Skip to content

Python: [BREAKING] Harness: Switch FileAccess to opt-in#7094

Merged
moonbox3 merged 1 commit into
microsoft:mainfrom
westey-m:python-harness-fileprovider-opt-in
Jul 14, 2026
Merged

Python: [BREAKING] Harness: Switch FileAccess to opt-in#7094
moonbox3 merged 1 commit into
microsoft:mainfrom
westey-m:python-harness-fileprovider-opt-in

Conversation

@westey-m

Copy link
Copy Markdown
Contributor

Motivation & Context

The Python create_harness_agent enabled its FileAccessProvider by default (opt-out via disable_file_access), implicitly rooting a FileSystemAgentFileStore at {cwd}/working unless the caller disabled it. File access grants the agent read/write/delete tools over a working directory, so enabling it implicitly is surprising and violates least-privilege.

As part of preparing the harness for release, file access is now opt-in: the FileAccessProvider is only wired up when the caller deliberately supplies a file_access_store. This mirrors the existing opt-in pattern used for background_agents and skills_* (presence of the value enables the provider; no disable_* flag), and matches the .NET change in #7093.

Description & Review Guide

  • What are the major changes?

    • create_harness_agent / _assemble_context_providers: removed the disable_file_access parameter; the FileAccessProvider is now added only when file_access_store is not None. No implicit {cwd}/working default store is ever created.
    • The existing file_access_disable_write_tools, file_access_disable_readonly_tool_approval, and file_access_disable_write_tool_approval kwargs are retained and now only take effect when file_access_store is set (the Python analogue of .NET's FileAccessProviderOptions).
    • Docstrings and the .pyi stub updated: FileAccessProvider moved from the "on by default" list to the opt-in list; file_access_store documented as the enabler. File memory stays default-on.
    • Tests: the "all defaults" test now asserts FileAccessProvider is absent by default; the disable test is replaced by a store-driven opt-in test; the approval/default-store tests are updated; redundant disable_file_access=True kwargs dropped.
    • Docs: build_your_own_claw/README.md and packages/core/AGENTS.md reworded to describe the opt-in behavior.
  • What is the impact of these changes?

    • Breaking change for users of the (experimental) harness: agents no longer receive file access unless a file_access_store is supplied, and disable_file_access is removed. Samples that need file access already set file_access_store explicitly.
  • What do you want reviewers to focus on?

    • The wiring change in _assemble_context_providers and the doc/test updates that keep file access working where it is intended.

Related Issue

Closes #7092. The .NET half was delivered in #7093 (which was linked as related, not closing, because the issue spans both languages); this PR completes the Python side.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • All unit tests pass, and I have added new tests where possible
  • The PR follows the Contribution Guidelines
  • This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
  • This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

Copilot AI review requested due to automatic review settings July 13, 2026 15:52
@giles17 giles17 added documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python breaking change Usage: [PRs], Target: all PRs that introduce changes that are not backward compatible labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Python Test Coverage

Python Test Coverage Report •
FileStmtsMissCoverMissing
packages/core/agent_framework/_harness
   _agent.py115496%201, 567–568, 570
TOTAL44142526488% 

Python Unit Test Overview

Tests Skipped Failures Errors Time
8861 33 💤 0 ❌ 0 🔥 2m 25s ⏱️

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes Python harness file access least-privilege by switching create_harness_agent’s FileAccessProvider from enabled-by-default to opt-in, aligning behavior with the existing opt-in patterns (skills/background agents) and the corresponding .NET harness change.

Changes:

  • Removed the disable_file_access option and stopped creating an implicit {cwd}/working file-access store; FileAccessProvider is now added only when file_access_store is provided.
  • Updated docs and type stubs to reflect the new opt-in semantics for file access (while keeping file memory default-on).
  • Updated harness unit tests to assert file access is absent by default and present when a store is supplied (including approval-option coverage).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
python/samples/02-agents/harness/build_your_own_claw/README.md Updates sample documentation to describe file access as opt-in.
python/packages/core/tests/core/test_harness_agent.py Adjusts harness assembly tests to validate opt-in file access behavior and approval flags.
python/packages/core/AGENTS.md Updates framework docs to reflect opt-in wiring and removal of implicit {cwd}/working.
python/packages/core/agent_framework/_harness/_agent.pyi Removes disable_file_access from the public stub signature.
python/packages/core/agent_framework/_harness/_agent.py Implements opt-in FileAccessProvider wiring and updates docstrings accordingly.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 93% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

@westey-m
westey-m marked this pull request as ready for review July 13, 2026 16:03

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 92% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

@moonbox3
moonbox3 added this pull request to the merge queue Jul 14, 2026
Merged via the queue into microsoft:main with commit f11cfd9 Jul 14, 2026
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

breaking change Usage: [PRs], Target: all PRs that introduce changes that are not backward compatible documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

.NET: Harness: Switch FileAccess to opt-in

5 participants