mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
c1cc6ee6df
* Python: Enforce approval_mode in Claude and GitHub Copilot agents Tools declared with approval_mode="always_require" were bypassed by the ClaudeAgent and GitHubCopilotAgent because their SDK-managed tool-calling loops invoke FunctionTool.invoke() directly via package-supplied handlers, skipping the standard _try_execute_function_calls approval gate. Per discussion on #5494, the fix lives in the agents (not in FunctionTool): any flag added to the tool itself can be spoofed by code with the same level of access, so the security boundary is the agent that owns the tool-calling loop. - Add on_function_approval option to ClaudeAgentOptions and GitHubCopilotOptions. Callback receives a FunctionCallContent describing the pending call and returns bool (sync or async). - Gate FunctionTool.invoke() inside each agent's existing tool-handler closure when approval_mode == "always_require". Default policy is deny; callbacks that raise also deny safely. - Deny path returns a tool-error to the model (Claude: text content; Copilot: ToolResult(result_type="failure", error="approval_denied")) so the LLM can react gracefully instead of silently failing. - Tests for both agents covering: deny by default, sync False, sync True, async True, callback-raises -> deny, no-op for never_require tools. - Samples demonstrating sync, async, and deny-by-default flows for both agents. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: preserve empty arg dicts, reject runtime approval override - _resolve_function_approval no longer collapses {} into None when building the FunctionCallContent passed to the callback (Claude + Copilot). - Claude _apply_runtime_options and Copilot _run_impl/_stream_updates now raise ValueError if on_function_approval is supplied via per-run options, instead of silently ignoring it. Approval policy must be set at agent construction time. - Drop unnecessary # type: ignore[attr-defined] on Content.name/.arguments in samples (Content is a unified class with both attributes defined). - Add regression tests for the new runtime-options validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * warning when non callback handler and approval needed --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
c1cc6ee6df
ยท
2026-05-01 14:11:28 +00:00
History
Provider Samples Overview
This directory groups provider-specific samples for Agent Framework.
| Folder | What you will find |
|---|---|
anthropic/ |
Anthropic Claude samples using both AnthropicClient and ClaudeAgent, including tools, MCP, sessions, and Foundry Anthropic integration. |
amazon/ |
AWS Bedrock samples using BedrockChatClient, including tool-enabled agent usage. |
azure/ |
Azure OpenAI chat completion samples using OpenAIChatCompletionClient, including basic usage, explicit configuration, tools, and sessions. |
copilotstudio/ |
Microsoft Copilot Studio agent samples, including required environment/app registration setup and explicit authentication patterns. |
custom/ |
Framework extensibility samples for building custom BaseAgent and BaseChatClient implementations, including layer-composition guidance. |
foundry/ |
Microsoft Foundry and Foundry Local samples using FoundryChatClient, FoundryAgent, RawFoundryAgentChatClient, and FoundryLocalClient for hosted agents, Responses API, local inference, tools, MCP, and sessions. |
github_copilot/ |
GitHubCopilotAgent samples showing basic usage, session handling, permission-scoped shell/file/url access, and MCP integration. |
ollama/ |
Local Ollama samples using OllamaChatClient (recommended) plus OpenAI-compatible Ollama setup, including reasoning and multimodal examples. |
openai/ |
OpenAI provider samples for Chat and Chat Completion clients, including tools, structured output, sessions, MCP, web search, and multimodal tasks. |
Each folder has its own README with setup requirements and file-by-file details.