Refactor permission system with context-aware requests and auto-resolution

[Copilot]

Refactors the permission system to make permission requests context-aware and automatically resolve matching pending permissions.

Permission Request Structure

• Changed from scalar callID to structured tool object containing messageID and callID
• Enables UI to display tool inputs and context when requesting permissions
• Removed message field in favor of deriving context from tool metadata

Tool Context Integration

Added ask() method to Tool.Context:

export type Context = {
  // ... existing fields
  ask(input: Omit<PermissionNext.Request, "id" | "sessionID" | "tool">): Promise<void>
}

Tools now request permissions directly through context rather than separate mechanisms. MCP tools now require explicit permission approval.

Auto-resolution

When user selects "always allow", the system:

1. Adds approved patterns to session ruleset
2. Automatically resolves other pending permissions in the same session that match the new patterns
3. Keeps permissions in-memory (not persisted) until management UI exists

Permission Merging

Standardized merge order across all agents: defaults → agent-specific rules → user config. Last matching rule wins, enabling user overrides.

UI Improvements

• Icon indicators per tool type (bash: #, edit: →, websearch: ◈, etc.)
• Scrollable diff views capped at 25% terminal height
• Context-aware displays showing actual tool inputs (file paths, commands, search queries)
• Clear messaging that "always allow" persists until restart only

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.