AH: adopt sdk llm-judged tools#325547
Draft
justschen wants to merge 12 commits into
Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds model-judged “Auto-permissions” to Agent Host sessions and surfaces approval explanations in confirmation UI.
Changes:
- Adds Assisted approval schemas, settings, pickers, warnings, and policy handling.
- Integrates SDK permission modes and model recommendations with live session configuration.
- Propagates approval reasons through AHP and expands tests/documentation.
Show a summary per file
| File | Description |
|---|---|
src/vs/platform/agentHost/common/agentHostSchema.ts |
Adds Assisted approval schema. |
src/vs/platform/agentHost/common/agentService.ts |
Adds live config callback. |
src/vs/platform/agentHost/common/sessionConfigKeys.ts |
Updates recognized approval values. |
src/vs/platform/agentHost/common/state/protocol/channels-chat/actions.ts |
Adds approval reason to actions. |
src/vs/platform/agentHost/common/state/protocol/channels-chat/reducer.ts |
Reduces approval reasons into state. |
src/vs/platform/agentHost/common/state/protocol/channels-chat/state.ts |
Stores pending approval reasons. |
src/vs/platform/agentHost/node/agentSideEffects.ts |
Forwards live config changes. |
src/vs/platform/agentHost/node/copilot/copilotAgent.ts |
Enables SDK judging and synchronization. |
src/vs/platform/agentHost/node/copilot/copilotAgentSession.ts |
Implements SDK permission modes and recommendations. |
src/vs/platform/agentHost/node/sessionPermissions.ts |
Exposes effective approval levels. |
src/vs/platform/agentHost/test/common/agentHostSchema.test.ts |
Tests Assisted schema validation. |
src/vs/platform/agentHost/test/node/agentSideEffects.test.ts |
Tests config forwarding. |
src/vs/platform/agentHost/test/node/copilotAgentSession.test.ts |
Tests SDK permission behavior. |
src/vs/platform/agentHost/test/node/mockAgent.ts |
Records live config callbacks. |
src/vs/sessions/SESSIONS.md |
Documents permission-mode behavior. |
src/vs/sessions/contrib/providers/agentHost/browser/agentHostPermissionPickerDelegate.ts |
Offers Assisted permissions. |
src/vs/sessions/contrib/providers/agentHost/browser/agentHostSessionConfigPicker.ts |
Styles and confirms Assisted selections. |
src/vs/sessions/contrib/providers/agentHost/browser/baseAgentHostSessionsProvider.ts |
Updates approval normalization documentation. |
src/vs/sessions/contrib/providers/agentHost/test/browser/agentHost/agentHostPermissionPickerDelegate.test.ts |
Tests Assisted picker behavior. |
src/vs/sessions/contrib/providers/copilotChatSessions/browser/permissionPicker.ts |
Adds Assisted picker metadata. |
src/vs/workbench/contrib/chat/browser/agentSessions/agentHost/agentHostChatInputPicker.ts |
Supports Assisted in Agent Host picker. |
src/vs/workbench/contrib/chat/browser/agentSessions/agentHost/stateToProgressAdapter.ts |
Adapts approval reasons to confirmations. |
src/vs/workbench/contrib/chat/browser/chat.shared.contribution.ts |
Registers Assisted default configuration. |
src/vs/workbench/contrib/chat/browser/widget/chatContentParts/toolInvocationParts/abstractToolConfirmationSubPart.ts |
Renders approval-reason badges. |
src/vs/workbench/contrib/chat/browser/widget/chatContentParts/toolInvocationParts/chatTerminalToolConfirmationSubPart.ts |
Adds terminal approval-reason badges. |
src/vs/workbench/contrib/chat/browser/widget/chatContentParts/toolInvocationParts/toolRiskBadgeHelper.ts |
Creates badges from approval reasons. |
src/vs/workbench/contrib/chat/browser/widget/input/permissionPickerActionItem.ts |
Adds Assisted labels and styling. |
src/vs/workbench/contrib/chat/common/chatPermissionStorageKeys.ts |
Adds Assisted warning storage key. |
src/vs/workbench/contrib/chat/common/chatPermissionWarnings.ts |
Adds Assisted warning flow. |
src/vs/workbench/contrib/chat/common/chatService/chatServiceTelemetry.ts |
Documents Assisted telemetry values. |
src/vs/workbench/contrib/chat/common/constants.ts |
Defines Assisted permission level. |
src/vs/workbench/contrib/chat/common/tools/languageModelToolsService.ts |
Adds confirmation approval reasons. |
src/vs/workbench/contrib/chat/test/browser/agentSessions/stateToProgressAdapter.test.ts |
Tests approval-reason propagation. |
src/vs/workbench/contrib/chat/test/common/chatPermissionWarnings.test.ts |
Tests Assisted warning precedence. |
Review details
Comments suppressed due to low confidence (2)
src/vs/platform/agentHost/node/copilot/copilotAgent.ts:2886
- A replace-style config update can clear
autoApproveby omitting the property, but this early return then leaves every live SDK chat in its previouson/automode while session state shows Default. This is especially unsafe when clearing Bypass during an active turn. Synchronize on every session-config change (the sync method already no-ops when the mode is unchanged), or pass the replace flag and handle omissions explicitly.
respondToPermissionRequest(requestId: string, approved: boolean): void {
for (const entry of this._sessions.values()) {
for (const chat of entry.allChatSessions()) {
src/vs/platform/agentHost/node/copilot/copilotAgentSession.ts:2272
- Global auto-approve participates in
_getSdkPermissionMode, but live synchronization is only triggered at turn start and bySessionConfigChanged. Disabling the global setting during an active turn therefore leaves an already-applied SDKonmode active until the next turn, contrary to the documented immediate update and allowing subsequent tool calls to bypass confirmation. Root-config changes to this key also need to synchronize every in-memory chat.
* the in-memory write completes (e.g. the session was aborted), the
* just-written entry is deleted so it cannot leak.
*/
private async _buildEditsForPermission(request: ITypedPermissionRequest, toolCallId: string): Promise<{ items: FileEdit[] } | undefined> {
if (request.kind !== 'write') {
- Files reviewed: 34/34 changed files
- Comments generated: 3
- Review effort level: Medium
Collaborator
Author
|
@copilot resolve the merge conflicts in this pull request |
Co-authored-by: justschen <54879025+justschen@users.noreply.github.com>
Co-authored-by: justschen <54879025+justschen@users.noreply.github.com>
Contributor
Resolved in |
connor4312
reviewed
Jul 13, 2026
connor4312
reviewed
Jul 13, 2026
Contributor
|
Base:
|
Collaborator
Author
|
@copilot resolve the merge conflicts in this pull request |
Co-authored-by: justschen <54879025+justschen@users.noreply.github.com>
Contributor
Resolved in merge commit |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
auto-permissions to Agent Host permission controls, delegating approval decisions to the Copilot SDK’s model-based judge.
Implementation note
The
permission.requestedevent wrapper is intentionally restored in this PR. It was previously removed when the SDK 1.0.7 tool-call ordering fix made its old ordering-workaround consumer obsolete. Auto-permissions now needs the raw event again to capture and correlate the SDK judge’sautoApprovalrecommendation and reason by tool call ID; the permission handler callback does not include that metadata.