Skip to content

Python: [BREAKING] Harness: Switch FileAccess to opt-in#7094

Open
westey-m wants to merge 1 commit into
microsoft:mainfrom
westey-m:python-harness-fileprovider-opt-in
Open

Python: [BREAKING] Harness: Switch FileAccess to opt-in#7094
westey-m wants to merge 1 commit into
microsoft:mainfrom
westey-m:python-harness-fileprovider-opt-in

Conversation

@westey-m

Copy link
Copy Markdown
Contributor

Motivation & Context

The Python create_harness_agent enabled its FileAccessProvider by default (opt-out via disable_file_access), implicitly rooting a FileSystemAgentFileStore at {cwd}/working unless the caller disabled it. File access grants the agent read/write/delete tools over a working directory, so enabling it implicitly is surprising and violates least-privilege.

As part of preparing the harness for release, file access is now opt-in: the FileAccessProvider is only wired up when the caller deliberately supplies a file_access_store. This mirrors the existing opt-in pattern used for background_agents and skills_* (presence of the value enables the provider; no disable_* flag), and matches the .NET change in #7093.

Description & Review Guide

  • What are the major changes?

    • create_harness_agent / _assemble_context_providers: removed the disable_file_access parameter; the FileAccessProvider is now added only when file_access_store is not None. No implicit {cwd}/working default store is ever created.
    • The existing file_access_disable_write_tools, file_access_disable_readonly_tool_approval, and file_access_disable_write_tool_approval kwargs are retained and now only take effect when file_access_store is set (the Python analogue of .NET's FileAccessProviderOptions).
    • Docstrings and the .pyi stub updated: FileAccessProvider moved from the "on by default" list to the opt-in list; file_access_store documented as the enabler. File memory stays default-on.
    • Tests: the "all defaults" test now asserts FileAccessProvider is absent by default; the disable test is replaced by a store-driven opt-in test; the approval/default-store tests are updated; redundant disable_file_access=True kwargs dropped.
    • Docs: build_your_own_claw/README.md and packages/core/AGENTS.md reworded to describe the opt-in behavior.
  • What is the impact of these changes?

    • Breaking change for users of the (experimental) harness: agents no longer receive file access unless a file_access_store is supplied, and disable_file_access is removed. Samples that need file access already set file_access_store explicitly.
  • What do you want reviewers to focus on?

    • The wiring change in _assemble_context_providers and the doc/test updates that keep file access working where it is intended.

Related Issue

Closes #7092. The .NET half was delivered in #7093 (which was linked as related, not closing, because the issue spans both languages); this PR completes the Python side.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • All unit tests pass, and I have added new tests where possible
  • The PR follows the Contribution Guidelines
  • This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
  • This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

Copilot AI review requested due to automatic review settings July 13, 2026 15:52
@giles17 giles17 added documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python breaking change Usage: [PRs], Target: all PRs that introduce changes that are not backward compatible labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Python Test Coverage

Python Test Coverage Report •
FileStmtsMissCoverMissing
packages/core/agent_framework/_harness
   _agent.py115496%201, 567–568, 570
TOTAL44142526488% 

Python Unit Test Overview

Tests Skipped Failures Errors Time
8861 33 💤 0 ❌ 0 🔥 2m 25s ⏱️

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes Python harness file access least-privilege by switching create_harness_agent’s FileAccessProvider from enabled-by-default to opt-in, aligning behavior with the existing opt-in patterns (skills/background agents) and the corresponding .NET harness change.

Changes:

  • Removed the disable_file_access option and stopped creating an implicit {cwd}/working file-access store; FileAccessProvider is now added only when file_access_store is provided.
  • Updated docs and type stubs to reflect the new opt-in semantics for file access (while keeping file memory default-on).
  • Updated harness unit tests to assert file access is absent by default and present when a store is supplied (including approval-option coverage).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
python/samples/02-agents/harness/build_your_own_claw/README.md Updates sample documentation to describe file access as opt-in.
python/packages/core/tests/core/test_harness_agent.py Adjusts harness assembly tests to validate opt-in file access behavior and approval flags.
python/packages/core/AGENTS.md Updates framework docs to reflect opt-in wiring and removal of implicit {cwd}/working.
python/packages/core/agent_framework/_harness/_agent.pyi Removes disable_file_access from the public stub signature.
python/packages/core/agent_framework/_harness/_agent.py Implements opt-in FileAccessProvider wiring and updates docstrings accordingly.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 93% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

@westey-m westey-m marked this pull request as ready for review July 13, 2026 16:03

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 92% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by westey-m's agents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

breaking change Usage: [PRs], Target: all PRs that introduce changes that are not backward compatible documentation Usage: [Issues, PRs], Target: documentation in the code base and learn docs python Usage: [Issues, PRs], Target: Python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

.NET: Harness: Switch FileAccess to opt-in

3 participants