Skip to content

.NET: Add skill approval options#6843

Merged
SergeyMenshykh merged 3 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-skills-provider-approval-option
Jul 1, 2026
Merged

.NET: Add skill approval options#6843
SergeyMenshykh merged 3 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-skills-provider-approval-option

Conversation

@SergeyMenshykh

@SergeyMenshykh SergeyMenshykh commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Motivation & Context

Agent skills currently require approval for every provider tool. Some hosts need to selectively disable approval for trusted skill operations.

Description & Review Guide

  • What are the major changes? Added per-tool options to disable approval for loading skills, reading resources, and running scripts.
  • What is the impact of these changes? Existing behavior is unchanged by default; callers can opt out per tool.
  • What do you want reviewers to focus on? Option naming and default behavior.

Related Issue

Fixes #6844, #6825

Related Python issue: #6845

Contribution Checklist

  • The code builds clean without any errors or warnings
  • All unit tests pass, and I have added new tests where possible
  • The PR follows the Contribution Guidelines
  • This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
  • This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

Add per-tool options for disabling approval on skills provider tools and cover the behavior with unit tests.

Co-authored-by: Copilot App <[email protected]>
Copilot AI review requested due to automatic review settings June 30, 2026 19:49
@giles17 giles17 added the .NET Usage: [Issues, PRs], Target: .Net label Jun 30, 2026
@SergeyMenshykh SergeyMenshykh self-assigned this Jun 30, 2026
@SergeyMenshykh SergeyMenshykh moved this to In Review in Agent Framework Jun 30, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds opt-in configuration to the .NET AgentSkillsProvider so hosts can selectively disable the tool-approval wrapper for specific skill tools (load skill, read resource, run script), while preserving existing default behavior.

Changes:

  • Introduced per-tool approval toggles on AgentSkillsProviderOptions (DisableLoadSkillApproval, DisableReadSkillResourceApproval, DisableRunSkillScriptApproval).
  • Updated AgentSkillsProvider tool construction to conditionally wrap each tool in ApprovalRequiredAIFunction.
  • Added unit tests validating wrapper behavior for each individual toggle and for disabling all approvals.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsProvider.cs Conditionally wraps each skills tool with ApprovalRequiredAIFunction based on options; updates auto-approval rule docs to reflect conditional applicability.
dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsProviderOptions.cs Adds three new per-tool booleans to disable approval gating (default remains approval-required).
dotnet/tests/Microsoft.Agents.AI.UnitTests/AgentSkills/AgentSkillsProviderTests.cs Adds coverage ensuring each option disables wrapping only for its targeted tool and preserves defaults otherwise.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 90%

✓ Correctness

This PR adds three boolean options (DisableLoadSkillApproval, DisableReadSkillResourceApproval, DisableRunSkillScriptApproval) to AgentSkillsProviderOptions to allow selectively disabling approval wrapping for specific skill tools. The implementation is correct: the null-conditional pattern this._options?.DisableXAproval is not true properly handles the case where options is null (defaulting to requiring approval), and the helper method WrapWithApprovalIfRequired is straightforward. Default behavior is preserved (all tools require approval when options are not provided or flags are false). Tests comprehensively cover each option individually and in combination.

✓ Security Reliability

The PR adds per-tool options to disable approval gating for skill tools. The implementation is correct with safe defaults (approval required when options are null or properties are false). The is not true null-coalescing pattern correctly handles the nullable _options field. The only concern is that DisableRunSkillScriptApproval — which removes human-in-the-loop oversight for arbitrary script execution — lacks a security warning in its XML docs, unlike the analogous IncludeDetailedErrors property which has detailed guidance about trusted sources.

✓ Test Coverage

Test coverage for the new skill approval options is thorough. The PR includes: (1) an existing test verifying default behavior (all tools wrapped when no options passed, covering the null-safe _options?.Disable... path), (2) individual tests for each of the three disable options confirming the targeted tool is unwrapped while the others remain wrapped, and (3) a combined test disabling all approvals. Each test asserts both positive and negative conditions for all three tools, ensuring option isolation. No significant test coverage gaps identified.

✓ Failure Modes

The changes are clean from a failure-mode perspective. The null-conditional pattern on _options safely defaults to requiring approval when options are not provided. The new boolean properties default to false (approval required), preserving backward compatibility. The WrapWithApprovalIfRequired helper is straightforward. No silent failures, swallowed exceptions, or race conditions introduced.

✓ Design Approach

The per-tool approval flags are implemented at the provider level, but on the default ChatClientAgent path they do not fully deliver the advertised behavior when a response mixes approval-required and non-required skill tools. I found one design issue where the new options can still surface approval prompts unless callers also know to enable a separate chat-client decorator.


Automated review by SergeyMenshykh's agents

Comment thread dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsProvider.cs
@SergeyMenshykh SergeyMenshykh marked this pull request as ready for review July 1, 2026 08:33

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 89% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by SergeyMenshykh's agents

Document the non-approval bypass requirement and update tests to avoid file-discovery dependency.

Co-authored-by: Copilot App <[email protected]>
Comment thread dotnet/src/Microsoft.Agents.AI/Skills/AgentSkillsProvider.cs
@SergeyMenshykh SergeyMenshykh enabled auto-merge July 1, 2026 12:35
@SergeyMenshykh SergeyMenshykh added this pull request to the merge queue Jul 1, 2026
Merged via the queue into microsoft:main with commit 51c05fc Jul 1, 2026
27 checks passed
@github-project-automation github-project-automation Bot moved this from In Review to Done in Agent Framework Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

.NET Usage: [Issues, PRs], Target: .Net

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

.NET: Allow disabling approval for AgentSkillsProvider tools

6 participants