Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(py-mesh-datetime): replace deprecated utcnow with tz-aware UTC#2179

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-mesh-datetime-now-utc
May 12, 2026
Merged

fix(py-mesh-datetime): replace deprecated utcnow with tz-aware UTC#2179
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-mesh-datetime-now-utc

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

datetime.utcnow() is deprecated in Python 3.12+ and returns a naive datetime, which silently mixes with timezone-aware datetimes elsewhere in the codebase. The result is TypeError: can't subtract offset-naive and offset-aware datetimes at runtime in handshake/expiry/scoring paths.

This sweep replaces every utcnow() site across agent-governance-python/agent-mesh/ with datetime.now(timezone.utc), and the structurally-equivalent pydantic default_factory=datetime.utcnow with default_factory=lambda: datetime.now(timezone.utc).

Change

Pattern Replacement
datetime.utcnow() datetime.now(timezone.utc)
default_factory=datetime.utcnow default_factory=lambda: datetime.now(timezone.utc)
from datetime import datetime[, ...] (missing timezone) adds timezone

The default_factory case was load-bearing: models such as HandshakeChallenge.timestamp, AgentIdentity.created_at, Credential.issued_at, and RewardScore.calculated_at stored naive timestamps that were then subtracted from a now(timezone.utc) in is_expired() / is_valid() / continuous-trust accumulators, producing the TypeError under registered-identity handshakes, signature tampering tests, capability inflation tests, expired-cert checks, and similar paths.

Scope covers src/agentmesh/**, tests/**, and examples/**, plus four doc files (README.md, docs/zero-trust.md, docs/identity.md, examples/00-registration-hello-world/README.md) that showed the deprecated pattern in user-facing snippets.

Tests

Before After
11 failed, 2593 passed, 37 skipped, 32707 warnings 11 failed, 2593 passed, 37 skipped, 34 warnings

Identical failure set (pre-existing Python 3.14 deprecations in test_cedar.py, test_policy_provider.py, test_websocket_transport.py -- unrelated to this change). Pydantic deprecation warning count drops to 34, all of which are pydantic's own internal utcnow() usage in pydantic/main.py:250, not in this codebase.

Recipe (PowerShell):

cd agent-governance-python/agent-mesh
$env:PYTHONPATH = \"src\"
python -m pytest tests/ -q

Test plan

  • Existing test suite still passes (same 11 pre-existing failures, no new regressions)
  • No remaining datetime.utcnow references in agent-governance-python/agent-mesh/ Python sources
  • All modified files have timezone imported

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Python Mesh].

`datetime.utcnow()` is deprecated in Python 3.12+ and returns a naive
datetime, which silently mixes with tz-aware datetimes elsewhere in the
codebase and causes `TypeError: can't subtract offset-naive and
offset-aware datetimes` at runtime.

Across `agent-governance-python/agent-mesh/`, this sweep replaces:

  - `datetime.utcnow()` -> `datetime.now(timezone.utc)`
  - `default_factory=datetime.utcnow` -> `default_factory=lambda: datetime.now(timezone.utc)`

The latter form was the load-bearing case: pydantic `Field(default_factory=...)`
sites stored naive timestamps in models like `HandshakeChallenge.timestamp`,
which were then subtracted from `datetime.now(timezone.utc)` in
`is_expired()` and friends.

Imports updated to include `timezone` where missing. Scope covers
`src/agentmesh/**`, `tests/**`, `examples/**` plus three doc snippets
(`README.md`, `docs/zero-trust.md`, `docs/identity.md`,
`examples/00-registration-hello-world/README.md`) that demonstrate the
old pattern to users.

Test suite: 11 failed before, 11 failed after (pre-existing Python 3.14
deprecation issues in `test_cedar.py`, `test_policy_provider.py`,
`test_websocket_transport.py`). Pydantic deprecation warning count drops
from 32707 to 34 -- the remaining warnings are pydantic's own internal
utcnow() usage in `pydantic/main.py:250`, not in this codebase.
@github-actions github-actions Bot added documentation Improvements or additions to documentation tests agent-mesh agent-mesh package labels May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

Severity Change Impact
Breaking Replaced datetime.utcnow() with datetime.now(timezone.utc) in multiple locations Changes the behavior of timestamp generation from naive to timezone-aware, which may affect any logic relying on naive timestamps.
Breaking Changed default_factory=datetime.utcnow to default_factory=lambda: datetime.now(timezone.utc) in Pydantic models Alters the default behavior of timestamp fields in models, potentially affecting serialization and comparisons with naive datetime objects.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — `src/agentmesh/governance/policy.py`

src/agentmesh/governance/policy.py

  • test_policy_creation -- validate creation of a policy with correct timestamps.
  • test_policy_evaluation -- ensure policy evaluation handles timestamp correctly.

src/agentmesh/governance/audit.py

  • test_audit_log_export -- check that exported logs contain correct timestamps.

src/agentmesh/core/identity/ca.py

  • test_registration_request_timestamps -- verify timestamps are set correctly in registration requests.

src/agentmesh/identity/agent_id.py

  • test_agent_identity_timestamps -- ensure timestamps are correctly assigned during identity creation and updates.

src/agentmesh/governance/compliance.py

  • test_compliance_violation_timestamps -- validate that compliance violations have accurate timestamps.

src/agentmesh/identity/credentials.py

  • test_credential_issued_at -- check that issued credentials have the correct timestamp.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • README.md -- section on generating compliance report needs update
  • docs/identity.md -- section on identity document creation needs update
  • docs/zero-trust.md -- section on message creation needs update
  • examples/00-registration-hello-world/README.md -- section on checking expiry needs update
  • CHANGELOG.md -- missing entry for behavioral changes related to datetime handling in the codebase.

@github-actions github-actions Bot added the size/L Large PR (< 500 lines) label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 0 warnings. No issues found. Clean change.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ✅ Passed No issues found
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Completed Analysis complete
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ✅ Ready for human review

@imran-siddique imran-siddique merged commit 59fe92a into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…icrosoft#2179)

`datetime.utcnow()` is deprecated in Python 3.12+ and returns a naive
datetime, which silently mixes with tz-aware datetimes elsewhere in the
codebase and causes `TypeError: can't subtract offset-naive and
offset-aware datetimes` at runtime.

Across `agent-governance-python/agent-mesh/`, this sweep replaces:

  - `datetime.utcnow()` -> `datetime.now(timezone.utc)`
  - `default_factory=datetime.utcnow` -> `default_factory=lambda: datetime.now(timezone.utc)`

The latter form was the load-bearing case: pydantic `Field(default_factory=...)`
sites stored naive timestamps in models like `HandshakeChallenge.timestamp`,
which were then subtracted from `datetime.now(timezone.utc)` in
`is_expired()` and friends.

Imports updated to include `timezone` where missing. Scope covers
`src/agentmesh/**`, `tests/**`, `examples/**` plus three doc snippets
(`README.md`, `docs/zero-trust.md`, `docs/identity.md`,
`examples/00-registration-hello-world/README.md`) that demonstrate the
old pattern to users.

Test suite: 11 failed before, 11 failed after (pre-existing Python 3.14
deprecation issues in `test_cedar.py`, `test_policy_provider.py`,
`test_websocket_transport.py`). Pydantic deprecation warning count drops
from 32707 to 34 -- the remaining warnings are pydantic's own internal
utcnow() usage in `pydantic/main.py:250`, not in this codebase.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-mesh agent-mesh package documentation Improvements or additions to documentation needs-review:MEDIUM Contributor check flagged MEDIUM risk size/L Large PR (< 500 lines) tests

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants