Add no-result permission handling

Add a public no-result permission outcome across the SDKs, default TypeScript extension joinSession() to it, and make v2 permission adapters fail loudly if asked to return no-result.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: SteveSandersonMS

dotnet/src/Client.cs

@@ -54,6 +54,9 @@ namespace GitHub.Copilot.SDK;
 /// </example>
 public sealed partial class CopilotClient : IDisposable, IAsyncDisposable
 {
+    internal const string NoResultPermissionV2ErrorMessage =
+        "Permission handlers cannot return 'no-result' when connected to a protocol v2 server.";
+
     /// <summary>
     /// Minimum protocol version this SDK can communicate with.
     /// </summary>
@@ -1394,8 +1397,16 @@ public async Task<PermissionRequestResponseV2> OnPermissionRequestV2(string sess
             try
             {
                 var result = await session.HandlePermissionRequestAsync(permissionRequest);
+                if (result.Kind == PermissionRequestResultKind.NoResult)
+                {
+                    throw new InvalidOperationException(NoResultPermissionV2ErrorMessage);
+                }
                 return new PermissionRequestResponseV2(result);
             }
+            catch (InvalidOperationException ex) when (ex.Message == NoResultPermissionV2ErrorMessage)
+            {
+                throw;
+            }
             catch (Exception)
             {
                 return new PermissionRequestResponseV2(new PermissionRequestResult

dotnet/src/PermissionHandlers.cs

@@ -10,4 +10,8 @@ public static class PermissionHandler
     /// <summary>A <see cref="PermissionRequestHandler"/> that approves all permission requests.</summary>
     public static PermissionRequestHandler ApproveAll { get; } =
         (_, _) => Task.FromResult(new PermissionRequestResult { Kind = PermissionRequestResultKind.Approved });
+
+    /// <summary>A <see cref="PermissionRequestHandler"/> that leaves permission requests unanswered.</summary>
+    public static PermissionRequestHandler NoResult { get; } =
+        (_, _) => Task.FromResult(new PermissionRequestResult { Kind = PermissionRequestResultKind.NoResult });
 }

dotnet/src/Session.cs

@@ -467,6 +467,10 @@ private async Task ExecutePermissionAndRespondAsync(string requestId, Permission
             };
 
             var result = await handler(permissionRequest, invocation);
+            if (result.Kind == PermissionRequestResultKind.NoResult)
+            {
+                return;
+            }
             await Rpc.Permissions.HandlePendingPermissionRequestAsync(requestId, result);
         }
         catch (Exception)

dotnet/src/Types.cs

@@ -283,6 +283,9 @@ public class ToolInvocation
     /// <summary>Gets the kind indicating the permission was denied interactively by the user.</summary>
     public static PermissionRequestResultKind DeniedInteractivelyByUser { get; } = new("denied-interactively-by-user");
 
+    /// <summary>Gets the kind indicating the SDK should not answer the pending permission request.</summary>
+    public static PermissionRequestResultKind NoResult { get; } = new("no-result");
+
     /// <summary>Gets the underlying string value of this <see cref="PermissionRequestResultKind"/>.</summary>
     public string Value => _value ?? string.Empty;
 
@@ -350,6 +353,7 @@ public class PermissionRequestResult
     /// <item><description><c>"denied-by-rules"</c> — denied by configured permission rules.</description></item>
     /// <item><description><c>"denied-interactively-by-user"</c> — the user explicitly denied the request.</description></item>
     /// <item><description><c>"denied-no-approval-rule-and-could-not-request-from-user"</c> — no rule matched and user approval was unavailable.</description></item>
+    /// <item><description><c>"no-result"</c> — leave the pending permission request unanswered.</description></item>
     /// </list>
     /// </summary>
     [JsonPropertyName("kind")]

dotnet/test/PermissionRequestResultKindTests.cs

@@ -21,6 +21,7 @@ public void WellKnownKinds_HaveExpectedValues()
         Assert.Equal("denied-by-rules", PermissionRequestResultKind.DeniedByRules.Value);
         Assert.Equal("denied-no-approval-rule-and-could-not-request-from-user", PermissionRequestResultKind.DeniedCouldNotRequestFromUser.Value);
         Assert.Equal("denied-interactively-by-user", PermissionRequestResultKind.DeniedInteractivelyByUser.Value);
+        Assert.Equal("no-result", PermissionRequestResultKind.NoResult.Value);
     }
 
     [Fact]
@@ -115,6 +116,7 @@ public void JsonRoundTrip_PreservesAllKinds()
             PermissionRequestResultKind.DeniedByRules,
             PermissionRequestResultKind.DeniedCouldNotRequestFromUser,
             PermissionRequestResultKind.DeniedInteractivelyByUser,
+            PermissionRequestResultKind.NoResult,
         };
 
         foreach (var kind in kinds)

go/client.go

@@ -51,6 +51,8 @@ import (
 	"github.com/github/copilot-sdk/go/rpc"
 )
 
+const noResultPermissionV2Error = "permission handlers cannot return 'no-result' when connected to a protocol v2 server"
+
 // Client manages the connection to the Copilot CLI server and provides session management.
 //
 // The Client can either spawn a CLI server process or connect to an existing server.
@@ -1531,6 +1533,9 @@ func (c *Client) handlePermissionRequestV2(req permissionRequestV2) (*permission
 			},
 		}, nil
 	}
+	if result.Kind == PermissionRequestResultKindNoResult {
+		return nil, &jsonrpc2.Error{Code: -32603, Message: noResultPermissionV2Error}
+	}
 
 	return &permissionResponseV2{Result: result}, nil
 }

go/permissions.go

@@ -4,8 +4,13 @@ package copilot
 var PermissionHandler = struct {
 	// ApproveAll approves all permission requests.
 	ApproveAll PermissionHandlerFunc
+	// NoResult leaves the pending permission request unanswered.
+	NoResult PermissionHandlerFunc
 }{
 	ApproveAll: func(_ PermissionRequest, _ PermissionInvocation) (PermissionRequestResult, error) {
 		return PermissionRequestResult{Kind: PermissionRequestResultKindApproved}, nil
 	},
+	NoResult: func(_ PermissionRequest, _ PermissionInvocation) (PermissionRequestResult, error) {
+		return PermissionRequestResult{Kind: PermissionRequestResultKindNoResult}, nil
+	},
 }

go/session.go

@@ -562,6 +562,9 @@ func (s *Session) executePermissionAndRespond(requestID string, permissionReques
 		})
 		return
 	}
+	if result.Kind == PermissionRequestResultKindNoResult {
+		return
+	}
 
 	s.RPC.Permissions.HandlePendingPermissionRequest(context.Background(), &rpc.SessionPermissionsHandlePendingPermissionRequestParams{
 		RequestID: requestID,

go/types.go

@@ -123,6 +123,9 @@ const (
 
 	// PermissionRequestResultKindDeniedInteractivelyByUser indicates the permission was denied interactively by the user.
 	PermissionRequestResultKindDeniedInteractivelyByUser PermissionRequestResultKind = "denied-interactively-by-user"
+
+	// PermissionRequestResultKindNoResult indicates the SDK should not answer the pending permission request.
+	PermissionRequestResultKindNoResult PermissionRequestResultKind = "no-result"
 )
 
 // PermissionRequestResult represents the result of a permission request

go/types_test.go

@@ -15,6 +15,7 @@ func TestPermissionRequestResultKind_Constants(t *testing.T) {
 		{"DeniedByRules", PermissionRequestResultKindDeniedByRules, "denied-by-rules"},
 		{"DeniedCouldNotRequestFromUser", PermissionRequestResultKindDeniedCouldNotRequestFromUser, "denied-no-approval-rule-and-could-not-request-from-user"},
 		{"DeniedInteractivelyByUser", PermissionRequestResultKindDeniedInteractivelyByUser, "denied-interactively-by-user"},
+		{"NoResult", PermissionRequestResultKindNoResult, "no-result"},
 	}
 
 	for _, tt := range tests {
@@ -42,6 +43,7 @@ func TestPermissionRequestResult_JSONRoundTrip(t *testing.T) {
 		{"DeniedByRules", PermissionRequestResultKindDeniedByRules},
 		{"DeniedCouldNotRequestFromUser", PermissionRequestResultKindDeniedCouldNotRequestFromUser},
 		{"DeniedInteractivelyByUser", PermissionRequestResultKindDeniedInteractivelyByUser},
+		{"NoResult", PermissionRequestResultKindNoResult},
 		{"Custom", PermissionRequestResultKind("custom")},
 	}
 
@@ -89,3 +91,13 @@ func TestPermissionRequestResult_JSONSerialize(t *testing.T) {
 		t.Errorf("expected %s, got %s", expected, string(data))
 	}
 }
+
+func TestPermissionHandler_NoResult(t *testing.T) {
+	result, err := PermissionHandler.NoResult(PermissionRequest{}, PermissionInvocation{})
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+	if result.Kind != PermissionRequestResultKindNoResult {
+		t.Errorf("expected %q, got %q", PermissionRequestResultKindNoResult, result.Kind)
+	}
+}