Per-session GitHub authentication for all SDK languages, plus update runtime and permissions to match (#1124)

Author: SteveSandersonMS

docs/auth/index.md

@@ -110,7 +110,7 @@ Use an OAuth GitHub App to authenticate users through your application and pass
 **How it works:**
 1. User authorizes your OAuth GitHub App
 2. Your app receives a user access token (`gho_` or `ghu_` prefix)
-3. Pass the token to the SDK via `githubToken` option
+3. Pass the token to the SDK via `gitHubToken` option
 
 **SDK Configuration:**
 
@@ -121,7 +121,7 @@ Use an OAuth GitHub App to authenticate users through your application and pass
 import { CopilotClient } from "@github/copilot-sdk";
 
 const client = new CopilotClient({
-    githubToken: userAccessToken,  // Token from OAuth flow
+    gitHubToken: userAccessToken,  // Token from OAuth flow
     useLoggedInUser: false,        // Don't use stored CLI credentials
 });
 ```
@@ -299,7 +299,7 @@ BYOK allows you to use your own API keys from model providers like Azure AI Foun
 
 When multiple authentication methods are available, the SDK uses them in this priority order:
 
-1. **Explicit `githubToken`** - Token passed directly to SDK constructor
+1. **Explicit `gitHubToken`** - Token passed directly to SDK constructor
 2. **HMAC key** - `CAPI_HMAC_KEY` or `COPILOT_HMAC_KEY` environment variables
 3. **Direct API token** - `GITHUB_COPILOT_API_TOKEN` with `COPILOT_API_URL`
 4. **Environment variable tokens** - `COPILOT_GITHUB_TOKEN` → `GH_TOKEN` → `GITHUB_TOKEN`

docs/setup/backend-services.md

@@ -290,7 +290,7 @@ Pass individual user tokens when creating sessions. See [GitHub OAuth](./github-
 app.post("/chat", authMiddleware, async (req, res) => {
     const client = new CopilotClient({
         cliUrl: "localhost:4321",
-        githubToken: req.user.githubToken,
+        gitHubToken: req.user.githubToken,
         useLoggedInUser: false,
     });
 

docs/setup/github-oauth.md

@@ -26,7 +26,7 @@ sequenceDiagram
     GH-->>App: Access token (gho_xxx)
 
     App->>SDK: Create client with token
-    SDK->>CLI: Start with githubToken
+    SDK->>CLI: Start with gitHubToken
     CLI->>API: Request (as user)
     API-->>CLI: Response
     CLI-->>SDK: Result
@@ -124,7 +124,7 @@ import { CopilotClient } from "@github/copilot-sdk";
 // Create a client for an authenticated user
 function createClientForUser(userToken: string): CopilotClient {
     return new CopilotClient({
-        githubToken: userToken,
+        gitHubToken: userToken,
         useLoggedInUser: false,  // Don't fall back to CLI login
     });
 }
@@ -373,7 +373,7 @@ For GitHub Enterprise Managed Users, the flow is identical — EMU users authent
 // No special SDK configuration needed for EMU
 // Enterprise policies are enforced server-side by GitHub
 const client = new CopilotClient({
-    githubToken: emuUserToken,  // Works the same as regular tokens
+    gitHubToken: emuUserToken,  // Works the same as regular tokens
     useLoggedInUser: false,
 });
 ```
@@ -438,7 +438,7 @@ const clients = new Map<string, CopilotClient>();
 function getClientForUser(userId: string, token: string): CopilotClient {
     if (!clients.has(userId)) {
         clients.set(userId, new CopilotClient({
-            githubToken: token,
+            gitHubToken: token,
             useLoggedInUser: false,
         }));
     }

docs/troubleshooting/compatibility.md

@@ -55,7 +55,7 @@ The Copilot SDK communicates with the CLI via JSON-RPC protocol. Features must b
 | Create workspace file | `session.rpc.workspace.createFile()` | Create file in workspace |
 | **Authentication** | | |
 | Get auth status | `getAuthStatus()` | Check login state |
-| Use token | `githubToken` option | Programmatic auth |
+| Use token | `gitHubToken` option | Programmatic auth |
 | **Connectivity** | | |
 | Ping | `client.ping()` | Health check with server timestamp |
 | Get server status | `client.getStatus()` | Protocol version and server info |

docs/troubleshooting/debugging.md

@@ -268,7 +268,7 @@ var client = new CopilotClient(new CopilotClientOptions
 
    ```typescript
    const client = new CopilotClient({
-     githubToken: process.env.GITHUB_TOKEN,
+     gitHubToken: process.env.GITHUB_TOKEN,
    });
    ```
    </details>

dotnet/src/Client.cs

@@ -513,7 +513,8 @@ public async Task<CopilotSession> CreateSessionAsync(SessionConfig config, Cance
                 RequestElicitation: config.OnElicitationRequest != null,
                 Traceparent: traceparent,
                 Tracestate: tracestate,
-                ModelCapabilities: config.ModelCapabilities);
+                ModelCapabilities: config.ModelCapabilities,
+                GitHubToken: config.GitHubToken);
 
             var response = await InvokeRpcAsync<CreateSessionResponse>(
                 connection.Rpc, "session.create", [request], cancellationToken);
@@ -638,7 +639,8 @@ public async Task<CopilotSession> ResumeSessionAsync(string sessionId, ResumeSes
                 RequestElicitation: config.OnElicitationRequest != null,
                 Traceparent: traceparent,
                 Tracestate: tracestate,
-                ModelCapabilities: config.ModelCapabilities);
+                ModelCapabilities: config.ModelCapabilities,
+                GitHubToken: config.GitHubToken);
 
             var response = await InvokeRpcAsync<ResumeSessionResponse>(
                 connection.Rpc, "session.resume", [request], cancellationToken);
@@ -1600,7 +1602,7 @@ public async Task<PermissionRequestResponseV2> OnPermissionRequestV2(string sess
             {
                 return new PermissionRequestResponseV2(new PermissionRequestResult
                 {
-                    Kind = PermissionRequestResultKind.DeniedCouldNotRequestFromUser
+                    Kind = PermissionRequestResultKind.UserNotAvailable
                 });
             }
         }
@@ -1661,7 +1663,8 @@ internal record CreateSessionRequest(
         bool? RequestElicitation = null,
         string? Traceparent = null,
         string? Tracestate = null,
-        ModelCapabilitiesOverride? ModelCapabilities = null);
+        ModelCapabilitiesOverride? ModelCapabilities = null,
+        string? GitHubToken = null);
 
     internal record ToolDefinition(
         string Name,
@@ -1716,7 +1719,8 @@ internal record ResumeSessionRequest(
         bool? RequestElicitation = null,
         string? Traceparent = null,
         string? Tracestate = null,
-        ModelCapabilitiesOverride? ModelCapabilities = null);
+        ModelCapabilitiesOverride? ModelCapabilities = null,
+        string? GitHubToken = null);
 
     internal record ResumeSessionResponse(
         string SessionId,