Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(py-isolation-sso): correct misleading 'deep copy' comment in create_snapshot#2171

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-isolation-sso-shallow-copy-comment
May 12, 2026
Merged

fix(py-isolation-sso): correct misleading 'deep copy' comment in create_snapshot#2171
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-isolation-sso-shallow-copy-comment

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

session/sso.py's SessionVFS.create_snapshot was documented as "simple deep copy", but the body is a one-level copy:

self._snapshots[sid] = {
    "files": dict(self._files),
    "permissions": {k: set(v) for k, v in self._permissions.items()},
}

Neither line is a copy.deepcopy. The implementation is sufficient today because the value types are either immutable (str file contents) or explicitly rebuilt (the inner set per path), but the docstring sets the wrong mental model and would mislead anyone extending the value shape.

Change

Replace the docstring with one that names what the operation actually does, and flags the future-fragility: if either value shape grows a mutable nested type (e.g. dict[str, list[...]] for files, or sets-of-mutable values for permissions), the snapshot would stop being effectively-independent and a real copy.deepcopy would be required.

Tests

Pure comment change — no behaviour delta, no new tests. Existing SessionVFS snapshot/restore tests continue to pass.

$ PYTHONPATH=src python -m pytest tests/unit/test_session.py -q
... passed

Test plan

  • CI passes
  • No behaviour change in SessionVFS.create_snapshot / restore_snapshot

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Python Isolation].

…te_snapshot

`SessionVFS.create_snapshot` was documented as "simple deep copy", but
the body is a one-level copy:

  - `dict(self._files)` — top-level copy; relies on `str` values being
    immutable to be effectively-independent
  - `{k: set(v) for k, v in self._permissions.items()}` — top-level
    copy with explicit set-rebuild per path

Neither is a `copy.deepcopy`. The implementation is *sufficient* today
because the value types are either immutable (`str`) or explicitly
rebuilt (the inner `set`), but the docstring sets the wrong mental
model for readers and would mislead anyone extending the value shape.

Replace the docstring with one that names what the operation actually
does and flags the future-fragility: if either value shape grows a
mutable nested type, the snapshot stops being effectively-independent
and would need `copy.deepcopy`.

Pure comment change — no behaviour delta.
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — View details

No breaking changes detected.

@github-actions github-actions Bot added the agent-hypervisor agent-hypervisor package label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • create_snapshot() in session/sso.py -- missing docstring for the previous implementation.
  • CHANGELOG.md -- missing entry for behavioral changes related to the documentation correction in create_snapshot.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — `sso.py`

sso.py

  • test_create_snapshot_immutable_types -- validate snapshot creation with immutable types to ensure independence.
  • test_create_snapshot_mutable_types -- check behavior when mutable types are introduced to ensure proper handling.
  • test_restore_snapshot -- ensure that restoring a snapshot does not affect the original state of _files and _permissions.

@github-actions github-actions Bot added the size/S Small PR (< 50 lines) label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 0 warnings. No issues found. Clean change.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ✅ Passed No issues found
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Passed No issues found
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ✅ Ready for human review

@imran-siddique imran-siddique merged commit ac12c44 into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…te_snapshot (microsoft#2171)

`SessionVFS.create_snapshot` was documented as "simple deep copy", but
the body is a one-level copy:

  - `dict(self._files)` — top-level copy; relies on `str` values being
    immutable to be effectively-independent
  - `{k: set(v) for k, v in self._permissions.items()}` — top-level
    copy with explicit set-rebuild per path

Neither is a `copy.deepcopy`. The implementation is *sufficient* today
because the value types are either immutable (`str`) or explicitly
rebuilt (the inner `set`), but the docstring sets the wrong mental
model for readers and would mislead anyone extending the value shape.

Replace the docstring with one that names what the operation actually
does and flags the future-fragility: if either value shape grows a
mutable nested type, the snapshot stops being effectively-independent
and would need `copy.deepcopy`.

Pure comment change — no behaviour delta.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-hypervisor agent-hypervisor package needs-review:MEDIUM Contributor check flagged MEDIUM risk size/S Small PR (< 50 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants