Python: Align GitHub Copilot provider function approval to use SDK on_pre_tool_use hook

[giles17]

Motivation & Context

The Python agent-framework-github-copilot provider enforced function approval itself: every FunctionTool was wrapped in an SDK tool-handler that, for tools declared with approval_mode="always_require", awaited an on_function_approval callback before executing (denying by default when none was configured).

The GitHub Copilot SDK already exposes a native pre-execution hook (on_pre_tool_use) that can return "ask" and route the decision to on_permission_request. The AF-level callback therefore duplicated SDK functionality and diverged from the .NET provider. This change adopts the SDK-native model so the two providers behave consistently (follow-up to #6671 / #6674).

Description & Review Guide

• What are the major changes?

  • When a FunctionTool declared with approval_mode="always_require" is registered and the caller has not supplied their own on_pre_tool_use hook, GitHubCopilotAgent installs a default on_pre_tool_use hook that returns "ask" for those tools (routing the decision to on_permission_request) and defers (None) for all other tools.
  • If the caller supplies their own on_pre_tool_use (via default_options or per-run options), it takes precedence and the caller owns approval handling; the agent logs a warning naming any approval-required tool that will therefore not be auto-gated.
  • The hook is built in _build_session_hooks and passed via the SDK's existing hooks= parameter to create_session/resume_session (computed where the full tool set is known).
  • Removed the bespoke enforcement path: the on_function_approval option, the FunctionApprovalCallback type, the _resolve_function_approval helper, the per-run rejection guards, and the approval branch in the tool handler.
  • Added an on_pre_tool_use option to GitHubCopilotOptions; updated tests, the package README, and the function-approval sample.

• What is the impact of these changes?

  • Approval-required tools are gated through the SDK's native mechanism and surface through on_permission_request. With the default deny-all permission handler they remain secure-by-default. Non-approval tools are unaffected.
  • Behavioral change for callers who used on_function_approval: they now configure approval via on_permission_request (and optionally on_pre_tool_use). The provider is pre-release, so this is not a breaking change to a stable API.

• What do you want reviewers to focus on?

  • The composition rule when a caller supplies their own on_pre_tool_use (override + warning), and that the default hook only asks for always_require tools while deferring everything else.

Related Issue

Fixes #6746

Contribution Checklist

• The code builds clean without any errors or warnings
• All unit tests pass, and I have added new tests where possible
• The PR follows the Contribution Guidelines
• This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
• This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

[github-actions]

Python Test Coverage Report •

File	Stmts	Miss	Cover	Missing
packages/github_copilot/agent_framework_github_copilot
_agent.py	333	11	96%	53–54, 439, 454–455, 739–740, 760, 763, 895, 936
TOTAL	42548	5086	88%

Python Unit Test Overview

Tests	Skipped	Failures	Errors	Time
8325	37 💤	0 ❌	0 🔥	2m 15s ⏱️

[Copilot]

Pull request overview

Aligns the Python agent-framework-github-copilot provider’s function-tool approval gating with the GitHub Copilot SDK’s native on_pre_tool_use hook, removing the bespoke on_function_approval path so behavior matches the .NET provider and the SDK’s intended flow.

Changes:

• Removed agent-level on_function_approval enforcement and shifted approval-required tool gating to an SDK on_pre_tool_use hook that returns "ask" for approval_mode="always_require" tools.
• Added on_pre_tool_use to GitHubCopilotOptions, wired hooks= into session create/resume, and implemented precedence + warning behavior when callers supply their own hook.
• Updated unit tests, README guidance, and the function-approval sample to reflect the new approval mechanism via on_permission_request.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
python/samples/02-agents/providers/github_copilot/github_copilot_with_function_approval.py	Updates the sample to demonstrate SDK-native tool approval via on_pre_tool_use → on_permission_request.
python/packages/github_copilot/tests/test_github_copilot_agent.py	Reworks tests to validate default hook behavior, precedence/warnings, and forwarding of hooks to SDK sessions.
python/packages/github_copilot/README.md	Documents the new approval flow and precedence rules for custom on_pre_tool_use.
python/packages/github_copilot/agent_framework_github_copilot/_agent.py	Implements _build_session_hooks and forwards hooks to create_session/resume_session; removes bespoke approval callback machinery.

[github-actions]

Automated Code Review

Reviewers: 5 | Confidence: 90% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach

---

Automated review by giles17's agents

[github-actions]

Automated Code Review

Reviewers: 5 | Confidence: 86% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach

---

Automated review by giles17's agents