refactor: add PermissionHandlers.approveAll helper, remove verbose README sections

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: SteveSandersonMS

dotnet/README.md

@@ -495,43 +495,6 @@ var session = await client.CreateSessionAsync(new SessionConfig
 });
 ```
 
-## Permission Requests
-
-The SDK uses a **deny-by-default** permission model. When the Copilot agent needs to perform privileged operations (file writes, shell commands, URL fetches, etc.), it sends a permission request to the SDK. If no `OnPermissionRequest` handler is registered, all such requests are **automatically denied**.
-
-To allow operations, provide an `OnPermissionRequest` handler when creating a session:
-
-```csharp
-var session = await client.CreateSessionAsync(new SessionConfig
-{
-    OnPermissionRequest = async (request, invocation) =>
-    {
-        // request.Kind - The type of operation: "shell", "write", "read", "url", or "mcp"
-
-        // Approve everything (equivalent to --yolo mode in the CLI)
-        return new PermissionRequestResult { Kind = "approved" };
-
-        // Or implement fine-grained policy:
-        // if (request.Kind == "shell")
-        //     return new PermissionRequestResult { Kind = "denied-interactively-by-user" };
-        // return new PermissionRequestResult { Kind = "approved" };
-    }
-});
-```
-
-**Permission request kinds:**
-- `"shell"` — Execute a shell command
-- `"write"` — Write to a file
-- `"read"` — Read a file
-- `"url"` — Fetch a URL
-- `"mcp"` — Call an MCP server tool
-
-**Permission result kinds:**
-- `"approved"` — Allow the operation
-- `"denied-interactively-by-user"` — User explicitly denied
-- `"denied-by-rules"` — Denied by policy rules
-- `"denied-no-approval-rule-and-could-not-request-from-user"` — Default deny (no handler)
-
 ## User Input Requests
 
 Enable the agent to ask questions to the user using the `ask_user` tool by providing an `OnUserInputRequest` handler:

dotnet/samples/Chat.cs

@@ -3,12 +3,7 @@
 await using var client = new CopilotClient();
 await using var session = await client.CreateSessionAsync(new SessionConfig
 {
-    // Permission requests are denied by default. Provide a handler to approve operations.
-    OnPermissionRequest = (request, invocation) =>
-    {
-        // Approve all permission requests. Customize this to implement your own policy.
-        return Task.FromResult(new PermissionRequestResult { Kind = "approved" });
-    }
+    OnPermissionRequest = PermissionHandlers.ApproveAll
 });
 
 using var _ = session.On(evt =>

dotnet/src/PermissionHandlers.cs

@@ -0,0 +1,13 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *--------------------------------------------------------------------------------------------*/
+
+namespace GitHub.Copilot.SDK;
+
+/// <summary>Provides pre-built <see cref="PermissionHandler"/> implementations.</summary>
+public static class PermissionHandlers
+{
+    /// <summary>A <see cref="PermissionHandler"/> that approves all permission requests.</summary>
+    public static PermissionHandler ApproveAll { get; } =
+        (_, _) => Task.FromResult(new PermissionRequestResult { Kind = "approved" });
+}

dotnet/test/HooksTests.cs

@@ -17,7 +17,7 @@ public async Task Should_Invoke_PreToolUse_Hook_When_Model_Runs_A_Tool()
         CopilotSession? session = null;
         session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>
@@ -53,7 +53,7 @@ public async Task Should_Invoke_PostToolUse_Hook_After_Model_Runs_A_Tool()
         CopilotSession? session = null;
         session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPostToolUse = (input, invocation) =>
@@ -91,7 +91,7 @@ public async Task Should_Invoke_Both_PreToolUse_And_PostToolUse_Hooks_For_Single
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>
@@ -133,7 +133,7 @@ public async Task Should_Deny_Tool_Execution_When_PreToolUse_Returns_Deny()
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
             Hooks = new SessionHooks
             {
                 OnPreToolUse = (input, invocation) =>

dotnet/test/McpAndAgentsTests.cs

@@ -280,7 +280,7 @@ public async Task Should_Pass_Literal_Env_Values_To_Mcp_Server_Subprocess()
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
             McpServers = mcpServers,
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
         });
 
         Assert.Matches(@"^[a-f0-9-]+$", session.SessionId);

dotnet/test/SessionTests.cs

@@ -335,7 +335,7 @@ public async Task Send_Returns_Immediately_While_Events_Stream_In_Background()
     {
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
         });
         var events = new List<string>();
 

dotnet/test/ToolsTests.cs

@@ -23,7 +23,7 @@ await File.WriteAllTextAsync(
 
         var session = await Client.CreateSessionAsync(new SessionConfig
         {
-            OnPermissionRequest = (request, invocation) => Task.FromResult(new PermissionRequestResult { Kind = "approved" }),
+            OnPermissionRequest = PermissionHandlers.ApproveAll,
         });
 
         await session.SendAsync(new MessageOptions

go/README.md

@@ -445,42 +445,6 @@ session, err := client.CreateSession(context.Background(), &copilot.SessionConfi
 > - For Azure OpenAI endpoints (`*.openai.azure.com`), you **must** use `Type: "azure"`, not `Type: "openai"`.
 > - The `BaseURL` should be just the host (e.g., `https://my-resource.openai.azure.com`). Do **not** include `/openai/v1` in the URL - the SDK handles path construction automatically.
 
-## Permission Requests
-
-The SDK uses a **deny-by-default** permission model. When the Copilot agent needs to perform privileged operations (file writes, shell commands, URL fetches, etc.), it sends a permission request to the SDK. If no `OnPermissionRequest` handler is registered, all such requests are **automatically denied**.
-
-To allow operations, provide an `OnPermissionRequest` handler when creating a session:
-
-```go
-session, err := client.CreateSession(ctx, &copilot.SessionConfig{
-    OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-        // request.Kind - The type of operation: "shell", "write", "read", "url", or "mcp"
-
-        // Approve everything (equivalent to --yolo mode in the CLI)
-        return copilot.PermissionRequestResult{Kind: "approved"}, nil
-
-        // Or implement fine-grained policy:
-        // if request.Kind == "shell" {
-        //     return copilot.PermissionRequestResult{Kind: "denied-interactively-by-user"}, nil
-        // }
-        // return copilot.PermissionRequestResult{Kind: "approved"}, nil
-    },
-})
-```
-
-**Permission request kinds:**
-- `"shell"` — Execute a shell command
-- `"write"` — Write to a file
-- `"read"` — Read a file
-- `"url"` — Fetch a URL
-- `"mcp"` — Call an MCP server tool
-
-**Permission result kinds:**
-- `"approved"` — Allow the operation
-- `"denied-interactively-by-user"` — User explicitly denied
-- `"denied-by-rules"` — Denied by policy rules
-- `"denied-no-approval-rule-and-could-not-request-from-user"` — Default deny (no handler)
-
 ## User Input Requests
 
 Enable the agent to ask questions to the user using the `ask_user` tool by providing an `OnUserInputRequest` handler:

go/internal/e2e/hooks_test.go

@@ -22,9 +22,7 @@ func TestHooks(t *testing.T) {
 		var mu sync.Mutex
 
 		session, err := client.CreateSession(t.Context(), &copilot.SessionConfig{
-			OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-				return copilot.PermissionRequestResult{Kind: "approved"}, nil
-			},
+			OnPermissionRequest: copilot.PermissionHandlers.ApproveAll,
 			Hooks: &copilot.SessionHooks{
 				OnPreToolUse: func(input copilot.PreToolUseHookInput, invocation copilot.HookInvocation) (*copilot.PreToolUseHookOutput, error) {
 					mu.Lock()
@@ -83,9 +81,7 @@ func TestHooks(t *testing.T) {
 		var mu sync.Mutex
 
 		session, err := client.CreateSession(t.Context(), &copilot.SessionConfig{
-			OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-				return copilot.PermissionRequestResult{Kind: "approved"}, nil
-			},
+			OnPermissionRequest: copilot.PermissionHandlers.ApproveAll,
 			Hooks: &copilot.SessionHooks{
 				OnPostToolUse: func(input copilot.PostToolUseHookInput, invocation copilot.HookInvocation) (*copilot.PostToolUseHookOutput, error) {
 					mu.Lock()
@@ -151,9 +147,7 @@ func TestHooks(t *testing.T) {
 		var mu sync.Mutex
 
 		session, err := client.CreateSession(t.Context(), &copilot.SessionConfig{
-			OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-				return copilot.PermissionRequestResult{Kind: "approved"}, nil
-			},
+			OnPermissionRequest: copilot.PermissionHandlers.ApproveAll,
 			Hooks: &copilot.SessionHooks{
 				OnPreToolUse: func(input copilot.PreToolUseHookInput, invocation copilot.HookInvocation) (*copilot.PreToolUseHookOutput, error) {
 					mu.Lock()
@@ -223,9 +217,7 @@ func TestHooks(t *testing.T) {
 		var mu sync.Mutex
 
 		session, err := client.CreateSession(t.Context(), &copilot.SessionConfig{
-			OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-				return copilot.PermissionRequestResult{Kind: "approved"}, nil
-			},
+			OnPermissionRequest: copilot.PermissionHandlers.ApproveAll,
 			Hooks: &copilot.SessionHooks{
 				OnPreToolUse: func(input copilot.PreToolUseHookInput, invocation copilot.HookInvocation) (*copilot.PreToolUseHookOutput, error) {
 					mu.Lock()

go/internal/e2e/mcp_and_agents_test.go

@@ -127,9 +127,7 @@ func TestMCPServers(t *testing.T) {
 
 		session, err := client.CreateSession(t.Context(), &copilot.SessionConfig{
 			MCPServers: mcpServers,
-			OnPermissionRequest: func(request copilot.PermissionRequest, invocation copilot.PermissionInvocation) (copilot.PermissionRequestResult, error) {
-				return copilot.PermissionRequestResult{Kind: "approved"}, nil
-			},
+			OnPermissionRequest: copilot.PermissionHandlers.ApproveAll,
 		})
 		if err != nil {
 			t.Fatalf("Failed to create session: %v", err)