Copilot CLI app.js reverse-engineering wiki
This wiki documents the extracted @github/copilot CLI bundle with source-anchored implementation notes. The analyzed artifact is:
copilot-cli-pkg/app.js
The wiki is organized around source-anchored internals questions: how the bundled CLI starts, shapes model context, exposes tools, persists sessions, runs hosted jobs, delegates work, and supports future source-atlas research. The canonical sections below are both the physical layout and the reader path.
Because app.js is bundled/minified, symbol names are unstable. Source anchors are intended for searching the analyzed bundle, not as public API names.
Semantic alias and minified anchor mapping
This home page is a navigation index, not a direct app.js implementation analysis. Concrete topic pages map stable semantic aliases to version-specific minified anchors.
| Semantic alias | Minified anchor | Scope |
|---|---|---|
| Wiki home | N/A — navigation page | Orients readers to the canonical sections and reading paths. |
| Section indexes | N/A — see linked section README pages | Curated reader routes through source-anchored implementation pages. |
| Topic implementation pages | See page-level source anchor tables | Bundle-specific anchors live in focused implementation documents. |
Internals wiki map
flowchart TD Home[Wiki home] --> Start[00 Start here] Home --> Runtime[01 Runtime lifecycle] Home --> Loop[02 Context and model loop] Home --> Tools[03 Tools, integrations, and security] Home --> Sessions[04 Sessions, persistence, and remote] Home --> Hosted[05 Hosted agent ops] Home --> Agents[06 Agents and automation]
Start --> Runtime Runtime --> Loop Loop --> Tools Runtime --> Sessions Sessions --> Hosted Loop --> Agents
click Home "./" "Open wiki home" click Start "./00-start-here/" "Open Start here" click Runtime "./01-runtime-lifecycle/" "Open Runtime lifecycle" click Loop "./02-context-model-loop/" "Open Context and model loop" click Tools "./03-tools-integrations-security/" "Open Tools, integrations, and security" click Sessions "./04-sessions-persistence-remote/" "Open Sessions, persistence, and remote" click Hosted "./05-hosted-agent-ops/" "Open Hosted agent ops" click Agents "./06-agents-automation/" "Open Agents and automation"Canonical sections
| Section | Purpose |
|---|---|
| Start here | Minimal orientation: what the bundle is, how to read minified anchors, and the first path through the runtime. |
| Runtime lifecycle | Loader/bootstrap, root command routing, TUI/headless/server/ACP modes, terminal/runtime support, and shutdown. |
| Context and model loop | Prompt/context assembly, attachments, memory, compaction, provider routing, retries, quota, and usage accounting. |
| Tools, integrations, and security | Runtime tool assembly/execution, MCP/plugins/SDK/IDE/web bridges, permissions, redaction, hooks, sandboxing, and persistent policy. |
| Sessions, persistence, and remote | Event-sourced sessions, replay, SessionFs, SQLite/FTS, fork/rewind, UI projection, repository context, and remote control. |
| Hosted agent ops | Hosted job environment, COPILOT_AGENT_* settings, hosted MCP/OIDC bootstrap, firewall/trajectory outputs, debug bundles, OTel, and feature gates. |
| Agents and automation | Built-in/custom agents, task/subagent orchestration, autopilot/no-ask-user, fleet mode, and scheduled prompts. |
Recommended reading paths
| Goal | Read this path |
|---|---|
| Get oriented quickly | Start here → Runtime lifecycle → Context and model loop |
| Understand one complete agent turn | Runtime lifecycle → Context and model loop → Tools, integrations, and security |
| Understand durable sessions | Sessions, persistence, and remote → Conversation session end-to-end → Session persistence, replay, and indexing |
| Understand hosted/cloud coding-agent behavior | Hosted agent ops → Hosted agent environment → Remote control protocol and steering |
| Review trust boundaries | Tools, integrations, and security → Tool, path, and URL permissions → Content exclusion and redaction → Debug bundle redaction boundaries |
| Study automation and subagents | Agents and automation → Agent and task orchestration → Built-in agents |
| Triage a raw constant or minified symbol | Start with generated source-atlas/ outputs in the repository root, then promote confirmed findings into the closest canonical section. |
Cross-cutting implementation matrix
| Concern | Primary internals section | Supporting sections |
|---|---|---|
| Runtime mode selection | Runtime lifecycle | Start here, Sessions, persistence, and remote |
| Context engineering | Context and model loop | Agents and automation, Tools, integrations, and security |
| Tool execution | Tools, integrations, and security | Hosted agent ops, Agents and automation |
| Session/event lifecycle | Sessions, persistence, and remote | Runtime lifecycle, Hosted agent ops |
| Hosted coding-agent operation | Hosted agent ops | Sessions, persistence, and remote, Tools, integrations, and security |
| Permissions and redaction | Tools, integrations, and security | Hosted agent ops, Context and model loop |
| Subagents and automation | Agents and automation | Context and model loop, Sessions, persistence, and remote |
| Source discovery and diff triage | Repository source-atlas/ outputs | All canonical sections after findings are confirmed. |
Implementation page inventory
For a compact full table of contents, see SUMMARY.md. The detailed source-anchored pages remain intentionally focused inside the canonical section directories; section indexes explain how to read them in order.
Naming and maintenance conventions
| Area | Convention |
|---|---|
| Canonical reader path | Use the canonical section directories (00-start-here through 06-agents-automation). |
| Deep implementation pages | Keep focused pages source-anchored; move or merge them only when the page scope changes, not merely to chase numbering. |
| Topic titles | Prefer reader-facing titles over historical source filenames. Keep app.js in the title only when the page is specifically about bundle-level behavior. |
| Adding pages | Add the page under the closest internals section when it is part of the main reader path; keep raw discovery notes and watchpoints outside the final wiki. |
| Link text | Use human-readable page titles in prose; reserve raw filenames for maintenance tables. |
Important caveat
These pages document a bundled/minified production artifact, not clean source. Semantic names in prose and diagrams are explanatory aliases. Generated/minified symbols are retained only when useful as search anchors for the analyzed bundle.
Author
This wiki was created and is maintained by Yingting Huang.
Created and maintained by Yingting Huang.