Skip to content

Architecture

Jump to bottom
Suhaib Bin Younis edited this page Dec 23, 2025 · 1 revision

Architecture Overview

The GitHub Copilot API Gateway is designed as a secure, local proxy that standardizes interactions with GitHub Copilot's underlying models. It transforms various API formats (OpenAI, Anthropic, Google) into a unified interface that communicates with the Copilot backend.

High-Level Design

graph TD
    Client[Client App (Cursor, LangChain, etc.)] -->|HTTP/REST| Gateway[Copilot API Gateway (Localhost:3030)]
    Gateway -->|Auth Handshake| VSCode[VS Code Authentication]
    Gateway -->|Model Inference| GitHub[GitHub Copilot API]
    
    subgraph "Extension Internals"
        Gateway --> Router[Endpoint Router]
        Router -->|/v1/chat/completions| OpenAILayer[OpenAI Compatibility Layer]
        Router -->|/v1/messages| AnthropicLayer[Anthropic Compatibility Layer]
        Router -->|/v1beta/models| GoogleLayer[Google Compatibility Layer]
        
        Gateway --> Security[Security & Redaction]
        Gateway --> Audit[Audit Logging]
        Gateway --> MCP[MCP Service]
    end
Loading

Core Components

1. API Gateway (CopilotApiGateway.ts)

The heart of the extension. It spins up a Node.js HTTP/S server that listens for incoming requests.

  • Port Management: Default port 3030, configurable.
  • Protocol Support: HTTP, HTTPS, and WebSockets.
  • Request Lifecycle:
    1. Authentication: Verifies Authorization header against configured API key.
    2. Security Checks: Validates IP against Allowlist and checks rate limits.
    3. Redaction: Scans request body for sensitive PII (redaction patterns) before processing.
    4. Routing: Dispatches to the appropriate provider handler.
    5. Proxying: Authenticates with GitHub using the user's active VS Code session and forwards the request.
    6. Telemetry: Logs usage, tokens, and latency.

2. Security Layer

Security is paramount since the gateway exposes an API.

  • IP Allowlisting: Middleware that rejects connections from unknown IPs/CIDRs.
  • Data Redaction: A Regex-based engine that sanitizes both input prompts and output responses.
  • Audit Logging: AuditService records immutable logs of all traffic for compliance.

3. Apps Hub (AppsPanel.ts & src/apps/)

A built-in platform for "Micro-Apps" that leverage the local API.

  • Registry: src/apps/registry.ts manages available apps.
  • Execution: Apps run within the extension host but can interact with the VS Code UI via the side panel.

4. Model Context Protocol (MCP) (McpService.ts)

Implements the standardized protocol for connecting AI models to external tools and data contexts.

Clone this wiki locally