From 606d82a5a8deb9eb90c2f9d6e4e213fffb4b5a0c Mon Sep 17 00:00:00 2001
From: Nick Tindle <nick@ntindle.com>
Date: Thu, 5 Feb 2026 22:55:46 -0600
Subject: [PATCH] refactor: remove redundant virus scan from
 WriteWorkspaceFileTool

WorkspaceManager.write_file() now handles scanning, so tools don't need to.
---
 .../api/features/chat/tools/workspace_files.py  |  4 ----
 docs/platform/workspace-media-architecture.md   | 17 +++++------------
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py b/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py
index 03532c8fee..880452b41a 100644
--- a/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py
@@ -9,7 +9,6 @@ from pydantic import BaseModel
 from backend.api.features.chat.model import ChatSession
 from backend.data.workspace import get_or_create_workspace
 from backend.util.settings import Config
-from backend.util.virus_scanner import scan_content_safe
 from backend.util.workspace import WorkspaceManager
 
 from .base import BaseTool
@@ -475,9 +474,6 @@ class WriteWorkspaceFileTool(BaseTool):
             )
 
         try:
-            # Virus scan
-            await scan_content_safe(content, filename=filename)
-
             workspace = await get_or_create_workspace(user_id)
             # Pass session_id for session-scoped file access
             manager = WorkspaceManager(user_id, workspace.id, session_id)
diff --git a/docs/platform/workspace-media-architecture.md b/docs/platform/workspace-media-architecture.md
index e236359e2a..6594b04010 100644
--- a/docs/platform/workspace-media-architecture.md
+++ b/docs/platform/workspace-media-architecture.md
@@ -197,16 +197,12 @@ output = await store_media_file(
 |-----------|--------|-------|
 | `store_media_file()` | ✅ Yes | Scans **all** content before writing to local disk |
 | `WorkspaceManager.write_file()` | ✅ Yes | Scans content before persisting |
-| `WriteWorkspaceFileTool` | ✅ Yes | Scans before calling WorkspaceManager (fail fast) |
 
-**Scanning happens at multiple layers:**
-1. `store_media_file()` scans everything it downloads/decodes
-2. CoPilot tools (e.g., `WriteWorkspaceFileTool`) scan for early rejection
-3. `WorkspaceManager.write_file()` scans before persistence
+**Scanning happens at:**
+1. `store_media_file()` — scans everything it downloads/decodes
+2. `WorkspaceManager.write_file()` — scans before persistence
 
-**Note on double scanning:** Some paths (like `WriteWorkspaceFileTool`) will scan twice — once at the tool layer and once in `WorkspaceManager.write_file()`. This is intentional:
-- **First scan (tool layer):** Fail fast, reject bad content early
-- **Second scan (persistence layer):** Catches any caller that skipped scanning
+Tools like `WriteWorkspaceFileTool` don't need to scan because `WorkspaceManager.write_file()` handles it.
 
 ### Persistence
 
@@ -305,10 +301,7 @@ async def run(self, input_data, *, execution_context, **kwargs):
 async def upload_file(file: UploadFile, user_id: str, workspace_id: str):
     content = await file.read()
     
-    # Optional: scan early for faster rejection (write_file also scans)
-    await scan_content_safe(content, filename=file.filename)
-    
-    # Store in workspace (includes virus scan)
+    # write_file handles virus scanning
     manager = WorkspaceManager(user_id, workspace_id)
     workspace_file = await manager.write_file(
         content=content,