mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
18e433fc6d
* Validate approval responses against server-side pending request registry * improvements * pin GHCP sdk version to non-breaking for now * Pin CHCP sdk to LKG. * really fix GHCP sdk pkg version * Fix HITL approval validation security gaps and memory leak - Validate rejected approval responses against pending_approvals registry, not just approved ones. Fabricated rejections without a prior request are now stripped from messages before reaching the LLM. - Bound _pending_approvals with OrderedDict + LRU eviction (max 10k) to prevent unbounded memory growth from abandoned approval requests. - Skip registration when function_call.name is None/empty; log warning when content.id or function_call is missing at registration time. - Document pending_approvals parameter in run_agent_stream docstring. - Add test for fabricated rejection attack scenario. - Assert pending approval entry is preserved after function name mismatch. - Pre-populate pending_approvals in rejection test for correct validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Apply pre-commit auto-fixes --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
18e433fc6d
ยท
2026-03-11 23:21:29 +00:00
History