result.data.test).toBeUndefined()
+    }
+  })
+
+  test('rejects config with enabled but no lint or test', () => {
+    const input = { enabled: true }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(false)
+  })
+
+  test('accepts disabled config without commands', () => {
+    const input = { enabled: false }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(true)
+  })
+
+  test('rejects negative maxRetries', () => {
+    const input = { enabled: true, lint: 'eslint .', maxRetries: -1 }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(false)
+  })
+
+  test('rejects maxRetries above 10', () => {
+    const input = { enabled: true, lint: 'eslint .', maxRetries: 11 }
+    const result = AutoFixConfigSchema.safeParse(input)
+    expect(result.success).toBe(false)
+  })
+})
+
+describe('getAutoFixConfig', () => {
+  test('returns null when settings have no autoFix', () => {
+    const result = getAutoFixConfig(undefined)
+    expect(result).toBeNull()
+  })
+
+  test('returns null when autoFix is disabled', () => {
+    const result = getAutoFixConfig({ enabled: false })
+    expect(result).toBeNull()
+  })
+
+  test('returns parsed config when valid and enabled', () => {
+    const result = getAutoFixConfig({ enabled: true, lint: 'eslint .' })
+    expect(result).not.toBeNull()
+    expect(result!.enabled).toBe(true)
+    expect(result!.lint).toBe('eslint .')
+  })
+})
+
+describe('SettingsSchema autoFix integration', () => {
+  test('SettingsSchema accepts autoFix field', async () => {
+    const { SettingsSchema } = await import('../../utils/settings/types.js')
+    const settings = {
+      autoFix: {
+        enabled: true,
+        lint: 'eslint .',
+        test: 'bun test',
+        maxRetries: 3,
+        timeout: 30000,
+      },
+    }
+    const result = SettingsSchema().safeParse(settings)
+    expect(result.success).toBe(true)
+  })
+
+  test('SettingsSchema rejects invalid autoFix', async () => {
+    const { SettingsSchema } = await import('../../utils/settings/types.js')
+    const settings = {
+      autoFix: {
+        enabled: true,
+        // missing lint and test - should fail refine
+      },
+    }
+    const result = SettingsSchema().safeParse(settings)
+    expect(result.success).toBe(false)
+  })
+})

src/services/autoFix/autoFixConfig.ts

@@ -0,0 +1,52 @@
+import { z } from 'zod/v4'
+
+export const AutoFixConfigSchema = z
+  .object({
+    enabled: z.boolean().describe('Whether auto-fix is enabled'),
+    lint: z
+      .string()
+      .optional()
+      .describe('Lint command to run after file edits (e.g. "eslint . --fix")'),
+    test: z
+      .string()
+      .optional()
+      .describe('Test command to run after file edits (e.g. "bun test")'),
+    maxRetries: z
+      .number()
+      .int()
+      .min(0)
+      .max(10)
+      .default(3)
+      .describe('Maximum number of auto-fix retry attempts (default: 3)'),
+    timeout: z
+      .number()
+      .int()
+      .min(1000)
+      .max(300000)
+      .default(30000)
+      .describe('Timeout in ms for each lint/test command (default: 30000)'),
+  })
+  .refine(
+    data => !data.enabled || data.lint !== undefined || data.test !== undefined,
+    {
+      message: 'At least one of "lint" or "test" must be set when enabled',
+    },
+  )
+
+export type AutoFixConfig = z.infer<typeof AutoFixConfigSchema>
+
+export function getAutoFixConfig(
+  rawConfig: unknown,
+): AutoFixConfig | null {
+  if (!rawConfig || typeof rawConfig !== 'object') {
+    return null
+  }
+  const parsed = AutoFixConfigSchema.safeParse(rawConfig)
+  if (!parsed.success) {
+    return null
+  }
+  if (!parsed.data.enabled) {
+    return null
+  }
+  return parsed.data
+}

src/services/autoFix/autoFixHook.test.ts

@@ -0,0 +1,63 @@
+import { describe, expect, test } from 'bun:test'
+import {
+  shouldRunAutoFix,
+  buildAutoFixContext,
+} from './autoFixHook.js'
+
+describe('shouldRunAutoFix', () => {
+  test('returns true for file_edit tool when autoFix enabled', () => {
+    const config = { enabled: true, lint: 'eslint .', maxRetries: 3, timeout: 30000 }
+    expect(shouldRunAutoFix('file_edit', config)).toBe(true)
+  })
+
+  test('returns true for file_write tool when autoFix enabled', () => {
+    const config = { enabled: true, lint: 'eslint .', maxRetries: 3, timeout: 30000 }
+    expect(shouldRunAutoFix('file_write', config)).toBe(true)
+  })
+
+  test('returns false for bash tool', () => {
+    const config = { enabled: true, lint: 'eslint .', maxRetries: 3, timeout: 30000 }
+    expect(shouldRunAutoFix('bash', config)).toBe(false)
+  })
+
+  test('returns false for file_read tool', () => {
+    const config = { enabled: true, lint: 'eslint .', maxRetries: 3, timeout: 30000 }
+    expect(shouldRunAutoFix('file_read', config)).toBe(false)
+  })
+
+  test('returns false when config is null', () => {
+    expect(shouldRunAutoFix('file_edit', null)).toBe(false)
+  })
+})
+
+describe('buildAutoFixContext', () => {
+  test('formats lint errors as AI-readable context', () => {
+    const context = buildAutoFixContext({
+      hasErrors: true,
+      lintOutput: 'src/foo.ts:10:5 error no-unused-vars',
+      lintExitCode: 1,
+      errorSummary: 'Lint errors (exit code 1):\nsrc/foo.ts:10:5 error no-unused-vars',
+    })
+    expect(context).toContain('AUTO-FIX')
+    expect(context).toContain('no-unused-vars')
+    expect(context).toContain('Please fix')
+  })
+
+  test('returns null when no errors', () => {
+    const context = buildAutoFixContext({
+      hasErrors: false,
+    })
+    expect(context).toBeNull()
+  })
+
+  test('formats test failures as AI-readable context', () => {
+    const context = buildAutoFixContext({
+      hasErrors: true,
+      testOutput: 'FAIL src/foo.test.ts\n  expected true, got false',
+      testExitCode: 1,
+      errorSummary: 'Test failures (exit code 1):\nFAIL src/foo.test.ts',
+    })
+    expect(context).toContain('AUTO-FIX')
+    expect(context).toContain('FAIL')
+  })
+})

src/services/autoFix/autoFixHook.ts

@@ -0,0 +1,25 @@
+import type { AutoFixConfig } from './autoFixConfig.js'
+import type { AutoFixResult } from './autoFixRunner.js'
+
+const AUTO_FIX_TOOLS = new Set(['file_edit', 'file_write'])
+
+export function shouldRunAutoFix(
+  toolName: string,
+  config: AutoFixConfig | null,
+): boolean {
+  if (!config) return false
+  return AUTO_FIX_TOOLS.has(toolName)
+}
+
+export function buildAutoFixContext(result: AutoFixResult): string | null {
+  if (!result.hasErrors || !result.errorSummary) return null
+
+  return (
+    `<auto_fix_feedback>\n` +
+    `AUTO-FIX: The file you just edited has errors. Please fix them:\n\n` +
+    `${result.errorSummary}\n\n` +
+    `Please fix these errors in the files you just edited. ` +
+    `Do not ask the user — just apply the fix.\n` +
+    `</auto_fix_feedback>`
+  )
+}

src/services/autoFix/autoFixIntegration.test.ts

@@ -0,0 +1,48 @@
+import { describe, expect, test } from 'bun:test'
+import { getAutoFixConfig } from './autoFixConfig.js'
+import { shouldRunAutoFix, buildAutoFixContext } from './autoFixHook.js'
+import { runAutoFixCheck } from './autoFixRunner.js'
+
+describe('autoFix end-to-end flow', () => {
+  test('full flow: config → shouldRun → check → context', async () => {
+    const config = getAutoFixConfig({
+      enabled: true,
+      lint: 'echo "error: unused" && exit 1',
+      maxRetries: 2,
+      timeout: 5000,
+    })
+    expect(config).not.toBeNull()
+    expect(shouldRunAutoFix('file_edit', config)).toBe(true)
+
+    const result = await runAutoFixCheck({
+      lint: config!.lint,
+      test: config!.test,
+      timeout: config!.timeout,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+
+    const context = buildAutoFixContext(result)
+    expect(context).not.toBeNull()
+    expect(context).toContain('AUTO-FIX')
+    expect(context).toContain('unused')
+  })
+
+  test('full flow: no errors = no context', async () => {
+    const config = getAutoFixConfig({
+      enabled: true,
+      lint: 'echo "all clean"',
+      timeout: 5000,
+    })
+    const result = await runAutoFixCheck({
+      lint: config!.lint,
+      timeout: config!.timeout,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(false)
+    const context = buildAutoFixContext(result)
+    expect(context).toBeNull()
+  })
+})

src/services/autoFix/autoFixRunner.test.ts

@@ -0,0 +1,103 @@
+import { describe, expect, test } from 'bun:test'
+import {
+  runAutoFixCheck,
+  type AutoFixResult,
+  type AutoFixCheckOptions,
+} from './autoFixRunner.js'
+
+describe('runAutoFixCheck', () => {
+  test('returns success when lint command exits 0', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'echo "all clean"',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(false)
+    expect(result.lintOutput).toContain('all clean')
+    expect(result.testOutput).toBeUndefined()
+  })
+
+  test('returns errors when lint command exits non-zero', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'echo "error: unused var" && exit 1',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+    expect(result.lintOutput).toContain('unused var')
+    expect(result.lintExitCode).toBe(1)
+  })
+
+  test('returns errors when test command exits non-zero', async () => {
+    const result = await runAutoFixCheck({
+      test: 'echo "FAIL test_foo" && exit 1',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+    expect(result.testOutput).toContain('FAIL test_foo')
+    expect(result.testExitCode).toBe(1)
+  })
+
+  test('runs both lint and test commands', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'echo "lint ok"',
+      test: 'echo "test ok"',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(false)
+    expect(result.lintOutput).toContain('lint ok')
+    expect(result.testOutput).toContain('test ok')
+  })
+
+  test('skips test if lint fails', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'echo "lint error" && exit 1',
+      test: 'echo "should not run"',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+    expect(result.lintOutput).toContain('lint error')
+    expect(result.testOutput).toBeUndefined()
+  })
+
+  test('handles timeout gracefully', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'sleep 10',
+      timeout: 100,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+    expect(result.timedOut).toBe(true)
+  })
+
+  test('returns success with no commands configured', async () => {
+    const result = await runAutoFixCheck({
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(false)
+  })
+
+  test('formats error summary for AI consumption', async () => {
+    const result = await runAutoFixCheck({
+      lint: 'echo "src/foo.ts:10:5 error no-unused-vars" && exit 1',
+      timeout: 5000,
+
+      cwd: '/tmp',
+    })
+    expect(result.hasErrors).toBe(true)
+    const summary = result.errorSummary
+    expect(summary).toContain('Lint errors')
+    expect(summary).toContain('no-unused-vars')
+  })
+})

src/services/autoFix/autoFixRunner.ts

@@ -0,0 +1,169 @@
+import { spawn } from 'child_process'
+
+export interface AutoFixCheckOptions {
+  lint?: string
+  test?: string
+  timeout: number
+  cwd: string
+  signal?: AbortSignal
+}
+
+export interface AutoFixResult {
+  hasErrors: boolean
+  lintOutput?: string
+  lintExitCode?: number
+  testOutput?: string
+  testExitCode?: number
+  timedOut?: boolean
+  errorSummary?: string
+}
+
+async function runCommand(
+  command: string,
+  cwd: string,
+  timeout: number,
+  signal?: AbortSignal,
+): Promise<{ stdout: string; stderr: string; exitCode: number; timedOut: boolean }> {
+  return new Promise((resolve) => {
+    if (signal?.aborted) {
+      resolve({ stdout: '', stderr: 'Aborted', exitCode: 1, timedOut: false })
+      return
+    }
+
+    let timedOut = false
+    let stdout = ''
+    let stderr = ''
+
+    const isWindows = process.platform === 'win32'
+    const proc = spawn(command, [], {
+      cwd,
+      env: { ...process.env },
+      shell: true,
+      windowsHide: true,
+      // On Unix, create a process group so we can kill child processes on timeout/abort
+      detached: !isWindows,
+    })
+
+    const killTree = () => {
+      try {
+        if (!isWindows && proc.pid) {
+          // Kill the entire process group
+          process.kill(-proc.pid, 'SIGTERM')
+        } else {
+          proc.kill('SIGTERM')
+        }
+      } catch {
+        // Process may have already exited
+      }
+    }
+
+    const onAbort = () => {
+      killTree()
+    }
+    signal?.addEventListener('abort', onAbort, { once: true })
+
+    proc.stdout?.on('data', (data: Buffer) => {
+      stdout += data.toString()
+    })
+    proc.stderr?.on('data', (data: Buffer) => {
+      stderr += data.toString()
+    })
+
+    const timer = setTimeout(() => {
+      timedOut = true
+      killTree()
+    }, timeout)
+
+    proc.on('close', (code) => {
+      clearTimeout(timer)
+      signal?.removeEventListener('abort', onAbort)
+      resolve({
+        stdout: stdout.slice(0, 10000),
+        stderr: stderr.slice(0, 10000),
+        exitCode: code ?? 1,
+        timedOut,
+      })
+    })
+
+    proc.on('error', () => {
+      clearTimeout(timer)
+      signal?.removeEventListener('abort', onAbort)
+      resolve({
+        stdout,
+        stderr: stderr || 'Command failed to start',
+        exitCode: 1,
+        timedOut: false,
+      })
+    })
+  })
+}
+
+function buildErrorSummary(result: AutoFixResult): string | undefined {
+  if (!result.hasErrors) return undefined
+  const parts: string[] = []
+
+  if (result.timedOut) {
+    parts.push('Command timed out.')
+  }
+  if (result.lintExitCode !== undefined && result.lintExitCode !== 0) {
+    parts.push(`Lint errors (exit code ${result.lintExitCode}):\n${result.lintOutput ?? ''}`)
+  }
+  if (result.testExitCode !== undefined && result.testExitCode !== 0) {
+    parts.push(`Test failures (exit code ${result.testExitCode}):\n${result.testOutput ?? ''}`)
+  }
+
+  return parts.join('\n\n')
+}
+
+export async function runAutoFixCheck(
+  options: AutoFixCheckOptions,
+): Promise<AutoFixResult> {
+  const { lint, test, timeout, cwd, signal } = options
+
+  if (!lint && !test) {
+    return { hasErrors: false }
+  }
+
+  if (signal?.aborted) {
+    return { hasErrors: false }
+  }
+
+  const result: AutoFixResult = { hasErrors: false }
+
+  // Run lint first
+  if (lint) {
+    const lintResult = await runCommand(lint, cwd, timeout, signal)
+    result.lintOutput = (lintResult.stdout + '\n' + lintResult.stderr).trim()
+    result.lintExitCode = lintResult.exitCode
+
+    if (lintResult.timedOut) {
+      result.hasErrors = true
+      result.timedOut = true
+      result.errorSummary = buildErrorSummary(result)
+      return result
+    }
+
+    if (lintResult.exitCode !== 0) {
+      result.hasErrors = true
+      result.errorSummary = buildErrorSummary(result)
+      return result
+    }
+  }
+
+  // Run tests only if lint passed (or no lint configured)
+  if (test) {
+    const testResult = await runCommand(test, cwd, timeout, signal)
+    result.testOutput = (testResult.stdout + '\n' + testResult.stderr).trim()
+    result.testExitCode = testResult.exitCode
+
+    if (testResult.timedOut) {
+      result.hasErrors = true
+      result.timedOut = true
+    } else if (testResult.exitCode !== 0) {
+      result.hasErrors = true
+    }
+  }
+
+  result.errorSummary = buildErrorSummary(result)
+  return result
+}

src/services/github/deviceFlow.test.ts

@@ -1,4 +1,4 @@
-import { afterEach, describe, expect, mock, test } from 'bun:test'
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test'
 
 import {
   DEFAULT_GITHUB_DEVICE_SCOPE,
@@ -7,14 +7,26 @@ import {
   requestDeviceCode,
 } from './deviceFlow.js'
 
+async function importFreshModule() {
+  mock.restore()
+  return import(`./deviceFlow.ts?ts=${Date.now()}-${Math.random()}`)
+}
+
 describe('requestDeviceCode', () => {
   const originalFetch = globalThis.fetch
 
+  beforeEach(() => {
+    mock.restore()
+    globalThis.fetch = originalFetch
+  })
+
   afterEach(() => {
     globalThis.fetch = originalFetch
   })
 
   test('parses successful device code response', async () => {
+    const { requestDeviceCode } = await importFreshModule()
+
     globalThis.fetch = mock(() =>
       Promise.resolve(
         new Response(
@@ -42,6 +54,9 @@ describe('requestDeviceCode', () => {
   })
 
   test('throws on HTTP error', async () => {
+    const { requestDeviceCode, GitHubDeviceFlowError } =
+      await importFreshModule()
+
     globalThis.fetch = mock(() =>
       Promise.resolve(new Response('bad', { status: 500 })),
     )
@@ -134,6 +149,8 @@ describe('pollAccessToken', () => {
   })
 
   test('returns token when GitHub responds with access_token immediately', async () => {
+    const { pollAccessToken } = await importFreshModule()
+
     let calls = 0
     globalThis.fetch = mock(() => {
       calls++
@@ -153,6 +170,8 @@ describe('pollAccessToken', () => {
   })
 
   test('throws on access_denied', async () => {
+    const { pollAccessToken } = await importFreshModule()
+
     globalThis.fetch = mock(() =>
       Promise.resolve(
         new Response(JSON.stringify({ error: 'access_denied' }), {
@@ -168,3 +187,62 @@ describe('pollAccessToken', () => {
     ).rejects.toThrow(/denied/)
   })
 })
+
+describe('exchangeForCopilotToken', () => {
+  const originalFetch = globalThis.fetch
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch
+  })
+
+  test('parses successful Copilot token response', async () => {
+    const { exchangeForCopilotToken } = await importFreshModule()
+
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            token: 'copilot-token-xyz',
+            expires_at: 1700000000,
+            refresh_in: 3600,
+            endpoints: {
+              api: 'https://api.githubcopilot.com',
+            },
+          }),
+          { status: 200 },
+        ),
+      ),
+    )
+
+    const result = await exchangeForCopilotToken('oauth-token', globalThis.fetch)
+    expect(result.token).toBe('copilot-token-xyz')
+    expect(result.expires_at).toBe(1700000000)
+    expect(result.refresh_in).toBe(3600)
+    expect(result.endpoints.api).toBe('https://api.githubcopilot.com')
+  })
+
+  test('throws on HTTP error', async () => {
+    const { exchangeForCopilotToken, GitHubDeviceFlowError } =
+      await importFreshModule()
+
+    globalThis.fetch = mock(() =>
+      Promise.resolve(new Response('unauthorized', { status: 401 })),
+    )
+    await expect(
+      exchangeForCopilotToken('bad-token', globalThis.fetch),
+    ).rejects.toThrow(GitHubDeviceFlowError)
+  })
+
+  test('throws on malformed response', async () => {
+    const { exchangeForCopilotToken } = await importFreshModule()
+
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(JSON.stringify({ invalid: 'data' }), { status: 200 }),
+      ),
+    )
+    await expect(
+      exchangeForCopilotToken('oauth-token', globalThis.fetch),
+    ).rejects.toThrow(/Malformed/)
+  })
+})

src/services/github/deviceFlow.ts

@@ -1,19 +1,35 @@
 /**
  * GitHub OAuth device flow for CLI login (https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow).
+ * Uses GitHub Copilot's official OAuth app for device authentication.
  */
 
 import { execFileNoThrow } from '../../utils/execFileNoThrow.js'
 
-export const DEFAULT_GITHUB_DEVICE_FLOW_CLIENT_ID = 'Ov23liXjWSSui6QIahPl'
+export const DEFAULT_GITHUB_DEVICE_FLOW_CLIENT_ID = 'Iv1.b507a08c87ecfe98'
 
 export const GITHUB_DEVICE_CODE_URL = 'https://github.com/login/device/code'
 export const GITHUB_DEVICE_ACCESS_TOKEN_URL =
   'https://github.com/login/oauth/access_token'
+export const COPILOT_TOKEN_URL = 'https://api.github.com/copilot_internal/v2/token'
 
-// OAuth app device flow does not accept the GitHub Models permission token
-// scope (models:read). Use an OAuth-safe default.
-const OAUTH_SAFE_GITHUB_DEVICE_SCOPE = 'read:user'
-export const DEFAULT_GITHUB_DEVICE_SCOPE = OAUTH_SAFE_GITHUB_DEVICE_SCOPE
+/** Only read:user scope — required for Copilot OAuth */
+export const DEFAULT_GITHUB_DEVICE_SCOPE = 'read:user'
+
+export const COPILOT_HEADERS: Record<string, string> = {
+  'User-Agent': 'GitHubCopilotChat/0.26.7',
+  'Editor-Version': 'vscode/1.99.3',
+  'Editor-Plugin-Version': 'copilot-chat/0.26.7',
+  'Copilot-Integration-Id': 'vscode-chat',
+}
+
+export type CopilotTokenResponse = {
+  token: string
+  expires_at: number
+  refresh_in: number
+  endpoints: {
+    api: string
+  }
+}
 
 export class GitHubDeviceFlowError extends Error {
   constructor(message: string) {
@@ -30,6 +46,8 @@ export type DeviceCodeResult = {
   interval: number
 }
 
+type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>
+
 export function getGithubDeviceFlowClientId(): string {
   return (
     process.env.GITHUB_DEVICE_FLOW_CLIENT_ID?.trim() ||
@@ -44,21 +62,21 @@ function sleep(ms: number): Promise<void> {
 export async function requestDeviceCode(options?: {
   clientId?: string
   scope?: string
-  fetchImpl?: typeof fetch
+  fetchImpl?: FetchLike
 }): Promise<DeviceCodeResult> {
   const clientId = options?.clientId ?? getGithubDeviceFlowClientId()
   if (!clientId) {
     throw new GitHubDeviceFlowError(
-      'No OAuth client ID: set GITHUB_DEVICE_FLOW_CLIENT_ID or paste a PAT instead.',
+      'No OAuth client ID: set GITHUB_DEVICE_FLOW_CLIENT_ID.',
     )
   }
   const fetchFn = options?.fetchImpl ?? fetch
   const requestedScope =
     options?.scope?.trim() || DEFAULT_GITHUB_DEVICE_SCOPE
   const scopesToTry =
-    requestedScope === OAUTH_SAFE_GITHUB_DEVICE_SCOPE
+    requestedScope === DEFAULT_GITHUB_DEVICE_SCOPE
       ? [requestedScope]
-      : [requestedScope, OAUTH_SAFE_GITHUB_DEVICE_SCOPE]
+      : [requestedScope, DEFAULT_GITHUB_DEVICE_SCOPE]
 
   let lastError = 'Device code request failed.'
 
@@ -77,7 +95,7 @@ export async function requestDeviceCode(options?: {
       lastError = `Device code request failed: ${res.status} ${text}`
       const isInvalidScope = /invalid_scope/i.test(text)
       const canRetryWithFallback =
-        scope !== OAUTH_SAFE_GITHUB_DEVICE_SCOPE && isInvalidScope
+        scope !== DEFAULT_GITHUB_DEVICE_SCOPE && isInvalidScope
       if (canRetryWithFallback) {
         continue
       }
@@ -114,7 +132,7 @@ export type PollOptions = {
   clientId?: string
   initialInterval?: number
   timeoutSeconds?: number
-  fetchImpl?: typeof fetch
+  fetchImpl?: FetchLike
 }
 
 export async function pollAccessToken(
@@ -197,3 +215,49 @@ export async function openVerificationUri(uri: string): Promise<void> {
     // User can open the URL manually
   }
 }
+
+/**
+ * Exchange an OAuth access token for a Copilot API token.
+ * The OAuth token alone cannot be used with the Copilot API endpoint.
+ */
+export async function exchangeForCopilotToken(
+  oauthToken: string,
+  fetchImpl?: FetchLike,
+): Promise<CopilotTokenResponse> {
+  const fetchFn = fetchImpl ?? fetch
+  const res = await fetchFn(COPILOT_TOKEN_URL, {
+    method: 'GET',
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${oauthToken}`,
+      ...COPILOT_HEADERS,
+    },
+  })
+  if (!res.ok) {
+    const text = await res.text().catch(() => '')
+    throw new GitHubDeviceFlowError(
+      `Copilot token exchange failed: ${res.status} ${text}`,
+    )
+  }
+  const data = (await res.json()) as Record<string, unknown>
+  const token = data.token
+  const expires_at = data.expires_at
+  const refresh_in = data.refresh_in
+  const endpoints = data.endpoints
+  if (
+    typeof token !== 'string' ||
+    typeof expires_at !== 'number' ||
+    typeof refresh_in !== 'number' ||
+    !endpoints ||
+    typeof endpoints !== 'object' ||
+    typeof (endpoints as Record<string, unknown>).api !== 'string'
+  ) {
+    throw new GitHubDeviceFlowError('Malformed Copilot token response')
+  }
+  return {
+    token,
+    expires_at,
+    refresh_in,
+    endpoints: endpoints as { api: string },
+  }
+}

src/services/mockRateLimits.ts

@@ -1,6 +1,11 @@
 // Mock rate limits for testing [internal-only]
 // The external build keeps this module as a stable no-op surface so imports
 // remain valid without exposing internal-only rate-limit simulation behavior.
+// This allows testing various rate limit scenarios without hitting actual limits
+//
+// WARNING: This is for internal testing/demo purposes only!
+// The mock headers may not exactly match the API specification or real-world behavior.
+// Always validate against actual API responses before relying on this for production features.
 
 import { setMockBillingAccessOverride } from '../utils/billing.js'
 import type { OverageDisabledReason } from './claudeAiLimits.js'

src/services/tips/tipRegistry.ts

@@ -645,7 +645,7 @@ const internalOnlyTips: Tip[] =
         {
           id: 'skillify',
           content: async () =>
-            '[internal] Turn repeatable workflows into reusable project skills when they keep recurring',
+            '[internal] Use /skillify to turn repeatable recurring workflows into reusable project skills',
           cooldownSessions: 15,
           isRelevant: async () => true,
         },

src/services/tools/toolExecution.test.ts

@@ -0,0 +1,33 @@
+import { describe, expect, test } from 'bun:test'
+
+import { SkillTool } from '../../tools/SkillTool/SkillTool.js'
+import {
+  getSchemaValidationErrorOverride,
+  getSchemaValidationToolUseResult,
+} from './toolExecution.js'
+
+describe('getSchemaValidationErrorOverride', () => {
+  test('returns actionable missing-skill error for SkillTool', () => {
+    expect(getSchemaValidationErrorOverride(SkillTool, {})).toBe(
+      'Missing skill name. Pass the slash command name as the skill parameter (e.g., skill: "commit" for /commit, skill: "review-pr" for /review-pr).',
+    )
+  })
+
+  test('does not override unrelated tool schema failures', () => {
+    expect(getSchemaValidationErrorOverride({ name: 'Read' } as never, {})).toBe(
+      null,
+    )
+  })
+
+  test('does not override SkillTool when skill is present', () => {
+    expect(
+      getSchemaValidationErrorOverride(SkillTool, { skill: 'commit' }),
+    ).toBe(null)
+  })
+
+  test('uses the actionable override for structured toolUseResult too', () => {
+    expect(getSchemaValidationToolUseResult(SkillTool, {} as never)).toBe(
+      'InputValidationError: Missing skill name. Pass the slash command name as the skill parameter (e.g., skill: "commit" for /commit, skill: "review-pr" for /review-pr).',
+    )
+  })
+})

src/services/tools/toolExecution.ts

@@ -43,6 +43,7 @@ import { FILE_READ_TOOL_NAME } from '../../tools/FileReadTool/prompt.js'
 import { FILE_WRITE_TOOL_NAME } from '../../tools/FileWriteTool/prompt.js'
 import { NOTEBOOK_EDIT_TOOL_NAME } from '../../tools/NotebookEditTool/constants.js'
 import { POWERSHELL_TOOL_NAME } from '../../tools/PowerShellTool/toolName.js'
+import { SKILL_TOOL_NAME } from '../../tools/SkillTool/constants.js'
 import { parseGitCommitId } from '../../tools/shared/gitOperationTracking.js'
 import {
   isDeferredTool,
@@ -596,6 +597,31 @@ export function buildSchemaNotSentHint(
   )
 }
 
+export function getSchemaValidationErrorOverride(
+  tool: Tool,
+  input: unknown,
+): string | null {
+  if (tool.name !== SKILL_TOOL_NAME || !input || typeof input !== 'object') {
+    return null
+  }
+
+  const skill = (input as { skill?: unknown }).skill
+  if (skill === undefined || skill === null) {
+    return 'Missing skill name. Pass the slash command name as the skill parameter (e.g., skill: "commit" for /commit, skill: "review-pr" for /review-pr).'
+  }
+
+  return null
+}
+
+export function getSchemaValidationToolUseResult(
+  tool: Tool,
+  input: unknown,
+  fallbackMessage?: string,
+): string {
+  const override = getSchemaValidationErrorOverride(tool, input)
+  return `InputValidationError: ${override ?? fallbackMessage ?? ''}`
+}
+
 async function checkPermissionsAndCallTool(
   tool: Tool,
   toolUseID: string,
@@ -614,7 +640,9 @@ async function checkPermissionsAndCallTool(
   // Validate input types with zod (surprisingly, the model is not great at generating valid input)
   const parsedInput = tool.inputSchema.safeParse(input)
   if (!parsedInput.success) {
-    let errorContent = formatZodValidationError(tool.name, parsedInput.error)
+    const fallbackErrorContent = formatZodValidationError(tool.name, parsedInput.error)
+    let errorContent =
+      getSchemaValidationErrorOverride(tool, input) ?? fallbackErrorContent
 
     const schemaHint = buildSchemaNotSentHint(
       tool,
@@ -672,7 +700,11 @@ async function checkPermissionsAndCallTool(
               tool_use_id: toolUseID,
             },
           ],
-          toolUseResult: `InputValidationError: ${parsedInput.error.message}`,
+          toolUseResult: getSchemaValidationToolUseResult(
+            tool,
+            input,
+            parsedInput.error.message,
+          ),
           sourceToolAssistantUUID: assistantMessage.uuid,
         }),
       },

src/services/tools/toolHooks.ts

@@ -29,6 +29,13 @@ import {
 } from '../../utils/permissions/PermissionResult.js'
 import { checkRuleBasedPermissions } from '../../utils/permissions/permissions.js'
 import { formatError } from '../../utils/toolErrors.js'
+import { getAutoFixConfig } from '../autoFix/autoFixConfig.js'
+import { shouldRunAutoFix, buildAutoFixContext } from '../autoFix/autoFixHook.js'
+import { runAutoFixCheck } from '../autoFix/autoFixRunner.js'
+
+// Track auto-fix retry count per query chain to enforce maxRetries cap.
+// Key: queryChainId (or 'default'), Value: number of auto-fix attempts used.
+const autoFixRetryCount = new Map<string, number>()
 import { isMcpTool } from '../mcp/utils.js'
 import type { McpServerType, MessageUpdateLazy } from './toolExecution.js'
 
@@ -185,6 +192,65 @@ export async function* runPostToolUseHooks<Input extends AnyObject, Output>(
         }
       }
     }
+
+    // Auto-fix: run lint/test if configured for this tool
+    const autoFixSettings = toolUseContext.getAppState().settings
+    const autoFixConfig = getAutoFixConfig(
+      autoFixSettings && typeof autoFixSettings === 'object' && 'autoFix' in autoFixSettings
+        ? (autoFixSettings as Record<string, unknown>).autoFix
+        : undefined,
+    )
+    if (shouldRunAutoFix(tool.name, autoFixConfig) && autoFixConfig) {
+      // Enforce maxRetries cap to prevent unbounded auto-fix loops.
+      // Uses queryChainId to scope the counter to the current conversation turn.
+      const chainKey = (toolUseContext.queryTracking?.chainId as string) ?? 'default'
+      const currentRetries = autoFixRetryCount.get(chainKey) ?? 0
+
+      if (currentRetries >= autoFixConfig.maxRetries) {
+        // Max retries reached — skip auto-fix and let the user know
+        yield {
+          message: createAttachmentMessage({
+            type: 'hook_additional_context',
+            content: [
+              `<auto_fix_feedback>\nAUTO-FIX: Maximum retry limit (${autoFixConfig.maxRetries}) reached. ` +
+              `Skipping further auto-fix attempts. Please review the errors manually.\n</auto_fix_feedback>`,
+            ],
+            hookName: `AutoFix:${tool.name}`,
+            toolUseID,
+            hookEvent: 'PostToolUse',
+          }),
+        }
+      } else {
+        try {
+          const cwd = toolUseContext.options?.cwd ?? process.cwd()
+          const autoFixResult = await runAutoFixCheck({
+            lint: autoFixConfig.lint,
+            test: autoFixConfig.test,
+            timeout: autoFixConfig.timeout,
+            cwd,
+            signal: toolUseContext.abortController.signal,
+          })
+          const autoFixContext = buildAutoFixContext(autoFixResult)
+          if (autoFixContext) {
+            autoFixRetryCount.set(chainKey, currentRetries + 1)
+            yield {
+              message: createAttachmentMessage({
+                type: 'hook_additional_context',
+                content: [autoFixContext],
+                hookName: `AutoFix:${tool.name}`,
+                toolUseID,
+                hookEvent: 'PostToolUse',
+              }),
+            }
+          } else {
+            // Lint/test passed — reset the retry counter for this chain
+            autoFixRetryCount.delete(chainKey)
+          }
+        } catch (autoFixError) {
+          logError(autoFixError)
+        }
+      }
+    }
   } catch (error) {
     logError(error)
   }

src/tools/AgentTool/prompt.ts

@@ -156,34 +156,24 @@ ${AGENT_TOOL_NAME}({
   const currentExamples = `Example usage:
 
 <example_agent_descriptions>
-"test-runner": use this agent after you are done writing code to run tests
-"greeting-responder": use this agent to respond to user greetings with a friendly joke
+"claude-code-guide": use this agent when the user asks how Claude Code works or how to use its features
+"statusline-setup": use this agent to configure the user's Claude Code status line setting
 </example_agent_descriptions>
 
 <example>
-user: "Please write a function that checks if a number is prime"
-assistant: I'm going to use the ${FILE_WRITE_TOOL_NAME} tool to write the following code:
-<code>
-function isPrime(n) {
-  if (n <= 1) return false
-  for (let i = 2; i * i <= n; i++) {
-    if (n % i === 0) return false
-  }
-  return true
-}
-</code>
+user: "How do I configure Claude Code hooks?"
 <commentary>
-Since a significant piece of code was written and the task was completed, now use the test-runner agent to run the tests
+This is a Claude Code usage question, so use the claude-code-guide agent
 </commentary>
-assistant: Uses the ${AGENT_TOOL_NAME} tool to launch the test-runner agent
+assistant: Uses the ${AGENT_TOOL_NAME} tool to launch the claude-code-guide agent
 </example>
 
 <example>
-user: "Hello"
+user: "Set up my Claude Code status line"
 <commentary>
-Since the user is greeting, use the greeting-responder agent to respond with a friendly joke
+This matches the statusline-setup agent, so use it to configure the setting
 </commentary>
-assistant: "I'm going to use the ${AGENT_TOOL_NAME} tool to launch the greeting-responder agent"
+assistant: "I'm going to use the ${AGENT_TOOL_NAME} tool to launch the statusline-setup agent"
 </example>
 `
 

src/tools/SkillTool/SkillTool.test.ts

@@ -0,0 +1,31 @@
+import { describe, expect, test } from 'bun:test'
+
+import { SkillTool } from './SkillTool.js'
+
+describe('SkillTool missing parameter handling', () => {
+  test('missing skill stays required at the schema level', async () => {
+    const parsed = SkillTool.inputSchema.safeParse({})
+
+    expect(parsed.success).toBe(false)
+  })
+
+  test('validateInput still returns an actionable error when called with missing skill', async () => {
+    const result = await SkillTool.validateInput?.({} as never, {
+      options: { tools: [] },
+      messages: [],
+    } as never)
+
+    expect(result).toEqual({
+      result: false,
+      message:
+        'Missing skill name. Pass the slash command name as the skill parameter (e.g., skill: "commit" for /commit, skill: "review-pr" for /review-pr).',
+      errorCode: 1,
+    })
+  })
+
+  test('valid skill input still parses and validates', async () => {
+    const parsed = SkillTool.inputSchema.safeParse({ skill: 'commit' })
+
+    expect(parsed.success).toBe(true)
+  })
+})

src/tools/SkillTool/SkillTool.ts

@@ -352,6 +352,16 @@ export const SkillTool: Tool<InputSchema, Output, Progress> = buildTool({
   toAutoClassifierInput: ({ skill }) => skill ?? '',
 
   async validateInput({ skill }, context): Promise<ValidationResult> {
+    if (!skill || typeof skill !== 'string') {
+      return {
+        result: false,
+        message:
+          'Missing skill name. Pass the slash command name as the skill parameter ' +
+          '(e.g., skill: "commit" for /commit, skill: "review-pr" for /review-pr).',
+        errorCode: 1,
+      }
+    }
+
     // Skills are just skill names, no arguments
     const trimmed = skill.trim()
     if (!trimmed) {
@@ -434,7 +444,7 @@ export const SkillTool: Tool<InputSchema, Output, Progress> = buildTool({
     context,
   ): Promise<PermissionDecision> {
     // Skills are just skill names, no arguments
-    const trimmed = skill.trim()
+    const trimmed = skill ?? ''
 
     // Remove leading slash if present (for compatibility)
     const commandName = trimmed.startsWith('/') ? trimmed.substring(1) : trimmed
@@ -592,7 +602,7 @@ export const SkillTool: Tool<InputSchema, Output, Progress> = buildTool({
     // - Skill is a prompt-based skill
 
     // Skills are just names, with optional arguments
-    const trimmed = skill.trim()
+    const trimmed = skill ?? ''
 
     // Remove leading slash if present (for compatibility)
     const commandName = trimmed.startsWith('/') ? trimmed.substring(1) : trimmed

src/utils/api.test.ts

@@ -1,6 +1,7 @@
 import { expect, test } from 'bun:test'
 import { z } from 'zod/v4'
 import { getEmptyToolPermissionContext, type Tool, type Tools } from '../Tool.js'
+import { SkillTool } from '../tools/SkillTool/SkillTool.js'
 import { toolToAPISchema } from './api.js'
 
 test('toolToAPISchema preserves provider-specific schema keywords in input_schema', async () => {
@@ -64,3 +65,16 @@ test('toolToAPISchema preserves provider-specific schema keywords in input_schem
     },
   })
 })
+
+test('toolToAPISchema keeps skill required for SkillTool', async () => {
+  const schema = await toolToAPISchema(SkillTool, {
+    getToolPermissionContext: async () => getEmptyToolPermissionContext(),
+    tools: [] as unknown as Tools,
+    agents: [],
+  })
+
+  expect((schema as { input_schema: unknown }).input_schema).toMatchObject({
+    type: 'object',
+    required: ['skill'],
+  })
+})

src/utils/context.test.ts

@@ -94,3 +94,22 @@ test('gpt-5.4 family keeps large max output overrides within provider limits', (
   expect(getMaxOutputTokensForModel('gpt-5.4-mini')).toBe(128_000)
   expect(getMaxOutputTokensForModel('gpt-5.4-nano')).toBe(128_000)
 })
+
+test('MiniMax-M2.7 uses explicit provider-specific context and output caps', () => {
+  process.env.CLAUDE_CODE_USE_OPENAI = '1'
+  delete process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS
+
+  expect(getContextWindowForModel('MiniMax-M2.7')).toBe(204_800)
+  expect(getModelMaxOutputTokens('MiniMax-M2.7')).toEqual({
+    default: 131_072,
+    upperLimit: 131_072,
+  })
+  expect(getMaxOutputTokensForModel('MiniMax-M2.7')).toBe(131_072)
+})
+
+test('unknown openai-compatible models still use the conservative fallback window', () => {
+  process.env.CLAUDE_CODE_USE_OPENAI = '1'
+  delete process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS
+
+  expect(getContextWindowForModel('some-unknown-3p-model')).toBe(8_000)
+})

src/utils/context.ts

@@ -72,16 +72,23 @@ export function getContextWindowForModel(
     return 1_000_000
   }
 
-  // OpenAI-compatible provider — use known context windows for the model
-  if (
+  // OpenAI-compatible provider — use known context windows for the model.
+  // Unknown models get a conservative 8k default so auto-compact triggers
+  // before hitting a hard context_window_exceeded error.
+  const isOpenAIProvider =
     isEnvTruthy(process.env.CLAUDE_CODE_USE_OPENAI) ||
     isEnvTruthy(process.env.CLAUDE_CODE_USE_GEMINI) ||
     isEnvTruthy(process.env.CLAUDE_CODE_USE_GITHUB)
-  ) {
+  if (isOpenAIProvider) {
     const openaiWindow = getOpenAIContextWindow(model)
     if (openaiWindow !== undefined) {
       return openaiWindow
     }
+    console.error(
+      `[context] Warning: model "${model}" not in context window table — using conservative 8k default. ` +
+      'Add it to src/utils/model/openaiContextWindows.ts for accurate compaction.',
+    )
+    return 8_000
   }
 
   const cap = getModelCapability(model)

src/utils/conversationRecovery.hooks.test.ts

@@ -69,3 +69,93 @@ test('loadConversationForResume rejects oversized transcripts before resume hook
   )
   expect(hookSpy).not.toHaveBeenCalled()
 })
+
+test('deserializeMessagesWithInterruptDetection strips thinking blocks only for OpenAI-compatible providers', async () => {
+  const serializedMessages = [
+    user(id(10), 'hello'),
+    {
+      type: 'assistant',
+      uuid: id(11),
+      parentUuid: id(10),
+      timestamp: ts,
+      cwd: '/tmp',
+      sessionId,
+      version: 'test',
+      message: {
+        role: 'assistant',
+        content: [
+          { type: 'thinking', thinking: 'secret reasoning' },
+          { type: 'text', text: 'visible reply' },
+        ],
+      },
+    },
+    {
+      type: 'assistant',
+      uuid: id(12),
+      parentUuid: id(11),
+      timestamp: ts,
+      cwd: '/tmp',
+      sessionId,
+      version: 'test',
+      message: {
+        role: 'assistant',
+        content: [{ type: 'thinking', thinking: 'only hidden reasoning' }],
+      },
+    },
+    user(id(13), 'follow up'),
+  ]
+
+  mock.module('./model/providers.js', () => ({
+    getAPIProvider: () => 'openai',
+    isOpenAICompatibleProvider: (provider: string) =>
+      provider === 'openai' ||
+      provider === 'gemini' ||
+      provider === 'github' ||
+      provider === 'codex',
+  }))
+
+  const openaiModule = await import(`./conversationRecovery.ts?provider=openai-${Date.now()}`)
+  const thirdParty = openaiModule.deserializeMessagesWithInterruptDetection(serializedMessages as never[])
+  const thirdPartyAssistantMessages = thirdParty.messages.filter(
+    message => message.type === 'assistant',
+  )
+
+  expect(thirdPartyAssistantMessages).toHaveLength(2)
+  expect(thirdPartyAssistantMessages[0]?.message?.content).toEqual([
+    { type: 'text', text: 'visible reply' },
+  ])
+  expect(
+    JSON.stringify(thirdPartyAssistantMessages.map(message => message.message?.content)),
+  ).not.toContain('secret reasoning')
+  expect(
+    JSON.stringify(thirdPartyAssistantMessages.map(message => message.message?.content)),
+  ).not.toContain('only hidden reasoning')
+
+  mock.restore()
+  mock.module('./model/providers.js', () => ({
+    getAPIProvider: () => 'bedrock',
+    isOpenAICompatibleProvider: (provider: string) =>
+      provider === 'openai' ||
+      provider === 'gemini' ||
+      provider === 'github' ||
+      provider === 'codex',
+  }))
+
+  const bedrockModule = await import(`./conversationRecovery.ts?provider=bedrock-${Date.now()}`)
+  const anthropicCompatible = bedrockModule.deserializeMessagesWithInterruptDetection(serializedMessages as never[])
+  const anthropicAssistantMessages = anthropicCompatible.messages.filter(
+    message => message.type === 'assistant',
+  )
+
+  expect(anthropicAssistantMessages).toHaveLength(2)
+  expect(anthropicAssistantMessages[0]?.message?.content).toEqual([
+    { type: 'thinking', thinking: 'secret reasoning' },
+    { type: 'text', text: 'visible reply' },
+  ])
+  expect(
+    JSON.stringify(anthropicAssistantMessages.map(message => message.message?.content)),
+  ).toContain('secret reasoning')
+  expect(
+    JSON.stringify(anthropicAssistantMessages.map(message => message.message?.content)),
+  ).not.toContain('only hidden reasoning')
+})

src/utils/conversationRecovery.test.ts

@@ -13,6 +13,7 @@ const originalSimple = process.env.CLAUDE_CODE_SIMPLE
 const sessionId = '00000000-0000-4000-8000-000000001999'
 const ts = '2026-04-02T00:00:00.000Z'
 
+
 function id(n: number): string {
   return `00000000-0000-4000-8000-${String(n).padStart(12, '0')}`
 }
@@ -76,4 +77,3 @@ test('loadConversationForResume rejects oversized reconstructed transcripts', as
     'Reconstructed transcript is too large to resume safely',
   )
 })
-

src/utils/conversationRecovery.ts

@@ -24,6 +24,7 @@ import {
   type FileHistorySnapshot,
 } from './fileHistory.js'
 import { logError } from './log.js'
+import { getAPIProvider } from './model/providers.js'
 import {
   createAssistantMessage,
   createUserMessage,
@@ -177,6 +178,25 @@ export type DeserializeResult = {
   turnInterruptionState: TurnInterruptionState
 }
 
+/**
+ * Remove thinking/redacted_thinking content blocks from assistant messages.
+ * Messages that become empty after stripping are removed entirely.
+ */
+function stripThinkingBlocks(messages: NormalizedMessage[]): NormalizedMessage[] {
+  return messages.reduce<NormalizedMessage[]>((acc, msg) => {
+    if (msg.type !== 'assistant' || !Array.isArray(msg.message?.content)) {
+      acc.push(msg)
+      return acc
+    }
+    const filtered = msg.message.content.filter(
+      (block: { type?: string }) => block.type !== 'thinking' && block.type !== 'redacted_thinking',
+    )
+    if (filtered.length === 0) return acc
+    acc.push({ ...msg, message: { ...msg.message, content: filtered } })
+    return acc
+  }, [])
+}
+
 /**
  * Deserializes messages from a log file into the format expected by the REPL.
  * Filters unresolved tool uses, orphaned thinking messages, and appends a
@@ -227,10 +247,19 @@ export function deserializeMessagesWithInterruptDetection(
       filteredToolUses,
     ) as NormalizedMessage[]
 
+    // Strip thinking/redacted_thinking content blocks from assistant messages
+    // when resuming against a 3P provider. These Anthropic-specific blocks cause
+    // 400 errors or context corruption on OpenAI-compatible providers (issue #248 finding 5).
+    const provider = getAPIProvider()
+    const isThirdPartyProvider = provider !== 'firstParty' && provider !== 'bedrock' && provider !== 'vertex' && provider !== 'foundry'
+    const thinkingStripped = isThirdPartyProvider
+      ? stripThinkingBlocks(filteredThinking)
+      : filteredThinking
+
     // Filter out assistant messages with only whitespace text content.
     // This can happen when model outputs "\n\n" before thinking, user cancels mid-stream.
     const filteredMessages = filterWhitespaceOnlyAssistantMessages(
-      filteredThinking,
+      thinkingStripped,
     ) as NormalizedMessage[]
 
     const internalState = detectTurnInterruption(filteredMessages)

src/utils/geminiCredentials.test.ts

@@ -3,6 +3,7 @@ import { afterEach, beforeEach, expect, mock, test } from 'bun:test'
 type MockStorageData = Record<string, unknown>
 
 const originalEnv = { ...process.env }
+const originalArgv = [...process.argv]
 let storageState: MockStorageData = {}
 
 async function importFreshModule() {
@@ -27,11 +28,14 @@ async function importFreshModule() {
 
 beforeEach(() => {
   process.env = { ...originalEnv }
+  delete process.env.CLAUDE_CODE_SIMPLE
+  process.argv = originalArgv.filter(arg => arg !== '--bare')
   storageState = {}
 })
 
 afterEach(() => {
   process.env = { ...originalEnv }
+  process.argv = [...originalArgv]
   storageState = {}
   mock.restore()
 })

src/utils/githubModelsCredentials.refresh.test.ts

@@ -0,0 +1,118 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test'
+
+async function importFreshModule() {
+  mock.restore()
+  return import(`./githubModelsCredentials.ts?ts=${Date.now()}-${Math.random()}`)
+}
+
+describe('refreshGithubModelsTokenIfNeeded', () => {
+  const orig = {
+    CLAUDE_CODE_USE_GITHUB: process.env.CLAUDE_CODE_USE_GITHUB,
+    CLAUDE_CODE_SIMPLE: process.env.CLAUDE_CODE_SIMPLE,
+    GITHUB_TOKEN: process.env.GITHUB_TOKEN,
+    GH_TOKEN: process.env.GH_TOKEN,
+  }
+
+  beforeEach(() => {
+    mock.restore()
+  })
+
+  afterEach(() => {
+    for (const [k, v] of Object.entries(orig)) {
+      if (v === undefined) {
+        delete process.env[k as keyof typeof orig]
+      } else {
+        process.env[k as keyof typeof orig] = v
+      }
+    }
+  })
+
+  test('refreshes expired Copilot token using stored OAuth token', async () => {
+    process.env.CLAUDE_CODE_USE_GITHUB = '1'
+    delete process.env.CLAUDE_CODE_SIMPLE
+    delete process.env.GITHUB_TOKEN
+    delete process.env.GH_TOKEN
+
+    const futureExp = Math.floor(Date.now() / 1000) + 3600
+    let store: Record<string, unknown> = {
+      githubModels: {
+        accessToken: 'tid=stale;exp=1;sku=free',
+        oauthAccessToken: 'ghu_oauth_secret',
+      },
+    }
+
+    mock.module('./secureStorage/index.js', () => ({
+      getSecureStorage: () => ({
+        read: () => store,
+        update: (next: Record<string, unknown>) => {
+          store = next
+          return { success: true }
+        },
+      }),
+    }))
+
+    mock.module('../services/github/deviceFlow.js', () => ({
+      DEFAULT_GITHUB_DEVICE_SCOPE: 'read:user',
+      exchangeForCopilotToken: async () => ({
+        token: `tid=fresh;exp=${futureExp};sku=free`,
+        expires_at: futureExp,
+        refresh_in: 1500,
+        endpoints: { api: 'https://api.githubcopilot.com' },
+      }),
+    }))
+
+    const { refreshGithubModelsTokenIfNeeded } = await importFreshModule()
+
+    const refreshed = await refreshGithubModelsTokenIfNeeded()
+    expect(refreshed).toBe(true)
+    expect(process.env.GITHUB_TOKEN?.startsWith('tid=fresh;exp=')).toBe(true)
+
+    const githubModels = (store.githubModels ?? {}) as {
+      accessToken?: string
+      oauthAccessToken?: string
+    }
+    expect(githubModels.accessToken?.startsWith('tid=fresh;exp=')).toBe(true)
+    expect(githubModels.oauthAccessToken).toBe('ghu_oauth_secret')
+  })
+
+  test('does not refresh when current Copilot token is valid', async () => {
+    process.env.CLAUDE_CODE_USE_GITHUB = '1'
+    delete process.env.CLAUDE_CODE_SIMPLE
+    delete process.env.GITHUB_TOKEN
+    delete process.env.GH_TOKEN
+
+    const futureExp = Math.floor(Date.now() / 1000) + 3600
+    const exchangeSpy = mock(async () => ({
+      token: `tid=unexpected;exp=${futureExp};sku=free`,
+      expires_at: futureExp,
+      refresh_in: 1500,
+      endpoints: { api: 'https://api.githubcopilot.com' },
+    }))
+
+    mock.module('./secureStorage/index.js', () => ({
+      getSecureStorage: () => ({
+        read: () => ({
+          githubModels: {
+            accessToken: `tid=already-valid;exp=${futureExp};sku=free`,
+            oauthAccessToken: 'ghu_oauth_secret',
+          },
+        }),
+        update: () => ({ success: true }),
+      }),
+    }))
+
+    mock.module('../services/github/deviceFlow.js', () => ({
+      DEFAULT_GITHUB_DEVICE_SCOPE: 'read:user',
+      exchangeForCopilotToken: exchangeSpy,
+    }))
+
+    const { refreshGithubModelsTokenIfNeeded } = await importFreshModule()
+
+    const refreshed = await refreshGithubModelsTokenIfNeeded()
+    expect(refreshed).toBe(false)
+    expect(exchangeSpy).not.toHaveBeenCalled()
+    expect(process.env.GITHUB_TOKEN?.startsWith('tid=already-valid;exp=')).toBe(
+      true,
+    )
+  })
+})

src/utils/githubModelsCredentials.ts

@@ -1,5 +1,6 @@
 import { isBareMode, isEnvTruthy } from './envUtils.js'
 import { getSecureStorage } from './secureStorage/index.js'
+import { exchangeForCopilotToken } from '../services/github/deviceFlow.js'
 
 /** JSON key in the shared OpenClaude secure storage blob. */
 export const GITHUB_MODELS_STORAGE_KEY = 'githubModels' as const
@@ -8,6 +9,38 @@ export const GITHUB_MODELS_HYDRATED_ENV_MARKER =
 
 export type GithubModelsCredentialBlob = {
   accessToken: string
+  oauthAccessToken?: string
+}
+
+type GithubTokenStatus = 'valid' | 'expired' | 'invalid_format'
+
+function checkGithubTokenStatus(token: string): GithubTokenStatus {
+  const expMatch = token.match(/exp=(\d+)/)
+  if (expMatch) {
+    const expSeconds = Number(expMatch[1])
+    if (!Number.isNaN(expSeconds)) {
+      return Date.now() >= expSeconds * 1000 ? 'expired' : 'valid'
+    }
+  }
+
+  const parts = token.split('.')
+  const looksLikeJwt =
+    parts.length === 3 && parts.every(part => /^[A-Za-z0-9_-]+$/.test(part))
+  if (looksLikeJwt) {
+    try {
+      const normalized = parts[1].replace(/-/g, '+').replace(/_/g, '/')
+      const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4)
+      const json = Buffer.from(padded, 'base64').toString('utf8')
+      const parsed = JSON.parse(json)
+      if (parsed && typeof parsed === 'object' && parsed.exp) {
+        return Date.now() >= (parsed.exp as number) * 1000 ? 'expired' : 'valid'
+      }
+    } catch {
+      return 'invalid_format'
+    }
+  }
+
+  return 'invalid_format'
 }
 
 export function readGithubModelsToken(): string | undefined {
@@ -66,7 +99,62 @@ export function hydrateGithubModelsTokenFromSecureStorage(): void {
   delete process.env[GITHUB_MODELS_HYDRATED_ENV_MARKER]
 }
 
-export function saveGithubModelsToken(token: string): {
+/**
+ * Startup auto-refresh for GitHub Models mode.
+ *
+ * If a stored Copilot token is expired/invalid and an OAuth token is present,
+ * exchange the OAuth token for a fresh Copilot token and persist it.
+ */
+export async function refreshGithubModelsTokenIfNeeded(): Promise<boolean> {
+  if (!isEnvTruthy(process.env.CLAUDE_CODE_USE_GITHUB)) {
+    return false
+  }
+  if (isBareMode()) {
+    return false
+  }
+
+  try {
+    const secureStorage = getSecureStorage()
+    const data = secureStorage.read() as
+      | ({ githubModels?: GithubModelsCredentialBlob } & Record<string, unknown>)
+      | null
+    const blob = data?.githubModels
+    const accessToken = blob?.accessToken?.trim() || ''
+    const oauthToken = blob?.oauthAccessToken?.trim() || ''
+
+    if (!accessToken && !oauthToken) {
+      return false
+    }
+
+    const status = accessToken ? checkGithubTokenStatus(accessToken) : 'expired'
+    if (status === 'valid') {
+      if (!process.env.GITHUB_TOKEN?.trim() && !process.env.GH_TOKEN?.trim()) {
+        process.env.GITHUB_TOKEN = accessToken
+      }
+      return false
+    }
+
+    if (!oauthToken) {
+      return false
+    }
+
+    const refreshed = await exchangeForCopilotToken(oauthToken)
+    const saved = saveGithubModelsToken(refreshed.token, oauthToken)
+    if (!saved.success) {
+      return false
+    }
+
+    process.env.GITHUB_TOKEN = refreshed.token
+    return true
+  } catch {
+    return false
+  }
+}
+
+export function saveGithubModelsToken(
+  token: string,
+  oauthToken?: string,
+): {
   success: boolean
   warning?: string
 } {
@@ -79,9 +167,21 @@ export function saveGithubModelsToken(token: string): {
   }
   const secureStorage = getSecureStorage()
   const prev = secureStorage.read() || {}
+  const prevGithubModels = (prev as Record<string, unknown>)[
+    GITHUB_MODELS_STORAGE_KEY
+  ] as GithubModelsCredentialBlob | undefined
+  const oauthTrimmed = oauthToken?.trim()
+  const mergedBlob: GithubModelsCredentialBlob = {
+    accessToken: trimmed,
+  }
+  if (oauthTrimmed) {
+    mergedBlob.oauthAccessToken = oauthTrimmed
+  } else if (prevGithubModels?.oauthAccessToken?.trim()) {
+    mergedBlob.oauthAccessToken = prevGithubModels.oauthAccessToken.trim()
+  }
   const merged = {
     ...(prev as Record<string, unknown>),
-    [GITHUB_MODELS_STORAGE_KEY]: { accessToken: trimmed },
+    [GITHUB_MODELS_STORAGE_KEY]: mergedBlob,
   }
   return secureStorage.update(merged as typeof prev)
 }

src/utils/model/configs.ts

@@ -35,6 +35,8 @@ export const CLAUDE_3_7_SONNET_CONFIG = {
   foundry: 'claude-3-7-sonnet',
   openai: 'gpt-4o-mini',
   gemini: 'gemini-2.0-flash',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_3_5_V2_SONNET_CONFIG = {
@@ -44,6 +46,8 @@ export const CLAUDE_3_5_V2_SONNET_CONFIG = {
   foundry: 'claude-3-5-sonnet',
   openai: 'gpt-4o-mini',
   gemini: 'gemini-2.0-flash',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_3_5_HAIKU_CONFIG = {
@@ -53,6 +57,8 @@ export const CLAUDE_3_5_HAIKU_CONFIG = {
   foundry: 'claude-3-5-haiku',
   openai: 'gpt-4o-mini',
   gemini: 'gemini-2.0-flash-lite',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_HAIKU_4_5_CONFIG = {
@@ -62,6 +68,8 @@ export const CLAUDE_HAIKU_4_5_CONFIG = {
   foundry: 'claude-haiku-4-5',
   openai: 'gpt-4o-mini',
   gemini: 'gemini-2.0-flash-lite',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_SONNET_4_CONFIG = {
@@ -71,6 +79,8 @@ export const CLAUDE_SONNET_4_CONFIG = {
   foundry: 'claude-sonnet-4',
   openai: 'gpt-4o-mini',
   gemini: 'gemini-2.0-flash',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_SONNET_4_5_CONFIG = {
@@ -80,6 +90,8 @@ export const CLAUDE_SONNET_4_5_CONFIG = {
   foundry: 'claude-sonnet-4-5',
   openai: 'gpt-4o',
   gemini: 'gemini-2.0-flash',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_OPUS_4_CONFIG = {
@@ -89,6 +101,8 @@ export const CLAUDE_OPUS_4_CONFIG = {
   foundry: 'claude-opus-4',
   openai: 'gpt-4o',
   gemini: 'gemini-2.5-pro-preview-03-25',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_OPUS_4_1_CONFIG = {
@@ -98,6 +112,8 @@ export const CLAUDE_OPUS_4_1_CONFIG = {
   foundry: 'claude-opus-4-1',
   openai: 'gpt-4o',
   gemini: 'gemini-2.5-pro-preview-03-25',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_OPUS_4_5_CONFIG = {
@@ -107,6 +123,8 @@ export const CLAUDE_OPUS_4_5_CONFIG = {
   foundry: 'claude-opus-4-5',
   openai: 'gpt-4o',
   gemini: 'gemini-2.5-pro-preview-03-25',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_OPUS_4_6_CONFIG = {
@@ -116,6 +134,8 @@ export const CLAUDE_OPUS_4_6_CONFIG = {
   foundry: 'claude-opus-4-6',
   openai: 'gpt-4o',
   gemini: 'gemini-2.5-pro-preview-03-25',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 export const CLAUDE_SONNET_4_6_CONFIG = {
@@ -125,6 +145,8 @@ export const CLAUDE_SONNET_4_6_CONFIG = {
   foundry: 'claude-sonnet-4-6',
   openai: 'gpt-4o',
   gemini: 'gemini-2.0-flash',
+  github: 'github:copilot',
+  codex: 'gpt-5.4',
 } as const satisfies ModelConfig
 
 // @[MODEL LAUNCH]: Register the new config here.

src/utils/model/copilotModels.ts

@@ -0,0 +1,351 @@
+/**
+ * Hardcoded Copilot model registry from models.dev/api.json
+ * These are the 19 models available through GitHub Copilot.
+ */
+
+export type CopilotModel = {
+  id: string
+  name: string
+  family: string
+  attachment: boolean
+  reasoning: boolean
+  tool_call: boolean
+  temperature: boolean
+  knowledge: string
+  release_date: string
+  last_updated: string
+  modalities: {
+    input: string[]
+    output: string[]
+  }
+  open_weights: boolean
+  cost: {
+    input: number
+    output: number
+    cache_read?: number
+  }
+  limit: {
+    context: number
+    input?: number
+    output: number
+  }
+}
+
+export const COPILOT_MODELS: Record<string, CopilotModel> = {
+  'gpt-5.4': {
+    id: 'gpt-5.4',
+    name: 'GPT-5.4',
+    family: 'gpt',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.4-mini': {
+    id: 'gpt-5.4-mini',
+    name: 'GPT-5.4 mini',
+    family: 'gpt-mini',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.3-codex': {
+    id: 'gpt-5.3-codex',
+    name: 'GPT-5.3-Codex',
+    family: 'gpt-codex',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.2-codex': {
+    id: 'gpt-5.2-codex',
+    name: 'GPT-5.2-Codex',
+    family: 'gpt-codex',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.2': {
+    id: 'gpt-5.2',
+    name: 'GPT-5.2',
+    family: 'gpt',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 264000, output: 32768 },
+  },
+  'gpt-5.1-codex': {
+    id: 'gpt-5.1-codex',
+    name: 'GPT-5.1-Codex',
+    family: 'gpt-codex',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.1-codex-max': {
+    id: 'gpt-5.1-codex-max',
+    name: 'GPT-5.1-Codex-max',
+    family: 'gpt-codex',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-5.1-codex-mini': {
+    id: 'gpt-5.1-codex-mini',
+    name: 'GPT-5.1-Codex-mini',
+    family: 'gpt-codex',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 400000, output: 32768 },
+  },
+  'gpt-4o': {
+    id: 'gpt-4o',
+    name: 'GPT-4o',
+    family: 'gpt',
+    attachment: true,
+    reasoning: false,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2023-10',
+    release_date: '2024-05-01',
+    last_updated: '2024-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 16384 },
+  },
+  'gpt-4.1': {
+    id: 'gpt-4.1',
+    name: 'GPT-4.1',
+    family: 'gpt',
+    attachment: false,
+    reasoning: false,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2024-06',
+    release_date: '2024-06-01',
+    last_updated: '2024-06-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 32768 },
+  },
+  'claude-opus-4.6': {
+    id: 'claude-opus-4.6',
+    name: 'Claude Opus 4.6',
+    family: 'claude-opus',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 144000, output: 32768 },
+  },
+  'claude-opus-4.5': {
+    id: 'claude-opus-4.5',
+    name: 'Claude Opus 4.5',
+    family: 'claude-opus',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 160000, output: 32768 },
+  },
+  'claude-sonnet-4.6': {
+    id: 'claude-sonnet-4.6',
+    name: 'Claude Sonnet 4.6',
+    family: 'claude-sonnet',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 200000, output: 32768 },
+  },
+  'claude-sonnet-4.5': {
+    id: 'claude-sonnet-4.5',
+    name: 'Claude Sonnet 4.5',
+    family: 'claude-sonnet',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 144000, output: 32768 },
+  },
+  'claude-haiku-4.5': {
+    id: 'claude-haiku-4.5',
+    name: 'Claude Haiku 4.5',
+    family: 'claude-haiku',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 144000, output: 32768 },
+  },
+  'gemini-3.1-pro-preview': {
+    id: 'gemini-3.1-pro-preview',
+    name: 'Gemini 3.1 Pro Preview',
+    family: 'gemini-pro',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image', 'audio'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 32768 },
+  },
+  'gemini-3-flash-preview': {
+    id: 'gemini-3-flash-preview',
+    name: 'Gemini 3 Flash',
+    family: 'gemini-flash',
+    attachment: true,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 32768 },
+  },
+  'gemini-2.5-pro': {
+    id: 'gemini-2.5-pro',
+    name: 'Gemini 2.5 Pro',
+    family: 'gemini-pro',
+    attachment: true,
+    reasoning: false,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text', 'image'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 32768 },
+  },
+  'grok-code-fast-1': {
+    id: 'grok-code-fast-1',
+    name: 'Grok Code Fast 1',
+    family: 'grok',
+    attachment: false,
+    reasoning: true,
+    tool_call: true,
+    temperature: true,
+    knowledge: '2025-05',
+    release_date: '2025-05-01',
+    last_updated: '2025-05-01',
+    modalities: { input: ['text'], output: ['text'] },
+    open_weights: false,
+    cost: { input: 0, output: 0 },
+    limit: { context: 128000, output: 32768 },
+  },
+}
+
+export function getCopilotModelIds(): string[] {
+  return Object.keys(COPILOT_MODELS)
+}
+
+export function getCopilotModel(id: string): CopilotModel | undefined {
+  return COPILOT_MODELS[id]
+}
+
+export function getAllCopilotModels(): CopilotModel[] {
+  return Object.values(COPILOT_MODELS)
+}

src/utils/model/model.ts

@@ -43,6 +43,10 @@ export function getSmallFastModel(): ModelName {
   if (getAPIProvider() === 'openai') {
     return process.env.OPENAI_MODEL || 'gpt-4o-mini'
   }
+  // For GitHub Copilot provider
+  if (getAPIProvider() === 'github') {
+    return process.env.OPENAI_MODEL || 'github:copilot'
+  }
   return getDefaultHaikuModel()
 }
 
@@ -137,6 +141,10 @@ export function getDefaultOpusModel(): ModelName {
   if (getAPIProvider() === 'codex') {
     return process.env.OPENAI_MODEL || 'gpt-5.4'
   }
+  // GitHub Copilot provider
+  if (getAPIProvider() === 'github') {
+    return process.env.OPENAI_MODEL || 'github:copilot'
+  }
   // 3P providers (Bedrock, Vertex, Foundry) — kept as a separate branch
   // even when values match, since 3P availability lags firstParty and
   // these will diverge again at the next model launch.
@@ -163,6 +171,10 @@ export function getDefaultSonnetModel(): ModelName {
   if (getAPIProvider() === 'codex') {
     return process.env.OPENAI_MODEL || 'gpt-5.4'
   }
+  // GitHub Copilot provider
+  if (getAPIProvider() === 'github') {
+    return process.env.OPENAI_MODEL || 'github:copilot'
+  }
   // Default to Sonnet 4.5 for 3P since they may not have 4.6 yet
   if (getAPIProvider() !== 'firstParty') {
     return getModelStrings().sonnet45
@@ -175,10 +187,6 @@ export function getDefaultHaikuModel(): ModelName {
   if (process.env.ANTHROPIC_DEFAULT_HAIKU_MODEL) {
     return process.env.ANTHROPIC_DEFAULT_HAIKU_MODEL
   }
-  // Gemini provider
-  if (getAPIProvider() === 'gemini') {
-    return process.env.GEMINI_MODEL || 'gemini-2.0-flash-lite'
-  }
   // OpenAI provider
   if (getAPIProvider() === 'openai') {
     return process.env.OPENAI_MODEL || 'gpt-4o-mini'
@@ -187,6 +195,14 @@ export function getDefaultHaikuModel(): ModelName {
   if (getAPIProvider() === 'codex') {
     return process.env.OPENAI_MODEL || 'gpt-5.4'
   }
+  // GitHub Copilot provider
+  if (getAPIProvider() === 'github') {
+    return process.env.OPENAI_MODEL || 'github:copilot'
+  }
+  // Gemini provider
+  if (getAPIProvider() === 'gemini') {
+    return process.env.GEMINI_MODEL || 'gemini-2.0-flash-lite'
+  }
 
   // Haiku 4.5 is available on all platforms (first-party, Foundry, Bedrock, Vertex)
   return getModelStrings().haiku45
@@ -231,6 +247,11 @@ export function getRuntimeMainLoopModel(params: {
  * @returns The default model setting to use
  */
 export function getDefaultMainLoopModelSetting(): ModelName | ModelAlias {
+  // GitHub Copilot provider: check settings.model first, then env, then default
+  if (getAPIProvider() === 'github') {
+    const settings = getSettings_DEPRECATED() || {}
+    return settings.model || process.env.OPENAI_MODEL || 'github:copilot'
+  }
   // Gemini provider: always use the configured Gemini model
   if (getAPIProvider() === 'gemini') {
     return process.env.GEMINI_MODEL || 'gemini-2.0-flash'
@@ -239,10 +260,6 @@ export function getDefaultMainLoopModelSetting(): ModelName | ModelAlias {
   if (getAPIProvider() === 'openai') {
     return process.env.OPENAI_MODEL || 'gpt-4o'
   }
-  // GitHub provider: always use the configured GitHub model
-  if (getAPIProvider() === 'github') {
-    return process.env.OPENAI_MODEL || 'github:copilot'
-  }
   // Codex provider: always use the configured Codex model (default gpt-5.4)
   if (getAPIProvider() === 'codex') {
     return process.env.OPENAI_MODEL || 'gpt-5.4'
@@ -426,8 +443,33 @@ export function renderModelSetting(setting: ModelName | ModelAlias): string {
  * if the model is not recognized as a public model.
  */
 export function getPublicModelDisplayName(model: ModelName): string | null {
-  // For OpenAI/Gemini/Codex providers, show the actual model name not a Claude alias
-  if (getAPIProvider() === 'openai' || getAPIProvider() === 'gemini' || getAPIProvider() === 'codex') {
+  // For OpenAI/Gemini/Codex/GitHub providers, show the actual model name not a Claude alias
+  if (getAPIProvider() === 'openai' || getAPIProvider() === 'gemini' || getAPIProvider() === 'codex' || getAPIProvider() === 'github') {
+    // Return display names for known GitHub Copilot models
+    const copilotModelNames: Record<string, string> = {
+      'gpt-5.4': 'GPT-5.4',
+      'gpt-5.4-mini': 'GPT-5.4 mini',
+      'gpt-5.3-codex': 'GPT-5.3 Codex',
+      'gpt-5.2-codex': 'GPT-5.2 Codex',
+      'gpt-5.2': 'GPT-5.2',
+      'gpt-5.1-codex': 'GPT-5.1 Codex',
+      'gpt-5.1-codex-max': 'GPT-5.1 Codex max',
+      'gpt-5.1-codex-mini': 'GPT-5.1 Codex mini',
+      'gpt-4o': 'GPT-4o',
+      'gpt-4.1': 'GPT-4.1',
+      'claude-opus-4.6': 'Claude Opus 4.6',
+      'claude-opus-4.5': 'Claude Opus 4.5',
+      'claude-sonnet-4.6': 'Claude Sonnet 4.6',
+      'claude-sonnet-4.5': 'Claude Sonnet 4.5',
+      'claude-haiku-4.5': 'Claude Haiku 4.5',
+      'gemini-3.1-pro-preview': 'Gemini 3.1 Pro Preview',
+      'gemini-3-flash-preview': 'Gemini 3 Flash',
+      'gemini-2.5-pro': 'Gemini 2.5 Pro',
+      'grok-code-fast-1': 'Grok Code Fast 1',
+    }
+    if (copilotModelNames[model]) {
+      return copilotModelNames[model]
+    }
     return null
   }
   switch (model) {
@@ -484,6 +526,10 @@ export function renderModelName(model: ModelName): string {
   if (publicName) {
     return publicName
   }
+  // Handle GitHub Copilot special model aliases
+  if (model === 'github:copilot') {
+    return 'GPT-4o'
+  }
   if (process.env.USER_TYPE === 'ant') {
     const resolved = parseUserSpecifiedModel(model)
     const antModel = resolveAntModel(model)

src/utils/model/modelOptions.github.test.ts

@@ -61,7 +61,7 @@ afterEach(() => {
   resetModelStringsForTestingOnly()
 })
 
-test('GitHub provider exposes only default + GitHub model in /model options', async () => {
+test('GitHub provider exposes default + all Copilot models in /model options', async () => {
   process.env.CLAUDE_CODE_USE_GITHUB = '1'
   delete process.env.CLAUDE_CODE_USE_OPENAI
   delete process.env.CLAUDE_CODE_USE_GEMINI
@@ -69,7 +69,7 @@ test('GitHub provider exposes only default + GitHub model in /model options', as
   delete process.env.CLAUDE_CODE_USE_VERTEX
   delete process.env.CLAUDE_CODE_USE_FOUNDRY
 
-  process.env.OPENAI_MODEL = 'github:copilot'
+  process.env.OPENAI_MODEL = 'gpt-4o'
   delete process.env.ANTHROPIC_CUSTOM_MODEL_OPTION
 
   const { getModelOptions } = await importFreshModelOptionsModule()
@@ -78,6 +78,7 @@ test('GitHub provider exposes only default + GitHub model in /model options', as
     (option: { value: unknown }) => option.value !== null,
   )
 
-  expect(nonDefault.length).toBe(1)
-  expect(nonDefault[0]?.value).toBe('github:copilot')
+  expect(nonDefault.length).toBeGreaterThan(1)
+  expect(nonDefault.some((o: { value: unknown }) => o.value === 'gpt-4o')).toBe(true)
+  expect(nonDefault.some((o: { value: unknown }) => o.value === 'gpt-5.3-codex')).toBe(true)
 })

src/utils/model/modelOptions.ts

@@ -35,6 +35,7 @@ import { has1mContext } from '../context.js'
 import { getGlobalConfig } from '../config.js'
 import { getActiveOpenAIModelOptionsCache } from '../providerProfiles.js'
 import { getCachedOllamaModelOptions, isOllamaProvider } from './ollamaModels.js'
+import { getAntModels } from './antModels.js'
 
 // @[MODEL LAUNCH]: Update all the available and default model option strings below.
 
@@ -351,17 +352,20 @@ function getCodexModelOptions(): ModelOption[] {
 
 // @[MODEL LAUNCH]: Update the model picker lists below to include/reorder options for the new model.
 // Each user tier (ant, Max/Team Premium, Pro/Team Standard/Enterprise, PAYG 1P, PAYG 3P) has its own list.
+
+import { getAllCopilotModels } from './copilotModels.js'
+
+function getCopilotModelOptions(): ModelOption[] {
+  return getAllCopilotModels().map(m => ({
+    value: m.id,
+    label: m.name,
+    description: `${m.family}${m.reasoning ? ' · Reasoning' : ''}${m.tool_call ? ' · Tool call' : ''} · ${Math.round(m.limit.context / 1000)}K context`,
+  }))
+}
+
 function getModelOptionsBase(fastMode = false): ModelOption[] {
   if (getAPIProvider() === 'github') {
-    const githubModel = process.env.OPENAI_MODEL?.trim() || 'github:copilot'
-    return [
-      getDefaultOptionForUser(fastMode),
-      {
-        value: githubModel,
-        label: githubModel,
-        description: 'GitHub Models default',
-      },
-    ]
+    return [getDefaultOptionForUser(fastMode), ...getCopilotModelOptions()]
   }
 
   // When using Ollama, show models from the Ollama server instead of Claude models

src/utils/model/openaiContextWindows.ts

@@ -44,6 +44,10 @@ const OPENAI_CONTEXT_WINDOWS: Record<string, number> = {
   'mistral-large-latest':     131_072,
   'mistral-small-latest':     131_072,
 
+  // MiniMax
+  'MiniMax-M2.7':             204_800,
+  'minimax-m2.7':             204_800,
+
   // Google (via OpenRouter)
   'google/gemini-2.0-flash':1_048_576,
   'google/gemini-2.5-pro':  1_048_576,
@@ -110,6 +114,10 @@ const OPENAI_MAX_OUTPUT_TOKENS: Record<string, number> = {
   'mistral-large-latest':     32_768,
   'mistral-small-latest':     32_768,
 
+  // MiniMax
+  'MiniMax-M2.7':            131_072,
+  'minimax-m2.7':            131_072,
+
   // Google (via OpenRouter)
   'google/gemini-2.0-flash':   8_192,
   'google/gemini-2.5-pro':    65_536,

src/utils/permissions/dangerousPatterns.ts

@@ -51,6 +51,7 @@ export const DANGEROUS_BASH_PATTERNS: readonly string[] = [
   'xargs',
   'sudo',
   // Internal-only: internal-only tools plus general tools that ant sandbox
+  // data shows are frequently over-allowlisted as broad prefixes.
   // dotfile data shows are commonly over-allowlisted as broad prefixes.
   // These stay internal-only — external users don't have coo, and the rest are
   // an empirical-risk call grounded in ant sandbox data, not a universal

src/utils/providerFlag.test.ts

@@ -6,7 +6,26 @@ import {
   VALID_PROVIDERS,
 } from './providerFlag.js'
 
-const originalEnv = { ...process.env }
+const ENV_KEYS = [
+  'CLAUDE_CODE_USE_OPENAI',
+  'CLAUDE_CODE_USE_GEMINI',
+  'CLAUDE_CODE_USE_GITHUB',
+  'CLAUDE_CODE_USE_BEDROCK',
+  'CLAUDE_CODE_USE_VERTEX',
+  'OPENAI_BASE_URL',
+  'OPENAI_API_KEY',
+  'OPENAI_MODEL',
+  'GEMINI_MODEL',
+]
+
+const originalEnv: Record<string, string | undefined> = {}
+
+beforeEach(() => {
+  for (const key of ENV_KEYS) {
+    originalEnv[key] = process.env[key]
+    delete process.env[key]
+  }
+})
 
 const RESET_KEYS = [
   'CLAUDE_CODE_USE_OPENAI',
@@ -27,9 +46,12 @@ beforeEach(() => {
 })
 
 afterEach(() => {
-  for (const key of RESET_KEYS) {
-    if (originalEnv[key] === undefined) delete process.env[key]
-    else process.env[key] = originalEnv[key]
+  for (const key of ENV_KEYS) {
+    if (originalEnv[key] === undefined) {
+      delete process.env[key]
+    } else {
+      process.env[key] = originalEnv[key]
+    }
   }
 })
 

src/utils/providerValidation.ts

@@ -1,4 +1,5 @@
 import {
+  getGithubEndpointType,
   isLocalProviderUrl,
   resolveCodexApiCredentials,
   resolveProviderRequest,
@@ -15,6 +16,51 @@ function isEnvTruthy(value: string | undefined): boolean {
   return normalized !== '' && normalized !== '0' && normalized !== 'false' && normalized !== 'no'
 }
 
+type GithubTokenStatus = 'valid' | 'expired' | 'invalid_format'
+
+const GITHUB_PAT_PREFIXES = ['ghp_', 'gho_', 'ghs_', 'ghr_', 'github_pat_']
+
+function checkGithubTokenStatus(
+  token: string,
+  endpointType: 'copilot' | 'models' | 'custom' = 'copilot',
+): GithubTokenStatus {
+  // PATs work with GitHub Models but not with Copilot API
+  if (GITHUB_PAT_PREFIXES.some(prefix => token.startsWith(prefix))) {
+    if (endpointType === 'copilot') {
+      return 'expired'
+    }
+    return 'valid'
+  }
+
+  const expMatch = token.match(/exp=(\d+)/)
+  if (expMatch) {
+    const expSeconds = Number(expMatch[1])
+    if (!Number.isNaN(expSeconds)) {
+      return Date.now() >= expSeconds * 1000 ? 'expired' : 'valid'
+    }
+  }
+
+  const parts = token.split('.')
+  const looksLikeJwt =
+    parts.length === 3 && parts.every(part => /^[A-Za-z0-9_-]+$/.test(part))
+  if (looksLikeJwt) {
+    try {
+      const normalized = parts[1].replace(/-/g, '+').replace(/_/g, '/')
+      const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4)
+      const json = Buffer.from(padded, 'base64').toString('utf8')
+      const parsed = JSON.parse(json)
+      if (parsed && typeof parsed === 'object' && parsed.exp) {
+        return Date.now() >= (parsed.exp as number) * 1000 ? 'expired' : 'valid'
+      }
+    } catch {
+      return 'invalid_format'
+    }
+  }
+
+  // Keep compatibility with opaque token formats that do not expose expiry.
+  return 'valid'
+}
+
 export async function getProviderValidationError(
   env: NodeJS.ProcessEnv = process.env,
   options?: {
@@ -39,7 +85,19 @@ export async function getProviderValidationError(
   if (useGithub && !useOpenAI) {
     const token = (env.GITHUB_TOKEN?.trim() || env.GH_TOKEN?.trim()) ?? ''
     if (!token) {
-      return 'GITHUB_TOKEN or GH_TOKEN is required when CLAUDE_CODE_USE_GITHUB=1.'
+      return 'GitHub Copilot authentication required.\n' +
+        'Run /onboard-github in the CLI to sign in with your GitHub account.\n' +
+        'This will store your OAuth token securely and enable Copilot models.'
+    }
+    const endpointType = getGithubEndpointType(env.OPENAI_BASE_URL)
+    const status = checkGithubTokenStatus(token, endpointType)
+    if (status === 'expired') {
+      return 'GitHub Copilot token has expired.\n' +
+        'Run /onboard-github to sign in again and get a fresh token.'
+    }
+    if (status === 'invalid_format') {
+      return 'GitHub Copilot token is invalid or corrupted.\n' +
+        'Run /onboard-github to sign in again with your GitHub account.'
     }
     return null
   }

src/utils/ripgrep.test.ts

@@ -1,11 +1,52 @@
 import { expect, test } from 'bun:test'
+import path from 'path'
 
-import { wrapRipgrepUnavailableError } from './ripgrep.ts'
+import { resolveRipgrepConfig, wrapRipgrepUnavailableError } from './ripgrep.js'
+
+const MOCK_BUILTIN_PATH = path.normalize(
+  process.platform === 'win32'
+    ? `vendor/ripgrep/${process.arch}-win32/rg.exe`
+    : `vendor/ripgrep/${process.arch}-${process.platform}/rg`,
+)
+
+test('ripgrepCommand falls back to system rg when builtin binary is missing', () => {
+  const config = resolveRipgrepConfig({
+    userWantsSystemRipgrep: false,
+    bundledMode: false,
+    builtinCommand: MOCK_BUILTIN_PATH,
+    builtinExists: false,
+    systemExecutablePath: '/usr/bin/rg',
+    processExecPath: '/fake/bun',
+  })
+
+  expect(config).toMatchObject({
+    mode: 'system',
+    command: 'rg',
+    args: [],
+  })
+})
+
+test('ripgrepCommand keeps builtin mode when bundled binary exists', () => {
+  const config = resolveRipgrepConfig({
+    userWantsSystemRipgrep: false,
+    bundledMode: false,
+    builtinCommand: MOCK_BUILTIN_PATH,
+    builtinExists: true,
+    systemExecutablePath: '/usr/bin/rg',
+    processExecPath: '/fake/bun',
+  })
+
+  expect(config).toMatchObject({
+    mode: 'builtin',
+    command: MOCK_BUILTIN_PATH,
+    args: [],
+  })
+})
 
 test('wrapRipgrepUnavailableError explains missing packaged fallback', () => {
   const error = wrapRipgrepUnavailableError(
     { code: 'ENOENT', message: 'spawn rg ENOENT' },
-    { mode: 'builtin', command: 'C:\\fake\\vendor\\ripgrep\\rg.exe' },
+    { mode: 'builtin', command: 'C:\\fake\\vendor\\ripgrep\\rg.exe', args: [] },
     'win32',
   )
 
@@ -18,7 +59,7 @@ test('wrapRipgrepUnavailableError explains missing packaged fallback', () => {
 test('wrapRipgrepUnavailableError explains missing system ripgrep', () => {
   const error = wrapRipgrepUnavailableError(
     { code: 'ENOENT', message: 'spawn rg ENOENT' },
-    { mode: 'system', command: 'rg' },
+    { mode: 'system', command: 'rg', args: [] },
     'linux',
   )
 

src/utils/ripgrep.ts

@@ -1,5 +1,6 @@
 import type { ChildProcess, ExecFileException } from 'child_process'
 import { execFile, spawn } from 'child_process'
+import { existsSync } from 'fs'
 import memoize from 'lodash-es/memoize.js'
 import { homedir } from 'os'
 import * as path from 'path'
@@ -30,40 +31,72 @@ type RipgrepConfig = {
 
 type RipgrepErrorLike = Pick<NodeJS.ErrnoException, 'code' | 'message'>
 
-const getRipgrepConfig = memoize((): RipgrepConfig => {
-  const userWantsSystemRipgrep = isEnvDefinedFalsy(
-    process.env.USE_BUILTIN_RIPGREP,
-  )
+function isErrnoException(error: unknown): error is NodeJS.ErrnoException {
+  return error instanceof Error
+}
 
-  // Try system ripgrep if user wants it
-  if (userWantsSystemRipgrep) {
-    const { cmd: systemPath } = findExecutable('rg', [])
-    if (systemPath !== 'rg') {
-      // SECURITY: Use command name 'rg' instead of systemPath to prevent PATH hijacking
-      // If we used systemPath, a malicious ./rg.exe in current directory could be executed
-      // Using just 'rg' lets the OS resolve it safely with NoDefaultCurrentDirectoryInExePath protection
-      return { mode: 'system', command: 'rg', args: [] }
-    }
+type ResolveRipgrepConfigArgs = {
+  userWantsSystemRipgrep: boolean
+  bundledMode: boolean
+  builtinCommand: string
+  builtinExists: boolean
+  systemExecutablePath: string
+  processExecPath?: string
+}
+
+export function resolveRipgrepConfig({
+  userWantsSystemRipgrep,
+  bundledMode,
+  builtinCommand,
+  builtinExists,
+  systemExecutablePath,
+  processExecPath = process.execPath,
+}: ResolveRipgrepConfigArgs): RipgrepConfig {
+  if (userWantsSystemRipgrep && systemExecutablePath !== 'rg') {
+    // SECURITY: Use command name 'rg' instead of systemExecutablePath to prevent PATH hijacking
+    return { mode: 'system', command: 'rg', args: [] }
   }
 
-  // In bundled (native) mode, ripgrep is statically compiled into bun-internal
-  // and dispatches based on argv[0]. We spawn ourselves with argv0='rg'.
-  if (isInBundledMode()) {
+  if (bundledMode) {
     return {
       mode: 'embedded',
-      command: process.execPath,
+      command: processExecPath,
       args: ['--no-config'],
       argv0: 'rg',
     }
   }
 
+  if (builtinExists) {
+    return { mode: 'builtin', command: builtinCommand, args: [] }
+  }
+
+  if (systemExecutablePath !== 'rg') {
+    return { mode: 'system', command: 'rg', args: [] }
+  }
+
+  return { mode: 'builtin', command: builtinCommand, args: [] }
+}
+
+const getRipgrepConfig = memoize((): RipgrepConfig => {
+  const userWantsSystemRipgrep = isEnvDefinedFalsy(
+    process.env.USE_BUILTIN_RIPGREP,
+  )
+  const bundledMode = isInBundledMode()
   const rgRoot = path.resolve(__dirname, 'vendor', 'ripgrep')
-  const command =
+  const builtinCommand =
     process.platform === 'win32'
       ? path.resolve(rgRoot, `${process.arch}-win32`, 'rg.exe')
       : path.resolve(rgRoot, `${process.arch}-${process.platform}`, 'rg')
+  const builtinExists = existsSync(builtinCommand)
+  const { cmd: systemExecutablePath } = findExecutable('rg', [])
 
-  return { mode: 'builtin', command, args: [] }
+  return resolveRipgrepConfig({
+    userWantsSystemRipgrep,
+    bundledMode,
+    builtinCommand,
+    builtinExists,
+    systemExecutablePath,
+  })
 })
 
 export function ripgrepCommand(): {
@@ -324,7 +357,9 @@ async function ripGrepFileCount(
       if (settled) return
       settled = true
       reject(
-        err.code === 'ENOENT' ? wrapRipgrepUnavailableError(err) : err,
+        isErrnoException(err) && err.code === 'ENOENT'
+          ? wrapRipgrepUnavailableError(err)
+          : err,
       )
     })
   })
@@ -388,7 +423,9 @@ export async function ripGrepStream(
       if (settled) return
       settled = true
       reject(
-        err.code === 'ENOENT' ? wrapRipgrepUnavailableError(err) : err,
+        isErrnoException(err) && err.code === 'ENOENT'
+          ? wrapRipgrepUnavailableError(err)
+          : err,
       )
     })
   })
@@ -436,7 +473,9 @@ export async function ripGrep(
       const CRITICAL_ERROR_CODES = ['ENOENT', 'EACCES', 'EPERM']
       if (CRITICAL_ERROR_CODES.includes(error.code as string)) {
         reject(
-          error.code === 'ENOENT' ? wrapRipgrepUnavailableError(error) : error,
+          isErrnoException(error) && error.code === 'ENOENT'
+            ? wrapRipgrepUnavailableError(error)
+            : error,
         )
         return
       }

src/utils/schemaSanitizer.test.ts

@@ -0,0 +1,68 @@
+import { describe, expect, test } from 'bun:test'
+
+import { sanitizeSchemaForOpenAICompat } from './schemaSanitizer'
+
+describe('sanitizeSchemaForOpenAICompat', () => {
+  test('preserves Grep-like properties.pattern while keeping it required', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        pattern: {
+          type: 'string',
+          description: 'The regular expression pattern to search for in file contents',
+        },
+        path: { type: 'string' },
+        glob: { type: 'string' },
+      },
+      required: ['pattern'],
+    }
+
+    const sanitized = sanitizeSchemaForOpenAICompat(schema)
+    const properties = sanitized.properties as Record<string, unknown> | undefined
+
+    expect(Object.keys(properties ?? {})).toEqual(['pattern', 'path', 'glob'])
+    expect(properties?.pattern).toEqual({
+      type: 'string',
+      description: 'The regular expression pattern to search for in file contents',
+    })
+    expect(sanitized.required).toEqual(['pattern'])
+  })
+
+  test('preserves Glob-like properties.pattern while keeping it required', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        pattern: {
+          type: 'string',
+          description: 'The glob pattern to match files against',
+        },
+        path: { type: 'string' },
+      },
+      required: ['pattern'],
+    }
+
+    const sanitized = sanitizeSchemaForOpenAICompat(schema)
+    const properties = sanitized.properties as Record<string, unknown> | undefined
+
+    expect(Object.keys(properties ?? {})).toEqual(['pattern', 'path'])
+    expect(properties?.pattern).toEqual({
+      type: 'string',
+      description: 'The glob pattern to match files against',
+    })
+    expect(sanitized.required).toEqual(['pattern'])
+  })
+
+  test('strips JSON Schema validator pattern from string schemas', () => {
+    const schema = {
+      type: 'string',
+      pattern: '^[a-z]+$',
+      minLength: 1,
+    }
+
+    const sanitized = sanitizeSchemaForOpenAICompat(schema)
+
+    expect(sanitized).toEqual({
+      type: 'string',
+    })
+  })
+})

src/utils/schemaSanitizer.ts

@@ -33,6 +33,15 @@ function stripSchemaKeywords(schema: unknown, keywords: Set<string>): unknown {
 
   const result: Record<string, unknown> = {}
   for (const [key, value] of Object.entries(schema)) {
+    if (key === 'properties' && isSchemaRecord(value)) {
+      const sanitizedProps: Record<string, unknown> = {}
+      for (const [propName, propSchema] of Object.entries(value)) {
+        sanitizedProps[propName] = stripSchemaKeywords(propSchema, keywords)
+      }
+      result[key] = sanitizedProps
+      continue
+    }
+
     if (keywords.has(key)) {
       continue
     }
@@ -215,10 +224,13 @@ export function sanitizeSchemaForOpenAICompat(
     }
   }
 
-  if (Array.isArray(record.required) && isSchemaRecord(record.properties)) {
+  const properties = isSchemaRecord(record.properties)
+    ? record.properties
+    : undefined
+
+  if (Array.isArray(record.required) && properties) {
     record.required = record.required.filter(
-      (value): value is string =>
-        typeof value === 'string' && value in record.properties,
+      (value): value is string => typeof value === 'string' && value in properties,
     )
   }
 

src/utils/settings/types.ts

@@ -27,6 +27,7 @@ export {
 
 // Also import for use within this file
 import { type HookCommand, HooksSchema } from '../../schemas/hooks.js'
+import { AutoFixConfigSchema } from '../../services/autoFix/autoFixConfig.js'
 import { count } from '../array.js'
 
 /**
@@ -435,6 +436,12 @@ export const SettingsSchema = lazySchema(() =>
       hooks: HooksSchema()
         .optional()
         .describe('Custom commands to run before/after tool executions'),
+      autoFix: AutoFixConfigSchema
+        .optional()
+        .describe(
+          'Auto-fix configuration: automatically run lint/test after AI file edits ' +
+          'and feed errors back for self-repair.',
+        ),
       worktree: z
         .object({
           symlinkDirectories: z