.NET: Add shell support to the HarnessAgent (#6005)

* Add shell support to the HarnessAgent

* Address PR comments

* Address PR comments
This commit is contained in:
westey
2026-05-21 18:25:33 +01:00
committed by GitHub
Unverified
parent 46ed66cfd5
commit bda40ba0e1
9 changed files with 208 additions and 8 deletions
@@ -6,6 +6,9 @@ using System.Diagnostics.CodeAnalysis;
using System.IO;
using System.Linq;
using Microsoft.Agents.AI.Compaction;
#if NET
using Microsoft.Agents.AI.Tools.Shell;
#endif
using Microsoft.Extensions.AI;
using Microsoft.Shared.DiagnosticIds;
using Microsoft.Shared.Diagnostics;
@@ -201,6 +204,14 @@ public sealed class HarnessAgent : DelegatingAIAgent
result.Tools.Add(new HostedWebSearchTool());
}
#if NET
if (options?.ShellExecutor is ShellExecutor shellExecutor)
{
result.Tools ??= [];
result.Tools.Add(shellExecutor.AsAIFunction());
}
#endif
return result;
}
@@ -259,6 +270,13 @@ public sealed class HarnessAgent : DelegatingAIAgent
}
}
#if NET
if (options?.ShellExecutor is ShellExecutor shellExecutor)
{
providers.Add(new ShellEnvironmentProvider(shellExecutor, options.ShellEnvironmentProviderOptions));
}
#endif
if (options?.AIContextProviders is IEnumerable<AIContextProvider> userProviders)
{
providers.AddRange(userProviders);
@@ -2,6 +2,9 @@
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
#if NET
using Microsoft.Agents.AI.Tools.Shell;
#endif
using Microsoft.Extensions.AI;
using Microsoft.Shared.DiagnosticIds;
@@ -240,4 +243,27 @@ public sealed class HarnessAgentOptions
/// This property is ignored when <see cref="BackgroundAgents"/> is <see langword="null"/> or empty.
/// </remarks>
public BackgroundAgentsProviderOptions? BackgroundAgentsProviderOptions { get; set; }
#if NET
/// <summary>
/// Gets or sets the shell executor used to enable shell tool and environment probing via <see cref="ShellEnvironmentProvider"/>.
/// </summary>
/// <remarks>
/// When non-null, a <see cref="ShellEnvironmentProvider"/> is automatically included in the agent's context
/// providers (injecting OS/shell/CWD information into the system prompt), and the executor's
/// <see cref="ShellExecutor.AsAIFunction"/> is registered as a callable tool.
/// When <see langword="null"/> (the default), no shell features are enabled.
/// </remarks>
public ShellExecutor? ShellExecutor { get; set; }
/// <summary>
/// Gets or sets optional configuration for the <see cref="ShellEnvironmentProvider"/>.
/// </summary>
/// <remarks>
/// Use this to customize which tools are probed, the probe timeout, shell family override,
/// or the instructions formatter.
/// This property is ignored when <see cref="ShellExecutor"/> is <see langword="null"/>.
/// </remarks>
public ShellEnvironmentProviderOptions? ShellEnvironmentProviderOptions { get; set; }
#endif
}
@@ -15,6 +15,10 @@
<ProjectReference Include="..\Microsoft.Agents.AI\Microsoft.Agents.AI.csproj" />
</ItemGroup>
<ItemGroup Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">
<ProjectReference Include="..\Microsoft.Agents.AI.Tools.Shell\Microsoft.Agents.AI.Tools.Shell.csproj" />
</ItemGroup>
<PropertyGroup>
<!-- NuGet Package Settings -->
<Title>Microsoft Agent Framework Harness</Title>
@@ -248,7 +248,7 @@ public sealed class DockerShellExecutor : ShellExecutor
/// Build the AIFunction for this tool.
/// </summary>
/// <remarks>
/// When <paramref name="requireApproval"/> is <see langword="null"/>
/// When <paramref name="requireApproval"/> is <see langword="true"/>
/// (the default), the returned function is wrapped in
/// <see cref="ApprovalRequiredAIFunction"/>. The caller must
/// explicitly pass <see langword="false"/> to opt out of approval
@@ -259,14 +259,12 @@ public sealed class DockerShellExecutor : ShellExecutor
/// <param name="name">Function name surfaced to the model.</param>
/// <param name="description">Function description for the model.</param>
/// <param name="requireApproval">
/// <see langword="true"/> or <see langword="null"/> (the default)
/// wraps the function in <see cref="ApprovalRequiredAIFunction"/>;
/// <see langword="true"/> (the default) wraps the function in
/// <see cref="ApprovalRequiredAIFunction"/>;
/// <see langword="false"/> opts out and returns the raw function.
/// </param>
public AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool? requireApproval = null)
public override AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true)
{
var effectiveRequireApproval = requireApproval ?? true;
description ??=
"Execute a single shell command inside an isolated Docker container and return its " +
"stdout, stderr, and exit code. The container has no network, no host filesystem access " +
@@ -292,7 +290,7 @@ public sealed class DockerShellExecutor : ShellExecutor
},
new AIFunctionFactoryOptions { Name = name, Description = description });
return effectiveRequireApproval ? new ApprovalRequiredAIFunction(fn) : fn;
return requireApproval ? new ApprovalRequiredAIFunction(fn) : fn;
}
/// <summary>
@@ -325,7 +325,7 @@ public sealed class LocalShellExecutor : ShellExecutor
/// container where the tool itself is the boundary).
/// </param>
/// <returns>An <see cref="AIFunction"/> wrapping <see cref="RunAsync"/>.</returns>
public AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true)
public override AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true)
{
if (!requireApproval && !this._acknowledgeUnsafe)
{
@@ -3,6 +3,7 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.AI;
namespace Microsoft.Agents.AI.Tools.Shell;
@@ -65,6 +66,20 @@ public abstract class ShellExecutor : IAsyncDisposable
/// <param name="cancellationToken">Cancellation token.</param>
public abstract Task<ShellResult> RunAsync(string command, CancellationToken cancellationToken = default);
/// <summary>
/// Build an <see cref="AIFunction"/> bound to this executor, suitable for
/// registering with an agent as a callable tool.
/// </summary>
/// <param name="name">Function name visible to the model.</param>
/// <param name="description">Function description for the model.</param>
/// <param name="requireApproval">
/// When <see langword="true"/> (the default), wraps the function in
/// <see cref="ApprovalRequiredAIFunction"/> so every invocation requires
/// explicit user approval before executing.
/// </param>
/// <returns>An <see cref="AIFunction"/> wrapping <see cref="RunAsync"/>.</returns>
public abstract AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true);
/// <inheritdoc />
public abstract ValueTask DisposeAsync();
}
@@ -1,6 +1,9 @@
// Copyright (c) Microsoft. All rights reserved.
using Moq;
#if NET
using Microsoft.Agents.AI.Tools.Shell;
#endif
namespace Microsoft.Agents.AI.UnitTests;
@@ -39,6 +42,10 @@ public class HarnessAgentOptionsTests
Assert.Null(options.AgentSkillsSource);
Assert.Null(options.BackgroundAgents);
Assert.Null(options.BackgroundAgentsProviderOptions);
#if NET
Assert.Null(options.ShellExecutor);
Assert.Null(options.ShellEnvironmentProviderOptions);
#endif
}
/// <summary>
@@ -56,6 +63,10 @@ public class HarnessAgentOptionsTests
var skillsSource = new Mock<AgentSkillsSource>().Object;
var backgroundAgents = new AIAgent[] { new Mock<AIAgent>().Object };
var backgroundAgentsOptions = new BackgroundAgentsProviderOptions();
#if NET
var shellExecutor = new Mock<ShellExecutor>().Object;
var shellEnvOptions = new ShellEnvironmentProviderOptions();
#endif
// Act
var options = new HarnessAgentOptions
@@ -83,6 +94,10 @@ public class HarnessAgentOptionsTests
OpenTelemetrySourceName = "custom-source",
BackgroundAgents = backgroundAgents,
BackgroundAgentsProviderOptions = backgroundAgentsOptions,
#if NET
ShellExecutor = shellExecutor,
ShellEnvironmentProviderOptions = shellEnvOptions,
#endif
};
// Assert
@@ -111,5 +126,9 @@ public class HarnessAgentOptionsTests
Assert.Equal("custom-source", options.OpenTelemetrySourceName);
Assert.Same(backgroundAgents, options.BackgroundAgents);
Assert.Same(backgroundAgentsOptions, options.BackgroundAgentsProviderOptions);
#if NET
Assert.Same(shellExecutor, options.ShellExecutor);
Assert.Same(shellEnvOptions, options.ShellEnvironmentProviderOptions);
#endif
}
}
@@ -5,6 +5,9 @@ using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
#if NET
using Microsoft.Agents.AI.Tools.Shell;
#endif
using Microsoft.Extensions.AI;
using Moq;
@@ -1347,4 +1350,114 @@ public class HarnessAgentTests
}
#endregion
#if NET
#region Feature: ShellEnvironmentProvider
/// <summary>
/// Verify that ShellEnvironmentProvider is included when ShellExecutor is provided.
/// </summary>
[Fact]
public void ShellEnvironmentProvider_IncludedWhenExecutorProvided()
{
// Arrange
var chatClient = new Mock<IChatClient>().Object;
var executorMock = new Mock<ShellExecutor>();
executorMock.Setup(e => e.AsAIFunction(It.IsAny<string>(), It.IsAny<string?>(), It.IsAny<bool>()))
.Returns(AIFunctionFactory.Create(() => "test", "run_shell"));
var options = CreateAllDisabledOptions();
options.ShellExecutor = executorMock.Object;
// Act
var agent = new HarnessAgent(chatClient, TestMaxContextWindowTokens, TestMaxOutputTokens, options);
var innerAgent = agent.GetService<ChatClientAgent>();
// Assert
Assert.NotNull(innerAgent?.AIContextProviders);
Assert.Contains(innerAgent!.AIContextProviders!, p => p is ShellEnvironmentProvider);
}
/// <summary>
/// Verify that ShellEnvironmentProvider is not included when ShellExecutor is null.
/// </summary>
[Fact]
public void ShellEnvironmentProvider_ExcludedWhenExecutorNull()
{
// Arrange
var chatClient = new Mock<IChatClient>().Object;
var options = CreateAllDisabledOptions();
options.ShellExecutor = null;
// Act
var agent = new HarnessAgent(chatClient, TestMaxContextWindowTokens, TestMaxOutputTokens, options);
var innerAgent = agent.GetService<ChatClientAgent>();
// Assert
Assert.NotNull(innerAgent);
Assert.NotNull(innerAgent!.AIContextProviders);
Assert.DoesNotContain(innerAgent.AIContextProviders!, p => p is ShellEnvironmentProvider);
}
/// <summary>
/// Verify that the shell tool AIFunction is added to ChatOptions.Tools when ShellExecutor is provided.
/// </summary>
[Fact]
public async Task ShellExecutor_ToolAddedToChatOptionsAsync()
{
// Arrange
ChatOptions? capturedOptions = null;
var chatClientMock = new Mock<IChatClient>();
chatClientMock
.Setup(c => c.GetResponseAsync(It.IsAny<IEnumerable<ChatMessage>>(), It.IsAny<ChatOptions>(), It.IsAny<CancellationToken>()))
.Callback<IEnumerable<ChatMessage>, ChatOptions?, CancellationToken>((_, opts, _) => capturedOptions = opts)
.ReturnsAsync(new ChatResponse(new ChatMessage(ChatRole.Assistant, "done")));
var executorMock = new Mock<ShellExecutor>();
executorMock.Setup(e => e.AsAIFunction(It.IsAny<string>(), It.IsAny<string?>(), It.IsAny<bool>()))
.Returns(AIFunctionFactory.Create(() => "shell output", "run_shell"));
var options = CreateAllDisabledOptions();
options.DisableWebSearch = true;
options.ShellExecutor = executorMock.Object;
// Act
var agent = new HarnessAgent(chatClientMock.Object, TestMaxContextWindowTokens, TestMaxOutputTokens, options);
var session = await agent.CreateSessionAsync();
await agent.RunAsync([new ChatMessage(ChatRole.User, "Hi")], session);
// Assert — the shell tool should be present
Assert.NotNull(capturedOptions?.Tools);
Assert.Contains(capturedOptions!.Tools!, t => t is AIFunction f && f.Name == "run_shell");
}
/// <summary>
/// Verify that ShellEnvironmentProvider is present when ShellEnvironmentProviderOptions is also specified.
/// </summary>
[Fact]
public void ShellEnvironmentProvider_PresentWhenOptionsProvided()
{
// Arrange
var chatClient = new Mock<IChatClient>().Object;
var executorMock = new Mock<ShellExecutor>();
executorMock.Setup(e => e.AsAIFunction(It.IsAny<string>(), It.IsAny<string?>(), It.IsAny<bool>()))
.Returns(AIFunctionFactory.Create(() => "test", "run_shell"));
var envOptions = new ShellEnvironmentProviderOptions
{
ProbeTools = ["git", "python"],
};
var options = CreateAllDisabledOptions();
options.ShellExecutor = executorMock.Object;
options.ShellEnvironmentProviderOptions = envOptions;
// Act
var agent = new HarnessAgent(chatClient, TestMaxContextWindowTokens, TestMaxOutputTokens, options);
var innerAgent = agent.GetService<ChatClientAgent>();
// Assert — provider should exist (options wiring is validated by the provider's behavior)
Assert.NotNull(innerAgent?.AIContextProviders);
Assert.Contains(innerAgent!.AIContextProviders!, p => p is ShellEnvironmentProvider);
}
#endregion
#endif
}
@@ -6,6 +6,7 @@ using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.AI;
namespace Microsoft.Agents.AI.Tools.Shell.UnitTests;
@@ -226,6 +227,8 @@ public sealed class ShellEnvironmentProviderTests
public override Task InitializeAsync(CancellationToken cancellationToken = default) => Task.CompletedTask;
public override Task<ShellResult> RunAsync(string command, CancellationToken cancellationToken = default) =>
Task.FromResult(this.Responses.Dequeue());
public override AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true) =>
throw new NotSupportedException();
public override ValueTask DisposeAsync() => default;
}
@@ -280,6 +283,8 @@ public sealed class ShellEnvironmentProviderTests
public override Task InitializeAsync(CancellationToken cancellationToken = default) => Task.CompletedTask;
public override Task<ShellResult> RunAsync(string command, CancellationToken cancellationToken = default) =>
Task.FromResult(this._factory(cancellationToken));
public override AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true) =>
throw new NotSupportedException();
public override ValueTask DisposeAsync() => default;
}
@@ -372,6 +377,8 @@ public sealed class ShellEnvironmentProviderTests
this.RunCount++;
return Task.FromResult(this.NextResult);
}
public override AIFunction AsAIFunction(string name = "run_shell", string? description = null, bool requireApproval = true) =>
throw new NotSupportedException();
public override ValueTask DisposeAsync() => default;
}
}