* Make Copilot sanity tests mint their own token instead of using static copilot-token
The Copilot sanity tests resolve their Copilot token via
getOrCreateTestingCopilotTokenManager, which prefers VSCODE_COPILOT_CHAT_TOKEN
(set here from the `copilot-token` Key Vault secret) over GITHUB_OAUTH_TOKEN.
`copilot-token` holds a pre-minted Copilot token that is refreshed out-of-band
by a separate scheduled pipeline. When that refresher broke (the GitHub OAuth
secret it reads was rotated/removed during a security incident), `copilot-token`
silently went stale and expired. The static token manager hands the expired
token to CAPI `/models`, which returns 401, leaving no resolved model and
surfacing the misleading "server did not mark a chat fallback model" error.
Drop the static `copilot-token` so the tests fall through to GITHUB_OAUTH_TOKEN
(`capi-oauth-pipeline-token`) and exchange it for a fresh Copilot token on
demand. This path self-refreshes and removes the dependency on the external
refresher.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Re-enable sanity tests and surface model-fetch error
- Re-enable the three Copilot sanity tests that were temporarily skipped in
#323684 now that token resolution is fixed.
- Surface the underlying model-fetch error (e.g. an expired-token 401) from
ModelMetadataFetcher resolve methods instead of the misleading
"server did not mark a chat fallback model" message.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Omit reasoning summary instead of sending invalid 'off' value
#323639 disabled Responses API reasoning summaries by hard-coding
`reasoning.summary = 'off'`, but the Responses API only accepts
'concise', 'detailed', or 'auto' (or omitting the field to disable).
Models such as gpt-5.3-codex reject 'off' with HTTP 400
invalid_request_body, which surfaced as failing Copilot sanity tests
once they could reach the model.
Set summary to undefined so the field is omitted (summaries stay
disabled, as intended) and update the unit test accordingly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Decouple reasoning-preserve test from disabled summary
The "should preserve reasoning object when thinking is supported" test
relied on the reasoning summary always being present to keep
body.reasoning defined. Now that the summary is omitted, give the test
model reasoning_effort support so body.reasoning is populated via effort,
which is what the test actually means to verify.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* signing commit
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rename capi-oauth secret to capi-oauth-pipeline-token
The capi-oauth Key Vault secret value leaked. Rename the secret
reference to capi-oauth-pipeline-token so that revoking the old
capi-oauth secret cuts off access for any other harness still
pointing at the old name. The new name is also more descriptive of
its purpose (CAPI OAuth token used in the automation pipeline).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The getEnv.mts error handler only used console.error (stderr), which gets
swallowed by the npm/PowerShell chain on Windows CI agents. Add a
console.log call so the error message appears in Azure DevOps logs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>