Skip to main content

GitHub Copilot SDK–Breaking change in permission handling

If you looked at an older GitHub Copilot SDK example online and copied it over, there is a chance that you see the following error message when you try to execute the code:


Unhandled exception. System.ArgumentException: An OnPermissionRequest handler is required when creating a session. For example, to allow all permissions, use CreateSessionAsync(new() { OnPermissionRequest = PermissionHandler.ApproveAll });
   at GitHub.Copilot.SDK.CopilotClient.CreateSessionAsync(SessionConfig config, CancellationToken cancellationToken)


So, what exactly is happening here? The important part is this:

An OnPermissionRequest handler is required when creating a session.

The GitHub Copilot SDK is designed with a permission-based execution model. Whenever Copilot wants to execute a tool, access resources, or perform potentially impactful operations, the SDK expects the host application to decide whether that action is allowed. This is done through the OnPermissionRequest callback.

With older versions, an allow-all default permission was set. But with newer versions,  you have to explicitly configure the callback handler.Without this handler, the SDK refuses to create a session because it would otherwise have no way to safely authorize actions.

In other words:

The SDK requires the application developer to explicitly define the permission strategy.

That’s actually a good design choice.

Imagine an AI agent suddenly being able to:

  • execute shell commands
  • modify files
  • call external APIs
  • trigger MCP tools
  • access secrets
  • manipulate Git repositories

without any permission checks.

The SDK forces developers to consciously think about the security model.

The quick fix

The exception message already hints at the simplest solution:

But be careful with ApproveAll. While ApproveAll is convenient during experimentation, demos, or local prototypes, it’s dangerous in real-world scenarios.

You are effectively giving the AI unrestricted access to every permission request.

That may include:

  • file system access
  • command execution
  • network calls
  • tool invocation
  • repository modifications

For production-grade applications, you should therefore implement your own permission handler.

A better approach

Instead of blindly approving everything, you can inspect the requested permission first.

For example:

This gives you full control over what the agent is allowed to do.

Labels:

Popular posts from this blog

Podman– Command execution failed with exit code 125

After updating WSL on one of the developer machines, Podman failed to work. When we took a look through Podman Desktop, we noticed that Podman had stopped running and returned the following error message: Error: Command execution failed with exit code 125 Here are the steps we tried to fix the issue: We started by running podman info to get some extra details on what could be wrong: >podman info OS: windows/amd64 provider: wsl version: 5.3.1 Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:2655: connectex: No connection could be made because the target machine actively refused it. That makes sense as the podman VM was not running. Let’s check the VM: >podman machine list NAME         ...
Read more

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.
Read more

VS Code Planning mode

After the introduction of Plan mode in Visual Studio , it now also found its way into VS Code. Planning mode, or as I like to call it 'Hannibal mode', extends GitHub Copilot's Agent Mode capabilities to handle larger, multi-step coding tasks with a structured approach. Instead of jumping straight into code generation, Planning mode creates a detailed execution plan. If you want more details, have a look at my previous post . Putting plan mode into action VS Code takes a different approach compared to Visual Studio when using plan mode. Instead of a configuration setting that you can activate but have limited control over, planning is available as a separate chat mode/agent: I like this approach better than how Visual Studio does it as you have explicit control when plan mode is activated. Instead of immediately diving into execution, the plan agent creates a plan and asks some follow up questions: You can further edit the plan by clicking on ‘Open in Editor’: ...
Read more