Skip to content

.NET: [BREAKING] Fix FileSystemJsonCheckpointStore support for sessionIds with path-forbidden or special characters#4730

Open
lokitoth wants to merge 1 commit intomainfrom
dev/dotnet_workflow/fix_file_checkpointstore_paths
Open

.NET: [BREAKING] Fix FileSystemJsonCheckpointStore support for sessionIds with path-forbidden or special characters#4730
lokitoth wants to merge 1 commit intomainfrom
dev/dotnet_workflow/fix_file_checkpointstore_paths

Conversation

@lokitoth
Copy link
Member

@lokitoth lokitoth commented Mar 16, 2026
edited
Loading

Motivation and Context

The sessionId, an optional parameter when starting a new session when running a workflow is an arbitrary string. This allows consumers to support whatever ids are needed by other systems, but can result in errors when an OS special or forbidden character is included.

Description

The fix is to escape the paths, in a 1:1 manner. We rely on Uri.EscapeDataString to do this. This is a potential breaking change if users created sessionIds containing DataString-encoded characters.

  • [BREAKING] Also modifies the index file to make it easier to determine what the name of the file on disk is for a given sessionId.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • The PR follows the Contribution Guidelines
  • All unit tests pass, and I have added new tests where possible
  • Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

Copilot AI review requested due to automatic review settings March 16, 2026 16:00
@markwallace-microsoft markwallace-microsoft added .NET workflows Related to Workflows in agent-framework labels Mar 16, 2026
@lokitoth lokitoth moved this to In Review in Agent Framework Mar 16, 2026
@lokitoth lokitoth added the breaking change Introduces changes that are not backward compatible and may require updates to dependent code. label Mar 16, 2026
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the .NET workflows file-system checkpoint store to safely persist checkpoints when sessionId contains path-forbidden/special characters by encoding the on-disk file name, and adjusts the persisted index format accordingly.

Changes:

  • Encode checkpoint file names derived from sessionId/checkpointId to avoid invalid paths and directory traversal.
  • Change index.jsonl entries to include both CheckpointInfo and the corresponding on-disk file name.
  • Add/extend unit tests covering invalid/path traversal characters in sessionId.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
dotnet/src/Microsoft.Agents.AI.Workflows/Checkpointing/FileSystemJsonCheckpointStore.cs Escapes checkpoint file names and writes a richer index entry format.
dotnet/src/Microsoft.Agents.AI.Workflows/WorkflowsJsonUtilities.cs Adds source-gen JSON metadata for the new index entry type.
dotnet/tests/Microsoft.Agents.AI.Workflows.UnitTests/FileSystemJsonCheckpointStoreTests.cs Adds temp-dir helper and new tests for escaping/path traversal scenarios.

You can also share your feedback on Copilot code review. Take the survey.

@lokitoth lokitoth force-pushed the dev/dotnet_workflow/fix_file_checkpointstore_paths branch from 5498b79 to 8d54402 Compare March 19, 2026 13:48
@lokitoth
fix: FS Checkpoint storage special character support
b66c61e 
The `sessionId`, an optional parameter when starting a new session when
running a workflow is an arbitrary string. This allows consumers to
support whatever ids are needed by other systems, but can result in
errors when an OS special or forbidden character is included.

The fix is to escape the paths, in a 1:1 manner. We rely on
EncodeDataString to do this.

* Also modifies the index file to make it easier to determine what the
  name of the file on disk is for a given `sessionId`.
@lokitoth lokitoth force-pushed the dev/dotnet_workflow/fix_file_checkpointstore_paths branch from 8d54402 to b66c61e Compare March 19, 2026 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

breaking change Introduces changes that are not backward compatible and may require updates to dependent code. .NET workflows Related to Workflows in agent-framework

Projects

Agent Framework
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lokitoth @markwallace-microsoft