feat(adk): record permission resume decisions

[shentongmartin]

Problem

Permission resume decisions need to be durable timeline facts, not only transient tool-wrapper control flow. Without a recorded decision event, a session can show the ask interrupt but lose the user's approve/reject/respond choice, which makes audit and reconstruction incomplete.

Extension events also need a clear typed payload contract. Middleware-owned durable payloads should round-trip as registered concrete types.

Solution

Record valid permission resume choices as x.permission.decision session extension events before the resumed tool behavior is applied. The event carries the action, tool identity, optional decision text, and explicit UpdatedInput intent.

Use typed extension payloads for durable extension events. Custom payload types that need durable round-trip behavior must be registered with schema.RegisterName before session events are encoded and decoded.

Invalid respond resumes are rejected before a decision event is emitted, so the session timeline only records decisions that can actually drive execution.

Key Insight

The permission gate has two distinct boundaries: resume validation and tool execution. Decision emission belongs after validation but before tool execution, because that is the first point where the user decision is known to be semantically valid and can still be persisted through the Runner-owned session timeline.

Summary

Problem	Solution
Permission asks lacked durable user decision records	Emit SessionEventPermissionDecision for valid resume decisions
Empty UpdatedInput could be confused with absent input	Preserve intent with HasUpdatedInput
Extension payloads needed durable round-trip semantics	Store registered concrete payloads in SessionExtensionEvent.Data
Direct tool wrapper calls may lack a Runner-owned event generator	Make TypedSendEvent a no-op when no generator is available

---

问题

permission resume decision 需要成为持久化的 timeline fact，而不只是 tool wrapper 内部的临时控制流。否则 session 里可以看到 ask interrupt，却丢失用户最终选择了 approve/reject/respond，审计和重放语义都不完整。

extension event 也需要明确的 typed payload contract。middleware 自己产生的 durable payload 应该以注册过的具体类型完成 round-trip。

解决方案

在 resumed tool 行为生效前，把合法的 permission resume choice 记录为 x.permission.decision session extension event。事件包含 action、tool identity、可选 decision text，以及显式的 UpdatedInput 意图。

durable extension event 使用 typed extension payload。需要 durable round-trip 的自定义 payload 类型，必须在 session event 编解码前通过 schema.RegisterName 注册。

非法的 respond resume 会在事件写入前被拒绝，因此 session timeline 只记录真正能驱动执行的有效 decision。

关键洞察

permission gate 有两个边界：resume validation 和 tool execution。decision event 应该在 validation 之后、tool execution 之前写入，因为这是用户 decision 首次具备明确语义的位置，同时仍处在 Runner 拥有的 session timeline 持久化通道中。

总结

问题	解决方案
permission ask 缺少持久化的用户 decision 记录	为有效 resume decision 发出 SessionEventPermissionDecision
空 UpdatedInput 容易和未更新混淆	使用 HasUpdatedInput 保留用户意图
extension payload 需要 durable round-trip 语义	在 SessionExtensionEvent.Data 中保存注册过的具体 payload 类型
direct tool wrapper call 可能没有 Runner 拥有的 event generator	当 generator 不存在时，让 TypedSendEvent no-op

[codecov]

Codecov Report

❌ Patch coverage is 83.44371% with 25 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (alpha/10@6ec3268). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
adk/runctx.go	82.50%	9 Missing and 5 partials ⚠️
adk/middlewares/permission/permission.go	81.35%	7 Missing and 4 partials ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             alpha/10    #1070   +/-   ##
===========================================
  Coverage            ?   83.09%           
===========================================
  Files               ?      172           
  Lines               ?    28230           
  Branches            ?        0           
===========================================
  Hits                ?    23457           
  Misses              ?     3213           
  Partials            ?     1560           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.