mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
c1cc6ee6df
* Python: Enforce approval_mode in Claude and GitHub Copilot agents Tools declared with approval_mode="always_require" were bypassed by the ClaudeAgent and GitHubCopilotAgent because their SDK-managed tool-calling loops invoke FunctionTool.invoke() directly via package-supplied handlers, skipping the standard _try_execute_function_calls approval gate. Per discussion on #5494, the fix lives in the agents (not in FunctionTool): any flag added to the tool itself can be spoofed by code with the same level of access, so the security boundary is the agent that owns the tool-calling loop. - Add on_function_approval option to ClaudeAgentOptions and GitHubCopilotOptions. Callback receives a FunctionCallContent describing the pending call and returns bool (sync or async). - Gate FunctionTool.invoke() inside each agent's existing tool-handler closure when approval_mode == "always_require". Default policy is deny; callbacks that raise also deny safely. - Deny path returns a tool-error to the model (Claude: text content; Copilot: ToolResult(result_type="failure", error="approval_denied")) so the LLM can react gracefully instead of silently failing. - Tests for both agents covering: deny by default, sync False, sync True, async True, callback-raises -> deny, no-op for never_require tools. - Samples demonstrating sync, async, and deny-by-default flows for both agents. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: preserve empty arg dicts, reject runtime approval override - _resolve_function_approval no longer collapses {} into None when building the FunctionCallContent passed to the callback (Claude + Copilot). - Claude _apply_runtime_options and Copilot _run_impl/_stream_updates now raise ValueError if on_function_approval is supplied via per-run options, instead of silently ignoring it. Approval policy must be set at agent construction time. - Drop unnecessary # type: ignore[attr-defined] on Content.name/.arguments in samples (Content is a unified class with both attributes defined). - Add regression tests for the new runtime-options validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * warning when non callback handler and approval needed --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
c1cc6ee6df
ยท
2026-05-01 14:11:28 +00:00
History
Anthropic Examples
This folder contains examples demonstrating how to use Anthropic's Claude models with the Agent Framework.
Anthropic Client Examples
| File | Description |
|---|---|
anthropic_basic.py |
Demonstrates how to setup a simple agent using the AnthropicClient, with both streaming and non-streaming responses. |
anthropic_advanced.py |
Shows advanced usage of the AnthropicClient, including hosted tools and thinking. |
anthropic_skills.py |
Illustrates how to use Anthropic-managed Skills with an agent, including the Code Interpreter tool and file generation and saving. |
anthropic_foundry.py |
Example of using Foundry's Anthropic integration with the Agent Framework. |
Claude Agent Examples
| File | Description |
|---|---|
anthropic_claude_basic.py |
Basic usage of ClaudeAgent with streaming, non-streaming, and custom tools. |
anthropic_claude_with_tools.py |
Using built-in tools (Read, Glob, Grep, etc.). |
anthropic_claude_with_shell.py |
Shell command execution with interactive permission handling. |
anthropic_claude_with_multiple_permissions.py |
Combining multiple tools (Bash, Read, Write) with permission prompts. |
anthropic_claude_with_url.py |
Fetching and processing web content with WebFetch. |
anthropic_claude_with_mcp.py |
Local (stdio) and remote (HTTP) MCP server configuration. |
anthropic_claude_with_session.py |
Session management, persistence, and resumption. |
Environment Variables
Anthropic Client
ANTHROPIC_API_KEY: Your Anthropic API key (get one from Anthropic Console)ANTHROPIC_CHAT_MODEL: The Claude model to use (e.g.,claude-haiku-4-5,claude-sonnet-4-5-20250929)
Foundry
ANTHROPIC_FOUNDRY_API_KEY: Your Foundry Anthropic API keyANTHROPIC_FOUNDRY_RESOURCE: Your Foundry resource name (for examplemy-foundry-resource)ANTHROPIC_FOUNDRY_BASE_URL: Optional full Foundry Anthropic base URL alternative toANTHROPIC_FOUNDRY_RESOURCEANTHROPIC_CHAT_MODEL: The Claude model to use in Foundry (e.g.,claude-haiku-4-5)
Claude Agent
CLAUDE_AGENT_CLI_PATH: Path to the Claude Code CLI executableCLAUDE_AGENT_MODEL: Model to use (sonnet, opus, haiku)CLAUDE_AGENT_CWD: Working directory for Claude CLICLAUDE_AGENT_PERMISSION_MODE: Permission mode (default, acceptEdits, plan, bypassPermissions)CLAUDE_AGENT_MAX_TURNS: Maximum number of conversation turnsCLAUDE_AGENT_MAX_BUDGET_USD: Maximum budget in USD