Python: Match AG-UI approval responses to requested arguments

[moonbox3]

Motivation and Context

AG-UI approvals should resume the exact function call that was presented for review. This change tightens approval matching so approval responses are accepted only when they match the pending request's function name and canonical arguments.

Description

• Store pending AG-UI approvals with function name and canonicalized arguments.
• Ignore approval responses whose arguments do not match the pending request, preserving the pending approval for retry.
• Apply the same matching rule to workflow interrupt/resume approvals.
• Add regression coverage for agent and workflow approval responses with changed arguments.

Contribution Checklist

• The code builds clean without any errors or warnings
• The PR follows the Contribution Guidelines
• All unit tests pass, and I have added new tests where possible
• Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

[github-actions]

Python Test Coverage Report •

File	Stmts	Miss	Cover	Missing
packages/ag-ui/agent_framework_ag_ui
_agent.py	39	1	97%	63
_agent_run.py	514	52	89%	163–170, 209–210, 217, 326, 330, 332–333, 349, 376–377, 445–449, 574–576, 588–590, 688, 696, 809, 811–812, 850, 852, 869, 886–887, 894, 965, 988, 996, 998, 1001, 1007, 1060, 1063, 1073–1074, 1081, 1127
_utils.py	110	5	95%	62, 66–67, 70, 90
_workflow_run.py	548	36	93%	182, 218–221, 249, 254, 282, 292, 303, 308, 311, 324, 334, 337, 342, 345, 370, 374, 394–395, 422, 471, 491, 499, 502, 507, 522, 595, 637–638, 659–660, 731, 774, 793
TOTAL	38458	4401	88%

Python Unit Test Overview

Tests	Skipped	Failures	Errors	Time
7699	34 💤	0 ❌	0 🔥	2m 6s ⏱️

[github-actions]

Automated Code Review

Reviewers: 2 | Confidence: 88% | Result: All clear

Reviewed: Test Coverage, Design Approach

---

Automated review by moonbox3's agents

[Copilot]

Pull request overview

This PR tightens AG-UI human-approval handling so that an approval response only resumes/executes the exact function call that was originally presented for review (matching on function name and canonicalized arguments), preventing argument tampering during approval.

Changes:

• Canonicalize function-call arguments and store them alongside the function name in the pending-approvals registry.
• Reject (ignore) approval responses that don’t match the pending request’s function name + canonical arguments, preserving the pending approval for a legitimate retry.
• Add regression tests for both agent and workflow approval flows when arguments are changed between request and response.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
python/uv.lock	Bumps azure-ai-projects dependency version in the Python lockfile.
python/packages/ag-ui/tests/ag_ui/test_workflow_run.py	Adds workflow-stream regression test ensuring argument-mismatched approvals don’t resume execution.
python/packages/ag-ui/tests/ag_ui/test_agent_wrapper_comprehensive.py	Adds agent-wrapper regression test ensuring argument-mismatched approvals don’t execute and pending approval remains.
python/packages/ag-ui/agent_framework_ag_ui/_workflow_run.py	Adds approval response matching for workflow interrupt/resume response coercion.
python/packages/ag-ui/agent_framework_ag_ui/_utils.py	Introduces canonical argument serialization helper for stable comparison.
python/packages/ag-ui/agent_framework_ag_ui/_agent_run.py	Extends pending approval tracking to include canonical arguments and enforces argument match on approval responses.

Comments suppressed due to low confidence (1)

python/packages/ag-ui/agent_framework_ag_ui/_agent_run.py:461

• The pending_approvals parameter docstring is now inaccurate: the registry values are no longer just function names (they can include canonicalized arguments). This mismatch can mislead future edits and reviewers.

    pending_approvals: dict[str, _PendingApprovalEntry] | None = None,
    thread_id: str = "",
) -> list[Content]:
    """Execute approved function calls and replace approval content with results.