♻️ Reproduction Steps
- Stand up a self-hosted AG-UI backend that requires an
Authorization header (returns 401 without it).
- Create an agent with a header and register it on the provider:
import { HttpAgent } from "@ag-ui/client";
import { CopilotKitProvider } from "@copilotkit/react-core/v2";
const agent = new HttpAgent({
url: "http://localhost:XXXX/foundry-agent",
headers: { Authorization: "Bearer <token>" }, // also try mutating agent.headers afterwards
});
<CopilotKitProvider agents__unsafe_dev_only={{ foundry: agent }}>
{/* ...chat... */}
</CopilotKitProvider>
- Send a message and inspect the outgoing request (Network tab / backend logs).
Observed: no Authorization header on the request; backend returns 401.
Workaround that works: drop the per-agent header and pass it via the provider prop instead:
<CopilotKitProvider
headers={{ Authorization: "Bearer <token>" }}
agents__unsafe_dev_only={{ foundry: agent }}
>
✅ Expected Behavior
One of:
applyHeadersToAgent should merge the core headers into the agent's existing headers (agent.headers = { ...agent.headers, ...core.headers }) rather than replacing them, or
- the behavior should be clearly documented: "headers set on an
HttpAgent passed to agents__unsafe_dev_only are ignored; use the CopilotKitProvider headers prop."
The silent overwrite with no warning is surprising and hard to debug (the request simply goes out without the header).
❌ Actual Behavior
agent.headers is replaced by { ...core.headers } at registration, so headers configured directly on the agent are dropped without any warning. The only working channel is the provider-level headers prop.
Screenshots
No response
𝌚 CopilotKit Version
├── @ag-ui/client@0.0.52
├── @copilotkit/react-core@1.56.2
├── @copilotkit/react-ui@1.56.2
📄 Logs (Optional)
♻️ Reproduction Steps
Authorizationheader (returns 401 without it).Observed: no
Authorizationheader on the request; backend returns 401.Workaround that works: drop the per-agent header and pass it via the provider prop instead:
✅ Expected Behavior
One of:
applyHeadersToAgentshould merge the core headers into the agent's existing headers (agent.headers = { ...agent.headers, ...core.headers }) rather than replacing them, orHttpAgentpassed toagents__unsafe_dev_onlyare ignored; use theCopilotKitProviderheadersprop."The silent overwrite with no warning is surprising and hard to debug (the request simply goes out without the header).
❌ Actual Behavior
agent.headersis replaced by{ ...core.headers }at registration, so headers configured directly on the agent are dropped without any warning. The only working channel is the provider-levelheadersprop.Screenshots
No response
𝌚 CopilotKit Version
📄 Logs (Optional)