feat: add granular per-session flags for multitenancy hardening

Add 7 new optional fields to SessionConfigBase across all 6 SDK languages
(Node.js, Go, Python, .NET, Rust, Java):

- skipEmbeddingRetrieval: prevent cross-session info leakage via embedding cache
- organizationCustomInstructions: inject org-level instructions into system prompt
- enableOnDemandInstructionDiscovery: control instruction file discovery after file views
- enableFileHooks: control loading of file-based hooks from .github/hooks/
- enableHostGitOperations: control git operations on host filesystem
- enableSessionStore: control cross-session store for search/retrieval
- enableSkills: control skill loading (builtin + discovered)

All fields are optional and pass through to the runtime without SDK-side
default coercion. Empty mode applies restrictive defaults for multitenancy.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: MackinnonBuck

dotnet/src/Client.cs

@@ -572,6 +572,12 @@ private void ApplyConfigDefaultsForMode(SessionConfigBase config)
         if (_options.Mode == CopilotClientMode.Empty)
         {
             config.EnableSessionTelemetry ??= false;
+            config.SkipEmbeddingRetrieval ??= true;
+            config.EnableOnDemandInstructionDiscovery ??= false;
+            config.EnableFileHooks ??= false;
+            config.EnableHostGitOperations ??= false;
+            config.EnableSessionStore ??= false;
+            config.EnableSkills ??= false;
         }
     }
 
@@ -829,6 +835,13 @@ public async Task<CopilotSession> CreateSessionAsync(SessionConfig config, Cance
                 config.Agent,
                 config.ConfigDir,
                 config.EnableConfigDiscovery,
+                config.SkipEmbeddingRetrieval,
+                config.OrganizationCustomInstructions,
+                config.EnableOnDemandInstructionDiscovery,
+                config.EnableFileHooks,
+                config.EnableHostGitOperations,
+                config.EnableSessionStore,
+                config.EnableSkills,
                 config.SkillDirectories,
                 config.DisabledSkills,
                 config.InfiniteSessions,
@@ -995,6 +1008,13 @@ public async Task<CopilotSession> ResumeSessionAsync(string sessionId, ResumeSes
                 config.WorkingDirectory,
                 config.ConfigDir,
                 config.EnableConfigDiscovery,
+                config.SkipEmbeddingRetrieval,
+                config.OrganizationCustomInstructions,
+                config.EnableOnDemandInstructionDiscovery,
+                config.EnableFileHooks,
+                config.EnableHostGitOperations,
+                config.EnableSessionStore,
+                config.EnableSkills,
                 config.SuppressResumeEvent is true ? true : null,
                 config.Streaming is true ? true : null,
                 config.IncludeSubAgentStreamingEvents,
@@ -2110,6 +2130,13 @@ internal record CreateSessionRequest(
         string? Agent,
         string? ConfigDir,
         bool? EnableConfigDiscovery,
+        bool? SkipEmbeddingRetrieval,
+        string? OrganizationCustomInstructions,
+        bool? EnableOnDemandInstructionDiscovery,
+        bool? EnableFileHooks,
+        bool? EnableHostGitOperations,
+        bool? EnableSessionStore,
+        bool? EnableSkills,
         IList<string>? SkillDirectories,
         IList<string>? DisabledSkills,
         InfiniteSessionConfig? InfiniteSessions,
@@ -2174,6 +2201,13 @@ internal record ResumeSessionRequest(
         string? WorkingDirectory,
         string? ConfigDir,
         bool? EnableConfigDiscovery,
+        bool? SkipEmbeddingRetrieval,
+        string? OrganizationCustomInstructions,
+        bool? EnableOnDemandInstructionDiscovery,
+        bool? EnableFileHooks,
+        bool? EnableHostGitOperations,
+        bool? EnableSessionStore,
+        bool? EnableSkills,
         bool? SuppressResumeEvent,
         bool? Streaming,
         bool? IncludeSubAgentStreamingEvents,

dotnet/src/Types.cs

@@ -2345,6 +2345,13 @@ protected SessionConfigBase(SessionConfigBase? other)
         Agent = other.Agent;
         DisabledSkills = other.DisabledSkills is not null ? [.. other.DisabledSkills] : null;
         EnableConfigDiscovery = other.EnableConfigDiscovery;
+        SkipEmbeddingRetrieval = other.SkipEmbeddingRetrieval;
+        OrganizationCustomInstructions = other.OrganizationCustomInstructions;
+        EnableOnDemandInstructionDiscovery = other.EnableOnDemandInstructionDiscovery;
+        EnableFileHooks = other.EnableFileHooks;
+        EnableHostGitOperations = other.EnableHostGitOperations;
+        EnableSessionStore = other.EnableSessionStore;
+        EnableSkills = other.EnableSkills;
         ExcludedTools = other.ExcludedTools is not null ? [.. other.ExcludedTools] : null;
         Hooks = other.Hooks;
         InfiniteSessions = other.InfiniteSessions;
@@ -2422,6 +2429,56 @@ protected SessionConfigBase(SessionConfigBase? other)
     /// </summary>
     public bool? EnableConfigDiscovery { get; set; }
 
+    /// <summary>
+    /// When <see langword="true"/>, skips embedding-based retrieval for this session.
+    /// Use in multitenant deployments to prevent cross-session information leakage
+    /// through the shared embedding cache.
+    /// </summary>
+    public bool? SkipEmbeddingRetrieval { get; set; }
+
+    /// <summary>
+    /// Organization-level custom instructions to include in the system prompt.
+    /// Allows hosts to inject organization-specific guidance without relying on
+    /// filesystem-based instruction discovery.
+    /// </summary>
+    public string? OrganizationCustomInstructions { get; set; }
+
+    /// <summary>
+    /// When <see langword="true"/>, enables on-demand discovery of instruction files
+    /// (for example <c>AGENTS.md</c> and <c>.github/copilot-instructions.md</c>)
+    /// after successful file views.
+    /// </summary>
+    public bool? EnableOnDemandInstructionDiscovery { get; set; }
+
+    /// <summary>
+    /// When <see langword="true"/>, enables loading of file-based hooks from
+    /// <c>.github/hooks/</c>. This is separate from <see cref="Hooks"/>, which
+    /// controls SDK hook callback registration.
+    /// </summary>
+    public bool? EnableFileHooks { get; set; }
+
+    /// <summary>
+    /// When <see langword="true"/>, enables git operations on the host filesystem
+    /// such as branch detection, file status, and commit history. When
+    /// <see langword="false"/>, no git context is surfaced in the system prompt.
+    /// </summary>
+    public bool? EnableHostGitOperations { get; set; }
+
+    /// <summary>
+    /// When <see langword="true"/>, enables the cross-session store for search and
+    /// retrieval across sessions. When <see langword="false"/>, session content is
+    /// not written to or read from the shared session store.
+    /// </summary>
+    public bool? EnableSessionStore { get; set; }
+
+    /// <summary>
+    /// When <see langword="true"/>, enables skill loading, including built-in
+    /// skills and discovered skill directories. When <see langword="false"/>, no
+    /// skills are loaded regardless of <see cref="SkillDirectories"/> or
+    /// <see cref="EnableConfigDiscovery"/>.
+    /// </summary>
+    public bool? EnableSkills { get; set; }
+
     /// <summary>
     /// Custom tool declarations available to the language model during the session.
     /// Declarations backed by an <see cref="AIFunction"/> are invoked automatically; declarations without one

dotnet/test/E2E/ClientOptionsE2ETests.cs

@@ -177,6 +177,77 @@ public async Task Should_Omit_EnableSessionTelemetry_When_Not_Set()
         await session.DisposeAsync();
     }
 
+    [Fact]
+    public async Task Should_Forward_New_Session_Config_Fields_In_Create_Wire_Request()
+    {
+        var (cliPath, capturePath) = await CreateFakeCliCaptureAsync();
+
+        await using var client = Ctx.CreateClient(options: new CopilotClientOptions
+        {
+            Connection = RuntimeConnection.ForStdio(path: cliPath, args: ["--capture-file", capturePath]),
+            UseLoggedInUser = false,
+        });
+
+        await client.StartAsync();
+
+        var session = await client.CreateSessionAsync(new SessionConfig
+        {
+            SkipEmbeddingRetrieval = false,
+            OrganizationCustomInstructions = "Follow org policy.",
+            EnableOnDemandInstructionDiscovery = true,
+            EnableFileHooks = true,
+            EnableHostGitOperations = false,
+            EnableSessionStore = true,
+            EnableSkills = false,
+            OnPermissionRequest = PermissionHandler.ApproveAll,
+        });
+
+        using var capture = JsonDocument.Parse(await File.ReadAllTextAsync(capturePath));
+        var createRequest = GetCapturedRequestParams(capture.RootElement, "session.create");
+        Assert.False(createRequest.GetProperty("skipEmbeddingRetrieval").GetBoolean());
+        Assert.Equal("Follow org policy.", createRequest.GetProperty("organizationCustomInstructions").GetString());
+        Assert.True(createRequest.GetProperty("enableOnDemandInstructionDiscovery").GetBoolean());
+        Assert.True(createRequest.GetProperty("enableFileHooks").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableHostGitOperations").GetBoolean());
+        Assert.True(createRequest.GetProperty("enableSessionStore").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableSkills").GetBoolean());
+
+        await session.DisposeAsync();
+    }
+
+    [Fact]
+    public async Task Should_Apply_Empty_Mode_Defaults_To_CreateSession_Wire_Request()
+    {
+        var (cliPath, capturePath) = await CreateFakeCliCaptureAsync();
+
+        await using var client = Ctx.CreateClient(options: new CopilotClientOptions
+        {
+            Connection = RuntimeConnection.ForStdio(path: cliPath, args: ["--capture-file", capturePath]),
+            Mode = CopilotClientMode.Empty,
+            UseLoggedInUser = false,
+        });
+
+        await client.StartAsync();
+
+        var session = await client.CreateSessionAsync(new SessionConfig
+        {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
+        });
+
+        using var capture = JsonDocument.Parse(await File.ReadAllTextAsync(capturePath));
+        var createRequest = GetCapturedRequestParams(capture.RootElement, "session.create");
+        Assert.False(createRequest.GetProperty("enableSessionTelemetry").GetBoolean());
+        Assert.True(createRequest.GetProperty("skipEmbeddingRetrieval").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableOnDemandInstructionDiscovery").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableFileHooks").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableHostGitOperations").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableSessionStore").GetBoolean());
+        Assert.False(createRequest.GetProperty("enableSkills").GetBoolean());
+        Assert.False(createRequest.TryGetProperty("organizationCustomInstructions", out _));
+
+        await session.DisposeAsync();
+    }
+
     [Fact]
     public async Task Should_Propagate_Activity_TraceContext_To_Session_Create_And_Send()
     {
@@ -293,6 +364,77 @@ public async Task Should_Propagate_Activity_TraceContext_To_Session_Resume()
         await session.DisposeAsync();
     }
 
+    [Fact]
+    public async Task Should_Forward_New_Session_Config_Fields_In_Resume_Wire_Request()
+    {
+        var (cliPath, capturePath) = await CreateFakeCliCaptureAsync();
+
+        await using var client = Ctx.CreateClient(options: new CopilotClientOptions
+        {
+            Connection = RuntimeConnection.ForStdio(path: cliPath, args: ["--capture-file", capturePath]),
+            UseLoggedInUser = false,
+        });
+
+        await client.StartAsync();
+
+        var session = await client.ResumeSessionAsync("resume-session", new ResumeSessionConfig
+        {
+            SkipEmbeddingRetrieval = false,
+            OrganizationCustomInstructions = "Resume org policy.",
+            EnableOnDemandInstructionDiscovery = true,
+            EnableFileHooks = true,
+            EnableHostGitOperations = false,
+            EnableSessionStore = true,
+            EnableSkills = false,
+            OnPermissionRequest = PermissionHandler.ApproveAll,
+        });
+
+        using var capture = JsonDocument.Parse(await File.ReadAllTextAsync(capturePath));
+        var resumeRequest = GetCapturedRequestParams(capture.RootElement, "session.resume");
+        Assert.False(resumeRequest.GetProperty("skipEmbeddingRetrieval").GetBoolean());
+        Assert.Equal("Resume org policy.", resumeRequest.GetProperty("organizationCustomInstructions").GetString());
+        Assert.True(resumeRequest.GetProperty("enableOnDemandInstructionDiscovery").GetBoolean());
+        Assert.True(resumeRequest.GetProperty("enableFileHooks").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableHostGitOperations").GetBoolean());
+        Assert.True(resumeRequest.GetProperty("enableSessionStore").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableSkills").GetBoolean());
+
+        await session.DisposeAsync();
+    }
+
+    [Fact]
+    public async Task Should_Apply_Empty_Mode_Defaults_To_ResumeSession_Wire_Request()
+    {
+        var (cliPath, capturePath) = await CreateFakeCliCaptureAsync();
+
+        await using var client = Ctx.CreateClient(options: new CopilotClientOptions
+        {
+            Connection = RuntimeConnection.ForStdio(path: cliPath, args: ["--capture-file", capturePath]),
+            Mode = CopilotClientMode.Empty,
+            UseLoggedInUser = false,
+        });
+
+        await client.StartAsync();
+
+        var session = await client.ResumeSessionAsync("resume-empty-session", new ResumeSessionConfig
+        {
+            OnPermissionRequest = PermissionHandler.ApproveAll,
+        });
+
+        using var capture = JsonDocument.Parse(await File.ReadAllTextAsync(capturePath));
+        var resumeRequest = GetCapturedRequestParams(capture.RootElement, "session.resume");
+        Assert.False(resumeRequest.GetProperty("enableSessionTelemetry").GetBoolean());
+        Assert.True(resumeRequest.GetProperty("skipEmbeddingRetrieval").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableOnDemandInstructionDiscovery").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableFileHooks").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableHostGitOperations").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableSessionStore").GetBoolean());
+        Assert.False(resumeRequest.GetProperty("enableSkills").GetBoolean());
+        Assert.False(resumeRequest.TryGetProperty("organizationCustomInstructions", out _));
+
+        await session.DisposeAsync();
+    }
+
     [Fact]
     public void Should_Accept_GitHubToken_Option()
     {

go/client.go

@@ -608,6 +608,13 @@ func (c *Client) CreateSession(ctx context.Context, config *SessionConfig) (*Ses
 	if config.EnableConfigDiscovery {
 		req.EnableConfigDiscovery = Bool(true)
 	}
+	req.SkipEmbeddingRetrieval = config.SkipEmbeddingRetrieval
+	req.OrganizationCustomInstructions = config.OrganizationCustomInstructions
+	req.EnableOnDemandInstructionDiscovery = config.EnableOnDemandInstructionDiscovery
+	req.EnableFileHooks = config.EnableFileHooks
+	req.EnableHostGitOperations = config.EnableHostGitOperations
+	req.EnableSessionStore = config.EnableSessionStore
+	req.EnableSkills = config.EnableSkills
 	req.Tools = config.Tools
 	systemMessage := c.systemMessageForMode(config.SystemMessage)
 	wireSystemMessage, transformCallbacks := extractTransformCallbacks(systemMessage)
@@ -866,6 +873,13 @@ func (c *Client) ResumeSessionWithOptions(ctx context.Context, sessionID string,
 	if config.EnableConfigDiscovery {
 		req.EnableConfigDiscovery = Bool(true)
 	}
+	req.SkipEmbeddingRetrieval = config.SkipEmbeddingRetrieval
+	req.OrganizationCustomInstructions = config.OrganizationCustomInstructions
+	req.EnableOnDemandInstructionDiscovery = config.EnableOnDemandInstructionDiscovery
+	req.EnableFileHooks = config.EnableFileHooks
+	req.EnableHostGitOperations = config.EnableHostGitOperations
+	req.EnableSessionStore = config.EnableSessionStore
+	req.EnableSkills = config.EnableSkills
 	if config.SuppressResumeEvent {
 		req.DisableResume = Bool(true)
 	}

go/mode_empty.go

@@ -126,6 +126,30 @@ func (c *Client) applyConfigDefaultsForMode(config *SessionConfig) {
 		f := false
 		config.EnableSessionTelemetry = &f
 	}
+	if config.SkipEmbeddingRetrieval == nil {
+		t := true
+		config.SkipEmbeddingRetrieval = &t
+	}
+	if config.EnableOnDemandInstructionDiscovery == nil {
+		f := false
+		config.EnableOnDemandInstructionDiscovery = &f
+	}
+	if config.EnableFileHooks == nil {
+		f := false
+		config.EnableFileHooks = &f
+	}
+	if config.EnableHostGitOperations == nil {
+		f := false
+		config.EnableHostGitOperations = &f
+	}
+	if config.EnableSessionStore == nil {
+		f := false
+		config.EnableSessionStore = &f
+	}
+	if config.EnableSkills == nil {
+		f := false
+		config.EnableSkills = &f
+	}
 }
 
 func (c *Client) applyResumeDefaultsForMode(config *ResumeSessionConfig) {
@@ -136,6 +160,30 @@ func (c *Client) applyResumeDefaultsForMode(config *ResumeSessionConfig) {
 		f := false
 		config.EnableSessionTelemetry = &f
 	}
+	if config.SkipEmbeddingRetrieval == nil {
+		t := true
+		config.SkipEmbeddingRetrieval = &t
+	}
+	if config.EnableOnDemandInstructionDiscovery == nil {
+		f := false
+		config.EnableOnDemandInstructionDiscovery = &f
+	}
+	if config.EnableFileHooks == nil {
+		f := false
+		config.EnableFileHooks = &f
+	}
+	if config.EnableHostGitOperations == nil {
+		f := false
+		config.EnableHostGitOperations = &f
+	}
+	if config.EnableSessionStore == nil {
+		f := false
+		config.EnableSessionStore = &f
+	}
+	if config.EnableSkills == nil {
+		f := false
+		config.EnableSkills = &f
+	}
 }
 
 // updateSessionOptionsForMode applies the per-mode safe-defaults patch via