Demonstrates the permission request flow — the runtime asks the SDK for permission before executing tools, and the SDK can approve or deny each request. This sample approves all requests while logging which tools were invoked.
This pattern is the foundation for:
- Enterprise policy enforcement where certain tools are restricted
- Audit logging where all tool invocations must be recorded
- Interactive approval UIs where a human confirms sensitive operations
- Fine-grained access control based on tool name, arguments, or context
- Enable
onPermissionRequesthandler on the session config - Track which tools requested permission in a log array
- Approve all permission requests (return
kind: "approved") - Send a prompt that triggers tool use (e.g., listing files via glob)
- Print the permission log showing which tools were approved
- Creates a session with an
onPermissionRequestcallback that logs and approves - Sends: "List the files in the current directory using glob with pattern '*'."
- The runtime calls
onPermissionRequestbefore each tool execution - The callback records
approved:<toolName>and returns approval - Prints the agent's response
- Dumps the permission log showing all approved tool invocations
| Option | Value | Effect |
|---|---|---|
onPermissionRequest |
Log + approve | Records tool name, returns approved |
hooks.onPreToolUse |
Auto-allow | No tool confirmation prompts |
The onPermissionRequest handler gives the integrator full control over which tools the agent can execute. By inspecting the request (tool name, arguments), you can implement allow/deny lists, require human approval for dangerous operations, or log every action for compliance. Returning { kind: "denied" } blocks the tool from running.
./verify.shRequires the copilot binary (auto-detected or set COPILOT_CLI_PATH) and GITHUB_TOKEN.