Add permission checks for SDK-registered custom tools

[SteveSandersonMS]

Overview

Fixes #254 across all languages. SDK-registered custom tools are now subject to the same permission checking flow as any other tool call.

E2E test updates

• Existing tests: All custom tool tests now provide an onPermissionRequest handler (approveAll/ApproveAll) since the runtime now requires permission approval before executing custom tools
• New tests (2 per language, 8 total):
  • invokes_custom_tool_with_permission_handler — verifies a custom tool executes when the permission handler approves
  • denies_custom_tool_when_permission_denied — verifies a custom tool is blocked when the permission handler denies

CI note

The e2e tests in this PR depend on a corresponding runtime change that adds the custom-tool permission request kind. CI will fail until that runtime change is released. This is expected — the tests are correct and pass when run against a runtime build that includes the permission check.

[github-actions]

Cross-SDK Consistency Review ✅

Great work on maintaining consistency across all four SDK implementations! This PR properly adds "custom-tool" permission support to all SDKs with parallel changes.

What's Consistent ✅

1. Type Updates: Correctly added "custom-tool" to PermissionRequest types in Node.js and Python (Go/C# use plain strings, so no changes needed—as noted in the PR description)
2. Existing Tests: All custom tool tests across all 4 SDKs now include permission handlers
3. New Tests: Two new tests added per SDK (8 total) covering approval and denial scenarios
4. Test Snapshots: Properly added for both new test scenarios

Minor Suggestion for Test Parity 📝

There's a small difference in test assertions:

• Node.js & Python: Verify both kind === "custom-tool" and toolName === "encrypt_string"
• Go & .NET: Only verify kind === "custom-tool"

Suggestion: Consider adding toolName verification to the Go and .NET tests to match the completeness of Node.js/Python tests. For example:

Go (go/internal/e2e/tools_test.go around line 313):

for _, req := range permissionRequests {
    if req.Kind == "custom-tool" {
        customToolReqs++
        // Optionally verify toolName
        if toolName, ok := req.Extra["toolName"].(string); ok && toolName != "encrypt_string" {
            t.Errorf("Expected toolName 'encrypt_string', got '%s'", toolName)
        }
    }
}

.NET (dotnet/test/ToolsTests.cs around line 210):

// Should have received a custom-tool permission request
var customToolRequest = permissionRequests.FirstOrDefault(r => r.Kind == "custom-tool");
Assert.NotNull(customToolRequest);
Assert.Equal("encrypt_string", customToolRequest.ExtensionData?["toolName"]);

This would bring all four SDKs to complete feature parity in test coverage. Not blocking—the current tests are solid and will catch the main behavior correctly! 🚀

AI generated by SDK Consistency Review Agent

[Copilot]

Pull request overview

This PR updates the SDK type surfaces and cross-language E2E tests to support a new permission request kind (custom-tool) so that SDK-registered custom tools participate in the same permission flow as built-in tools.

Changes:

• Added "custom-tool" to the permission-kind type unions in Node.js and Python.
• Updated existing custom-tool E2E tests across languages to provide an onPermissionRequest handler.
• Added new E2E scenarios (per language) that validate custom-tool invocation when approved and blocking when denied (plus new replay snapshots).

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test/snapshots/tools/invokes_custom_tool_with_permission_handler.yaml	Adds replay snapshot for approved custom-tool execution path.
test/snapshots/tools/denies_custom_tool_when_permission_denied.yaml	Adds replay snapshot for the denied custom-tool path.
python/e2e/test_tools.py	Injects permission handler into existing tool tests; adds approve/deny custom-tool permission tests.
python/copilot/types.py	Extends PermissionRequest.kind Literal union to include custom-tool.
nodejs/test/e2e/tools.test.ts	Adds permission handler to existing tool tests; adds approve/deny custom-tool permission tests.
nodejs/src/types.ts	Extends PermissionRequest.kind union to include custom-tool.
go/internal/e2e/tools_test.go	Injects permission handler into existing tool tests; adds approve/deny custom-tool permission tests.
dotnet/test/ToolsTests.cs	Injects permission handler into existing tool tests; adds approve/deny custom-tool permission tests.

[github-actions]

✅ Cross-SDK Consistency Review: PASSED

This PR maintains excellent cross-SDK consistency for the new custom tool permission checking feature. All four language implementations (Node.js/TypeScript, Python, Go, and .NET) have been updated consistently.

What was verified:

1. Type definitions updated:

   • ✅ Node.js: Added "custom-tool" to PermissionRequest.kind literal type
   • ✅ Python: Added "custom-tool" to PermissionRequest literal type
   • ✅ Go: Uses flexible string type (supports any kind including "custom-tool")
   • ✅ .NET: Uses flexible string type (supports any kind including "custom-tool")

2. Existing tests updated:

   • ✅ All existing custom tool tests now include onPermissionRequest/OnPermissionRequest handler
   • ✅ Consistent across all 4 SDKs (3-4 existing tests updated per language)

3. New test coverage:

   • ✅ Each SDK adds 2 new tests with identical behavior:
     • invokes_custom_tool_with_permission_handler - verifies tool execution when approved
     • denies_custom_tool_when_permission_denied - verifies tool blocking when denied

4. API naming consistency:

   • ✅ Node.js: onPermissionRequest (camelCase)
   • ✅ Python: on_permission_request (snake_case)
   • ✅ Go: OnPermissionRequest (PascalCase - exported function)
   • ✅ .NET: OnPermissionRequest (PascalCase)
   • All follow their respective language conventions ✓

5. Test assertions are equivalent:

   • ✅ All check for "custom-tool" permission request kind
   • ✅ All verify tool name in request metadata (toolName field)
   • ✅ All verify tool handler is/isn't called based on approval/denial

6. Shared test snapshots:

   • ✅ Two new YAML snapshots added that all SDKs can use:
     • test/snapshots/tools/invokes_custom_tool_with_permission_handler.yaml
     • test/snapshots/tools/denies_custom_tool_when_permission_denied.yaml

Summary

This PR exemplifies excellent multi-language SDK development. The feature is implemented consistently across all four languages with:

• Matching API surface (accounting for language idioms)
• Equivalent test coverage
• Consistent behavior
• Shared test fixtures

No cross-SDK consistency issues found. 🎉

AI generated by SDK Consistency Review Agent

[github-actions]

✅ Cross-SDK Consistency Review

This PR maintains excellent consistency across all four SDK implementations. Great work!

What I verified:

1. Type Definitions ✅

All four SDKs consistently add "custom-tool" to the PermissionRequest.kind union/literal type:

• TypeScript: nodejs/src/types.ts
• Python: python/copilot/types.py
• Go: Generated RPC types
• .NET: Generated RPC types

2. E2E Test Coverage ✅

Each SDK adds two new tests with consistent naming (following language conventions):

• invokes_custom_tool_with_permission_handler / Invokes_Custom_Tool_With_Permission_Handler
• denies_custom_tool_when_permission_denied / Denies_Custom_Tool_When_Permission_Denied

Both tests verify the same behavior:

• Test 1: Confirms that custom-tool permission requests are emitted and contain toolName
• Test 2: Confirms that custom tool handlers are not invoked when permissions are denied

3. Test Implementation ✅

All languages access the toolName field appropriately for their type system:

• TypeScript: customToolRequests[0].toolName (index signature)
• Python: custom_tool_requests[0].get("toolName") (TypedDict)
• Go: req.Extra["toolName"] (map field)
• .NET: customToolRequest.ExtensionData["toolName"] (JsonExtensionData)

4. Existing Tests Updated ✅

All existing custom tool tests now include an onPermissionRequest handler (previously missing), ensuring they work with the new permission flow.

5. Shared Test Snapshots ✅

Two new YAML snapshot files are added and shared across all SDKs:

• test/snapshots/tools/invokes_custom_tool_with_permission_handler.yaml
• test/snapshots/tools/denies_custom_tool_when_permission_denied.yaml

---

No consistency issues found. This is a model example of maintaining feature parity across a multi-language SDK! 🎉

AI generated by SDK Consistency Review Agent

[github-actions]

✅ Cross-SDK Consistency Review

This PR successfully maintains excellent cross-SDK consistency for the custom tool permission feature across all four SDK implementations (Node.js, Python, Go, .NET).

Type Definitions ✅

Permission Request Kind:

• Node.js: Added "custom-tool" to PermissionRequest.kind union type (types.ts)
• Python: Added "custom-tool" to PermissionRequest.kind Literal type (types.py)
• Go: Uses string type for Kind field - new value handled at runtime
• .NET: Uses string type for Kind property - new value handled at runtime

All implementations are consistent and appropriate for each language's type system.

Test Coverage ✅

All four SDKs have identical test coverage:

1. Existing tests updated: All custom tool tests now include the required onPermissionRequest/OnPermissionRequest handler (as expected, since the runtime now requires permission approval for custom tools)

2. New tests added (2 per SDK, 8 total):

   • invokes_custom_tool_with_permission_handler - Verifies:
     • Custom tool executes when permission is approved
     • Permission request includes kind: "custom-tool"
     • Permission request includes toolName field with correct value
   • denies_custom_tool_when_permission_denied - Verifies:
     • Custom tool handler is NOT called when permission is denied
     • SDK properly handles denied permissions

Test Implementation Consistency ✅

All test implementations follow the same pattern:

• Use an encrypt_string tool that converts input to uppercase
• Test prompt: "Use encrypt_string to encrypt this string: Hello"
• Expected result: "HELLO" in the response
• Verification approach is consistent across languages (accounting for language idioms)

Snapshot Files ✅

Two new snapshot YAML files added for E2E test replay:

• test/snapshots/tools/invokes_custom_tool_with_permission_handler.yaml
• test/snapshots/tools/denies_custom_tool_when_permission_denied.yaml

---

Summary: This PR demonstrates exemplary cross-SDK consistency. The feature is implemented uniformly across all four SDKs with matching semantics, equivalent test coverage, and appropriate language-specific adaptations. No inconsistencies found. 🎯

AI generated by SDK Consistency Review Agent

[github-actions]

✅ Cross-SDK Consistency Review

I've reviewed PR #555 for consistency across all four SDK implementations (Node.js/TypeScript, Python, Go, and .NET). The changes maintain excellent cross-SDK consistency.

Summary of Changes

This PR adds permission checking for SDK-registered custom tools across all SDKs with the following changes:

1. Type Definitions ✅

• Node.js (nodejs/src/types.ts): Added "custom-tool" to PermissionRequest.kind union type
• Python (python/copilot/types.py): Added "custom-tool" to PermissionRequest.kind Literal type
• Go (go/types.go): No change needed - uses string type (consistent with existing pattern)
• .NET (dotnet/src/Types.cs): No change needed - uses string type (consistent with existing pattern)

This follows the established pattern where TypeScript/Python use compile-time type safety with union/literal types, while Go/.NET use plain strings with runtime validation.

2. E2E Tests ✅

All four SDKs received identical test coverage:

• ✅ 2 new tests per SDK (8 total):

  • invokes_custom_tool_with_permission_handler - verifies custom tool executes when approved
  • denies_custom_tool_when_permission_denied - verifies custom tool is blocked when denied

• ✅ Updated existing tests: All pre-existing custom tool tests now include permission handlers:

  • Node.js: 3 tests updated with onPermissionRequest: approveAll
  • .NET: 4 tests updated with OnPermissionRequest = PermissionHandler.ApproveAll
  • Go/Python: Tests already had or didn't need updates

3. Test Implementation Consistency ✅

The new tests are semantically identical across all languages, respecting language idioms:

• Test structure: Same scenarios, same assertions
• Naming conventions: Proper casing for each language (snake_case for Python, PascalCase for .NET/Go test names, camelCase for Node.js)
• Permission handler: All verify the custom-tool permission kind and toolName field
• Shared snapshots: Both new tests use shared YAML snapshots (test/snapshots/tools/)

Verdict

No consistency issues found. This PR exemplifies good multi-language SDK maintenance:

• Feature parity across all 4 languages ✅
• Respects language-specific idioms ✅
• Consistent API patterns ✅
• Comprehensive test coverage ✅

Great work maintaining consistency! 🎉

AI generated by SDK Consistency Review Agent