mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
c1cc6ee6df
* Python: Enforce approval_mode in Claude and GitHub Copilot agents Tools declared with approval_mode="always_require" were bypassed by the ClaudeAgent and GitHubCopilotAgent because their SDK-managed tool-calling loops invoke FunctionTool.invoke() directly via package-supplied handlers, skipping the standard _try_execute_function_calls approval gate. Per discussion on #5494, the fix lives in the agents (not in FunctionTool): any flag added to the tool itself can be spoofed by code with the same level of access, so the security boundary is the agent that owns the tool-calling loop. - Add on_function_approval option to ClaudeAgentOptions and GitHubCopilotOptions. Callback receives a FunctionCallContent describing the pending call and returns bool (sync or async). - Gate FunctionTool.invoke() inside each agent's existing tool-handler closure when approval_mode == "always_require". Default policy is deny; callbacks that raise also deny safely. - Deny path returns a tool-error to the model (Claude: text content; Copilot: ToolResult(result_type="failure", error="approval_denied")) so the LLM can react gracefully instead of silently failing. - Tests for both agents covering: deny by default, sync False, sync True, async True, callback-raises -> deny, no-op for never_require tools. - Samples demonstrating sync, async, and deny-by-default flows for both agents. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: preserve empty arg dicts, reject runtime approval override - _resolve_function_approval no longer collapses {} into None when building the FunctionCallContent passed to the callback (Claude + Copilot). - Claude _apply_runtime_options and Copilot _run_impl/_stream_updates now raise ValueError if on_function_approval is supplied via per-run options, instead of silently ignoring it. Approval policy must be set at agent construction time. - Drop unnecessary # type: ignore[attr-defined] on Content.name/.arguments in samples (Content is a unified class with both attributes defined). - Add regression tests for the new runtime-options validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * warning when non callback handler and approval needed --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
c1cc6ee6df
ยท
2026-05-01 14:11:28 +00:00
History
GitHub Copilot Agent Examples
This directory contains examples demonstrating how to use the GitHubCopilotAgent from the Microsoft Agent Framework.
Security Note: These examples demonstrate various permission types (shell, read, write, url). Only enable permissions that are necessary for your use case. Each permission grants the agent additional capabilities that could affect your system.
Prerequisites
- GitHub Copilot CLI: Install and authenticate the Copilot CLI
- GitHub Copilot Subscription: An active GitHub Copilot subscription
- Install the package:
pip install agent-framework-github-copilot --pre
Environment Variables
The following environment variables can be configured:
| Variable | Description | Default |
|---|---|---|
GITHUB_COPILOT_CLI_PATH |
Path to the Copilot CLI executable | copilot |
GITHUB_COPILOT_MODEL |
Model to use (e.g., "gpt-5", "claude-sonnet-4") | Server default |
GITHUB_COPILOT_TIMEOUT |
Request timeout in seconds | 60 |
GITHUB_COPILOT_LOG_LEVEL |
CLI log level | info |
Observability
GitHubCopilotAgent has OpenTelemetry tracing built-in. To enable it, call configure_otel_providers() before running the agent:
from agent_framework.observability import configure_otel_providers
from agent_framework.github import GitHubCopilotAgent
configure_otel_providers(enable_console_exporters=True)
async with GitHubCopilotAgent() as agent:
response = await agent.run("Hello!")
See the observability samples for full examples with OTLP exporters.
Examples
| File | Description |
|---|---|
github_copilot_basic.py |
The simplest way to create an agent using GitHubCopilotAgent. Demonstrates both streaming and non-streaming responses with function tools. |
github_copilot_with_session.py |
Shows session management with automatic creation, persistence via session objects, and resuming sessions by ID. |
github_copilot_with_shell.py |
Shows how to enable shell command execution permissions. Demonstrates running system commands like listing files and getting system information. |
github_copilot_with_file_operations.py |
Shows how to enable file read and write permissions. Demonstrates reading file contents and creating new files. |
github_copilot_with_url.py |
Shows how to enable URL fetching permissions. Demonstrates fetching and processing web content. |
github_copilot_with_mcp.py |
Shows how to configure MCP (Model Context Protocol) servers, including local (stdio) and remote (HTTP) servers. |
github_copilot_with_multiple_permissions.py |
Shows how to combine multiple permission types for complex tasks that require shell, read, and write access. |