chore: apply sweep decisions

[skip ci]
2026-05-08 23:40:05 +00:00 · 2026-05-08 23:40:05 +00:00 · aa41fc485e
commit aa41fc485e
parent e83e100571
2 changed files with 85 additions and 128 deletions
--- a/records/openclaw-openclaw/commits/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca.md
+++ b/records/openclaw-openclaw/commits/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca.md
@ -1,38 +0,0 @@
---
-sha: a1d288cbb770332d30529a2ba1c2aae3cf80a4ca
-parent: 57301d7624a03337d27cdf6e21c6e4bbbe25ebb4
-repository: openclaw/openclaw
-author: "Peter Steinberger"
-committer: "Peter Steinberger"
-github_author: steipete
-github_committer: steipete
-co_authors: []
-commit_authored_at: "2026-05-09T00:33:17+01:00"
-commit_committed_at: "2026-05-09T00:33:23+01:00"
-result: nothing_found
-confidence: high
-highest_severity: none
-check_conclusion: success
-reviewed_at: 2026-05-08T23:38:33+00:00
---
-
-# Commit a1d288cbb7
-
-Nothing found.
-
-## Details
-
- Do we have a high-confidence way to reproduce the issue? Not applicable; no actionable issue was found.
- Is this the best way to solve the issue? Not applicable; no fix is recommended.
-
-## Reviewed
-
- Diff: `57301d7624a03337d27cdf6e21c6e4bbbe25ebb4..a1d288cbb770332d30529a2ba1c2aae3cf80a4ca`
- Changed files: `ui/src/ui/views/config-quick.test.ts`
- Code read: `ui/src/ui/views/config-quick.test.ts`, `ui/src/ui/views/config-quick.ts`, `ui/AGENTS.md`, `docs/reference/test.md`
- Dependencies/web: no dependency files changed; no web lookup needed.
- Commands: `pnpm docs:list`; `git show --stat --format=fuller a1d288cbb770332d30529a2ba1c2aae3cf80a4ca`; `git diff --find-renames 57301d7624a03337d27cdf6e21c6e4bbbe25ebb4..a1d288cbb770332d30529a2ba1c2aae3cf80a4ca -- ui/src/ui/views/config-quick.test.ts`; `pnpm install`; `pnpm test ui/src/ui/views/config-quick.test.ts`; `git diff --check 57301d7624a03337d27cdf6e21c6e4bbbe25ebb4..a1d288cbb770332d30529a2ba1c2aae3cf80a4ca`; `pnpm exec oxfmt --check --threads=1 ui/src/ui/views/config-quick.test.ts`
-
-## Limitations
-
- none
--- a/records/openclaw-openclaw/items/58675.md
+++ b/records/openclaw-openclaw/items/58675.md
@ -1,5 +1,5 @@
 ---
-review_comment_synced_at: 2026-05-08T23:39:33.611Z
+review_comment_synced_at: 2026-05-07T23:12:20.344Z
 number: 58675
 repository: openclaw/openclaw
 type: pull_request
@ -7,13 +7,13 @@ title: "feat(github-copilot): auto-discover models via /models API"
 url: https://github.com/openclaw/openclaw/pull/58675
 state_at_review: open
 item_created_at: 2026-04-01T02:23:42Z
-item_updated_at: 2026-05-08T23:31:04Z
+item_updated_at: 2026-05-07T23:05:26Z
 author: jduartedj
 author_association: NONE
 labels: ["agents","size: M","triage: dirty-candidate","triage: needs-real-behavior-proof"]
-reviewed_at: 2026-05-08T23:38:52.846Z
-main_sha: a1d288cbb770332d30529a2ba1c2aae3cf80a4ca
-pull_head_sha: aaa89ede2522f8a2e2827de1477baf4d18989d63
+reviewed_at: 2026-05-07T23:11:42.951Z
+main_sha: 97d2d40fb75b86a947b335c4fc7d1bed7d59e61a
+pull_head_sha: 0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb
 latest_release: v2026.5.7
 latest_release_sha: eeef4864494f859838fec1586bedbab1f8fa5702
 fixed_release: unknown
@ -31,19 +31,19 @@ review_model: gpt-5.5
 review_reasoning_effort: high
 review_sandbox: danger-full-access
 review_service_tier: default
-review_prompt_chars: 133958
+review_prompt_chars: 134398
 review_static_prompt_chars: 33412
-review_context_chars: 99313
+review_context_chars: 99753
 review_schema_chars: 14081
 review_additional_prompt_chars: 0
-review_context_elapsed_ms: 6018
-review_codex_elapsed_ms: 259147
+review_context_elapsed_ms: 5068
+review_codex_elapsed_ms: 198796
 review_mode: propose
 review_status: complete
 local_checkout_access: verified
-item_snapshot_hash: ccc1aecaba87ea6a3788dc4ad30e4a29ac63e1f7dcc266c075ffb365afb91dc8
+item_snapshot_hash: 568ab6e0856bf6f70ab95a5212422ea8f2776c6b65b19ad10f5b23b111514a02
 close_comment_sha256: none
-review_comment_sha256: dff8642cbeb703b17e616d6c02d458c7e0588a46b9e2d9f305ce99d507889ce3
+review_comment_sha256: 2040ae16d80e2eeded3ba8ca2854c902e476dd5906ee879c39877e25369899ca
 review_comment_id: 4349682890
 review_comment_url: https://github.com/openclaw/openclaw/pull/58675#issuecomment-4349682890
 decision: keep_open
@ -52,13 +52,13 @@ confidence: high
 action_taken: kept_open
 work_candidate: manual_review
 work_confidence: high
-work_priority: medium
+work_priority: high
 work_status: manual_review
-work_reason_sha256: d1768bb03a033c8b8840205c0c31cd59cea0eaff96f1ac48963d6da2228061cd
+work_reason_sha256: d917b995d39857d8781a2f3f0527ea9bc7c31348f8b17e9c22b17c47ec9d445c
 work_prompt_sha256: none
-work_cluster_refs: ["https://github.com/openclaw/openclaw/issues/74159"]
-work_validation: ["pnpm test extensions/github-copilot/discovery.test.ts extensions/github-copilot/index.test.ts extensions/github-copilot/provider-discovery.contract.test.ts extensions/github-copilot/models.test.ts src/agents/models-config.providers.implicit.discovery-scope.test.ts","pnpm exec oxfmt --check --threads=1 extensions/github-copilot/discovery.ts extensions/github-copilot/index.ts src/agents/models-config.providers.implicit.ts src/plugin-sdk/test-helpers/provider-discovery-contract.ts CHANGELOG.md"]
-work_likely_files: ["extensions/github-copilot/discovery.ts","extensions/github-copilot/index.ts","extensions/github-copilot/models.ts","extensions/github-copilot/stream.ts","CHANGELOG.md"]
+work_cluster_refs: ["https://github.com/openclaw/openclaw/pull/58675","https://github.com/openclaw/openclaw/issues/74159"]
+work_validation: []
+work_likely_files: []
 item_category: feature
 reproduction_status: not_applicable
 reproduction_confidence: high
@ -84,9 +84,9 @@ Labels: agents, size: M, triage: dirty-candidate, triage: needs-real-behavior-pr

 Created at: Apr 1, 2026, 02:23 UTC

-Updated at: May 8, 2026, 23:31 UTC
+Updated at: May 7, 2026, 23:05 UTC

-Reviewed against: [a1d288cbb770](https://github.com/openclaw/openclaw/commit/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca)
+Reviewed against: [97d2d40fb75b](https://github.com/openclaw/openclaw/commit/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a)

 Codex review: model gpt-5.5, reasoning high

@ -104,48 +104,50 @@ Action taken: kept_open

 ## Summary

-Keep open. The provider-local discovery design is still useful and the latest head appears to have fixed the earlier SSRF concern, but it can still auto-register Copilot Gemini models that the current runtime is known to send to the unsupported Responses endpoint, and the external PR still needs real behavior proof plus a changelog entry.
+Keep open: the feature is useful and current main does not already implement Copilot `/models` discovery, but the latest PR head still has a source-proven SSRF policy regression, lacks required changelog coverage, and lacks concrete real behavior proof from the contributor's Copilot setup.

 ## What This Changes

-Adds GitHub Copilot `/models` catalog discovery with SSRF-guarded fetches, IDE/configured header forwarding, implicit header merging, and focused discovery tests.
+Adds GitHub Copilot `/models` catalog discovery during provider catalog resolution, merges discovered models and IDE headers into provider config, and updates focused provider discovery tests.

 ## Best Possible Solution

-Land provider-local Copilot discovery after it avoids advertising models the current Copilot transport cannot execute, adds an Unreleased changelog bullet, and includes redacted real runtime proof; keep the broader Gemini transport fix tracked in https://github.com/openclaw/openclaw/issues/74159.
+Land the provider-local discovery design after switching discovery to private-network-safe host scoping, adding regression coverage and a changelog bullet, and attaching redacted Copilot runtime proof; keep Gemini runtime routing tracked in https://github.com/openclaw/openclaw/issues/74159.

 ## Reproduction Assessment

-Not applicable for the feature request itself. For the blocking review finding, the source path is clear: the PR maps discovered non-Claude IDs through `resolveCopilotTransportApi`, and the linked Gemini issue provides current runtime evidence that this route fails for Copilot Gemini.
+Not applicable for the requested feature; however, the blocking security finding is source-reproducible by tracing configured `baseUrl` into the new discovery fetch policy and current SSRF semantics.

 ## Solution Assessment

-No. Provider-local discovery is the right shape and the latest head uses the safer SSRF policy, but it should not surface known runtime-broken Gemini discoveries and still needs changelog coverage plus real behavior proof before merge.
+No. Provider-local discovery is the right shape, but this patch should use private-network-safe host scoping, include changelog coverage, and provide real behavior proof before merge.

 ## Review Findings

 Overall correctness: patch is incorrect

-Overall confidence: 0.86
+Overall confidence: 0.9

 Full review comments:

- **[P2] Gate discovered Gemini models on supported transport:** `extensions/github-copilot/discovery.ts:65`
-  - body: Discovery can now register Copilot Gemini IDs that are not in the built-in list, but those IDs inherit `resolveCopilotTransportApi` and go through `openai-responses`. The linked open Gemini issue shows those Copilot models reject `/responses` and require chat completions, so this can advertise selectable models that fail and fall back at runtime. Filter those IDs until the transport is fixed, or make discovery endpoint-aware here.
-  - confidence: 0.86
+- **[P1] Keep discovery private-network blocked by default:** `extensions/github-copilot/discovery.ts:98-99`
+  - body: `configuredProvider.baseUrl` flows into discovery, but this policy uses `ssrfPolicyFromHttpBaseUrlAllowedHostname`, whose `allowedHostnames` path skips private-network checks. A configured loopback or metadata URL can therefore be fetched during startup without `request.allowPrivateNetwork`; use the provider transport's host allowlist pattern and only add private-network access when explicitly configured.
+  - confidence: 0.93
 - **[P3] Add the required changelog entry:** `extensions/github-copilot/index.ts:420-426`
-  - body: This is a user-facing Copilot model discovery feature, but the PR still does not touch `CHANGELOG.md`. Without an Unreleased entry, release notes will omit the new behavior.
+  - body: This PR adds user-facing Copilot model discovery, but the diff still does not include `CHANGELOG.md`. Repo policy requires user-facing feature changes to add an Unreleased changelog bullet, so release notes would miss the new behavior.
  - confidence: 0.91

 ## Security Review

-Status: cleared
+Status: needs_attention

-Summary: The latest diff uses the shared SSRF-guarded fetch with hostname allowlisting and explicit private-network opt-in; I found no remaining concrete security or supply-chain regression.
+Summary: The new authenticated discovery request still has a concrete SSRF policy regression for configured Copilot base URLs.

 Concerns:

- none
+- **[high] Configured discovery host bypasses private-IP checks:** `extensions/github-copilot/discovery.ts:98`
+  - body: The PR derives discovery policy from the configured `baseUrl` with `allowedHostnames`; current SSRF code treats those hosts as private-network-check exemptions, so private/internal hosts are reachable without explicit opt-in.
+  - confidence: 0.93

 ## Real Behavior Proof

@ -155,7 +157,7 @@ Evidence kind: none

 Needs contributor action: true

-Summary: The PR claims production testing, but it does not attach after-fix screenshots, terminal output, copied live output, recordings, linked artifacts, or redacted logs; the contributor should update the PR body with proof and redact private details before merge.
+Summary: The PR body claims production testing, but it does not include after-fix output, screenshots, recordings, terminal output, linked artifacts, or redacted logs showing the real Copilot discovery behavior.

 ## Work Candidate

@ -163,85 +165,78 @@ Candidate: manual_review

 Confidence: high

-Priority: medium
+Priority: high

 Status: manual_review

-Reason: Needs contributor-supplied real Copilot discovery proof and maintainer review of the Gemini discovery/transport boundary before automation should attempt repair.
+Reason: Needs contributor real behavior proof plus maintainer/security review of the SSRF policy fix before any repair or merge lane.

 Cluster refs:

+- https://github.com/openclaw/openclaw/pull/58675
 - https://github.com/openclaw/openclaw/issues/74159

 Likely files:

- extensions/github-copilot/discovery.ts
- extensions/github-copilot/index.ts
- extensions/github-copilot/models.ts
- extensions/github-copilot/stream.ts
- CHANGELOG.md
+- none

 Validation:

- pnpm test extensions/github-copilot/discovery.test.ts extensions/github-copilot/index.test.ts extensions/github-copilot/provider-discovery.contract.test.ts extensions/github-copilot/models.test.ts src/agents/models-config.providers.implicit.discovery-scope.test.ts
- pnpm exec oxfmt --check --threads=1 extensions/github-copilot/discovery.ts extensions/github-copilot/index.ts src/agents/models-config.providers.implicit.ts src/plugin-sdk/test-helpers/provider-discovery-contract.ts CHANGELOG.md
+- none

 ## Evidence

- **Current main lacks catalog discovery:** Current main's GitHub Copilot catalog returns a provider base URL with an empty model list; `extensions/github-copilot/discovery.ts` does not exist on main.
-  - file: [extensions/github-copilot/index.ts:387](https://github.com/openclaw/openclaw/blob/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca/extensions/github-copilot/index.ts#L387)
-  - command: `nl -ba extensions/github-copilot/index.ts | sed -n '330,460p'; test -e extensions/github-copilot/discovery.ts`
-  - sha: [a1d288cbb770](https://github.com/openclaw/openclaw/commit/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca)
- **PR adds guarded `/models` discovery:** The PR head builds `/models`, calls `fetchWithSsrFGuard`, forwards IDE/configured headers, filters enabled chat models, sorts by id, and maps them into model definitions.
-  - file: [extensions/github-copilot/discovery.ts:103](https://github.com/openclaw/openclaw/blob/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts#L103)
-  - command: `curl -L --fail --silent https://raw.githubusercontent.com/openclaw/openclaw/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts | nl -ba | sed -n '1,220p'`
-  - sha: [aaa89ede2522](https://github.com/openclaw/openclaw/commit/aaa89ede2522f8a2e2827de1477baf4d18989d63)
- **Private-network policy is improved on latest head:** The PR head uses `hostnameAllowlist` and only passes `allowPrivateNetwork` when configured; current SSRF enforcement keeps private-network checks unless that explicit opt-in is present.
-  - file: [extensions/github-copilot/discovery.ts:83](https://github.com/openclaw/openclaw/blob/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts#L83)
-  - command: `curl -L --fail --silent https://raw.githubusercontent.com/openclaw/openclaw/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts | nl -ba | sed -n '74,117p'; nl -ba src/infra/net/ssrf.ts | sed -n '279,303p'`
-  - sha: [aaa89ede2522](https://github.com/openclaw/openclaw/commit/aaa89ede2522f8a2e2827de1477baf4d18989d63)
- **Gemini transport issue remains open:** Current main still routes every non-Claude Copilot model to `openai-responses`, while https://github.com/openclaw/openclaw/issues/74159 reports direct Copilot evidence that Gemini models require `/chat/completions` and fail through `/responses`.
-  - file: [extensions/github-copilot/models.ts:21](https://github.com/openclaw/openclaw/blob/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca/extensions/github-copilot/models.ts#L21)
-  - command: `nl -ba extensions/github-copilot/models.ts | sed -n '1,90p'; curl --fail --silent https://api.github.com/repos/openclaw/openclaw/issues/74159`
-  - sha: [a1d288cbb770](https://github.com/openclaw/openclaw/commit/a1d288cbb770332d30529a2ba1c2aae3cf80a4ca)
- **PR maps discovered non-Claude models through existing transport inference:** Discovered model definitions set `api` from `resolveCopilotTransportApi`, so newly discovered Gemini IDs inherit the currently open `openai-responses` routing problem.
-  - file: [extensions/github-copilot/discovery.ts:65](https://github.com/openclaw/openclaw/blob/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts#L65)
-  - command: `curl -L --fail --silent https://raw.githubusercontent.com/openclaw/openclaw/aaa89ede2522f8a2e2827de1477baf4d18989d63/extensions/github-copilot/discovery.ts | nl -ba | sed -n '49,70p'`
-  - sha: [aaa89ede2522](https://github.com/openclaw/openclaw/commit/aaa89ede2522f8a2e2827de1477baf4d18989d63)
- **Changelog entry is missing:** The PR file list has eight files and no `CHANGELOG.md`; the head changelog has no Copilot model discovery entry under Unreleased.
-  - file: [CHANGELOG.md:5](https://github.com/openclaw/openclaw/blob/aaa89ede2522f8a2e2827de1477baf4d18989d63/CHANGELOG.md#L5)
-  - command: `curl --fail --silent https://api.github.com/repos/openclaw/openclaw/pulls/58675/files?per_page=100 | jq -r '.[].filename'; curl -L --fail --silent https://raw.githubusercontent.com/openclaw/openclaw/aaa89ede2522f8a2e2827de1477baf4d18989d63/CHANGELOG.md | sed -n '1,40p'`
-  - sha: [aaa89ede2522](https://github.com/openclaw/openclaw/commit/aaa89ede2522f8a2e2827de1477baf4d18989d63)
- **Real behavior proof is still absent:** The PR body and comments claim production and local validation, but the thread does not include after-fix terminal output, screenshots, recordings, redacted logs, or linked artifacts showing current-head Copilot discovery working.
-  - command: `curl --fail --silent https://api.github.com/repos/openclaw/openclaw/issues/58675/comments?per_page=100`
+- **Current main lacks Copilot catalog discovery:** The current catalog path resolves the Copilot base URL and returns an empty model list; no `extensions/github-copilot/discovery.ts` exists on main.
+  - file: [extensions/github-copilot/index.ts:390](https://github.com/openclaw/openclaw/blob/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a/extensions/github-copilot/index.ts#L390)
+  - command: `sed -n '330,470p' extensions/github-copilot/index.ts; rg -n "discoverCopilotModels|COPILOT_IDE_HEADERS" extensions/github-copilot`
+  - sha: [97d2d40fb75b](https://github.com/openclaw/openclaw/commit/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a)
+- **PR discovery uses the unsafe SSRF helper:** The PR builds discovery policy with `ssrfPolicyFromHttpBaseUrlAllowedHostname(baseUrl)` and only merges the private-network opt-in afterward.
+  - file: [extensions/github-copilot/discovery.ts:98](https://github.com/openclaw/openclaw/blob/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/extensions/github-copilot/discovery.ts#L98)
+  - command: `curl -L --silent --show-error https://raw.githubusercontent.com/jduartedj/openclaw/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/extensions/github-copilot/discovery.ts | nl -ba | sed -n '80,105p'`
+  - sha: [0b0a8aaeb867](https://github.com/openclaw/openclaw/commit/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb)
+- **`allowedHostnames` skips private-network checks:** Current SSRF enforcement treats hosts in `allowedHostnames` as `skipPrivateNetworkChecks`, so a configured private host can bypass the default block.
+  - file: [src/infra/net/ssrf.ts:155](https://github.com/openclaw/openclaw/blob/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a/src/infra/net/ssrf.ts#L155)
+  - command: `nl -ba src/infra/net/ssrf.ts | sed -n '80,125p;145,162p;286,304p'`
+  - sha: [97d2d40fb75b](https://github.com/openclaw/openclaw/commit/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a)
+- **Provider transport uses safer host scoping:** The normal model transport path uses `ssrfPolicyFromHttpBaseUrlFakeIpHostnameAllowlist`, which produces `hostnameAllowlist` and keeps private-network blocking unless `allowPrivateNetwork` is explicit.
+  - file: [src/agents/provider-transport-fetch.ts:304](https://github.com/openclaw/openclaw/blob/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a/src/agents/provider-transport-fetch.ts#L304)
+  - command: `nl -ba src/agents/provider-transport-fetch.ts | sed -n '292,318p'`
+  - sha: [97d2d40fb75b](https://github.com/openclaw/openclaw/commit/97d2d40fb75b86a947b335c4fc7d1bed7d59e61a)
+- **Changelog entry missing:** The PR file list has eight code/test files and no `CHANGELOG.md`; the PR branch changelog has no Copilot model discovery entry under Unreleased.
+  - file: [CHANGELOG.md:5](https://github.com/openclaw/openclaw/blob/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/CHANGELOG.md#L5)
+  - command: `curl -L --silent --show-error https://api.github.com/repos/openclaw/openclaw/pulls/58675/files?per_page=100; curl -L --silent --show-error https://raw.githubusercontent.com/jduartedj/openclaw/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/CHANGELOG.md | rg -n "Copilot|copilot|GitHub"`
+  - sha: [0b0a8aaeb867](https://github.com/openclaw/openclaw/commit/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb)
+- **Real behavior proof still absent:** The PR body states production testing, but the body and comments do not include concrete after-fix output, screenshots, logs, recordings, or linked artifacts showing discovered models and a successful run.
+  - command: `curl -L --silent --show-error https://api.github.com/repos/openclaw/openclaw/pulls/58675; curl -L --silent --show-error https://api.github.com/repos/openclaw/openclaw/issues/58675/comments?per_page=100`
+  - sha: [0b0a8aaeb867](https://github.com/openclaw/openclaw/commit/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb)
+- **Related Gemini runtime work remains separate:** The PR now skips Gemini discovered IDs and points to the still-open dedicated Gemini transport/auth-header issue.
+  - file: [extensions/github-copilot/discovery.ts:133](https://github.com/openclaw/openclaw/blob/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/extensions/github-copilot/discovery.ts#L133)
+  - command: `curl -L --silent --show-error https://raw.githubusercontent.com/jduartedj/openclaw/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb/extensions/github-copilot/discovery.ts | nl -ba | sed -n '112,138p'`
+  - sha: [0b0a8aaeb867](https://github.com/openclaw/openclaw/commit/0b0a8aaeb8671c8fe52ebeabe0ae4750b0463afb)

 ## Likely Related People

- **steipete:** recent maintainer
-  - reason: Recent commits own Copilot transport behavior, provider discovery config, and the provider-discovery contract helper touched by this PR.
+- **steipete:** recent maintainer and adjacent owner
+  - reason: Recent main history owns the Copilot Claude transport direction and the provider-host SSRF policy pattern this PR needs to follow.
  - confidence: high
-  - commits: 5d20c73e05c844a4858dd32237fda89dda595d4f, 1c5a4d2a2b92c09944fdd2deabcb1e852cdc909a, 027337df791794c8abc38da986dd4c8b9658a164
-  - files: extensions/github-copilot/models.ts, src/agents/models-config.providers.implicit.ts, src/plugin-sdk/test-helpers/provider-discovery-contract.ts
- **vincentkoc:** adjacent owner
-  - reason: Recent work refreshed Copilot live discovery config and made provider discovery runtime behavior explicit in adjacent paths.
-  - confidence: medium
-  - commits: 6dba5cc2a038d035bd7cfda867c6d118db7ae9d2, 522eedc75437
+  - commits: 5d20c73e05c844a4858dd32237fda89dda595d4f, edb7e00721fd4e35f48389aa94c6aa39e6339a4e, ca620fbd4f9f7eade5f7962755bd0d0ed786f432
+  - files: extensions/github-copilot/models.ts, extensions/github-copilot/index.ts, src/agents/provider-transport-fetch.ts, src/infra/net/ssrf.ts
+- **vincentkoc:** recent provider-discovery maintainer
+  - reason: Recent merged work touched Copilot live discovery config and provider-discovery runtime flow adjacent to this catalog path.
+  - confidence: high
+  - commits: 6dba5cc2a038d035bd7cfda867c6d118db7ae9d2, 522eedc754370ecc7229556fac6c74ecc627a07f
  - files: extensions/github-copilot/index.ts, src/agents/models-config.providers.implicit.ts
 - **fuller-stack-dev:** introduced adjacent behavior
-  - reason: Introduced the forward-compatible Copilot dynamic model resolver that this PR's catalog discovery now interacts with.
+  - reason: Introduced the forward-compatible GitHub Copilot dynamic model resolver that this PR extends from manual model IDs to provider catalog discovery.
  - confidence: medium
  - commits: 5137a51307469721e509df011f0fbcfee1a5d21a
-  - files: extensions/github-copilot/models.ts
- **shakkernerd:** adjacent maintainer
-  - reason: Recent provider discovery filter and metadata work is adjacent to the implicit-provider resolution paths changed by this PR.
-  - confidence: medium
-  - commits: 5531502cb009, 4cd2cabe7fca, 4e7de4b5c9ed
-  - files: src/agents/models-config.providers.implicit.ts
+  - files: extensions/github-copilot/models.ts, extensions/github-copilot/models-defaults.ts

 ## Risks / Open Questions

- No attached live output from the latest head proves Copilot `/models` discovery in a real account after the SSRF guard rewrite.
- The open Gemini transport issue can make newly discovered Gemini models appear selectable even though current runtime routing is known to fail.
+- The authenticated discovery fetch can still reach configured private/internal Copilot base URLs without explicit private-network opt-in.
+- The external PR has only textual testing claims, not concrete after-fix runtime proof from a real Copilot account.
+- The user-facing feature still lacks release-note coverage, and CI for the exact latest head was pending during review.

 ## Close Comment

@ -250,18 +245,18 @@ _No close comment posted._
 ## GitHub Snapshot

 - comments: 12
- timeline events: 76
+- timeline events: 77
 - related items: 2
 - PR files: 8
- PR commits: 2
+- PR commits: 5

 ## Review Telemetry

- prompt chars: 133958
+- prompt chars: 134398
 - static prompt chars: 33412
- context chars: 99313
+- context chars: 99753
 - schema chars: 14081
 - additional prompt chars: 0
- context collection ms: 6018
- Codex review ms: 259147
+- context collection ms: 5068
+- Codex review ms: 198796