feat: allow kernel.plugin_error event

[0x4007]

Allow kernel.plugin_error in plugin-sdk config and manifest schemas.

[gentlementlegen]

You should not target main

[Copilot]

Pull request overview

This PR adds support for a custom kernel.plugin_error event in plugin configuration and manifest schemas, and implements automatic kernel token refresh before LLM API calls. The PR includes significant functionality beyond what the title suggests.

Changes:

• Added kernel.plugin_error to allowed events in both manifest and configuration schemas
• Implemented automatic kernel attestation token refresh when calling LLM API with GitHub tokens
• Added comprehensive test coverage for the token refresh flow
• Cleaned up duplicate documentation sections in README

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
src/types/manifest.ts	Added kernel.plugin_error to custom events array for manifest schema validation
src/configuration/schema.ts	Added kernel.plugin_error to custom events array and modified plugin settings schema to make "with" field non-optional with default
src/llm/index.ts	Implemented kernel token refresh logic including URL resolution, token update, and refresh API call handling
tests/llm.test.ts	Added test case validating kernel token refresh flow before LLM calls
README.md	Removed duplicate LLM utility documentation sections
CHANGELOG.md	Added entry for kernel attestation refresh feature

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Test coverage is missing for error scenarios in the kernel token refresh flow, such as: refresh endpoint returns non-2xx status, refresh response missing required fields, refresh response with invalid JSON, or network failures during refresh. These scenarios should be tested to ensure proper error handling and messaging.

[Copilot]

There are no tests validating that the new kernel.plugin_error event is accepted in plugin configurations and manifests. Consider adding tests that verify this event can be used in both the runsOn configuration array and the ubiquity:listeners manifest array, similar to existing tests for standard GitHub webhook events like issues.opened.

[Copilot]

The callLlm function mutates the input object by updating authToken and ubiquityKernelToken when refreshing kernel tokens. This side effect is not documented and could lead to unexpected behavior if callers rely on the input object remaining unchanged. Consider documenting this behavior in a JSDoc comment for the function, or consider returning the updated tokens as part of the response instead of mutating the input.

[Copilot]

The test validates that the refreshed tokens are used in the LLM API call, but doesn't verify that the input object is updated with the new tokens. Consider adding assertions to check that input.authToken and input.ubiquityKernelToken have been updated to the refreshed values after the callLlm function completes, since the code explicitly mutates these values via updateInputTokens.

[Copilot]

Test coverage is missing for the case where kernel token refresh should be skipped. According to the implementation logic, refresh should not occur when: 1) the token is not a GitHub token, 2) kernelRefreshUrl is not configured, 3) kernelToken is missing, or 4) an explicit aiAuthToken is provided. Consider adding test cases for these scenarios to ensure the refresh logic is correctly bypassed.

[Copilot]

The removal of T.Optional from the "with" field changes the schema behavior. While the field now has a default empty object, this represents a semantic change in how plugin configurations are validated. Previously, the "with" field could be entirely omitted from a plugin configuration object; now it will always be present (either explicitly or as an empty object). This change doesn't appear to be mentioned in the PR description or related to the stated purpose of allowing the kernel.plugin_error event.

[Copilot]

The CHANGELOG entry mentions "refresh kernel attestation before LLM calls" but does not mention the kernel.plugin_error event feature, which is the stated purpose of this PR according to the title and description. The entry should be updated to include both features or clarified to match the actual scope of changes.

[Copilot]

The refreshKernelTokens function does not implement retry logic for transient failures. If the kernel refresh endpoint experiences temporary issues, the LLM call will fail even though the refresh might succeed on retry. Consider adding retry logic similar to fetchWithRetry that's used for LLM API calls, particularly for 5xx errors.

[0x4007]

@gentlementlegen just changed target to development

[0x4007]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4b0303c734

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[gentlementlegen]

Code changes seem fine to me, would like to have a real e2e test refreshing a token, that shouldn't be hard to do only using the SDK with a small snippet of code. Please resolve the merge conflicts too.