From 508d8630f22ff2a4d1b9f68707255530bf34198c Mon Sep 17 00:00:00 2001 From: GitHub Copilot Date: Fri, 20 Feb 2026 08:52:41 +0000 Subject: [PATCH] docs: add permissions and :client-name to getting-started What's Next Add two missing topics to doc/getting-started.md: - Permission model: explain deny-by-default, show approve-all usage, link to Permission Handling section in API Reference - :client-name option: show how to identify an application in session config Both features were added in merged PRs (#18 and #21) but were not reflected in the getting-started tutorial. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- doc/getting-started.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/doc/getting-started.md b/doc/getting-started.md index 3936222..0d14f09 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -251,6 +251,32 @@ Now that you have the basics, explore these topics: - **[MCP Servers](./mcp/overview.md)** — Connect to external tools via MCP - **[Examples](../examples/README.md)** — More working examples +### Permissions (deny-by-default) + +The SDK uses a **deny-by-default** permission model. When Copilot requests permission +to run shell commands, write files, or fetch URLs, the SDK denies all requests unless +you provide an `:on-permission-request` handler. + +Use `approve-all` to permit everything: + +```clojure +(copilot/with-client-session [session {:model "gpt-5.2" + :on-permission-request copilot/approve-all}] + ...) +``` + +Or write a custom handler for fine-grained control. See [Permission Handling](./reference/API.md#permission-handling) in the API Reference. + +### Identifying Your Application + +Pass `:client-name` to identify your application in API requests (included in the User-Agent header): + +```clojure +(copilot/with-client-session [session {:model "gpt-5.2" + :client-name "my-weather-app"}] + ...) +``` + ### Key Concepts | Concept | Description |