Allow tools to set skipPermission

[MRayermannMSFT]

A nice to have for extensions adding relatively safe tools.

[Copilot]

Pull request overview

Adds cross-SDK support for a per-tool skipPermission flag so “safe” tools can execute without triggering a permission prompt, aligning behavior across Python/Node/Go/.NET and documenting the new option.

Changes:

• Add skipPermission/skip_permission to tool definitions in all SDKs and forward it in session.create/session.resume payloads.
• Update SDK documentation (Python/Node/Go/.NET READMEs) with usage examples.
• Add/extend unit tests for serialization/forwarding in Node and Go.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
python/copilot/types.py	Extends Python Tool type with skip_permission.
python/copilot/tools.py	Adds skip_permission option to define_tool and propagates into Tool.
python/copilot/client.py	Forwards skipPermission into tool definitions for create/resume.
python/README.md	Documents skip_permission=True usage for Python tools.
nodejs/test/client.test.ts	Adds tests asserting skipPermission is sent on create/resume.
nodejs/src/types.ts	Extends TS Tool type and defineTool config with skipPermission.
nodejs/src/client.ts	Forwards skipPermission in tool definitions for create/resume.
nodejs/README.md	Documents skipPermission: true usage for Node tools.
go/types.go	Extends Go Tool struct with SkipPermission JSON field.
go/client_test.go	Adds tests validating skipPermission JSON serialization/omission.
go/README.md	Documents SkipPermission = true usage for Go tools.
dotnet/src/Client.cs	Maps skip_permission AdditionalProperties into skipPermission on RPC tool definitions.
dotnet/README.md	Documents skip_permission AdditionalProperties usage for .NET tools.

---

You can also share your feedback on Copilot code review. Take the survey.

[github-actions]

✅ Cross-SDK Consistency Review

I've reviewed this PR for consistency across all four SDK implementations. Great work! This PR maintains excellent feature parity and consistent API design across Node.js/TypeScript, Python, Go, and .NET.

Summary

The PR adds a skipPermission flag to tool definitions, allowing tools to execute without triggering permission prompts. This feature is implemented consistently across all four SDKs.

Consistency Analysis

✅ Feature Implementation - All SDKs Covered

All four SDK implementations include the new skipPermission feature:

• Node.js/TypeScript: skipPermission property on Tool interface and defineTool config
• Python: skip_permission parameter in define_tool decorator
• Go: SkipPermission field on Tool struct
• .NET: skip_permission in AdditionalProperties (consistent with existing is_override pattern)

✅ API Naming - Language Conventions Respected

The naming follows each language's conventions appropriately:

• TypeScript: skipPermission (camelCase) ✅
• Python: skip_permission (snake_case) ✅
• Go: SkipPermission (PascalCase for exported field) ✅
• .NET: skip_permission in AdditionalProperties (snake_case key, matches is_override pattern) ✅

✅ Protocol Serialization - Consistent Wire Format

All SDKs serialize to the same JSON field name: "skipPermission" (camelCase, matching existing patterns like "overridesBuiltInTool").

✅ Documentation - Parallel Examples

Each SDK's README includes a dedicated "Skipping Permission Prompts" section with equivalent examples showing the same use case (safe lookup operation).

✅ Test Coverage - Comprehensive & Parallel

All SDKs include tests verifying:

• The flag is correctly serialized in tool definitions
• The flag is sent in both session.create and session.resume requests (where applicable)
• The flag is omitted when false (Go, Python explicitly test this)

Minor Observation (Non-Blocking)

The .NET implementation uses AdditionalProperties with a "skip_permission" key while other SDKs have dedicated properties/parameters. This is intentional and consistent with .NET's existing pattern for is_override, so it's the right design choice for that SDK.

Conclusion

No consistency issues found. This PR exemplifies excellent cross-SDK engineering: feature parity, consistent semantics, language-idiomatic APIs, and comprehensive test coverage. All changes maintain the established patterns within each SDK while achieving the same functionality across the board.

---

Generated by SDK Consistency Review Agent

Generated by SDK Consistency Review Agent for issue #808 · ◷

[github-actions]

✅ Cross-SDK Consistency Review

This PR successfully implements the skipPermission feature across all four SDK implementations with excellent consistency.

Summary

SDK	Field Name	Wire Format	Tests	Docs
Node.js	skipPermission (camelCase)	skipPermission	✅	✅
Python	skip_permission (snake_case)	skipPermission	✅	✅
Go	SkipPermission (PascalCase)	skipPermission	✅	✅
.NET	skip_permission (AdditionalProperties)	skipPermission	✅	✅

Key Consistency Points

✅ Correct naming conventions: Each SDK follows its language-specific idiom (camelCase, snake_case, PascalCase)
✅ Unified wire protocol: All SDKs serialize to the same JSON field skipPermission
✅ Consistent behavior: Field is omitted when false across all SDKs
✅ Complete coverage: Tests verify both session.create and session.resume in all SDKs
✅ Documentation: Each README includes equivalent usage examples
✅ E2E testing: Shared snapshot added for cross-SDK validation

.NET Implementation Note

The .NET SDK follows its existing pattern for tool flags by using AdditionalProperties with the skip_permission key (matching the existing is_override pattern), which is then extracted and mapped to the SkipPermission field in the ToolDefinition record. This approach maintains consistency with the SDK's existing architecture.

No consistency issues found. The feature is ready from a cross-SDK perspective! 🎉

Generated by SDK Consistency Review Agent for issue #808 · ◷

[github-actions]

✅ Cross-SDK Consistency Review: PASSED

This PR successfully implements the skipPermission feature across all four SDK implementations with excellent consistency. Here's what I found:

Feature Implementation Status

SDK	Implementation	Documentation	Tests	Naming Convention
Node.js/TypeScript	✅ skipPermission: boolean	✅ README example	✅ E2E test	camelCase
Python	✅ skip_permission: bool	✅ README example	✅ E2E test	snake_case
Go	✅ SkipPermission: bool	✅ README example	✅ E2E test	PascalCase
.NET	✅ SkipPermission?: bool?	✅ README example	✅ E2E test	PascalCase

API Design Consistency ✅

The implementation correctly follows language-specific conventions:

1. Property/Field Naming:

   • TypeScript: skipPermission (camelCase) ✅
   • Python: skip_permission (snake_case) ✅
   • Go: SkipPermission (PascalCase for exported field) ✅
   • .NET: Uses AdditionalProperties with key "skip_permission" ✅

2. Wire Format: All SDKs serialize to "skipPermission" in JSON-RPC (camelCase), maintaining protocol consistency ✅

3. Documentation: Each SDK's README includes a language-appropriate example in the same section (after "Overriding Built-in Tools") ✅

4. Test Coverage: All SDKs include identical E2E test scenarios using the shared test snapshot (test/snapshots/tools/skippermission_sent_in_tool_definition.yaml) ✅

Implementation Patterns ✅

Each SDK implements the feature using its established patterns:

• Node.js: Property on Tool interface + defineTool() config
• Python: Parameter in @define_tool() decorator + Tool dataclass field
• Go: Field on Tool struct (mutable after creation)
• .NET: Via AIFunctionFactoryOptions.AdditionalProperties["skip_permission"]

All implementations correctly map the field to the skipPermission JSON-RPC parameter when creating/resuming sessions.

Verdict

This PR exemplifies excellent cross-SDK consistency. The feature is:

• Implemented in all 4 languages ✅
• Follows each language's naming conventions ✅
• Maintains wire-format compatibility ✅
• Includes comprehensive documentation ✅
• Has test coverage across all SDKs ✅

No consistency issues found. Nice work! 🎉

Generated by SDK Consistency Review Agent for issue #808 · ◷

[github-actions]

✅ Cross-SDK Consistency Review

This PR successfully adds the skipPermission feature consistently across all four SDK implementations. Excellent work on maintaining feature parity!

✅ Consistent Implementation

All four SDKs implement the feature with appropriate language idioms:

SDK	API Pattern	JSON Field	Location
Node.js/TypeScript	skipPermission: boolean	skipPermission	Tool interface, defineTool()
Python	skip_permission: bool	skipPermission	Tool dataclass, @define_tool()
Go	SkipPermission bool	skipPermission	Tool struct with JSON tag
.NET	skip_permission in AdditionalProperties	SkipPermission	ToolDefinition record

✅ Complete Feature Parity

Each SDK includes:

• ✅ Type/struct field for the new property
• ✅ Proper serialization to JSON-RPC (all send skipPermission field to CLI)
• ✅ E2E test with same test scenario
• ✅ Documentation in README with code examples
• ✅ Shared test snapshot (test/snapshots/tools/skippermission_sent_in_tool_definition.yaml)

Language Idiom Compliance

The naming conventions correctly follow each language's standards:

• TypeScript/Go: camelCase in API (skipPermission / SkipPermission)
• Python: snake_case in API (skip_permission) → camelCase in JSON
• .NET: snake_case in dictionary key ("skip_permission") → PascalCase in record (SkipPermission)

All variants correctly serialize to skipPermission in the JSON-RPC payload, ensuring wire-format consistency.

No cross-SDK consistency issues found. 🎉

Generated by SDK Consistency Review Agent for issue #808 · ◷

[SteveSandersonMS]

Thanks!