Breaking change: deny all permissions by default (#509)

Author: SteveSandersonMS

docs/compatibility.md

@@ -124,20 +124,13 @@ The `--share` option is not available via SDK. Workarounds:
 
 ### Permission Control
 
+The SDK uses a **deny-by-default** permission model. All permission requests (file writes, shell commands, URL fetches, etc.) are denied unless your app provides an `onPermissionRequest` handler.
+
 Instead of `--allow-all-paths` or `--yolo`, use the permission handler:
 
 ```typescript
 const session = await client.createSession({
-  onPermissionRequest: async (request) => {
-    // Auto-approve everything (equivalent to --yolo)
-    return { approved: true };
-    
-    // Or implement custom logic
-    if (request.kind === "shell") {
-      return { approved: request.command.startsWith("git") };
-    }
-    return { approved: true };
-  },
+  onPermissionRequest: approveAll,
 });
 ```
 

dotnet/samples/Chat.cs

@@ -1,7 +1,10 @@
 using GitHub.Copilot.SDK;
 
 await using var client = new CopilotClient();
-await using var session = await client.CreateSessionAsync();
+await using var session = await client.CreateSessionAsync(new SessionConfig
+{
+    OnPermissionRequest = PermissionHandler.ApproveAll
+});
 
 using var _ = session.On(evt =>
 {

dotnet/src/Client.cs

@@ -377,7 +377,7 @@ public async Task<CopilotSession> CreateSessionAsync(SessionConfig? config = nul
             config?.AvailableTools,
             config?.ExcludedTools,
             config?.Provider,
-            config?.OnPermissionRequest != null ? true : null,
+            (bool?)true,
             config?.OnUserInputRequest != null ? true : null,
             hasHooks ? true : null,
             config?.WorkingDirectory,
@@ -461,7 +461,7 @@ public async Task<CopilotSession> ResumeSessionAsync(string sessionId, ResumeSes
             config?.AvailableTools,
             config?.ExcludedTools,
             config?.Provider,
-            config?.OnPermissionRequest != null ? true : null,
+            (bool?)true,
             config?.OnUserInputRequest != null ? true : null,
             hasHooks ? true : null,
             config?.WorkingDirectory,

dotnet/src/PermissionHandlers.cs

@@ -0,0 +1,13 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *--------------------------------------------------------------------------------------------*/
+
+namespace GitHub.Copilot.SDK;
+
+/// <summary>Provides pre-built <see cref="PermissionRequestHandler"/> implementations.</summary>
+public static class PermissionHandler
+{
+    /// <summary>A <see cref="PermissionRequestHandler"/> that approves all permission requests.</summary>
+    public static PermissionRequestHandler ApproveAll { get; } =
+        (_, _) => Task.FromResult(new PermissionRequestResult { Kind = "approved" });
+}

dotnet/src/Session.cs

@@ -47,7 +47,7 @@ public partial class CopilotSession : IAsyncDisposable
     private readonly HashSet<SessionEventHandler> _eventHandlers = new();
     private readonly Dictionary<string, AIFunction> _toolHandlers = new();
     private readonly JsonRpc _rpc;
-    private PermissionHandler? _permissionHandler;
+    private PermissionRequestHandler? _permissionHandler;
     private readonly SemaphoreSlim _permissionHandlerLock = new(1, 1);
     private UserInputHandler? _userInputHandler;
     private readonly SemaphoreSlim _userInputHandlerLock = new(1, 1);
@@ -292,7 +292,7 @@ internal void RegisterTools(ICollection<AIFunction> tools)
     /// When the assistant needs permission to perform certain actions (e.g., file operations),
     /// this handler is called to approve or deny the request.
     /// </remarks>
-    internal void RegisterPermissionHandler(PermissionHandler handler)
+    internal void RegisterPermissionHandler(PermissionRequestHandler handler)
     {
         _permissionHandlerLock.Wait();
         try
@@ -313,7 +313,7 @@ internal void RegisterPermissionHandler(PermissionHandler handler)
     internal async Task<PermissionRequestResult> HandlePermissionRequestAsync(JsonElement permissionRequestData)
     {
         await _permissionHandlerLock.WaitAsync();
-        PermissionHandler? handler;
+        PermissionRequestHandler? handler;
         try
         {
             handler = _permissionHandler;

dotnet/src/Types.cs

@@ -166,7 +166,7 @@ public class PermissionInvocation
     public string SessionId { get; set; } = string.Empty;
 }
 
-public delegate Task<PermissionRequestResult> PermissionHandler(PermissionRequest request, PermissionInvocation invocation);
+public delegate Task<PermissionRequestResult> PermissionRequestHandler(PermissionRequest request, PermissionInvocation invocation);
 
 // ============================================================================
 // User Input Handler Types
@@ -793,7 +793,7 @@ protected SessionConfig(SessionConfig? other)
     /// Handler for permission requests from the server.
     /// When provided, the server will call this handler to request permission for operations.
     /// </summary>
-    public PermissionHandler? OnPermissionRequest { get; set; }
+    public PermissionRequestHandler? OnPermissionRequest { get; set; }
 
     /// <summary>
     /// Handler for user input requests from the agent.
@@ -932,7 +932,7 @@ protected ResumeSessionConfig(ResumeSessionConfig? other)
     /// Handler for permission requests from the server.
     /// When provided, the server will call this handler to request permission for operations.
     /// </summary>
-    public PermissionHandler? OnPermissionRequest { get; set; }
+    public PermissionRequestHandler? OnPermissionRequest { get; set; }
 
     /// <summary>
     /// Handler for user input requests from the agent.

dotnet/test/HooksTests.cs

@@ -17,6 +17,7 @@ public async Task Should_Invoke_PreToolUse_Hook_When_Model_Runs_A_Tool()
         CopilotSession? session = null;
         session = await Client.CreateSessionAsync(new SessionConfig
         {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>
@@ -52,6 +53,7 @@ public async Task Should_Invoke_PostToolUse_Hook_After_Model_Runs_A_Tool()
         CopilotSession? session = null;
         session = await Client.CreateSessionAsync(new SessionConfig
         {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPostToolUse = (input, invocation) =>
@@ -89,6 +91,7 @@ public async Task Should_Invoke_Both_PreToolUse_And_PostToolUse_Hooks_For_Single
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>
@@ -130,6 +133,7 @@ public async Task Should_Deny_Tool_Execution_When_PreToolUse_Returns_Deny()
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>

dotnet/test/McpAndAgentsTests.cs

@@ -279,7 +279,8 @@ public async Task Should_Pass_Literal_Env_Values_To_Mcp_Server_Subprocess()
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
-            McpServers = mcpServers
+            McpServers = mcpServers,
+            OnPermissionRequest = PermissionHandler.ApproveAll,
         });
 
         Assert.Matches(@"^[a-f0-9-]+$", session.SessionId);

dotnet/test/PermissionTests.cs

@@ -70,6 +70,30 @@ await session.SendAsync(new MessageOptions
         Assert.Equal("protected content", content);
     }
 
+    [Fact]
+    public async Task Should_Deny_Tool_Operations_By_Default_When_No_Handler_Is_Provided()
+    {
+        var session = await Client.CreateSessionAsync(new SessionConfig());
+        var permissionDenied = false;
+
+        session.On(evt =>
+        {
+            if (evt is ToolExecutionCompleteEvent toolEvt &&
+                !toolEvt.Data.Success &&
+                toolEvt.Data.Error?.Message.Contains("Permission denied") == true)
+            {
+                permissionDenied = true;
+            }
+        });
+
+        await session.SendAndWaitAsync(new MessageOptions
+        {
+            Prompt = "Run 'node --version'"
+        });
+
+        Assert.True(permissionDenied, "Expected a tool.execution_complete event with Permission denied result");
+    }
+
     [Fact]
     public async Task Should_Work_Without_Permission_Handler__Default_Behavior_()
     {
@@ -161,6 +185,37 @@ await session.SendAsync(new MessageOptions
         Assert.Matches("fail|cannot|unable|permission", message?.Data.Content?.ToLowerInvariant() ?? string.Empty);
     }
 
+    [Fact]
+    public async Task Should_Deny_Tool_Operations_By_Default_When_No_Handler_Is_Provided_After_Resume()
+    {
+        var session1 = await Client.CreateSessionAsync(new SessionConfig
+        {
+            OnPermissionRequest = PermissionHandler.ApproveAll
+        });
+        var sessionId = session1.SessionId;
+        await session1.SendAndWaitAsync(new MessageOptions { Prompt = "What is 1+1?" });
+
+        var session2 = await Client.ResumeSessionAsync(sessionId);
+        var permissionDenied = false;
+
+        session2.On(evt =>
+        {
+            if (evt is ToolExecutionCompleteEvent toolEvt &&
+                !toolEvt.Data.Success &&
+                toolEvt.Data.Error?.Message.Contains("Permission denied") == true)
+            {
+                permissionDenied = true;
+            }
+        });
+
+        await session2.SendAndWaitAsync(new MessageOptions
+        {
+            Prompt = "Run 'node --version'"
+        });
+
+        Assert.True(permissionDenied, "Expected a tool.execution_complete event with Permission denied result");
+    }
+
     [Fact]
     public async Task Should_Receive_ToolCallId_In_Permission_Requests()
     {

dotnet/test/SessionTests.cs

@@ -333,7 +333,10 @@ public async Task Should_Receive_Session_Events()
     [Fact]
     public async Task Send_Returns_Immediately_While_Events_Stream_In_Background()
     {
-        var session = await Client.CreateSessionAsync();
+        var session = await Client.CreateSessionAsync(new SessionConfig
+        {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
+        });
         var events = new List<string>();
 
         session.On(evt => events.Add(evt.Type));