Skip to content

Python: Allow opting out of FileAccessProvider tool approval#6879

Merged
westey-m merged 1 commit into
microsoft:mainfrom
westey-m:python-file-access-approval-opt-out
Jul 2, 2026
Merged

Python: Allow opting out of FileAccessProvider tool approval#6879
westey-m merged 1 commit into
microsoft:mainfrom
westey-m:python-file-access-approval-opt-out

Conversation

@westey-m

@westey-m westey-m commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Motivation & Context

FileAccessProvider registers every tool with approval_mode="always_require", so each file operation the model proposes must be approved by the host. The only way to run unattended was to install auto-approval rules at the ToolApprovalMiddleware level — which means bubbling all the way up the stack and back down again just to avoid an approval that the provider forced in the first place. This adds a first-class, source-level opt-out so callers can disable approval directly on the provider (and via create_harness_agent).

Description & Review Guide

  • What are the major changes?

    • FileAccessProvider gains two constructor flags:
      • disable_readonly_tool_approval — controls the read-only tools (file_access_read, file_access_ls, file_access_grep).
      • disable_write_tool_approval — controls the write tools (file_access_write, file_access_delete, file_access_replace, file_access_replace_lines).
    • When a flag is set, the affected tools are registered with approval_mode="never_require"; otherwise the existing always_require is used. The approval mode is computed once in before_run and threaded into each @tool(...) registration.
    • create_harness_agent exposes the same options prefixed with file_access_ (file_access_disable_readonly_tool_approval, file_access_disable_write_tool_approval), threaded through _assemble_context_providers into the provider construction (ignored when disable_file_access=True, matching the sibling flags).
    • Updated the FileAccessProvider class docstring, create_harness_agent docstrings, and packages/core/AGENTS.md.
  • What is the impact of these changes?

    • Backward compatible: both flags default to False, so behavior is unchanged (all tools still require approval) unless a caller opts out. Not a breaking change.
  • What do you want reviewers to focus on?

    • The read-only vs write tool grouping and that the defaults preserve existing approval behavior.

Note: this covers FileAccessProvider only. SkillsProvider (the other provider that forces approval) is being updated separately. FileMemoryProvider already uses never_require, and MCP/Agent already expose configurable approval.

Related Issue

Fixes #6876

Contribution Checklist

  • The code builds clean without any errors or warnings
  • All unit tests pass, and I have added new tests where possible
  • The PR follows the Contribution Guidelines
  • This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
  • This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

Copilot AI review requested due to automatic review settings July 2, 2026 11:19
@giles17 giles17 added documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python labels Jul 2, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 93% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds first-class configuration to opt out of host approval for FileAccessProvider tools in the Python harness, enabling unattended file operations without requiring ToolApprovalMiddleware auto-approval rules.

Changes:

  • Add disable_readonly_tool_approval / disable_write_tool_approval flags to FileAccessProvider and wire them into tool registration.
  • Expose the same knobs on create_harness_agent (file_access_disable_readonly_tool_approval, file_access_disable_write_tool_approval) and thread them through context-provider assembly.
  • Add/extend unit tests and update AGENTS.md documentation for the new approval behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
python/packages/core/agent_framework/_harness/_file_access.py Implements per-tool-group approval opt-out and updates provider documentation.
python/packages/core/agent_framework/_harness/_agent.py Exposes new file-access approval flags via create_harness_agent and wires them into provider construction.
python/packages/core/tests/core/test_harness_file_access.py Adds coverage validating approval modes for read-only vs write tool groups under different opt-out combinations.
python/packages/core/tests/core/test_harness_agent.py Adds coverage ensuring create_harness_agent forwards the new flags to FileAccessProvider.
python/packages/core/AGENTS.md Documents the new opt-out flags and how they affect approval behavior.
Comments suppressed due to low confidence (1)

python/packages/core/agent_framework/_harness/_file_access.py:1223

  • The class docstring now documents optional approval opt-outs, but the docstrings for read_only_tools_auto_approval_rule and all_tools_auto_approval_rule still state that FileAccessProvider tools "always require approval" (see lines 1351 and 1379). With the new disable_*_tool_approval flags, that statement is no longer always true; please update those method docstrings to reflect the new behavior (e.g., "by default" or "when approval is enabled").
    By default all tools require approval: each is registered with
    ``approval_mode="always_require"`` so the host must approve every file
    operation the model proposes. In the auto-invocation flow this means the
    model's calls to these tools are converted into
    ``function_approval_request`` items and the tool does **not** execute until
    the host supplies a matching ``function_approval_response``. Consumers that

Comment thread python/packages/core/agent_framework/_harness/_file_access.py
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Python Test Coverage

Python Test Coverage Report •
FileStmtsMissCoverMissing
packages/core/agent_framework/_harness
   _agent.py113496%184, 537–538, 540
   _file_access.py6144592%187, 218, 281, 391, 393, 405, 409, 437, 450–451, 458–465, 469, 473, 839–840, 866, 870, 924–926, 948–951, 1425–1426, 1437–1438, 1450–1451, 1465–1466, 1489–1490, 1505, 1510–1511, 1540
TOTAL43234514388% 

Python Unit Test Overview

Tests Skipped Failures Errors Time
8538 37 💤 0 ❌ 0 🔥 2m 15s ⏱️

@westey-m westey-m marked this pull request as ready for review July 2, 2026 11:26

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 91% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

@westey-m westey-m enabled auto-merge July 2, 2026 15:05
@westey-m westey-m added this pull request to the merge queue Jul 2, 2026
Merged via the queue into microsoft:main with commit 24581d6 Jul 2, 2026
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Python: Allow configuring approval for default approval required features

4 participants