From ae591cc963c1c619ce101bbe7cadef8b06e44a52 Mon Sep 17 00:00:00 2001 From: Josh Spicer <23246594+joshspicer@users.noreply.github.com> Date: Mon, 29 Jun 2026 12:27:29 -0700 Subject: [PATCH] Forward selfFetchManagedSettings in session.create wire call Add selfFetchManagedSettings to SessionConfigBase and forward it in the session.create RPC payload. This allows hosts (e.g. VS Code AHP) to opt the runtime into enterprise managed-settings self-fetch and enforcement. Without this change, the field is silently dropped by the explicit field list in client.ts and never reaches the runtime. Requires: github/copilot-agent-runtime#agents/managed-settings-sdk-capability --- nodejs/src/client.ts | 2 ++ nodejs/src/types.ts | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/nodejs/src/client.ts b/nodejs/src/client.ts index 613985103..c306e88ba 100644 --- a/nodejs/src/client.ts +++ b/nodejs/src/client.ts @@ -1449,6 +1449,7 @@ export class CopilotClient { remoteSession: config.remoteSession, cloud: config.cloud, expAssignments: config.expAssignments, + selfFetchManagedSettings: config.selfFetchManagedSettings, }); const { @@ -1660,6 +1661,7 @@ export class CopilotClient { remoteSession: config.remoteSession, openCanvases: config.openCanvases, expAssignments: config.expAssignments, + selfFetchManagedSettings: config.selfFetchManagedSettings, }); const { workspacePath, capabilities, openCanvases } = response as { diff --git a/nodejs/src/types.ts b/nodejs/src/types.ts index 4adb35b25..dd1d3f8ae 100644 --- a/nodejs/src/types.ts +++ b/nodejs/src/types.ts @@ -2149,6 +2149,14 @@ export interface SessionConfigBase { */ gitHubToken?: string; + /** + * Opt-in: when true, the runtime self-fetches enterprise managed settings + * (bypass-permissions policy) at session bootstrap using the session's + * `gitHubToken`. The runtime calls `/copilot_internal/managed_settings` + * and enforces the result fail-closed before the first turn. + */ + selfFetchManagedSettings?: boolean; + /** * When true, skips embedding-based retrieval for this session. * Use in multitenant deployments to prevent cross-session information leakage