Merge branch 'main' into edburns/1682-java-tool-ergonomics-review-draft-01

Author: edburns

.github/workflows/block-remove-before-merge.yml

@@ -11,6 +11,7 @@ permissions:
 jobs:
   check-paths:
     name: "No remove-before-merge directories"
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
       - name: Check for remove-before-merge paths in PR

dotnet/src/BearerTokenProvider.cs

@@ -0,0 +1,39 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *--------------------------------------------------------------------------------------------*/
+
+using System.Diagnostics.CodeAnalysis;
+
+namespace GitHub.Copilot;
+
+/// <summary>
+/// Arguments passed to a bearer-token callback (the <c>BearerTokenProvider</c> property
+/// on <see cref="ProviderConfig"/> / <see cref="NamedProviderConfig"/>) when the
+/// runtime needs a fresh bearer token for a BYOK provider.
+/// </summary>
+/// <remarks>
+/// Part of the experimental managed-identity / bearer-token-provider surface and
+/// may change or be removed in future SDK or CLI releases.
+/// </remarks>
+[Experimental(Diagnostics.Experimental)]
+public sealed class ProviderTokenArgs
+{
+    /// <summary>
+    /// Name of the BYOK provider needing a token. For the singular, whole-session
+    /// <see cref="ProviderConfig"/> this is the implicit provider name
+    /// (<c>"default"</c>); for <see cref="NamedProviderConfig"/> entries it is
+    /// <see cref="NamedProviderConfig.Name"/>.
+    /// </summary>
+    /// <remarks>
+    /// The callback closes over its own token scope/audience; the runtime is
+    /// provider-agnostic and forwards only the provider name.
+    /// </remarks>
+    public required string ProviderName { get; init; }
+
+    /// <summary>
+    /// Id of the session that triggered this token request. A client-level
+    /// shared callback registered for many sessions can use this to resolve the
+    /// owning session and scope token acquisition or caching per session.
+    /// </summary>
+    public required string SessionId { get; init; }
+}

dotnet/src/Client.cs

@@ -652,6 +652,7 @@ private CopilotSession InitializeSession(
         }
         ConfigureSessionFsHandlers(session, config.CreateSessionFsProvider);
         session.SetCanvasHandler(config.CanvasHandler);
+        session.RegisterBearerTokenProviders(BuildBearerTokenCallbacks(config));
         RegisterSession(session);
         session.StartProcessingEvents();
         LoggingHelpers.LogTiming(_logger, LogLevel.Debug, null,
@@ -664,6 +665,34 @@ private CopilotSession InitializeSession(
         return session;
     }
 
+    /// <summary>
+    /// Implicit provider name for the singular, whole-session <see cref="ProviderConfig"/>.
+    /// </summary>
+    private const string DefaultBearerTokenProviderName = "default";
+
+    /// <summary>
+    /// Collects the per-provider <c>BearerTokenProvider</c> callbacks keyed by
+    /// provider name for session-side registration. The singular, whole-session
+    /// <see cref="ProviderConfig"/> uses the implicit
+    /// <see cref="DefaultBearerTokenProviderName"/>.
+    /// </summary>
+    private static Dictionary<string, Func<ProviderTokenArgs, Task<string>>> BuildBearerTokenCallbacks(SessionConfigBase config)
+    {
+        var callbacks = new Dictionary<string, Func<ProviderTokenArgs, Task<string>>>(StringComparer.Ordinal);
+        if (config.Provider?.BearerTokenProvider is { } singular)
+        {
+            callbacks[DefaultBearerTokenProviderName] = singular;
+        }
+        if (config.Providers != null)
+        {
+            foreach (var provider in config.Providers.Where(provider => provider.BearerTokenProvider is not null))
+            {
+                callbacks[provider.Name] = provider.BearerTokenProvider!;
+            }
+        }
+        return callbacks;
+    }
+
     /// <summary>
     /// Catches misuse of <see cref="SessionConfigBase.AvailableTools"/> /
     /// <see cref="SessionConfigBase.ExcludedTools"/> at the SDK boundary so

dotnet/src/Generated/Rpc.cs

@@ -58,6 +58,7 @@ public sealed partial class CopilotSession : IAsyncDisposable
 {
     private readonly Dictionary<string, AIFunction> _toolHandlers = [];
     private readonly Dictionary<string, Func<CommandContext, Task>> _commandHandlers = [];
+    private readonly Dictionary<string, Func<ProviderTokenArgs, Task<string>>> _bearerTokenProviders = new(StringComparer.Ordinal);
     private readonly ILogger _logger;
     private readonly CopilotClient _parentClient;
 
@@ -76,9 +77,7 @@ private sealed record EventSubscription(Type EventType, Action<SessionEvent> Han
     private Dictionary<string, Func<string, Task<string>>>? _transformCallbacks;
     private readonly SemaphoreSlim _transformCallbacksLock = new(1, 1);
 
-#pragma warning disable GHCP001
     private IReadOnlyList<OpenCanvasInstance> _openCanvases = Array.Empty<OpenCanvasInstance>();
-#pragma warning restore GHCP001
 
     private int _isDisposed;
 
@@ -126,7 +125,6 @@ public SessionCapabilities Capabilities
         private set;
     }
 
-#pragma warning disable GHCP001
     /// <summary>
     /// Canvas instances currently known to be open for this session.
     /// </summary>
@@ -136,7 +134,6 @@ public SessionCapabilities Capabilities
     /// </remarks>
     [Experimental(Diagnostics.Experimental)]
     public IReadOnlyList<OpenCanvasInstance> OpenCanvases => _openCanvases;
-#pragma warning restore GHCP001
 
     /// <summary>
     /// Gets the UI API for eliciting information from the user during this session.
@@ -873,6 +870,51 @@ internal void RegisterAutoModeSwitchHandler(Func<AutoModeSwitchRequest, AutoMode
         _autoModeSwitchHandler = handler;
     }
 
+    /// <summary>
+    /// Registers per-provider <c>BearerTokenProvider</c> callbacks for BYOK
+    /// providers configured with managed-identity / on-demand bearer-token auth.
+    /// </summary>
+    /// <remarks>
+    /// The runtime never receives the callback itself; the SDK strips it from the
+    /// provider config and instead sends <c>hasBearerTokenProvider: true</c>. When
+    /// the runtime needs a token it issues a session-scoped
+    /// <c>providerToken.getToken</c> request, which this handler routes to the
+    /// matching per-provider callback.
+    /// </remarks>
+    /// <param name="providers">Map of provider name to callback, or null/empty to clear.</param>
+    internal void RegisterBearerTokenProviders(IReadOnlyDictionary<string, Func<ProviderTokenArgs, Task<string>>>? providers)
+    {
+        _bearerTokenProviders.Clear();
+        if (providers is null || providers.Count == 0)
+        {
+            ClientSessionApis.ProviderToken = null;
+            return;
+        }
+        foreach (var (name, callback) in providers)
+        {
+            _bearerTokenProviders[name] = callback;
+        }
+        ClientSessionApis.ProviderToken = new BearerTokenProviderHandler(this);
+    }
+
+    /// <summary>
+    /// Routes runtime <c>providerToken.getToken</c> requests to the matching
+    /// per-provider <c>BearerTokenProvider</c> callback registered on the session.
+    /// </summary>
+    private sealed class BearerTokenProviderHandler(CopilotSession session) : IProviderTokenHandler
+    {
+        public async Task<ProviderTokenAcquireResult> GetTokenAsync(ProviderTokenAcquireRequest request, CancellationToken cancellationToken = default)
+        {
+            if (!session._bearerTokenProviders.TryGetValue(request.ProviderName, out var callback))
+            {
+                throw new InvalidOperationException(
+                    $"No bearer-token provider registered for provider \"{request.ProviderName}\"");
+            }
+            var token = await callback(new ProviderTokenArgs { ProviderName = request.ProviderName, SessionId = request.SessionId }).ConfigureAwait(false);
+            return new ProviderTokenAcquireResult { Token = token };
+        }
+    }
+
     /// <summary>
     /// Sets the capabilities reported by the host for this session.
     /// </summary>
@@ -882,7 +924,6 @@ internal void SetCapabilities(SessionCapabilities? capabilities)
         Capabilities = capabilities ?? new SessionCapabilities();
     }
 
-#pragma warning disable GHCP001
     internal void SetOpenCanvases(IList<OpenCanvasInstance>? canvases)
     {
         _openCanvases = canvases is { Count: > 0 }
@@ -911,22 +952,19 @@ private void UpdateOpenCanvasesFromEvent(SessionEvent sessionEvent)
         var data = canvasEvent.Data;
         if (string.IsNullOrEmpty(data.InstanceId)
             || string.IsNullOrEmpty(data.CanvasId)
-            || string.IsNullOrEmpty(data.ExtensionId)
-            || string.IsNullOrEmpty(data.Availability.Value))
+            || string.IsNullOrEmpty(data.ExtensionId))
         {
             _logger.LogWarning("failed to deserialize session.canvas.opened payload");
             return;
         }
 
         UpsertOpenCanvas(new OpenCanvasInstance
         {
-            Availability = new CanvasInstanceAvailability(data.Availability.Value),
             CanvasId = data.CanvasId,
             ExtensionId = data.ExtensionId,
             ExtensionName = data.ExtensionName,
             Input = data.Input,
             InstanceId = data.InstanceId,
-            Reopen = data.Reopen,
             Status = data.Status,
             Title = data.Title,
             Url = data.Url,
@@ -962,7 +1000,6 @@ private static JsonElement SerializeActionResult(object? value)
         var element = CopilotClient.ToJsonElementForWire(value);
         return element ?? NullJsonElement;
     }
-#pragma warning restore GHCP001
 
     private sealed class CanvasHandlerAdapter(ICanvasHandler handler) : Rpc.ICanvasHandler
     {

dotnet/src/Generated/SessionEvents.cs

@@ -5,12 +5,14 @@
 using GitHub.Copilot.Rpc;
 using Microsoft.Extensions.AI;
 using Microsoft.Extensions.Logging;
+using System;
 using System.ComponentModel;
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 using System.Text.Json;
 using System.Text.Json.Nodes;
 using System.Text.Json.Serialization;
+using System.Threading.Tasks;
 
 namespace GitHub.Copilot;
 
@@ -2041,6 +2043,29 @@ public sealed class ProviderConfig
     [JsonPropertyName("bearerToken")]
     public string? BearerToken { get; set; }
 
+    /// <summary>
+    /// Wire-only flag, emitted automatically when <see cref="BearerTokenProvider"/> is set, that tells
+    /// the runtime to request a token over the session-scoped <c>providerToken.getToken</c> RPC
+    /// before each outbound request to this provider. Derived from <see cref="BearerTokenProvider"/>;
+    /// internal and never part of the public API.
+    /// </summary>
+    [JsonInclude]
+    [JsonPropertyName("hasBearerTokenProvider")]
+    internal bool? HasBearerTokenProvider => BearerTokenProvider is not null ? true : null;
+
+    /// <summary>
+    /// Per-request callback that resolves a bearer token on demand for this BYOK provider (for
+    /// example via Azure Managed Identity). The Copilot SDK takes no identity dependency: supply a
+    /// callback backed by your own identity library. Never serialized — setting it makes the SDK send
+    /// <c>hasBearerTokenProvider: true</c> on the wire and answer the runtime's
+    /// <c>providerToken.getToken</c> requests. When set alongside <see cref="ApiKey"/>/<see cref="BearerToken"/>, this callback takes precedence:
+    /// the runtime applies the token it returns as the Authorization: Bearer header for each request
+    /// and does not send the static credential.
+    /// </summary>
+    [JsonIgnore]
+    [Experimental(Diagnostics.Experimental)]
+    public Func<ProviderTokenArgs, Task<string>>? BearerTokenProvider { get; set; }
+
     /// <summary>
     /// Azure-specific configuration options.
     /// </summary>
@@ -2173,6 +2198,29 @@ public sealed class NamedProviderConfig
     [JsonPropertyName("bearerToken")]
     public string? BearerToken { get; set; }
 
+    /// <summary>
+    /// Wire-only flag, emitted automatically when <see cref="BearerTokenProvider"/> is set, that tells
+    /// the runtime to request a token over the session-scoped <c>providerToken.getToken</c> RPC
+    /// before each outbound request to this provider. Derived from <see cref="BearerTokenProvider"/>;
+    /// internal and never part of the public API.
+    /// </summary>
+    [JsonInclude]
+    [JsonPropertyName("hasBearerTokenProvider")]
+    internal bool? HasBearerTokenProvider => BearerTokenProvider is not null ? true : null;
+
+    /// <summary>
+    /// Per-request callback that resolves a bearer token on demand for this BYOK provider (for
+    /// example via Azure Managed Identity). The Copilot SDK takes no identity dependency: supply a
+    /// callback backed by your own identity library. Never serialized — setting it makes the SDK send
+    /// <c>hasBearerTokenProvider: true</c> on the wire and answer the runtime's
+    /// <c>providerToken.getToken</c> requests. When set alongside <see cref="ApiKey"/>/<see cref="BearerToken"/>, this callback takes precedence:
+    /// the runtime applies the token it returns as the Authorization: Bearer header for each request
+    /// and does not send the static credential.
+    /// </summary>
+    [JsonIgnore]
+    [Experimental(Diagnostics.Experimental)]
+    public Func<ProviderTokenArgs, Task<string>>? BearerTokenProvider { get; set; }
+
     /// <summary>
     /// Azure-specific configuration options.
     /// </summary>