Description
Issue
When using GitHubCopilotAgent with MapAGUI, the Copilot SDK's permission.requested events (including MCP tool call approvals) are not translated into AG-UI human-in-the-loop events. The user has no opportunity to approve or deny tool calls in the AG-UI client.
Description
The Copilot SDK emits permission.requested events for all tool executions, including MCP tool calls (kind: "mcp"). The GitHubCopilotAgent.RunCoreStreamingAsync() correctly passes OnPermissionRequest through to the SessionConfig and catches unhandled events via the default branch, wrapping them as AIContent with RawRepresentation = sessionEvent.
However, AsAGUIEventStreamAsync() does not recognize permission.requested events from RawRepresentation and does not emit the corresponding AG-UI human-in-the-loop protocol events. This means when using MapAGUI with a Copilot SDK-backed agent, the only option is PermissionHandler.ApproveAll — there is no way to surface permission requests to the AG-UI client (e.g., CopilotKit) for user approval.
Expected Behavior
When OnPermissionRequest is NOT set to ApproveAll, the AG-UI adapter should:
- Detect
permission.requested events in RawRepresentation within the AgentResponseUpdate stream
- Emit AG-UI
TOOL_CALL_START events with approval-required semantics (similar to ServerFunctionApprovalAgent pattern)
- Pause the SSE stream and wait for the client to send an approve/deny response
- Forward the user's decision back to
session.respondToPermission() via the OnPermissionRequest callback
This would enable AG-UI clients like CopilotKit (useHumanInTheLoop) to show native approve/deny UI for ALL tool calls — including MCP tools — without requiring ServerFunctionApprovalAgent or custom side channels.
Current Workarounds
- CopilotKit
useHumanInTheLoop — intercepts at AG-UI protocol level before reaching backend, but only works with CopilotKit clients
ServerFunctionApprovalAgent — unclean and complex, still not tied to core copilot sdk permission handlerPermissionHandler.ApproveAll — auto-approves everything, no user oversight
Relevant Source Code
Package Versions
Microsoft.Agents.AI.GitHub.Copilot 1.0.0-preview.260311.1Microsoft.Agents.AI.Hosting.AGUI.AspNetCore 1.0.0-preview.260311.1GitHub.Copilot.SDK 0.1.33-preview.3
.NET Version
10.0
Additional Context
The Copilot SDK's permission.requested event includes a kind discriminator with values: "shell", "write", "read", "mcp", "url", "custom-tool". Each carries tool-specific metadata (e.g., serverName, toolName, args for MCP). This is rich enough data to generate proper AG-UI tool call approval events.
Code Sample
Language/SDK
.NET
Description
Issue
When using
GitHubCopilotAgentwithMapAGUI, the Copilot SDK'spermission.requestedevents (including MCP tool call approvals) are not translated into AG-UI human-in-the-loop events. The user has no opportunity to approve or deny tool calls in the AG-UI client.Description
The Copilot SDK emits
permission.requestedevents for all tool executions, including MCP tool calls (kind: "mcp"). TheGitHubCopilotAgent.RunCoreStreamingAsync()correctly passesOnPermissionRequestthrough to theSessionConfigand catches unhandled events via thedefaultbranch, wrapping them asAIContentwithRawRepresentation = sessionEvent.However,
AsAGUIEventStreamAsync()does not recognizepermission.requestedevents fromRawRepresentationand does not emit the corresponding AG-UI human-in-the-loop protocol events. This means when usingMapAGUIwith a Copilot SDK-backed agent, the only option isPermissionHandler.ApproveAll— there is no way to surface permission requests to the AG-UI client (e.g., CopilotKit) for user approval.Expected Behavior
When
OnPermissionRequestis NOT set toApproveAll, the AG-UI adapter should:permission.requestedevents inRawRepresentationwithin theAgentResponseUpdatestreamTOOL_CALL_STARTevents with approval-required semantics (similar toServerFunctionApprovalAgentpattern)session.respondToPermission()via theOnPermissionRequestcallbackThis would enable AG-UI clients like CopilotKit (
useHumanInTheLoop) to show native approve/deny UI for ALL tool calls — including MCP tools — without requiringServerFunctionApprovalAgentor custom side channels.Current Workarounds
useHumanInTheLoop— intercepts at AG-UI protocol level before reaching backend, but only works with CopilotKit clientsServerFunctionApprovalAgent— unclean and complex, still not tied to core copilot sdk permission handlerPermissionHandler.ApproveAll— auto-approves everything, no user oversightRelevant Source Code
GitHubCopilotAgent.csL268-290 — event subscription withdefaultbranch catchingpermission.requestedGitHubCopilotAgent.csL328 —CopySessionConfigpassesOnPermissionRequestthroughpermission.requestedwith MCP kindPackage Versions
Microsoft.Agents.AI.GitHub.Copilot1.0.0-preview.260311.1Microsoft.Agents.AI.Hosting.AGUI.AspNetCore1.0.0-preview.260311.1GitHub.Copilot.SDK0.1.33-preview.3.NET Version
10.0
Additional Context
The Copilot SDK's
permission.requestedevent includes akinddiscriminator with values:"shell","write","read","mcp","url","custom-tool". Each carries tool-specific metadata (e.g.,serverName,toolName,argsfor MCP). This is rich enough data to generate proper AG-UI tool call approval events.Code Sample
Language/SDK
.NET