fix(lint): remove unused imports in openai_agents_sdk and autogen_adapter#1606
Merged
imran-siddique merged 1 commit intomainfrom Apr 30, 2026
Merged
fix(lint): remove unused imports in openai_agents_sdk and autogen_adapter#1606imran-siddique merged 1 commit intomainfrom
imran-siddique merged 1 commit intomainfrom
Conversation
…pter Remove unused uuid, dataclass, field imports from openai_agents_sdk.py and unused DefaultInterventionHandler from autogen_adapter.py. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
🤖 AI Agent: breaking-change-detector — API CompatibilityAPI CompatibilityNo breaking changes detected. |
🤖 AI Agent: test-generator — `autogen_adapter.py`
|
🤖 AI Agent: security-scanner — View detailsNo security issues found. |
🤖 AI Agent: code-reviewer — View detailsTL;DR: 0 blockers, 0 warnings. Clean lint fix; no issues found.
|
🤖 AI Agent: docs-sync-checker — Docs SyncDocs SyncDocumentation is in sync. |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
PR Review Summary
Verdict: ❌ Changes needed |
CuriousHet
pushed a commit
to CuriousHet/agent-governance-toolkit
that referenced
this pull request
May 1, 2026
) * docs: add Tutorial 33 — Offline-Verifiable Decision Receipts Teaches the decision-receipt layer that sits between internal audit logs (Tutorial 04) and artifact signing (Tutorial 26): per tool-call Ed25519 signatures over JCS-canonical payloads, hash-chained across the session, verifiable offline by any party with the public key. Mirrors the existing `examples/protect-mcp-governed/` (PR microsoft#1159) and `examples/physical-attestation-governed/` (PR microsoft#1168) reference code, uses their exact APIs, and cross-references Tutorials 01, 04, 07, 08, 12, 26, and 27. Adds two entries to docs/tutorials/README.md: - Supply Chain Security section (alongside 25, 26, 27) - "Enterprise compliance" learning path step 6 Standards covered: RFC 8032 (Ed25519), RFC 8785 (JCS), Cedar (AWS), IETF draft-farley-acta-signed-receipts. * docs: strengthen Tutorial 33 with SLSA integration and anchoring primitives Four additions landing after the initial PR: 1. Receipt Lifecycle ASCII diagram in "The Receipt Format" section. Visualizes mint → JCS canonical → Ed25519 sign → store → verify so readers can see why the determinism invariant holds. 2. A real Cedar policy block in §4 (Composing with Cedar Policies). Previously the section described the CedarDecision API shape without showing what a policy producing one actually looks like. Now shows a 10-line permit/forbid policy and links out to cedar-for-agents for the full schema generator. 3. Neutral anchoring primitives subsection in §6 (Cross-Implementation). Names Sigstore Rekor and in-toto attestations as the cross-org verification fabric beyond the four implementations. References sigstore/rekor#2798 and in-toto/attestation#549. 4. New §7 "Emitting Receipts as SLSA Provenance". When an AI agent is itself the builder, the receipt chain IS the per-step build log. Shows the exact byproducts JSON shape for carrying a receipt chain inside a SLSA provenance v1 attestation, referencing the draft agent-commit build type at refs.arewm.com/agent-commit/v0.1 and the active slsa-framework/slsa#1594 and microsoft#1606 discussions. No new dependencies. All APIs still verified against the merged examples/protect-mcp-governed/ and examples/physical-attestation-governed/ reference code. * docs(tutorial-33): add sidebar on operator-signed vs authority-chain modes Per @aeoess review on microsoft#1197: the four implementations listed in the cross-implementation section make different identity-binding choices that matter for deployment selection. This sidebar names them explicitly so readers evaluating receipts for their environment can pick the right mode. - Operator-signed mode (protect-mcp, protect-mcp-adk, sb-runtime): sufficient for internal audit, single-regulator evidence, single- tenant compliance. The signer is the operator's supervisor hook. - Authority-chain-referenced mode (asqav / APS governance hook): additionally required for cross-org agent commerce, multi-tenant regulated environments, and use cases where principal authority is itself auditable. Receipts reference a delegation-chain root. Both modes verify against @veritasacta/verify and use the same outer receipt structure; the distinction is the presence of an optional delegation_chain_root field in the payload. Cross-references arewm/refs.arewm.com#1 for the parallel authority- chain attestation proposal as a SLSA byproduct. --------- Co-authored-by: tommylauren <tfarley@utexas.edu>
imran-siddique
added a commit
to imran-siddique/agent-governance-toolkit
that referenced
this pull request
May 4, 2026
…pter (microsoft#1606) Remove unused uuid, dataclass, field imports from openai_agents_sdk.py and unused DefaultInterventionHandler from autogen_adapter.py. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix ruff lint failures (F401) introduced by the native-hooks PRs (#1582, #1591). Removes unused uuid, dataclass, field imports from openai_agents_sdk.py and unused DefaultInterventionHandler from autogen_adapter.py.