Commit Graph

2009 Commits

  • fix: JSON Serialization issue with MultiPartyConversation
    When MultiPartyConversation gets saved during checkpointing, the data for the chat history is not persisted, resulting in failures to deserialize after. The fix is to make the history visible to the source generated serialization code.
  • .NET: Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration (.NET) (#5329)
    * Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration
    
    Introduces a new Microsoft.Agents.AI.Hyperlight package that enables CodeAct-style sandboxed code execution via Hyperlight (hyperlight-sandbox .NET SDK, PR #46) for .NET agents, following the docs/features/code_act/dotnet-implementation.md design and the Python agent_framework_hyperlight reference.
    
    Highlights:
    - HyperlightCodeActProvider (AIContextProvider): injects an execute_code tool and CodeAct guidance per invocation; single-instance-per-agent via a fixed StateKeys value; supports multiple provider-owned tools (exposed inside the sandbox via call_tool), file mounts, and an outbound domain allow-list; snapshot/restore per run.
    - HyperlightExecuteCodeFunction: standalone AIFunction for manual/static wiring when the sandbox configuration is fixed.
    - Approval model via CodeActApprovalMode (AlwaysRequire / NeverRequire) with propagation from ApprovalRequiredAIFunction-wrapped tools.
    - Unit tests (instruction builder, tool bridge, approval computation, provider CRUD, ProvideAIContextAsync snapshot isolation and approval wrapping).
    - Env-gated integration test (HYPERLIGHT_PYTHON_GUEST_PATH).
    - Three samples under samples/02-agents/AgentWithCodeAct (interpreter, tool-enabled, manual wiring).
    
    Build is not yet runnable: requires .NET SDK 10.0.200 and the not-yet-published HyperlightSandbox.Api 0.1.0-preview NuGet package. Package is marked IsPackable=false until the dependency is available.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5329 review feedback for Hyperlight CodeAct provider
    
    - A. Build-breakers: drop unused usings, override test TargetFrameworks
      off net472, drop redundant Microsoft.Extensions.AI.Abstractions PackageRef.
    - B. API: keep CRUD but rebuild sandbox when config fingerprint changes;
      add HyperlightCodeActProviderOptions.CreateForWasm/CreateForJavaScript
      factory methods (Backend/ModulePath now read-only); rename WorkspaceRoot
      to HostInputDirectory; convert AllowedDomain & FileMount from record to
      sealed class; drop ToolBridge.Unwrap (ApprovalRequiredAIFunction is
      invocable as-is).
    - C. ToolBridge: collapse SerializeResult switch; add comment explaining
      AOT-driven choice to keep JsonNode.Parse over typed Deserialize.
    - D. InstructionBuilder: drop language-specific 'Python code' phrasing;
      strip host filesystem paths from execute_code description.
    - E. Style polish: ternary expression-body for ComputeApprovalRequired,
      .Where(x is not null), .ToList() over .ToArray() in IReadOnlyList
      returns.
    - F. Samples: add guest-module / KVM-WHP build instructions to Step01;
      note future Excel-upload sample in Step02.
    
    Also adds SandboxExecutorTests covering the new RunSnapshot.ComputeFingerprint
    used for sandbox-rebuild detection.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Align Hyperlight package id and JS warm-up with merged upstream SDK
    
    The .NET SDK in hyperlight-dev/hyperlight-sandbox PR #46 has merged. The
    published package id is Hyperlight.HyperlightSandbox.Api (the bare
    HyperlightSandbox.Api remains the assembly/namespace) and the reference
    CodeExecutionTool uses 'void 0;' as the JavaScript warm-up no-op. Update
    the package reference, project comment, README, and SandboxExecutor warm-up
    accordingly.
    
    No functional change beyond that — all other public APIs we depend on
    (SandboxBuilder.With*, Sandbox.Run/RegisterToolAsync/AllowDomain/Snapshot/
    Restore, ExecutionResult, SandboxBackend) match the merged shape.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Bump Hyperlight package to 0.4.0 and fix build/test issues
    
    Hyperlight.HyperlightSandbox.Api 0.4.0 is now published on nuget.org. Bump
    the version reference and address the analyzer/runtime issues that surfaced
    once restore could complete:
    
    - Add HyperlightJsonContext source-generated JsonSerializerContext for the
      execute_code result + tool error envelopes; route arbitrary AIFunction
      results through AIJsonUtilities.DefaultOptions to keep IsAotCompatible=true.
    - Replace explicit ObjectDisposedException throws with
      ObjectDisposedException.ThrowIf (CA1513).
    - Use HyperlightSandbox.Api.SandboxBackend in cref docs to disambiguate.
    - Update tests to match AIContext.Tools being IEnumerable<AITool>, drop
      ConfigureAwait(false) in xUnit test methods (xUnit1030), use collection
      expressions for AllowedDomain methods.
    - Add 'using OpenAI.Chat;' to all three samples so AsAIAgent resolves.
    - Verified: dotnet build of all four hyperlight projects + samples succeeds
      on net8/9/10; dotnet test for the unit tests passes 32/32 on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI check failures: file encoding (UTF-8 BOM + LF) and broken markdown link
    
    - Convert all new .cs/.csproj files to UTF-8 with BOM and LF line endings
      to satisfy the dotnet/.editorconfig charset/end_of_line settings
      enforced by check-format.
    - Drop unused System.Collections.Generic using in HyperlightCodeActProviderTests.
    - Add missing using Microsoft.Extensions.AI in CodeActApprovalMode.cs and
      shorten ApprovalRequiredAIFunction cref (IDE0001).
    - Fix broken README link to docs/decisions/0024-codeact-integration.md.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: AIFunction inheritance, packaging, GetService approval check
    
    - HyperlightExecuteCodeFunction now inherits AIFunction directly. The
      AsAIFunction() indirection is gone; instances are accepted anywhere an
      AIFunction is. Approval requirement is surfaced via GetService<ApprovalRequiredAIFunction>()
      which lazily exposes a wrapping ApprovalRequiredAIFunction proxy when the
      effective ApprovalMode/tool stack requires it.
    - ComputeApprovalRequired now uses GetService<ApprovalRequiredAIFunction>() so
      approval-required tools nested anywhere in the AITool decorator stack are
      detected (not just the top-most class).
    - csproj: drop IsPackable=false (ready to release with the published
      Hyperlight.HyperlightSandbox.Api 0.4.0 dependency); add PackageReadmeFile
      and pack README.md at the package root, matching the pattern used by
      Aspire.Hosting.AgentFramework.DevUI / Microsoft.Agents.AI.DurableTask.
    - Update Step03 sample and README wording to reflect direct AIFunction usage.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Core: add experimental session-mode harness context provider (#5611)
    * Python: Core: add experimental session-mode harness context provider
    
    Introduces the _harness namespace and the first context provider:
    SessionModeContextProvider, with get_session_mode / set_session_mode
    helpers and a DEFAULT_MODE_SOURCE_ID constant. Behind
    @experimental(ExperimentalFeature.HARNESS).
    
    Also folds in a small _sessions.py cleanup (try/except ImportError
    -> contextlib.suppress) touched while developing the harness.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: align session-mode harness with .NET AgentModeProvider
    
    Mirror the default mode descriptions and instruction template used
    by the .NET AgentModeProvider so the cross-language harness UX is
    consistent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on session-mode harness
    
    - json.dumps tool outputs to stay valid for arbitrary mode names
    - normalize configured mode keys (lower+strip) so custom-cased configs work
    - raise TypeError instead of silently replacing non-dict session state
    - mark get_session_mode/set_session_mode as @experimental(HARNESS)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: rename SessionModeContextProvider to AgentModeProvider
    
    Match the .NET AgentModeProvider class name for cross-language
    consistency. Helpers renamed accordingly: get_session_mode ->
    get_agent_mode, set_session_mode -> set_agent_mode. The default
    source_id is now "agent_mode". Construction pattern stays Pythonic
    (kwargs, not an options object).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address AgentModeProvider review feedback
    
    - default_mode now defaults to None and falls back to the first configured
      mode, decoupling the kwarg from the built-in 'plan'/'execute' set.
    - get_agent_mode catches ValueError when a previously persisted mode is no
      longer in available_modes and resets to the default mode (matching the
      non-string recovery branch). Added regression coverage for both behaviors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix hyperlight WasmSandbox cross-thread Drop and harden hosted-agent sample (#5603)
    * update hyperlight to beta and move samples, add hosted agent sample
    
    * Python: Fix hyperlight WasmSandbox cross-thread Drop and harden sample
    
    Root cause: when a worker-side closure raised, the exception's __traceback__
    retained frame locals that included the partially constructed PyO3 sandbox.
    Future.result() re-raised that exception on the caller thread, and when the
    caller's exception was eventually GC'd the frame locals were released
    off-thread, dec_ref'ing the unsendable sandbox from the wrong thread and
    tripping the PyO3 panic
    '_native_wasm::WasmSandbox is unsendable, but is being dropped on another thread'.
    
    Fix:
    * Add _SandboxWorker._run_on_worker which catches every exception on the
      worker, drops __traceback__ there, deletes the original exception, and
      re-raises a fresh instance on the caller thread. initialize and execute
      route through it; dispose keeps its bare-submit semantics.
    * Add an opt-in diagnostic module _drop_diagnostic (no-op unless
      HYPERLIGHT_TRACE_DROPS=1) that installs a sys.unraisablehook and dumps
      owner-thread + per-thread stacks on any future cross-thread unsendable
      Drop. Useful for triaging similar PyO3 regressions.
    * Tests: cross-thread invocation, traceback-leak isolation, _SandboxEntry
      attribute-shape check, and a stale-reference stress test driven through
      asyncio.to_thread.
    
    Sample (samples/04-hosting/foundry-hosted-agents/responses/06_hyperlight_codeact):
    * Dockerfile installs agent-framework-* from in-tree source with python/ as
      build context so unreleased fixes can be validated end-to-end.
    * call_server.py pins the Responses API version.
    * main.py enables include_detailed_errors=True so future tool failures
      surface the actual exception text instead of a bare 'Error: Function
      failed.' string.
    * README.md documents the in-tree-package build and the Hyperlight
      hypervisor requirement (/dev/kvm on Linux, MSHV on Windows). Hosted
      environments without hypervisor passthrough surface 'No Hypervisor was
      found for Sandbox'; this is a hosting constraint, not a hyperlight bug.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: remove _drop_diagnostic from hyperlight package
    
    The diagnostic module was useful while bisecting the cross-thread Drop bug,
    but it is no longer needed now that _SandboxWorker._run_on_worker prevents
    the panic at the source.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: address PR review feedback on hyperlight
    
    - Use lazy agent_framework.hyperlight import in sample main.py.
    - Env-driven endpoint (FOUNDRY_AGENT_ENDPOINT) in call_server.py; remove personal URLs.
    - Align agent.yaml model deployment with manifest (gpt-4.1-mini).
    - Tighten Dockerfile requirements guard; drop dangling deploy.ps1 reference.
    - Preserve exception args when sanitizing tracebacks in _run_on_worker.
    - Add public _SandboxWorker.is_alive(); update test to avoid private attr.
    - Add namespace coverage tests for agent_framework.hyperlight lazy loader.
    - Add prominent note: Foundry hosted-agent runtime does not yet support
      Hyperlight (no hypervisor exposed); container works locally with /dev/kvm.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: bump hyperlight-sandbox dependencies to 0.4.x
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: renumber hyperlight codeact sample to 08
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Coerce worker exception args to strings for cross-thread safety
    
    Stringify exc.args on the worker thread before propagating, so any
    PyO3 unsendable object captured in args (e.g. via a caller-supplied
    callback or underlying SDK) cannot be Dropped on the calling thread.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * moved sample
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Core: add experimental todo-list harness context provider (#5612)
    * Python: Core: add experimental todo-list harness context provider
    
    Adds TodoListContextProvider with pluggable TodoStore backends:
    TodoSessionStore (in-session) and TodoFileStore (JSONL on disk).
    Public types: TodoItem, TodoInput. Behind
    @experimental(ExperimentalFeature.HARNESS).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: align todo harness instructions with .NET TodoProvider
    
    Reformat DEFAULT_TODO_INSTRUCTIONS to mirror the .NET TodoProvider
    DefaultInstructions wording and structure, and bring the class
    docstring closer to the .NET XML <remarks> block. Keeps Python tool
    names in snake_case.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on todo harness
    
    - mark TodoStore as @experimental(HARNESS) for surface consistency
    - TodoSessionStore.load_state now raises ValueError on malformed items
    - TodoFileStore now namespaces persisted state by source_id
    - TodoFileStore now safely encodes session_id/owner and verifies path containment (matches FileHistoryProvider pattern)
    - per-(session, source_id) asyncio.Lock around read-modify-write to avoid races
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: rename TodoListContextProvider to TodoProvider
    
    Match the .NET TodoProvider class name for cross-language consistency.
    Other public types (TodoStore, TodoSessionStore, TodoFileStore,
    TodoItem, TodoInput) are unchanged. Construction stays Pythonic
    (kwargs, not an options object).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address TodoProvider review feedback
    
    - TodoStore.load_state/save_state are now async; TodoFileStore performs
      disk I/O via asyncio.to_thread so the event loop is no longer blocked
      while the per-session mutation lock is held.
    - TodoSessionStore now raises ValueError for malformed top-level state
      (non-dict / non-list 'items' / non-int 'next_id') to match the
      TodoFileStore contract instead of silently re-defaulting.
    - Both stores now clamp next_id to max(item.id) + 1 after load to make
      ID collisions impossible after recovery or reconfiguration.
    - TodoFileStore writes atomically by writing a sibling temp file and
      os.replace-ing it so a crash mid-write cannot truncate the state file.
    - TodoFileStore.load_state no longer creates parent directories for
      sessions that never write; mkdir is deferred to save_state.
    - TodoProvider mutation locks now live in a weakref.WeakKeyDictionary
      keyed by AgentSession, so locks for GC'd sessions are evicted instead
      of leaking in long-running services.
    
    Tests cover each change including a TodoFileStore-backed end-to-end
    provider flow, atomic-write recovery, and lock GC eviction.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix incorrect workflow timings in DevUI by adding created_at to executor events (#5615)
    * fix(devui): add created_at to custom output item events for correct workflow timings (#5545)
    
    CustomResponseOutputItemAddedEvent and CustomResponseOutputItemDoneEvent lacked a
    created_at field, causing the frontend to synthesize timestamps using integer-second
    precision with a forced +1s minimum gap between events. This made instant workflows
    appear to take 3+ seconds in the DevUI timeline.
    
    Fix:
    - Add optional created_at: float | None field to both custom event models
    - Populate created_at=float(time.time()) in the mapper for executor_invoked,
      executor_completed, and executor_failed events
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(devui): use event created_at for accurate workflow timeline timings
    
    workflow-view.tsx synthesized _uiTimestamp using Math.max(baseTimestamp,
    lastTimestamp + 1) with integer-second precision, forcing a minimum 1-second
    gap between every sequential event. This made instant workflows appear to take
    several seconds in the DevUI timeline.
    
    The fix prefers event.created_at (a float Unix timestamp populated by the
    backend mapper for all executor events) and only falls back to the synthetic
    timestamp when created_at is absent. This matches the pattern already used in
    devuiStore.ts:addDebugEvent.
    
    Added a regression test in test_mapper.py verifying that the mapper attaches
    created_at to all executor lifecycle events (invoked, completed, failed).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(devui): address review feedback for issue #5545
    
    - Read data.timestamp (ISO string) and response.created_at in addition
      to top-level created_at when deriving _uiTimestamp, so
      response.workflow_event.completed events get a real server timestamp
      instead of a synthesized one
    - Change uniqueTimestamp tiebreaker: when a real server timestamp is
      available use Math.max(eventTimestamp, lastTimestamp) rather than
      lastTimestamp + 1, eliminating artificial 1-second gaps while still
      preserving monotonic ordering
    - Apply the same fix in the HIL streaming path (second setOpenAIEvents
      call in workflow-view.tsx)
    - Add assert event.created_at > 0 to regression test to guard against
      zero or negative timestamps
    - Add test_custom_output_item_event_models_have_created_at_field model-
      level test so removing the field produces a clear named failure rather
      than a downstream ValidationError
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(#5545): guard NaN timestamps, fix fallback ID uniqueness, add regression tests
    
    - workflow-view.tsx (×2): Wrap data.timestamp ISO→number conversion in a
      Number.isFinite() guard.  Python's datetime.now().isoformat() emits
      microseconds without a trailing 'Z' (e.g. '2024-01-15T12:34:56.123456'),
      which some JS engines cannot parse, returning NaN.  NaN !== undefined is
      true so the eventTimestamp !== undefined guard did not catch it, poisoning
      _uiTimestamp and resetting the monotonic ordering seed (NaN || 0 → 0).
    
    - execution-timeline.tsx: Replace uiTimestamp in the fallback syntheticItemId
      with the per-executor runNumber counter.  Two runs of the same executor
      within the same second previously received identical _uiTimestamp values
      and therefore identical syntheticItemIds, causing their output buckets,
      state, and run entries to collide (execution-timeline.tsx:360–408).
    
    - Add missing test_workflow_timings_bug.py source file (only a stale .pyc
      existed).  Three regression tests:
        · test_custom_event_models_lack_created_at_field – model field guard
        · test_workflow_executor_events_lack_created_at – mapper populates created_at
        · test_rapid_workflow_events_have_no_top_level_timestamps – confirms
          data.timestamp format that requires the frontend NaN guard
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5545: Python: [Bug]: Workflow timings in DevUI are incorrect
    
    * devui: move timing regression tests into test_mapper.py, remove dedicated bug file
    
    - Delete test_workflow_timings_bug.py; tests belong in existing module files
    - The two tests already present in test_mapper.py (test_executor_events_carry_created_at_timestamp
      and test_custom_output_item_event_models_have_created_at_field) cover the same ground as the
      first two tests in the deleted file
    - Add test_executor_completed_maps_to_output_item_done_event to test_mapper.py, replacing the
      third test from the deleted file with a generic, issue-agnostic name and docstring
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5545: review comment fixes
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • docs: enhance README with 1.0 features and improved structure (#5534)
    * docs: enhance README with 1.0 features and improved structure
    
    - Add GitHub star badge button for easier community engagement
    - Reorganize highlights to emphasize Foundry Hosted Agents, Agent Skills, and Orchestration Patterns
    - Add CodeAct callout in AF Labs experimental features
    - Improve Community & Feedback section with clearer call-to-action structure
    - Add Table of Contents for better navigation
    - Fix 'quickstar' typo to 'quickstart'
    - Reorder sections for improved readability (docs before code examples)
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * docs: fix .NET quickstart description to match JokerAgent code
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a0616215-1b8a-44ea-9a35-3ef33b97bdce
    
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    
    * docs: add required NuGet packages for .NET Foundry quickstart
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a035ce2c-e2e0-4b8d-b340-550704220975
    
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    
    * docs: sync and apply local README changes
    
    * Update README.md
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
    
    * docs: remove emojis from README
    
    * docs: refine README intro paragraph
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: Add hosted agent sample with observability (#5608)
    * Add hosted agent sample with observability
    
    * Address comments
    
    * Remove unneeded changes
    
    * Update README
  • .NET: Hosting updates to declarative workflows (#5589)
    * Make DeclarativeWorkflowExecutor ChatProtocol-compatible for AsAIAgent hosting
    
    Extends the existing DeclarativeWorkflowExecutor<TInput> root executor with
    additional ChatProtocol-compatible input routes (string, ChatMessage,
    IEnumerable<ChatMessage>, ChatMessage[], TurnToken) so that workflows built
    via DeclarativeWorkflowBuilder.Build<TInput>(...) work both for direct
    invocation and when hosted via Workflow.AsAIAgent(...).
    
    - Each input message advances the declarative graph immediately; the
      TurnToken that the host sends after the message batch is treated as a
      no-op since the message has already been processed.
    - Conversation id resolution now prefers persisted workflow system state,
      then DeclarativeWorkflowOptions.ConversationId, then a newly created
      conversation. This makes multi-turn invocations reuse the prior
      conversation rather than creating a fresh one each turn.
    - The separate DeclarativeChatProtocolStartExecutor and
      DeclarativeWorkflowBuilder.BuildChatProtocol overloads introduced
      earlier are removed; callers continue to use Build<TInput>(...).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: use DeclarativeWorkflowContext when reading workflow conversation id
    
    GetWorkflowConversation() requires a DeclarativeWorkflowContext (it calls ReadState which dynamic-casts via the DeclarativeContext helper). The chat-protocol auxiliary handlers receive a BoundWorkflowContext, so calling the extension on the raw IWorkflowContext throws `Invalid workflow context: BoundWorkflowContext`. Use the wrapped declarativeContext that we already constructed.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: surface ExecutorFailedEvent as ErrorContent in AsAIAgent response
    
    WorkflowSession.InvokeStageAsync only converted WorkflowErrorEvent into an ErrorContent payload. ExecutorFailedEvent fell through to the default branch which emits an empty AgentResponseUpdate carrying the event in RawRepresentation. OutputConverter then mapped that to a workflow_action item with status=failed and dropped the exception entirely, so callers got status=completed and error=null even when an executor threw.
    
    - WorkflowSession.cs: add ExecutorFailedEvent case mirroring WorkflowErrorEvent. Honors _includeExceptionDetails.
    
    - OutputConverter.cs: when an update carries both a WorkflowEvent in RawRepresentation and non-empty Contents, fall through to content processing so the unwrapped error (or any future content payload from a workflow event) is actually emitted.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * improve: walk inner exceptions when surfacing ExecutorFailedEvent
    
    DeclarativeActionExecutor wraps inner exceptions in DeclarativeActionException with a generic `Unhandled workflow failure` message, hiding the real cause. Walk InnerException so the response shows the full chain (e.g. the underlying HTTP 400 / auth error).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Surface declarative SendActivity output as chat content
    
    SendActivityExecutor now emits AgentResponseEvent in addition to
    MessageActivityEvent so chat protocols (e.g. AsAIAgent) receive the
    formatted activity text. The existing MessageActivityEvent is preserved
    for DevUI/observability.
    
    Also extend WorkflowSession.WorkflowOutputEvent handling to accept
    AgentResponse payloads, mapping them to their constituent ChatMessages.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Persist hosted-agent sessions to disk; fix System.LastMessageText
    
    Adds FileSystemAgentSessionStore that writes the serialized AgentSession JSON
    
    (which already embeds the workflow's in-memory checkpoint manager) to a per-
    
    conversation file under /.checkpoints when running in a Foundry hosted env
    
    or {cwd}/.checkpoints locally. Mirrors the python foundry_hosting._responses
    
    FileCheckpointStorage pattern so multi-turn workflow state survives process
    
    restarts without requiring callers to wire up storage themselves.
    
    AddFoundryResponses now defaults to FileSystemAgentSessionStore.CreateDefault()
    
    instead of InMemoryAgentSessionStore; callers can still override via DI.
    
    Also fixes {System.LastMessageText} resolving empty: DeclarativeWorkflowExecutor
    
    .AdvanceAsync was passing the message rehydrated from CreateMessageAsync to
    
    SetLastMessageAsync, but ResponseItem -> ChatMessage round-trip drops the .Text
    
    extension content. Use the original input ChatMessage (which still has the
    
    user-supplied text) and copy the server-assigned MessageId across when present.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Close multi-modal input parity gaps with python foundry_hosting
    
    InputConverter now mirrors the python _responses.py content handling:
    
    - ComputerScreenshotContent maps to UriContent/HostedFileContent (was dropped).
    
    - Plain TextContent and SummaryTextContent map to MEAI TextContent.
    
    - MessageContentReasoningTextContent maps to MEAI TextReasoningContent.
    
    - input_file with text/* file_data data URIs is decoded inline into
    
      TextContent with a [File: name] prefix, matching python _convert_file_data
    
      so {System.LastMessageText} surfaces the file body. Non-text data URIs and
    
      hosted/url file references preserve filename as AdditionalProperties.
    
    Image/file extraction logic is extracted into shared AppendImageContent and
    
    AppendFileContent helpers used by both the fresh-input and history-replay
    
    switches. Existing 37 InputConverter tests still pass.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Foundry hosting: round-trip tool-approval (HITL) content as mcp_approval_request/response
    
    Closes the gap where Microsoft.Agents.AI.Foundry.Hosting silently dropped
    MEAI ToolApprovalRequestContent/ToolApprovalResponseContent in both
    directions. We now serialize them onto the wire as the standard Responses
    API mcp_approval_request/mcp_approval_response items with
    server_label='agent_framework', and parse the symmetric inbound shapes
    back into MEAI content.
    
    Wire format:
    - The Responses API only standardizes mcp_approval_* as the approval
      primitive. We declare AF as a virtual MCP server via the server_label
      field, which is honest for AF's server-side tool-call holding pattern.
    - The SDK enforces a strict {prefix}_{50hex} wire-id format, so we hash
      the AF RequestId and persist a wireId<->afRequestId mapping in
      AgentSession.StateBag so a later mcp_approval_response can be matched
      back to the originating workflow request.
    
    Coexists with the existing ConsentAwareMcpClientAIFunction flow
    (AgentFrameworkResponseHandler.cs) which emits mcp_approval_request from
    a side-channel, not via OutputConverter's content switch.
    
    Known follow-up: python (foundry_hosting/_responses.py) has the same
    output-side gap (ToolApprovalRequestContent emission). Out of scope here.
    
    Tests: +9 unit tests covering both fresh-input and history-replay shapes,
    StateBag mapping resolution, and the non-FunctionCallContent skip path.
    Existing 108 converter tests still pass; full suite 370/370.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review feedback for hosted-declarative-dotnet
    
    FileSystemAgentSessionStore reliability/scoping:
    
    - Bound Sanitize() stackalloc at 256 chars, fall back to ArrayPool for longer ids so a long conversationId can no longer crash the hosting process with StackOverflowException.
    
    - Use a Guid-suffixed temp file (\{path}.{guid}.tmp\) so concurrent SaveSessionAsync calls on the same conversation can no longer race on the same temp file. Best-effort temp cleanup on failure.
    
    - Bucket session files by agent.Name when set so two keyed agents that happen to share a conversationId no longer overwrite each other's persisted state. Single-agent / unnamed-agent cases keep the original flat layout (Python parity).
    
    DeclarativeWorkflowExecutor chat-protocol routing:
    
    - ConfigureChatProtocolRoutes uses IsAssignableFrom rather than exact type equality so a broader TInput (object, base interfaces) does not have its inherited inputTransform shadowed by handlers we register here.
    
    - HandleChatMessagesAsync / HandleChatMessageArrayAsync now advance through every message in the batch instead of keeping only the trailing one, so multi-message turns and replayed history are no longer silently truncated. AdvanceAsync gains a finalizeTurn flag so only the last message in the batch sends the result.
    
    Tests:
    
    - New FileSystemAgentSessionStoreTests covering constructor, fresh-session fallback for missing/empty files, root-directory creation, save/get round-trip, agent-Name scoping isolation, long conversationId, invalid-character sanitization, and concurrent-save behavior.
    
    - New InputConverterTests covering AppendFileContent: text/* data URI decode (with and without filename prefix), non-text data URI passthrough, malformed data URI fallback, and filename propagation onto UriContent / HostedFileContent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for remaining PR review feedback (C2, D1, E1)
    
    C2: InputConverter — add 9 tests covering SDK content types that previously
    had no coverage:
      - SdkTextContent → TextContent (input + output paths)
      - SummaryTextContent → TextContent (input + output paths)
      - MessageContentReasoningTextContent → TextReasoningContent (input + output)
      - ComputerScreenshotContent (HTTP URL → UriContent, data: URI → DataContent,
        output path → UriContent)
    
    D1: OutputConverter — add 2 tests for the WorkflowEvent + Contents fall-through:
      - WorkflowEvent in RawRepresentation with text Contents must flow through
        the content-processing path (text-delta event emitted).
      - WorkflowEvent + ErrorContent must produce a failed event rather than be
        swallowed by the workflow branch.
    
    E1: SendActivityExecutor — extend CaptureActivityAsync to assert that the
    executor emits an AgentResponseEvent carrying the activity text with the
    correct ExecutorId and ChatRole.Assistant role.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Defense-in-depth: neutralize dot-segments in Sanitize and cap TryDecodeTextDataUri input size
    
    Addresses claude-opus-4.6 security review on PR #5589:
    
    - FileSystemAgentSessionStore.Sanitize now replaces all-dot segments
      (., .., ...) with underscores so a developer-controlled agent.Name
      cannot escape the root directory on Linux (where Path.GetInvalidFileNameChars
      only contains NUL and '/').
    
    - InputConverter.TryDecodeTextDataUri rejects encoded payloads larger than
      16 MiB before calling Convert.FromBase64String, preventing a single
      oversized data URI from triggering a multi-megabyte allocation.
    
    - Adds unit tests covering both fixes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Linux-only failure in SaveSessionAsync_SanitizesInvalidPathCharactersAsync
    
    '?' is in Path.GetInvalidFileNameChars only on Windows, not on Linux/macOS,
    so the test failed on Ubuntu in CI. Use Path.GetInvalidFileNameChars()[0]
    (skipping NUL) to pick a guaranteed-invalid character for the running OS,
    and assert the result no longer contains it.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address claude-opus-4.6 security/reliability review feedback
    
    WorkflowSession.cs:
    - ExecutorFailedEvent handler no longer leaks the internal executor ID
      in error messages. Mirror the WorkflowErrorEvent pattern: surface the
      exception's Message when _includeExceptionDetails is true, fall back
      to the generic 'An error occurred while executing the workflow.' otherwise.
      This also resolves the failing WorkflowHostSmokeTests assertions.
    
    FileSystemAgentSessionStore.cs:
    - GetSessionPath no longer has a write side effect. Directory.CreateDirectory
      for the per-agent bucket is now performed only on the SaveSessionAsync
      path, so a read miss on GetSessionAsync no longer leaves an empty
      directory on disk.
    - Adds GetSessionAsync_NoExistingFile_DoesNotCreateAgentDirectoryAsync
      to lock in the no-side-effect-on-read contract.
    
    OutputConverterTests.cs:
    - Strengthen ConvertUpdatesToEventsAsync_ToolApprovalRequest_NonFunctionToolCall_SkippedAsync
      to assert exactly one event (the terminal ResponseCompletedEvent) so a
      spurious output-item-added/-done leak would now fail the test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: clean up comments and rename TryParseArguments
    
    - Remove Python-codebase references from C# XML docs and inline comments.
    - Drop fix-history comments referring to previously-resolved issues.
    - Drop `Defense-in-depth:` prefixes; keep the concrete `what & why`.
    - Drop `previously we kept only the trailing message` comment in
      DeclarativeWorkflowExecutor; just describe current loop behavior.
    - Rename InputConverter.TryParseArguments to ParseFunctionArgumentsObject
      to make the intent obvious at the call site.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: collision-free Sanitize, MAF-style refactors
    
    - FileSystemAgentSessionStore.Sanitize now percent-encodes invalid chars
      (and `%` itself) instead of replacing them with `_`, eliminating
      collisions like `foo/bar` vs `foo_bar` mapping to the same bucket.
      All-dot segments encode every dot so Windows trailing-dot trimming
      cannot reintroduce a navigable name.
    - AddFoundryResponses XML doc updated to accurately describe the default
      store root (/.checkpoints when hosted, {cwd}/.checkpoints locally).
    - DeclarativeWorkflowExecutor.ConfigureChatProtocolRoutes now uses exact
      type equality instead of IsAssignableFrom so a broad TInput (e.g.
      object) does not skip registering IEnumerable<ChatMessage>, which
      ChatProtocolExtensions.IsChatProtocol requires verbatim.
    - SendActivityExecutor uses context.YieldOutputAsync(response) instead
      of manually constructing AgentResponseEvent, so the activity will
      participate in any future OutputFilter coverage.
    - WorkflowSession handles AgentResponseEvent in its own switch case,
      avoiding the second typecheck against output.Data.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(workflows): bridge declarative HITL through Foundry hosting via IExternalRequestEnvelope
    
    Introduce a new public interface IExternalRequestEnvelope in
    Microsoft.Agents.AI.Workflows that lets the runtime peek through a
    declarative-layer envelope without taking a circular reference back into
    the declarative package. ExternalInputRequest (declarative) implements
    it; ExternalInputResponse is constructed via the request's CreateResponse
    factory. WorkflowSession unwraps inner AIContent on the request side and
    rewraps the client's ChatMessage reply into an ExternalInputResponse on
    the response side. PortableValue cannot deserialize directly into an
    interface, so TryGetRequestEnvelope resolves the concrete type via
    RequestPortInfo.RequestType (TypeId -> Type.GetType) before casting.
    
    Public WorkflowHarness contract preserved: InvokeFunctionToolExecutor
    and WorkflowActionVisitor are unchanged from upstream, so public
    InvokeToolWorkflowTest scenarios continue to drive
    ExternalInputRequest / ExternalInputResponse directly through the
    harness.
    
    AgentFrameworkResponseHandler: skip prior conversation history replay
    when an existing session is being resumed (workflow checkpoint already
    holds the prior messages).
    
    WorkflowSession: when includeExceptionDetails is opted in, also unwrap
    DeclarativeActionException so HITL failures are debuggable.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • fix(openai): drop completed continuation_token from shared options in tool loop (#5462)
    Fixes #5394.
    
    When `background=True` is combined with local function tools,
    `FunctionInvocationLayer` calls `_inner_get_response(options=mutable_options)`
    repeatedly with the same dict reference across loop iterations. Once the
    first poll retrieves a completed background response, `continuation_token`
    stays in `mutable_options`, so every subsequent iteration takes the
    `continuation_token is not None` branch and `GET`s the same completed
    response instead of `POST`ing the tool results. The loop exits after
    `max_iterations` with empty text and the model never sees any tool output.
    
    After the retrieve, if the returned `ChatResponse.continuation_token` is
    `None` (the background response is no longer in progress), pop
    `continuation_token` and `background` from the shared options dict in
    place. The next loop iteration then falls through to the normal
    `responses.create`/`parse` path and posts tool results.
    
    The diagnosis and a verified runtime monkeypatch are in the issue; this
    is the same fix moved in-tree.
    
    Co-authored-by: Yufeng He <40085740+universeplayer@users.noreply.github.com>
  • Python: Support GPT-5 verbosity option and restore Foundry agent_reference (#5619)
    * Python: Support GPT-5 verbosity option and restore Foundry agent_reference
    
    Adds verbosity as a typed Literal["low","medium","high"] field on
    OpenAIChatOptions (Responses API) and OpenAIChatCompletionOptions (Chat
    Completions API), set in the same way as the existing reasoning options.
    For the Responses API, top-level verbosity is translated to the nested
    text.verbosity shape the OpenAI service expects. The same field flows
    through to FoundryChatClient via the existing FoundryChatOptions alias.
    
    Also fixes #5582: PR #5447 removed the agent_reference injection from
    RawFoundryAgentChatClient._prepare_options, so first-turn calls against
    a Foundry Prompt Agent went out without model and without agent_reference
    and were rejected by the Responses API with "Missing required parameter:
    'model'". Restores the injection on the non-preview path
    (allow_preview=False) and adds a guard test that asserts the preview
    path does not inject agent_reference, since the preview SDK injects it
    via project_client.get_openai_client(agent_name=...).
    
    Closes #5516
    Closes #5582
    
    * Python: Address Copilot review on PR #5619
    
    - Foundry verbosity sample docstring: replace the misleading "set deployment
      name on model=" instruction with the actual env-var pattern the sample relies
      on (FOUNDRY_PROJECT_ENDPOINT and FOUNDRY_MODEL).
    - _build_agent_reference docstring: clarify the helper is used for both
      Prompt Agents and HostedAgents on the non-preview path.
    - Add a Responses API test that locks in the documented precedence rule:
      when both top-level verbosity and text["verbosity"] are supplied, the
      top-level value wins.
    
    * Python: Drop redundant Foundry verbosity sample and list OpenAI sample in README
    
    - Remove samples/02-agents/providers/foundry/foundry_chat_client_verbosity.py
      per review feedback. The verbosity functionality is identical across the
      OpenAI and Foundry clients (FoundryChatOptions is an alias of
      OpenAIChatOptions), so a single sample on the OpenAI side is sufficient.
    - Add the new client_verbosity.py entry to the OpenAI samples README.
  • Python: Core: add experimental memory harness context provider (#5613)
    * Python: Core: add experimental memory harness context provider
    
    Adds MemoryContextProvider with topic-indexed long-term memory and
    chat-driven compaction. Pluggable MemoryStore backends include
    MemoryFileStore. Public types: MemoryIndexEntry, MemoryTopicRecord.
    Behind @experimental(ExperimentalFeature.HARNESS).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on memory harness
    
    - mark MemoryStore as @experimental(HARNESS) for surface consistency
    - safely encode owner id and verify path containment (matches FileHistoryProvider pattern)
    - namespace MemoryFileStore on-disk layout by source_id to avoid cross-provider collisions
    - before_run computes index_entries once and only rewrites MEMORY.md when content changes
    - asyncio locks around topic/state read-modify-write to avoid concurrent-write races
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: harden memory store IO + consolidation behavior
    
    - Atomic writes via os.replace + temp sibling for topic, state, and index files so
      crashes/disk-full failures cannot leave a truncated half-written file.
    - Stop creating directories on read paths: list_topics/read_state/search_transcripts
      and get_messages return empty when nothing has been written. mkdir is deferred to
      the actual save path (write_topic/write_state/save_messages).
    - Escape lines that look like markdown headings on render and unescape them on parse,
      so a memory or summary containing '## Summary'/'## Memories' cannot tamper with the
      topic file structure.
    - Narrow extraction/consolidation chat-client failure handling to ChatClientException,
      asyncio.TimeoutError, and OSError. Programmer errors (AttributeError, TypeError, ...)
      now propagate so misconfigured clients fail loudly.
    - Log a payload-prefix preview for every silent shape branch in _extract_memories and
      _consolidate_topic so unparsable extractor output is debuggable instead of invisible.
    - Restructure _run_consolidation: read maintenance state and topic snapshot under the
      state lock, run the LLM consolidation loop without holding the state lock, and only
      advance last_consolidated_at/sessions_since_consolidation if at least one topic
      succeeded. Transient consolidation failures now leave the maintenance window in
      place so the next after_run retries instead of silently sliding forward.
    - Add regression tests for: markdown-marker round-trip, atomic-write recovery on
      os.replace failure, no-mkdir on pure read paths, transient consolidation failure
      preserves state, and propagation of programmer errors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • docs: fix outdated @ai_function reference to @tool in workflows README (#5622)
    The @ai_function decorator was renamed to @tool in release 
    python-1.0.0b260128 (PR #3413) as a breaking change.
    
    Line 58 of python/samples/03-workflows/README.md still referenced 
    the old @ai_function name, causing users to hit:
    ImportError: cannot import name 'AIFunction'
    
    Changes made:
    - Fixed @ai_function to @tool on line 58 only
    - No formatting or whitespace changes
  • Python: docs(python/samples): recommend uv venv and document Windows ensurepip hang workaround (#5508)
    * docs(samples): recommend uv venv to avoid Windows ensurepip hang
    
    Replace bare 'python -m venv .venv' with 'uv venv .venv' as the
    recommended approach in azure_functions and foundry-hosted-agents
    READMEs. Add a note explaining that python -m venv can hang
    indefinitely on Windows with Microsoft Store Python due to a known
    ensurepip issue.
    
    This matches the pattern already used in a2a/README.md which uses
    uv run exclusively.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: docs(python/samples): recommend `uv venv` and document Windows ensurepip hang workaround
    
    Fixes #5401
    
    * fix: correct Windows venv activation commands in foundry-hosted-agents README (#5401)
    
    Split the Windows activation section into separate PowerShell (.venv\Scripts\Activate.ps1)
    and Command Prompt (.venv\Scripts\activate.bat) instructions, replacing the incorrect
    extensionless `Activate` path.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5401: Python: [Samples][Python] `python -m venv` hangs on Windows — READMEs should recommend uv or document workaround
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add redis[asyncio] to requirements.txt for streaming samples (#5509)
    * fix: add redis[asyncio] to streaming sample requirements.txt
    
    Both streaming samples import redis.asyncio in redis_stream_response_handler.py
    but neither included redis in their requirements.txt, causing ModuleNotFoundError
    on fresh installs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Add `redis[asyncio]` to requirements.txt for streaming samples
    
    Fixes #5396
    
    * Revert unrelated formatting and cleanup changes
    
    Revert formatting-only edits in sample files and unrelated cleanup
    (unused import removal, __all__ reordering) that were accidentally
    included in the redis dependency fix (issue #5396).
    
    The only intended changes for this PR are the Redis dependency
    additions to requirements.txt files for the streaming samples.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5396: Python: [Samples][Python] redis package missing from requirements.txt in streaming samples
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Document that W3C trace context injection does not apply to Foundry hosted/toolbox MCP tools (#5580)
    * docs: clarify MCP trace-context propagation scope for hosted/toolbox tools (#5547)
    
    Automatic W3C trace-context injection via params._meta applies only to
    MCP sessions opened by the agent process (MCPStreamableHTTPTool,
    MCPStdioTool, MCPWebsocketTool).  Hosted MCP tools
    (FoundryChatClient.get_mcp_tool) and toolbox-fetched tools
    (FoundryChatClient.get_toolbox) execute inside the Foundry agent service
    runtime; the framework never issues the tools/call for those and
    therefore cannot inject traceparent/tracestate.  The previous wording
    ("for all transports") implied coverage that does not exist.
    
    The updated section:
    - removes the inaccurate "for all transports" claim
    - adds a Scope paragraph naming the three client-opened transports that
      are covered
    - explicitly states that propagation across the agent-to-toolbox-to-MCP
      boundary is the responsibility of the Foundry service runtime
    - documents the workaround (use MCPStreamableHTTPTool directly) for
      users who need end-to-end distributed tracing today
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs: broaden MCP _meta scope note to cover all provider-managed transports (#5547)
    
    - List OpenAIChatClient.get_mcp_tool() and AnthropicClient.get_mcp_tool()
      alongside FoundryChatClient.get_mcp_tool() as hosted/provider-managed
      exceptions; restricting the carve-out to Foundry was misleading for
      readers using other providers
    - Fix get_toolbox() wording: use 'await client.get_toolbox(...)' and note
      that toolbox.tools is passed into Agent(tools=...) so it reads as an
      async instance method call, not a static/class method call
    - Add parenthetical '(or any other client-opened MCPTool subclass)' to
      future-proof the list of covered transports
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs: add GeminiChatClient to MCP scope note and add learn-site observability doc (#5547)
    
    - Add GeminiChatClient.get_mcp_tool(...) to the hosted/provider-managed
      list in the MCP trace propagation scope note; Gemini's get_mcp_tool()
      returns a types.Tool with an McpServer entry executed by the Gemini
      service runtime, so it belongs alongside FoundryChatClient,
      OpenAIChatClient, and AnthropicClient in that list.
    - Create docs/features/observability/README.md as the learn-site
      documentation surface for observability, covering telemetry setup and
      MCP trace propagation with the same scope note (including
      GeminiChatClient) so that both doc surfaces are consistent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unneeded observability docs README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add Python parity for HttpRequestAction in declarative workflow (#5599)
    * Add Python parity for HttpRequestAction in declarative workflow
    
    * Ran pyupgrade and pright to fix CI issues
    
    * Fix conversation ID dot parsing for http executor
    
    * Removed unnecessary export command
  • Python: Add sample for hosted agent with files (#5596)
    * Add sample for hosted agent with files
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Improve README
    
    * Address comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Enforce approval_mode in Claude and GitHub Copilot agents (#5562)
    * Python: Enforce approval_mode in Claude and GitHub Copilot agents
    
    Tools declared with approval_mode="always_require" were bypassed by the
    ClaudeAgent and GitHubCopilotAgent because their SDK-managed tool-calling
    loops invoke FunctionTool.invoke() directly via package-supplied handlers,
    skipping the standard _try_execute_function_calls approval gate.
    
    Per discussion on #5494, the fix lives in the agents (not in FunctionTool):
    any flag added to the tool itself can be spoofed by code with the same
    level of access, so the security boundary is the agent that owns the
    tool-calling loop.
    
    - Add on_function_approval option to ClaudeAgentOptions and
      GitHubCopilotOptions. Callback receives a FunctionCallContent describing
      the pending call and returns bool (sync or async).
    - Gate FunctionTool.invoke() inside each agent's existing tool-handler
      closure when approval_mode == "always_require". Default policy is deny;
      callbacks that raise also deny safely.
    - Deny path returns a tool-error to the model (Claude: text content;
      Copilot: ToolResult(result_type="failure", error="approval_denied"))
      so the LLM can react gracefully instead of silently failing.
    - Tests for both agents covering: deny by default, sync False, sync True,
      async True, callback-raises -> deny, no-op for never_require tools.
    - Samples demonstrating sync, async, and deny-by-default flows for both
      agents.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: preserve empty arg dicts, reject runtime approval override
    
    - _resolve_function_approval no longer collapses {} into None when building
      the FunctionCallContent passed to the callback (Claude + Copilot).
    - Claude _apply_runtime_options and Copilot _run_impl/_stream_updates now
      raise ValueError if on_function_approval is supplied via per-run options,
      instead of silently ignoring it. Approval policy must be set at agent
      construction time.
    - Drop unnecessary # type: ignore[attr-defined] on Content.name/.arguments
      in samples (Content is a unified class with both attributes defined).
    - Add regression tests for the new runtime-options validation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * warning when non callback handler and approval needed
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Harness Feature branch (#5310)
    * .NET: Add a TODO AIContextProvider (#5233)
    
    * Add a TODO AIContextProvider
    
    * Add unit tests
    
    * Address PR comments
    
    * Address PR comments
    
    * Fix test after removing one tool
    
    * .NET: Add a ModeProvider for managing agent modes (#5247)
    
    * Add a ModeProvider for managing agent modes
    
    * Fix typo
    
    * Fix typo
    
    * Fix typo
    
    * Address PR comments
    
    * .NET: Add sample to show how to build a harness (#5268)
    
    * Add sample to show how to build a harness
    
    * Improve sample
    
    * Sample max output tokens and model
    
    * Fix encoding
    
    * Fix model name in readme
    
    * Address PR comments
    
    * .NET: Add context window size compaction strategy for harness (#5304)
    
    * Add context window size compaction strategy for harness
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Address PR comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * .NET: Add a file memory provider (#5315)
    
    * Add a file memory provider
    
    * Address PR comments
    
    * Fix review comments.
    
    * Add additional unit tests
    
    * Addressing PR comments.
    
    * .NET:  Harness: Improve prompts and add FileSystem store (#5365)
    
    * Harness: Improve prompts and add FileSystem store
    
    * Address PR comments
    
    * .NET: Harness: Improve path validation (#5404)
    
    * Harness: Improve path validation
    
    * Address PR comments
    
    * .NET: Add always approve helpers, improve sample and fix bug (#5451)
    
    * Add always approve helpers, improve sample and fix bug
    
    * Address PR comments
    
    * .NET: Make Todo, Mode and FileMemory providers more configurable (#5477)
    
    * Make Todo, Mode and FileMemory providers more configurable
    
    * Address PR comments.
    
    * .NET: Add subagents provider and sample (#5518)
    
    * Add subagents provider and sample
    
    * Addressing PR comments.
    
    * .NET: Harness filememory index plus instructions consistency (#5540)
    
    * Add FileMemoryProvider index and improve instruction consistency
    
    * Address PR comments.
    
    * Address PR comments
    
    * Address PR comments.
    
    * Apply suggestion from @rogerbarreto
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * .NET: Refactor harness console to be more extensible and easy to understand with better UX (#5573)
    
    * Refactor harness console to be more extensible and easy to understand with better UX.
    
    * Fix formatting issues.
    
    * Allow multiple clarifications in one response
    
    * Address PR comments
    
    * .NET: Add FileAccessProvdider and concurrency fix for FileMemoryProvider (#5583)
    
    * Add FileAccessProvdider and concurrency fix for FileMemoryProvider
    
    * Address PR comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: Reduce flaky integration tests and improve CI signal quality (#5454)
    * Enable Ollama integration tests in CI and rename report to Integration Test Report
    
    - Install Ollama, cache models (qwen2.5:0.5b + nomic-embed-text), and start
      server in the Misc integration job for both workflow files
    - Set OLLAMA_MODEL and OLLAMA_EMBEDDING_MODEL env vars so the 5 Ollama tests
      are no longer skipped
    - Rename Flaky Test Report to Integration Test Report throughout (job names,
      artifact names, cache keys, file names, script titles/docstrings)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Bump Ollama model to qwen2.5:1.5b for better instruction following
    
    The 0.5b model was too small to reliably follow simple prompts like
    'Say Hello World', causing test assertion failures. The 1.5b model
    follows instructions more reliably while still being small enough
    for fast CI pulls (~1GB).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable reliable streaming integration tests
    
    Remove the hard skip on test_03_reliable_streaming tests that was
    temporarily disabled for instability investigation. CI infrastructure
    (Azurite, DTS emulator, Redis, func CLI) is already in place.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable skipped Functions/DurableTask tests and bump timeout to 480s
    
    - Remove hard skips from 4 tests in test_11_workflow_parallel.py
    - Remove hard skip from test_conditional_branching in test_06_dt_multi_agent_orchestration_conditionals.py
    - Increase pytest --timeout from 360 to 480 for Functions+DurableTask CI job
    - Updated in both python-merge-tests.yml and python-integration-tests.yml
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-skip failing Functions/DurableTask tests with specific root causes
    
    - test_11_workflow_parallel (4 tests): xdist worker crashes during execution
    - test_conditional_branching: orchestration fails with RuntimeError, not a timeout
    - Keep 480s timeout bump for remaining Functions tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix auth routing in samples 06/11: api_key -> credential for Azure OpenAI
    
    Both samples passed a bearer token provider via api_key= which caused the
    client to route to api.openai.com instead of Azure OpenAI, resulting in
    401 Unauthorized. Changed to credential= which correctly triggers Azure
    routing and picks up AZURE_OPENAI_ENDPOINT from the environment.
    
    - samples/azure_functions/11_workflow_parallel/function_app.py: 1 fix
    - samples/durabletask/06_multi_agent_orchestration_conditionals/worker.py: 2 fixes
    - Re-enable 4 parallel workflow tests and 1 conditional branching test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-skip parallel workflow tests: xdist worker distribution issue
    
    The 4 parallel workflow tests crash because xdist worksteal distributes
    them across separate workers, each spawning its own func process against
    shared emulators. Auth fix (api_key->credential) was valid and stays.
    test_conditional_branching now passes with the auth fix.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix E501 line-too-long in azurefunctions parallel test skip reasons
    
    Wrap skip reason strings to stay within 120 char line limit.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add retry logic and port-conflict fix for Ollama CI setup
    
    - Kill any auto-started Ollama before launching serve (fixes port
      conflict: 'address already in use')
    - Retry ollama pull up to 3 times with 15s backoff (fixes 429 rate
      limit failures)
    - Applied to both python-merge-tests.yml and python-integration-tests.yml
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix flaky integration tests and re-enable skipped tests
    
    - Foundry agent: add allow_preview=True to custom client test
    - Foundry hosting: raise max_output_tokens 50->200, add temperature,
      relax assertion in test_temperature_and_max_tokens
    - Foundry embedding: update skip reason with root cause (endpoint mismatch)
    - OpenAI file search: fix vector store indexing race condition by polling
      file_counts before querying; fix get_streaming_response -> get_response(stream=True)
    - Azure OpenAI file search: remove skip (transient 500 resolved)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove temperature from foundry hosting test (unsupported by CI model)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Stabilize Ollama tool call integration tests with no-arg function
    
    Use a no-argument greet() function instead of hello_world(arg1) for
    integration tests. The 1.5B model in CI is unreliable at generating
    correct tool call arguments, causing 'Argument parsing failed' errors.
    A no-arg function eliminates this flakiness entirely.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Increase reliable streaming test timeouts from 30s to 60s
    
    The LLM call through Azure OpenAI + Redis streaming pipeline can exceed
    30s in CI due to cold starts or throttling. Raise to 60s to reduce
    flaky timeouts while still bounded by pytest's 120s per-test limit.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable workflow parallel tests with xdist_group marker
    
    The tests were skipped because xdist distributes module tests across
    workers, each spawning their own func process (port conflicts). Adding
    xdist_group forces all tests in this module onto a single worker so
    the module-scoped function_app_for_test fixture works correctly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert "Re-enable workflow parallel tests with xdist_group marker"
    
    This reverts commit 455c28da62.
    
    * Rename flaky_report to integration_test_report and add try/finally cleanup
    
    - Rename scripts/flaky_report/ to scripts/integration_test_report/ to
      reflect expanded scope beyond flaky-test detection
    - Update workflow references in both CI files
    - Wrap file search integration tests in try/finally to ensure vector
      store cleanup runs even on test failure or timeout
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Ollama pull failure propagation and Azure OpenAI vector store readiness
    
    - Ollama CI: fail the step immediately if model pull fails after 3
      retries instead of silently proceeding to tests
    - Azure OpenAI file search: add the same vector-store readiness polling
      that was applied to the non-Azure OpenAI tests, preventing eventual
      consistency race conditions
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * remove load_dotenv from test file
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add dedicated Foundry.Hosting UnitTest project (#5592)
    * Foundry.Hosting.UnitTests: extract project from Foundry.UnitTests
    
    Move all Hosting/* tests, three toolbox TestData JSONs, and the FakeAuthenticationTokenProvider/HttpHandlerAssert/TestDataUtil helpers (trimmed to toolbox getters) into a new Microsoft.Agents.AI.Foundry.Hosting.UnitTests project. Add it to the slnx and grant the new assembly InternalsVisibleTo from Microsoft.Agents.AI.Foundry and Microsoft.Agents.AI.Foundry.Hosting.
    
    * Foundry.Hosting.UnitTests: align namespaces to assembly name
    
    Rename namespaces from Microsoft.Agents.AI.Foundry.UnitTests(.Hosting) to Microsoft.Agents.AI.Foundry.Hosting.UnitTests across all moved tests, the duplicated helpers, and the trimmed TestDataUtil. Also fixes the prior namespace inconsistency in FoundryToolboxTests.
    
    * Foundry.Hosting.UnitTests: split WorkflowIntegrationTests by SUT
    
    Replace the WorkflowIntegrationTests file (an IT-named file inside a UT project) with two SUT-focused files plus a shared test-doubles file:
    
    - AgentFrameworkResponseHandlerWorkflowTests.cs - the 5 handler-driven tests that exercise AgentFrameworkResponseHandler with a real workflow agent.
    - OutputConverterWorkflowTests.cs - the 5 OutputConverter tests driven by hand-crafted update sequences mirroring real workflow patterns.
    - WorkflowTestAgents.cs - StreamingTextAgent and ThrowingStreamingAgent extracted as internal types used by both files.
    
    * Foundry.UnitTests: trim Hosting-related conditionals and dead testdata
    
    Now that Hosting tests live in their own project:
    - drop the Compile Remove guard for the Hosting subfolder,
    - drop the .NETCoreApp-only PackageReferences (Azure.AI.AgentServer.Responses, Microsoft.AspNetCore.TestHost, OpenTelemetry, OpenTelemetry.Exporter.InMemory),
    - drop the conditional ProjectReference to Microsoft.Agents.AI.Foundry.Hosting,
    - delete the three Toolbox JSON files and the matching Toolbox getters in TestDataUtil.
    
    * Foundry.Hosting.UnitTests: drop redundant 'using Microsoft.Agents.AI.Foundry.Hosting'
    
    The new project namespace is Microsoft.Agents.AI.Foundry.Hosting.UnitTests, which already brings the parent Microsoft.Agents.AI.Foundry.Hosting namespace into scope. The explicit using statement is therefore redundant (IDE0005). Caught by 'dotnet format --verify-no-changes' running on Linux against the .NET 10 SDK.
    
    * Foundry.Hosting: drop InternalsVisibleTo to Foundry.UnitTests
    
    The non-hosting Foundry.UnitTests project no longer holds any Hosting tests after the split, so it doesn't need access to internal types in Microsoft.Agents.AI.Foundry.Hosting. Only Microsoft.Agents.AI.Foundry.Hosting.UnitTests needs it.
    
    * Foundry.Hosting: rename DelegatingResponsesClient to UserAgentResponsesClient
    
    Address westey-m's review feedback on PR #5453: `Delegating*` is conventionally reserved for inheritable base classes (mirroring `DelegatingHandler`) where consumers override one or two members. This polyfill is sealed and only injects the User-Agent supplement, so the new name reflects its actual purpose.
    
    Renamed via `git mv` to preserve history:
    * `src/Microsoft.Agents.AI.Foundry.Hosting/DelegatingResponsesClient.cs` to `UserAgentResponsesClient.cs`
    * `tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/DelegatingResponsesClientTests.cs` to `UserAgentResponsesClientTests.cs`
    
    Class, constructor, and all references updated across:
    * `src/.../UserAgentResponsesClient.cs` (class + constructor + internal log message)
    * `src/.../ServiceCollectionExtensions.cs` (cref + type check + instantiation)
    * `src/.../HostedAgentUserAgentPolicy.cs` (cref)
    * `tests/Foundry.UnitTests/RequestOptionsExtensionsTests.cs` (comment)
    * `tests/Foundry.Hosting.UnitTests/UserAgentResponsesClientTests.cs` (class + cref + instantiations)
  • Python: Fix hosted MCP replay producing orphan function_call_output (#5581)
    * Python: Fix hosted MCP replay producing orphan function_call_output
    
    Resolves part of #5546. After a turn ran a hosted MCP / Foundry-toolbox-MCP
    tool, the next turn's replayed input array carried a function_call_output
    with an mcp_* call_id and no matching function_call, and the Responses API
    returned a 400.
    
    Two layers covered here:
    
    * Chat-client serialize layer (packages/openai): adds mcp_server_tool_call
      and mcp_server_tool_result cases to _prepare_message_for_openai and
      _prepare_content_for_openai. Pairs are coalesced via a post-pass into a
      single mcp_call input item carrying both arguments and output. Orphan
      results are dropped (debug-logged) rather than serialized as orphan
      function_call_output, which is what the Responses API rejected.
    
    * Host read layer (packages/foundry_hosting): _item_to_message and
      _output_item_to_message now route custom_tool_call_output whose
      call_id.startswith("mcp_") to Content.from_mcp_server_tool_result.
      Non-mcp_ call_ids continue to produce Content.from_function_result.
      Symmetric with the host write-side choice for hosted-MCP results.
    
    Two further fixes (agentserver SDK additions, host write-side single-item
    emission) remain tracked on the issue and depend on an SDK release.
    
    * Python: Fix pyright unknown-type in _stringify_mcp_output
    
    cast(Sequence[Any], output) after the isinstance check so pyright stops
    flagging the loop variable as unknown. Also normalizes a couple of
    em-dashes in docstrings I introduced in the prior commit.
    
    * Python: Harden _stringify_mcp_output for dict-shaped MCP outputs
    
    Address Copilot review on PR #5581. Today the helper falls back to
    str() for any non-string, non-text-attribute entry, which produces
    Python repr (single-quoted dicts) for the canonical MCP raw-JSON
    text-content shape `{"type": "text", "text": "..."}` and any other
    dict-shaped output.
    
    Three small changes:
    
    * List-entry path: prefer plain string entries, then `.text` attribute
      (Content objects), then `entry["text"]` for Mapping entries in the
      canonical MCP shape, then JSON-encode anything else.
    * Final fallback: `json.dumps(output, default=str)` so Mappings and
      scalars produce valid JSON rather than Python repr.
    * Two new unit tests covering the dict-with-text shape and the
      non-text-dict JSON fallback.
    
    * Python: Suppress mypy redundant-cast on _stringify_mcp_output narrowing
    
    The cast is needed by pyright (reportUnknownVariableType) but mypy
    considers it redundant after the preceding isinstance narrowing.
    Pyright's behavior is correct for the strict-mode reporting we run,
    so keep the cast and silence mypy on the line.
  • .NET: dotnet: Add hosted-agent User-Agent supplement to outgoing requests (#5453)
    * dotnet: Add hosted-agent User-Agent supplement to outgoing requests
    
    When an agent runs inside a Foundry Hosted Agent, the outgoing
    User-Agent header now includes 'agent-framework-hosted/{version}'
    alongside the existing 'MEAI/{version}' segment.
    
    - Add HostedAgentContext with AsyncLocal<string?> property
    - MeaiUserAgentPolicy reads the supplement per-call
    - AgentFrameworkResponseHandler sets/restores the context
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore: update hosted UA format to foundry-hosting/agent-framework-dotnet/{version}
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Trying to get UA flowing, no luck yet.
    
    * .NET: Polyfill MEAI OpenAIResponsesChatClient to add hosted-agent User-Agent supplement
    
    When AgentFrameworkResponseHandler resolves an agent (i.e. we are running in a
    hosted context), TryApplyUserAgent walks the agent's IChatClient decorator chain
    to find MEAI's internal OpenAIResponsesChatClient and reflectively swaps its
    inner _responseClient field with a DelegatingResponsesClient wrapper. The
    wrapper overrides the public-virtual protocol methods to add a per-call
    HostedAgentUserAgentPolicy to the RequestOptions and delegate to the inner
    ResponsesClient. The OpenAI SDK's internal streaming overloads bottom out in
    calls to the public-virtual non-streaming overloads via virtual dispatch on
    this, so streaming is covered without overriding any non-virtual member.
    
    The wrapper accepts any ResponsesClient-derived inner — both the Foundry
    ProjectResponsesClient and the native OpenAI ResponsesClient — and preserves
    the inner client's full pipeline (Transport, RetryPolicy, NetworkTimeout,
    OrganizationId / ProjectId / UserAgentApplicationId, custom policies).
    
    - Add DelegatingResponsesClient + HostedAgentUserAgentPolicy in Microsoft.Agents.AI.Foundry.Hosting.
    - Add TryApplyUserAgent next to ApplyOpenTelemetry in FoundryHostingExtensions; wire it into AgentFrameworkResponseHandler.GetAgent for both keyed and default-agent paths.
    - Drop earlier-iteration dead code: AddHostedAgentTelemetry extension, HostedUserAgentPolicy class, HostedAgentContext.cs, and the never-called ToRequestOptions helper.
    - Revert RequestOptionsExtensions.MeaiUserAgentPolicy to MEAI-only (the supplement is now injected by the polyfill).
    - Revert unrelated whitespace change in Agent_Step25_ToolboxServerSideTools sample.
    - Tests cover streaming AND non-streaming, retry policy preservation, OrganizationId/ProjectId/UserAgentApplicationId pass-through, idempotency, native OpenAI ResponsesClient, and reflection guards for MEAI/OpenAI shape drift.
    
    * .NET: Address review feedback on hosted-agent User-Agent polyfill
    
    - TryApplyUserAgent: replace silent null-return with ArgumentNullException to match the codebase's convention.
    - Add idempotency test (TryApplyUserAgent_CalledTwiceOnSameAgent_DoesNotDoubleWrap) — runs the polyfill twice on the same agent and asserts the wire UA contains exactly one foundry-hosting segment, proving the 'current is DelegatingResponsesClient' guard prevents nested wrapping.
    - Add retry-double-append test (Polyfill_RetryWithinCall_DoesNotDuplicateSupplementInUserAgent) — exercises the HostedAgentUserAgentPolicy Contains-guard via a custom retry policy that re-runs the inner pipeline on the same message.
    - Replace TryApplyUserAgent_NullAgent_ReturnsNullWithoutThrowing with TryApplyUserAgent_NullAgent_ThrowsArgumentNullException to match the new contract.
    
    * .NET: Drop null check from TryApplyUserAgent and its now-redundant test
    
    The two call sites in AgentFrameworkResponseHandler.GetAgent already null-check the agent before invoking TryApplyUserAgent, so the defensive ArgumentNullException is unreachable. Remove it and the corresponding test.
    
    * .NET: Remove unused Microsoft.Shared.Diagnostics import in ServiceCollectionExtensions
    
    The Throw.IfNull helper from this namespace was used by the now-removed null check in TryApplyUserAgent. Drop the unused import to satisfy IDE0005 in CI's full-project dotnet format run.
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • .NET: Add declarative HttpRequestAction sample (#5572)
    * Add declarative HttpRequestAction support to workflows
    
    * Clean up response body for diagnostics  and fix tests.
    
    * Fix merge with main.
    
    * Remove redundant fallback for request content headers.
    
    * Add declarative InvokeHttpRequest sample
    
    * Fix solution file and update sample yaml comments
    
    * Add final newline to sample class to fix formatting failure
  • Python: Support OpenAI and Gemini allowed_tools tool choice (#5322)
    * Support OpenAI allowed_tools in ToolMode (#5309)
    
    Add allowed_tools field to ToolMode TypedDict, enabling users to restrict
    which tools the model may call via the OpenAI allowed_tools tool_choice
    type. This preserves prompt caching by keeping all tools in the tools list
    while limiting which ones the model can invoke.
    
    - Add allowed_tools: list[str] to ToolMode TypedDict
    - Add validation in validate_tool_mode() (only valid when mode == "auto")
    - Convert to OpenAI API format in _prepare_options()
    - Add tests for validation and API payload generation
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Support OpenAI `allowed_tools` tool choice in Python SDK
    
    Fixes #5309
    
    * Fix #5309: Validate allowed_tools shape and add Chat Completions client support
    
    - validate_tool_mode now checks allowed_tools is a non-string sequence of
      strings and normalizes to list[str], raising ContentError for invalid types
    - Add missing allowed_tools branch in _chat_completion_client._prepare_options
      so allowed_tools is emitted as the OpenAI allowed_tools wire format instead
      of being silently dropped
    - Add tests for invalid allowed_tools types (string, int, mixed), empty list,
      tuple normalization, and Chat Completions client payload generation
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: support allowed_tools with mode 'required' in addition to 'auto'
    
    OpenAI's allowed_tools tool_choice type supports both mode 'auto' and
    'required'. Update validation, client conversion, and tests to allow
    both modes instead of restricting to 'auto' only.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: use Gemini VALIDATED mode for allowed_tools, warn in unsupported providers
    
    - Use FunctionCallingConfigMode.VALIDATED instead of ANY when allowed_tools
      is set with auto mode in Gemini, preserving optional tool-call semantics.
    - Handle allowed_tools in required mode with required_function_name precedence.
    - Fix allowed_names guard to use identity check (is not None) so empty lists
      are preserved.
    - Bump google-genai minimum to >=1.32.0 (VALIDATED added in that version).
    - Add warnings in Anthropic and Bedrock when allowed_tools is set but not
      supported.
    - Add Gemini unit tests for allowed_tools with auto, required, empty list,
      and required_function_name precedence scenarios.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: Chat Completions API does not support allowed_tools, add integration tests
    
    - Chat Completions API (_chat_completion_client.py) now warns and falls
      back to plain mode when allowed_tools is set, since the /chat/completions
      endpoint does not support the allowed_tools type.
    - Add allowed_tools integration test param to both OpenAIChatClient
      (Responses API) and OpenAIChatCompletionClient parametrized option tests.
    - Update Chat Completions unit tests to reflect the warn-and-fallback
      behavior.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: remove unused walrus operator variable in chat completion client
    
    Remove assigned-but-never-used variable 'allowed' flagged by ruff F841.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: bump package versions for 1.2.2 release (#5561)
    * Python: bump package versions for 1.2.2 release
    
    PATCH bump (1.2.1 -> 1.2.2) for the released cohort. Five PRs land in this
    window:
    
    - agent-framework-openai: fix file_search citations breaking the assistant-
      message history roundtrip (#5557) — drives the released-tier PATCH
    - agent-framework-orchestrations: [BREAKING] standardize orchestration
      terminal outputs as AgentResponse (#5301)
    - agent-framework-core, agent-framework-declarative: preserve Workflow.run()
      shared state across calls, accept list[Message] in declarative start
      executor, and coerce Enum values when serializing PowerFx symbols (#5531)
    - agent-framework-foundry-hosting: add hosted Durable Workflow support
      (#5531)
    - agent-framework-azure-contentunderstanding: new alpha package — Azure AI
      Content Understanding context provider (#4829)
    - dependencies: workspace package dependency refresh (#5555)
    
    Per lockstep convention, all 21 beta packages stamp 1.0.0b260429 and all 4
    alpha packages (now including the new contentunderstanding) stamp
    1.0.0a260429. Date stamp reflects 2026-04-29 Pacific. Every non-core package
    floor on agent-framework-core is raised to >=1.2.2; the new
    contentunderstanding package's stale >=1.0.0 floor is brought into line.
    
    Two follow-on fixes bundled to keep validate-dependency-bounds-test green
    at lowest-direct resolution:
    - Bump agent-framework-azure-contentunderstanding's azure-ai-content
      understanding lower bound from >=1.0.0 to >=1.0.1 (1.0.0 ships without
      proper typing — pyright reports 65 unknown-type errors)
    - Add pyright ignore comments to core/foundry/__init__.pyi for the new
      alpha package's type-stub imports, since alpha packages are not in
      core's [all] extra and therefore aren't installed at lowest-direct
    
    * Python: add #5552 to 1.2.2 CHANGELOG
    
    Add the streaming-span observability fix to the Fixed section. PR is on
    upstream/main but not yet pulled into origin/main; the code itself will
    land via the PR merge.
    
    * Python: address PR #5561 review feedback on dependency bounds
    
    Two packaging fixes flagged in review:
    
    1. agent-framework-azure-contentunderstanding: add agent-framework-foundry
       as a runtime dependency. The package's README directs users to
       `pip install agent-framework-azure-contentunderstanding --pre` and the
       basic example imports `FoundryChatClient` from `agent_framework.foundry`,
       so the documented install path was failing with ImportError. Pulling
       agent-framework-foundry into deps makes the advertised entry path
       self-contained.
    
    2. agent-framework-foundry: bump agent-framework-openai lower bound from
       >=1.1.0 to >=1.2.2,<2. Foundry imports private modules from
       agent_framework_openai (`_chat_client.py:22`, `_agent.py:34`), so
       resolvers were free to pair foundry==1.2.2 with older OpenAI versions
       that lack this release's coordinated Responses/history fix. Lockstep the
       floor with the released cohort to prevent mismatched installs.
    
    Both changes pass `validate-dependency-bounds-test` lower + upper at
    their respective packages.
  • Python: Fix spans not correctly nested when using streaming (#5552)
    * Fix spans not correctly nested when using streaming
    
    * fix pre commit
    
    * Address comments
  • Python: Fix file_search citations breaking assistant history roundtrip (#5557)
    * Python: Fix file_search citations breaking assistant history roundtrip
    
    The Responses API rejects 'input_file' inside an assistant message, but the
    SDK was emitting it whenever an assistant Message contained a hosted_file
    content (which is what file_search citations become). Three coordinated fixes:
    
    1. _prepare_content_for_openai now skips hosted_file for the assistant role
       instead of mapping to input_file (which the API rejects there).
    
    2. The streaming response.output_text.annotation.added handler attaches
       file_citation, container_file_citation, and file_path as annotations on
       text content, matching the non-streaming path. Previously streaming
       produced standalone HostedFileContent items that always tripped (1).
    
    3. output_text serialization preserves Annotation objects on roundtrip via a
       new _annotations_to_output_text helper instead of hardcoding 'annotations'
       to []. file_search citations now survive multi-agent forwarding.
    
    Closes #5556.
    
    * Address PR review
    
    - _annotations_to_output_text: fan out one entry per annotated_region for
      url_citation/container_file_citation (Annotation.annotated_regions is a
      Sequence; the API form carries one start/end per entry).
    - Validate region span bounds are ints before emitting; skip otherwise.
    - Add test for the file_path branch (annotation with file_id only).
    - Add test verifying streamed citation events coalesce onto surrounding
      text via _finalize_response so span indices reference the merged text,
      not the empty-text streaming carrier.
  • Python: Update package dependencies (#5555)
    * Update dependencies
    
    * Preserve mcp[ws] and uvicorn[standard] extras in override-dependencies
    
    Bare-package overrides on mcp and uvicorn dropped the [ws] and [standard]
    extras (and their transitive deps like httptools, watchfiles) from the
    generated lock. Re-add the extras to the overrides so the lock matches
    what workspace packages actually request.
  • Python: Feature/hosted dwf (#5531)
    * Fix declarative Workflow.as_agent() by accepting list[Message] in start executor
    
    The declarative start executor (JoinExecutor) only advertised dict and str
    in its input_types, so WorkflowAgent.__init__ rejected it with
    'Workflow's start executor cannot handle list[Message]'.
    
    Add list[Message] to the JoinExecutor handler annotation and add a
    matching branch in DeclarativeActionExecutor._ensure_state_initialized
    that extracts the last user-message text and falls through to the
    string-input initialization path, so =System.LastMessageText works
    end-to-end via as_agent().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Populate Conversation.messages from list[Message] trigger
    
    When Workflow.as_agent() is invoked with a list[Message], the start executor now populates Conversation.messages / Conversation.history / System.conversations.{id}.messages with prior turns only (excluding the latest user message), and surfaces the latest user message via Inputs.input and System.LastMessage*. This matches InvokeAzureAgent's contract that the messages binding holds prior turns and the executor itself appends the new user input before invoking, avoiding double-append of the trailing user turn while preserving full history (incl. assistant/system/tool roles and multi-modal content) for downstream actions.
    
    * Coerce Enum values when serializing PowerFx symbols
    
    MessageRole and other str-subclass Enums passed isinstance(v, str) and were forwarded to pythonnet unchanged. pythonnet then raised 'MessageRole value cannot be converted to System.String' for every PowerFx primitive when ConditionGroup/Expr eval walked the symbol table containing Conversation.messages. Reduce Enum members to their underlying value before the primitive check so eval sees plain strings/ints.
    
    * Foundry hosting: pass full conversation history to workflow agents
    
    _handle_inner_workflow only forwarded the latest user turn to WorkflowAgent.run, even though _handle_inner_agent already prepends history fetched from Foundry storage to the messages it sends a regular agent. Declarative workflows reset Conversation.messages on every run (state.initialize), so checkpoint replay alone does not give them prior turns - the host has to pass them in, the same way it does for non-workflow agents. Mirror that contract: fetch context.get_history() and pass [*history, *input_messages] to the workflow agent.
    
    * feat(workflows): support combined message + checkpoint_id for multi-turn continuation
    
    Allow Workflow.run(message=..., checkpoint_id=...) so callers can restore
    prior workflow state from a checkpoint AND deliver a new message to the
    start executor in a single call. The existing reset_context logic
    already preserves shared state when checkpoint_id is set, so this gives
    us 'fresh start executor invocation with prior state intact' - exactly
    what hosted multi-turn declarative workflows need.
    
    - _workflow.py: drop the message+checkpoint_id mutual exclusion and
      update _execute_with_message_or_checkpoint to do both (restore then
      execute) when both are provided.
    - _agent.py: in _run_core's checkpoint branch, also forward
      input_messages so WorkflowAgent.run(messages, checkpoint_id=...) works
      end-to-end. Falls back to the legacy 'restore only' behavior when
      messages are absent.
    - _declarative_base.py: detect continuation in _ensure_state_initialized
      by checking whether DECLARATIVE_STATE_KEY already exists in shared
      state; if so, refresh inputs/LastMessage* and append non-user trigger
      messages instead of calling state.initialize() (which would wipe
      Conversation/Local/System).
    - foundry_hosting/_responses.py: collapse the host's two-call pattern
      (restore-only, then fresh run) into a single combined call now that
      the underlying APIs support it.
    - tests: drop the assertion that combined message+checkpoint_id raises.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Pivot: preserve workflow state across run() calls
    
    Replace the prior 'combined message + checkpoint_id in one run()' approach
    with a cleaner default: Workflow.run no longer wipes shared state or runner-
    context messages between calls. Iteration counting and per-run kwargs still
    reset on a fresh-message run; checkpoint and responses runs are continuations
    that preserve everything.
    
    This lets a WorkflowAgent be invoked repeatedly on the same instance and
    maintain multi-turn context (e.g. accumulated Conversation.messages) without
    asking developers to opt in. Hosted-agent multi-turn pattern becomes two
    explicit calls: restore-from-checkpoint (drive to idle), then run-with-message.
    
    Key changes:
    - _workflow.py: drop _state.clear() and reset_for_new_run() from run().
      Reset iteration count and run kwargs on fresh-message runs only.
      Restore 'Cannot provide both message and checkpoint_id' validation.
      Add async guard: fresh-message run with un-drained pending executor
      messages from a prior run is invalid.
    - _runner.py: clear _state before import_state in restore_from_checkpoint
      so restore is authoritative (import_state merges, not replaces).
    - _agent.py: revert checkpoint branch to restore-only (no message forward).
    - _responses.py (foundry_hosting): two-call host pattern - restore checkpoint
      silently, then run with new user input.
    - tests: state-preservation is the new default; rebuild Workflow for clean slate.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI lint and mypy issues from prior pivot commit
    
    - _workflow.py: collapse nested if (SIM102), drop redundant assignment (RET504)
    - _declarative_base.py: remove unused last_user_msg = tail assignment
      whose Message | None type clashed with the prior Message-typed branch
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: fix Inputs.input update and checkpoint storage path
    
    - _declarative_base.py: continuation branch was writing 'Inputs.input' via
      state.set, which routes to the Custom namespace and never updates the
      PowerFx-visible Workflow.Inputs.input. Update state_data['Inputs'] in
      place via get_state_data / set_state_data so =Workflow.Inputs.input and
      =inputs.input see the new turn's user text on continuation.
    - _declarative_base.py: refresh docstring to clarify that on a list[Message]
      trigger, Conversation.messages excludes the current user message at the
      start of the turn (agent executors append it before invoking the inner
      agent).
    - _responses.py: when previous_response_id is supplied (no conversation_id),
      the prior checkpoint lives under <storage>/<previous_response_id> but new
      checkpoints must land under <storage>/<current_response_id> for the next
      turn to find them. Hold onto restore_storage from the get_latest lookup
      and pass it to the restore-only run; pass write_storage (current id) to
      the message-delivery run and to checkpoint cleanup.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright errors in _declarative_base.py for CI
    
    - Replace state._state.get(...) protected access with new public
      is_initialized() method on DeclarativeWorkflowState (also clearer intent
      for the continuation detection use case).
    - Add narrow pyright ignores for the Any-typed trigger paths that pyright
      cannot fully narrow (the list[Message] isinstance loop and the
      fallback-DefaultTransform branch).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address Copilot review batch: tests + Workflow.reset escape hatch
    
    * Add Workflow.reset() public method as recovery escape hatch when an
      in-flight run aborted (e.g. WorkflowConvergenceException) and the
      workflow is not checkpointed. Update the in-flight messages guard's
      error message to point callers at it.
    
    * Add test_workflow_run_inflight_messages_guard exercising both the
      guard (sync + streaming) and the reset() recovery path.
    * Add test_workflow_reset_rejects_concurrent_runs to lock down the
      in-progress guard on reset.
    
    * Add test_as_agent_continuation_preserves_prior_state covering the
      is_continuation branch in _ensure_state_initialized: stamps a marker
      between calls and asserts it survives, while Inputs.input and
      System.LastMessageText refresh to the new turn.
    
    * Add test_powerfx_safe.py regression tests for the Enum branch in
      _make_powerfx_safe (str-subclass, int-subclass, plain Enum, and
      Enums nested in dict/list).
    
    * Drop redundant @pytest.mark.asyncio on
      test_as_agent_round_trip_with_last_message_text (asyncio_mode='auto').
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Skip restore-only pre-pass when checkpoint has pending request_info
    
    Address Copilot review on _responses.py: the restore-only checkpoint
    replay populates self._agent.pending_requests for any request_info
    events captured in the checkpoint. The follow-up run(input_messages)
    call would then route through WorkflowAgent._process_pending_requests,
    which expects function-response content and rejects plain text input
    as 'unexpected content while awaiting request info responses'.
    
    Workflows resumed from a checkpoint that was idle-with-pending-requests
    would therefore fail every subsequent plain-text user turn. Inspect the
    loaded checkpoint and skip the pre-pass when its
    pending_request_info_events dict is non-empty. Workflows that don't use
    request_info (the current sample set) are unaffected; workflows that do
    will fall through to a fresh-message run rather than silently corrupting
    the routing state.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Loosen azure-ai-agentserver-* pins to major version
    
    The exact-version pins on azure-ai-agentserver-{core,responses,invocations}
    forced foundry-hosting consumers to upgrade in lockstep with every beta
    bump from upstream. Switch to '>=current,<next-major' so we pick up patch
    and feature updates within the same major series without a coordinated
    release.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop Workflow.reset(); checkpointing is the recovery path
    
    The in-flight-messages guard prevented silent misbehavior, but the
    companion Workflow.reset() escape hatch only cleared _messages while
    leaving iteration count, executor-local state, and shared State
    mutations in an indeterminate condition after a mid-run failure. That
    gave a false sense of recovery.
    
    Recovery from a mid-run failure is supported only via checkpoint
    restoration. Keep the guard and reframe its error message accordingly;
    remove reset() and its tests.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address Tao's review on PR 5531
    
    - Rename Workflow._run_workflow_with_tracing parameter
      is_fresh_message_run -> is_continuation (default False, inverted).
      Fresh-message turns reset per-run accounting; continuations
      (checkpoint restores, responses replays) preserve it.
    - Simplify the in-flight-messages guard: _validate_run_params already
      enforces that 'message' is mutually exclusive with 'checkpoint_id'
      and 'responses', so the additional checks were dead code.
    - foundry_hosting _responses: move the restore-only pre-pass above
      emit_created/emit_in_progress; restore is preparation, not run
      progress. Drop the skip-restore gate (state preservation requires
      unconditional restore) and instead clear agent.pending_requests
      after the restore-only call. Collapse over-conditioned check.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Don't clear pending_requests after restore-only pre-pass
    
    Pending requests in the restored checkpoint represent genuinely
    outstanding HITL requests. The next user input may carry function
    responses (Responses API `function_call_output` items become
    FunctionResultContent / FunctionApprovalResponseContent), which
    `WorkflowAgent._process_pending_requests` correctly extracts and
    matches against the populated `pending_requests`. Clearing them
    after restore would silently drop that state and force the next turn
    to be treated as a fresh input even when the caller is responding to
    the outstanding requests.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: [BREAKING] Standardize orchestration terminal outputs as AgentResponse (#5301)
    * Fix orchestration outputs so as_agent() returns the final answer only. Align other orchestration outputs
    
    * Fix orchestration output issues from review comments
    
    1. Sample cleanup: Remove commented-out FoundryChatClient block and update
       prerequisites to reference OPENAI_CHAT_MODEL_ID instead of FOUNDRY_* vars.
    
    2. Sequential approval output: Change _EndWithConversation.end_with_agent_executor_response
       from a no-op sink to yield response.agent_response. When the last participant is
       AgentApprovalExecutor (via with_request_info), _EndWithConversation is the output
       executor so the yield produces the terminal answer. When the last participant is a
       regular AgentExecutor, _EndWithConversation is not in output_executors so the yield
       is silently filtered out.
    
    3. Forward data events through WorkflowExecutor: _process_workflow_result now also
       forwards 'data' events from sub-workflows so that emit_intermediate_data=True on
       AgentExecutor works correctly when wrapped in AgentApprovalExecutor.
    
    4. Concurrent docstring: Update _AggregateAgentConversations docstring to say
       'deterministic participant order' instead of 'completion order'.
    
    5. Add test_concurrent_intermediate_outputs_emits_data_events verifying that
       ConcurrentBuilder(intermediate_outputs=True) emits per-participant data events
       alongside the single aggregated output event.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for sequential workflow with_request_info and intermediate_outputs (#5301)
    
    Address PR review comments 2, 3, and 5:
    
    - Add test_sequential_request_info_last_participant_emits_output:
      Verifies that when the last participant is wrapped via with_request_info()
      (AgentApprovalExecutor), the workflow still emits a terminal output after
      approval, exercising the _EndWithConversation.end_with_agent_executor_response
      fallback path.
    
    - Add test_sequential_request_info_with_intermediate_outputs_emits_data_events:
      Verifies that emit_intermediate_data=True works correctly through
      AgentApprovalExecutor wrapping—WorkflowExecutor._process_result already
      forwards data events from sub-workflows, so intermediate agent responses
      surface as data events in the parent workflow.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright type errors from AgentResponse output refactor (#5301)
    
    Update cast() calls in _group_chat.py and _magentic.py to use
    WorkflowContext[Never, AgentResponse] instead of the old
    WorkflowContext[Never, list[Message]], matching the updated method
    signatures in _base_group_chat_orchestrator.py.
    
    Fix _sequential.py _EndWithConversation.end_with_agent_executor_response
    to declare WorkflowContext[Any, AgentResponse] so yield_output accepts
    AgentResponse[None].
    
    Fix _workflow_executor.py data event forwarding to handle nullable
    executor_id.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright reportUnknownVariableType in _agent.py (#5301)
    
    Extract event.data into a typed local variable before the isinstance
    check to avoid pyright narrowing it to AgentResponse[Unknown].
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright reportMissingImports for orjson in file history samples (#5301)
    
    Add pyright: ignore[reportMissingImports] to orjson imports that are
    already guarded by try/except ImportError, matching the existing pattern
    used elsewhere in the samples.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5301: review comment fixes
    
    * Address review feedback for #5301: review comment fixes
    
    * Revert sequential_workflow_as_agent sample to FoundryChatClient
    
    Reverts the mistaken switch from FoundryChatClient to OpenAIChatClient
    in the sequential workflow as agent sample.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address ultrareview feedback: emit_data_events rename + WorkflowAgent reasoning conversion
    
    Layered on top of the prior review-feedback work in this branch.
    
    Renames:
    - AgentExecutor.emit_intermediate_data -> emit_data_events (mechanical
      rename; orchestration semantics live at the orchestration layer, not
      the general-purpose executor). Forwarded through MagenticAgentExecutor,
      AgentApprovalExecutor, and all orchestration call sites.
    - HandoffAgentExecutor._check_terminate_and_yield -> _should_terminate
      (pure predicate; no longer yields anything). HandoffBuilder docstring
      rewritten to describe the new per-agent AgentResponse output contract.
    
    WorkflowAgent reasoning-content conversion:
    - Add _rewrite_text_to_reasoning(contents) and _msg_as_reasoning(msg)
      helpers; the as_agent() path now reframes text content from data events
      as text_reasoning Content blocks before merging into the AgentResponse.
    - Consumers iterate msg.contents and branch on content.type — same path
      they already use for Claude thinking and OpenAI reasoning. No new
      field on Message/AgentResponse/WorkflowEvent.
    - Streaming branch constructs fresh AgentResponseUpdate instances instead
      of mutating shared payloads (regression test added).
    - Helper _msg_maybe_reasoning consolidates the conditional rewrite at
      three call sites in the non-streaming conversion.
    
    Tests:
    - TestWorkflowAgentReasoningHelpers + TestWorkflowAgentDataEventReasoningConversion
      add 9 new tests covering helpers, non-streaming, streaming, mixed content,
      already-reasoning passthrough, and mutation-safety regression.
    - Updated test_sequential_as_agent_with_intermediate_outputs_includes_chain
      to assert text_reasoning content for intermediate agents.
    
    * Fix pyright: widen event.data to Any to avoid partial-unknown narrowing
    
    The streaming conversion path narrowed event.data via isinstance against
    generic AgentResponse, producing AgentResponse[Unknown] and tripping
    reportUnknownVariableType/reportUnknownMemberType. Binding data: Any
    before the check keeps runtime behavior identical while restoring a fully
    known type for downstream access.
    
    * Clean up design
    
    * Scope to agent output semantics only
    
    * yield AgentResponseUpdate streaming, AgentResponse non-streaming
    
    * Fix mypy/pyright: widen cast types at GroupChat callsites
    
    Eight callsites in _group_chat.py still cast to WorkflowContext[Never,
    AgentResponse] but the base orchestrator methods now accept the wider
    WorkflowContext[Never, AgentResponse | AgentResponseUpdate] (mode-aware
    yields). W_OutT is invariant, so the narrower cast is not assignable.
    Magentic was widened in the same commit; this catches the GroupChat
    callsites that were missed.
    
    * Python: skip flaky Foundry / Foundry Hosting integration tests (#5553)
    
    These two integration tests have been failing in the merge queue across
    multiple unrelated PRs (5301, 5531). Both are marked `@pytest.mark.flaky`
    with 3 retries, but all attempts fail back-to-back. Skipping both with a
    reason pointing to #5553 so they can be fixed properly without continuing
    to block unrelated merges.
    
    - packages/foundry_hosting/tests/test_responses_int.py::TestOptions::test_temperature_and_max_tokens
    - packages/foundry/tests/foundry/test_foundry_embedding_client.py::TestFoundryEmbeddingIntegration::test_text_embedding_live
    
    Also includes a one-line uv.lock specifier-ordering normalization
    auto-applied by the poe-check pre-commit hook.
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add HttpRequestAction support to declarative workflows (#5474)
    * Add declarative HttpRequestAction support to workflows
    
    * Clean up response body for diagnostics  and fix tests.
    
    * Fix merge with main.
    
    * Remove redundant fallback for request content headers.
  • [Python] Add agent-framework-azure-ai-contentunderstanding package (#4829)
    * feat: add agent-framework-azure-contentunderstanding package
    
    Add Azure Content Understanding integration as a context provider for the
    Agent Framework. The package automatically analyzes file attachments
    (documents, images, audio, video) using Azure CU and injects structured
    results (markdown, fields) into the LLM context.
    
    Key features:
    - Multi-document session state with status tracking (pending/ready/failed)
    - Configurable timeout with async background fallback for large files
    - Output filtering via AnalysisSection enum
    - Auto-registered list_documents() and get_analyzed_document() tools
    - Supports all CU modalities: documents, images, audio, video
    - Content limits enforcement (pages, file size, duration)
    - Binary stripping of supported files from input messages
    
    Public API:
    - ContentUnderstandingContextProvider (main class)
    - AnalysisSection (output section selector enum)
    - ContentLimits (configurable limits dataclass)
    
    Tests: 46 unit tests, 91% coverage, all linting and type checks pass.
    
    * fix: update CU fixtures with real API data, fix test assertions
    
    - Replace synthetic fixtures with real CU API responses (sanitized)
    - Update test assertions to match real data (Contoso vs CONTOSO,
      TotalAmount vs InvoiceTotal, field values from real analysis)
    - Add --pre install note in README (preview package)
    - Document unenforced ContentLimits fields (max_pages, duration)
    
    * chore: add connector .gitignore, update uv.lock
    
    * refactor: rename to azure-ai-contentunderstanding, fix CI issues
    
    Align naming with Azure SDK convention and AF pattern:
    - Directory: azure-contentunderstanding -> azure-ai-contentunderstanding
    - PyPI: agent-framework-azure-contentunderstanding -> agent-framework-azure-ai-contentunderstanding
    - Module: agent_framework_azure_contentunderstanding -> agent_framework_azure_ai_contentunderstanding
    
    CI fixes:
    - Inline conftest helpers to avoid cross-package import collision in xdist
    - Remove PyPI badge and dead API reference link from README (package not published yet)
    
    * feat: add samples (document_qa, invoice_processing, multimodal_chat)
    
    - document_qa.py: Single PDF upload, CU context provider, follow-up Q&A
    - invoice_processing.py: Structured field extraction with prebuilt-invoice
    - multimodal_chat.py: Multi-file session with status tracking
    - Add ruff per-file-ignores for samples/ directory
    - Update README with samples section, env vars, and run instructions
    
    * feat: add remaining samples (devui_multimodal_agent, large_doc_file_search)
    
    - S3: devui_multimodal_agent/ — DevUI web UI with CU-powered file analysis
    - S4: large_doc_file_search.py — CU extraction + OpenAI vector store RAG
    - Update README and samples/README.md with all 5 samples
    
    * feat: add file_search integration for large document RAG
    
    Add FileSearchConfig — when provided, CU-extracted markdown is automatically
    uploaded to an OpenAI vector store and a file_search tool is registered on
    the context. This enables token-efficient RAG retrieval for large documents
    without users needing to manage vector stores manually.
    
    - FileSearchConfig dataclass (openai_client, vector_store_name)
    - Auto-create vector store, upload markdown, register file_search tool
    - Auto-cleanup on close()
    - When file_search is enabled, skip full content injection (use RAG instead)
    - Update large_doc_file_search sample to use the integration
    - 4 new tests (50 total, 90% coverage)
    
    * fix: add key-based auth support to all samples
    
    Follow established AF pattern: check for API key env var first,
    fall back to AzureCliCredential. Supports AZURE_OPENAI_API_KEY and
    AZURE_CONTENTUNDERSTANDING_API_KEY environment variables.
    
    * FEATURE(python): add analyzer auto-detection, file_search RAG, and lazy init
    
    _context_provider.py:
    - Make analyzer_id optional (default None) with auto-detection by media
      type prefix: audio->audioSearch, video->videoSearch, else documentSearch
    - Add _ensure_initialized() for lazy client creation in before_run()
    - Add FileSearchConfig-based vector store upload
    - Fix: background-completed docs in file_search mode now upload to vector
      store instead of injecting full markdown into context messages
    - Add _pending_uploads queue for deferred vector store uploads
    
    devui_file_search_agent/ (new sample):
    - DevUI agent combining CU extraction + OpenAI file_search RAG
    
    azure_responses_agent (existing sample fix):
    - Add AzureCliCredential support and AZURE_AI_PROJECT_ENDPOINT fallback
    
    Tests (19 new), Docs updated (AGENTS.md, README.md)
    
    * feat(cu): MIME sniffing, media-aware formatting, unified timeout, vector store expiration
    
    - Add three-layer MIME detection (fast path → filetype binary sniff → filename
      fallback) to handle unreliable upstream MIME types (e.g. mp4 sent as
      application/octet-stream). Adds filetype>=1.2,<2 dependency.
    - Media-aware output formatting: video shows duration/resolution + all fields
      as JSON; audio promotes Summary as prose; document unchanged.
    - Unified timeout for all media types (removed file_search special-case that
      waited indefinitely for video/audio). All files use max_wait with background
      polling fallback.
    - Vector store created with expires_after=1 day as crash safety net.
    - Add 8 MIME sniffing tests (TestMimeSniffing class).
    
    * fix: merge all CU content segments for video/audio analysis
    
    CU's prebuilt-videoSearch and prebuilt-audioSearch analyzers split long
    media files into multiple `contents[]` segments. Previously,
    `_extract_sections()` only read `contents[0]`, causing truncated
    duration, missing transcript, and incomplete fields for any video/audio
    longer than a single scene.
    
    Now iterates all segments and merges:
    - duration: global min(startTimeMs) → max(endTimeMs)
    - markdown: concatenated with `---` separators
    - fields: same-named fields collected into per-segment list
    - metadata (kind, resolution): taken from first segment
    
    Single-segment results (documents, short audio) are unaffected.
    
    Update test fixture to realistic 3-segment video structure and expand
    assertions to verify multi-segment merging. Add documentation for
    multi-segment processing and speaker diarization limitation.
    
    * refactor: improve CU context provider docs and remove ContentLimits
    
    - Improve class docstring: clarify endpoint (Azure AI Foundry URL with
      example), credential (AzureKeyCredential vs Entra ID), and analyzer_id
      (prebuilt/custom with auto-selection behavior and reference links)
    - Add SUPPORTED_MEDIA_TYPES comments explaining MIME-based matching
      behavior and add missing file types per CU service docs
    - Use namespaced logger to align with other packages
    - Remove ContentLimits and related code/tests
    - Rename DEFAULT_MAX_WAIT to DEFAULT_MAX_WAIT_SECONDS for clarity
    
    * feat: support user-provided vector store in FileSearchConfig
    
    - Add vector_store_id field to FileSearchConfig (None = auto-create)
    - Track _owns_vector_store to only delete auto-created stores on close()
    - Remove vector_store_name; use internal _DEFAULT_VECTOR_STORE_NAME
    - Add inline comments for private state fields
    - Document output_sections default in docstring
    - Update AGENTS.md, samples, and tests
    
    * fix: remove ContentLimits from README code block
    
    * refactor: create CU client in __init__ instead of __aenter__
    
    Follow Azure AI Search provider pattern: create the client eagerly in
    __init__, make __aenter__ a no-op. This ensures __aexit__/close() is
    always safe to call and eliminates the _ensure_initialized() workaround.
    
    * docs: add file_search param to class docstring
    
    * feat: introduce FileSearchBackend abstraction for cross-client support
    
    Replace direct OpenAI client usage with FileSearchBackend ABC:
    - OpenAIFileSearchBackend: for OpenAIChatClient (Responses API)
    - FoundryFileSearchBackend: for FoundryChatClient (Azure Foundry)
    - Shared base _OpenAICompatBackend for common vector store CRUD
    
    FileSearchConfig now takes a backend instead of openai_client.
    Factory methods from_openai() and from_foundry() for convenience.
    
    BREAKING: FileSearchConfig(openai_client=...) -> FileSearchConfig.from_openai(...)
    
    * refactor: FileSearchBackend abstraction + caller-owned vector store
    
    * fix: file_search reliability and sample improvements
    
    - Poll vector store indexing (create_and_poll) to ensure file_search
      returns results immediately after upload
    - Set status to failed when vector store upload fails
    - Skip get_analyzed_document tool in file_search mode to prevent
      LLM from bypassing RAG
    - Simplify sample auth: single credential, direct parameters
    - Use from_foundry backend for Foundry project endpoints
    
    * perf: set max_num_results=10 for file_search to reduce token usage
    
    * fix: move import to top of file (E402 lint)
    
    * chore: remove unused imports
    
    * fix: align azure-ai-contentunderstanding with MAF coding conventions
    
    - Add module-level docstrings to __init__.py and _context_provider.py
    - Use Self return type for __aenter__ (with typing_extensions fallback)
    - Use explicit typed params for __aexit__ signature
    - Add sync TokenCredential to AzureCredentialTypes union
    - Pass AGENT_FRAMEWORK_USER_AGENT to ContentUnderstandingClient
    - Remove unused ContentLimits from public API and tests
    - Fix FileSearchConfig tests to match refactored backend API
    - Fix lifecycle tests to match eager client initialization
    
    * refactor: improve CU context provider API surface and fix CI
    
    - Refactor _analyze_file to return DocumentEntry instead of mutating dict
    - Remove TokenCredential from AzureCredentialTypes (fixes mypy/pyright CI)
    - Remove OpenAIFileSearchBackend/FoundryFileSearchBackend from public API
      (internal to FileSearchConfig factory methods)
    - Remove DocumentStatus from public exports (implementation detail)
    - Update file_search comments to reflect backend-agnostic design
    - Add DocumentStatus enum, analysis/upload duration tracking
    - Add combined timeout for CU analysis + vector store upload
    
    * fix: improve file_search samples and move tool guidelines to context provider
    
    - Delete redundant devui_file_search_agent sample (duplicate of azure_openai variant)
    - Move tool usage guidelines from sample agent instructions into context provider
      (extend_instructions in step 6, applied automatically for all file_search users)
    - Fix file_search purpose: use from_foundry() for Azure OpenAI (purpose="assistants")
    - Add filename hint in upload instructions for targeted file_search queries
    - Reduce max_num_results from 10 to 3 in both devui samples
    - Simplify agent instructions in both samples (remove tool-specific guidance)
    
    * feat: improve source_id, integration tests, and content assertions
    
    - Rename DEFAULT_SOURCE_ID to "azure_ai_contentunderstanding" (matches
      azure_ai_search convention)
    - Improve source_id docstring to describe default value
    - Clarify _detect_and_strip_files docstring (CU-supported files)
    - Add invoice.pdf test fixture from Azure CU samples repo
    - Refactor integration tests to use invoice.pdf directly (assert instead
      of skip when fixture missing)
    - Add URI content test (Content.from_uri with external URL)
    - Add "CONTOSO LTD." content assertion to all integration tests
    - Use max_wait=None in integration tests (wait until complete)
    
    * feat: reject duplicate filenames, add integration tests and sample comments
    
    - Reject duplicate document keys in before_run (skip + warn LLM to rename)
    - Update _derive_doc_key docstring to document uniqueness constraint
    - Add unit tests for duplicate filename rejection (cross-turn and same-turn)
    - Add integration test for data URI content (from_uri with base64)
    - Add integration test for background analysis (max_wait timeout + resolve)
    - Add filename recommendation comments to all samples' Content.from_data()
    
    * chore: improve doc key derivation, comments, and README
    
    - Replace hash-based doc key with uuid4 for anonymous uploads (O(1), no payload traversal)
    - Remove hashlib import (no longer needed)
    - Add File Naming section to README (filename importance, duplicate rejection)
    - Improve inline comments (_derive_doc_key, _extract_binary, URL parsing)
    
    * test: strengthen _format_result assertions with exact expected strings
    
    - Replace loose 'in' checks with exact 'assert formatted == expected'
      for both multi-segment and single-segment format tests
    - Add object-type fields (ShippingAddress, Speakers) to test data
      to cover nested dict/list serialization
    - Add position-based ordering assertions to verify structural
      correctness (header -> markdown -> fields across segments)
    
    * refactor: move invoice.pdf to shared sample_assets directory
    
    - Move invoice.pdf from tests/cu/test_data/ to
      python/samples/shared/sample_assets/ as single source of truth
    - Add INVOICE_PDF_PATH constant in test_integration.py pointing
      to the shared location
    - Update document_qa.py, invoice_processing.py, large_doc_file_search.py
      to use invoice.pdf instead of sample.pdf
    
    * refactor: reorganize samples into numbered dirs and simplify auth
    
    - Move script samples into 01-get-started/ with numbered prefixes
      (01_document_qa, 02_multimodal_chat, 03_invoice_processing,
       04_large_doc_file_search)
    - Move devui samples into 02-devui/ with 01-multimodal_agent and
      02-file_search_agent/{azure_openai_backend,foundry_backend}
    - Move invoice.pdf to CU package-local samples/shared/sample_assets/
    - Replace kwargs dicts with direct constructor calls; support both
      API key (AZURE_OPENAI_API_KEY) and AzureCliCredential
    - Update README sample table with new paths
    
    * fix: resolve CI lint errors (D205, RUF001, E501)
    
    - Fix D205: single-line docstring summary for _detect_and_strip_files
    - Fix RUF001: replace EN DASH with HYPHEN-MINUS in segment headers
    - Fix E501: wrap long assertion lines in tests
    - Also includes samples reorg and auth simplification
    
    * refactor: overhaul samples — FoundryChatClient, sessions, remove get_analyzed_document
    
    Samples:
    - Switch all samples from deprecated AzureOpenAIResponsesClient to FoundryChatClient
    - Add 02_multi_turn_session.py showing AgentSession persistence across turns
    - Rewrite 03_multimodal_chat.py with real PDF + audio + video (parallel
      analysis), per-modality follow-ups, cross-document question, elapsed
      time, user prompts, and input token counts
    - Renumber: 02->03 multimodal, 03->04 invoice, 04->05 file_search
    
    Context provider:
    - Remove get_analyzed_document tool -- full content is in conversation
      history via InMemoryHistoryProvider, no retrieval tool needed
    - Remove follow-up turn instructions about tools
    - Only list_documents tool remains (for status queries)
    - Update README to reflect tool removal
    
    * feat: add 05_background_analysis sample and fix 04 session/max_wait
    
    - Add 05_background_analysis.py demonstrating non-blocking CU analysis
      with max_wait=1s, status tracking via list_documents(), and automatic
      background task resolution on subsequent turns
    - Fix 04_invoice_processing.py: add max_wait=None and AgentSession
    - Rename 05→06 large_doc_file_search
    - Update README sample table
    
    * docs: update README and fix sample 06
    
    README:
    - Switch Quick Start from AzureOpenAIResponsesClient to FoundryChatClient
    - Add AgentSession to Quick Start example
    - Fix status values: pending -> analyzing/uploading/ready/failed
    - Fix env var: AZURE_OPENAI_RESPONSES_DEPLOYMENT_NAME -> AZURE_OPENAI_DEPLOYMENT_NAME
    - Update samples section with new paths, link to samples/README.md
    - Update multi-segment description to reflect per-segment fields
    
    Sample 06:
    - Fix from_openai -> from_foundry for Azure endpoints
    - Add AgentSession and max_wait=None
    
    * docs: rewrite README — concise format, prerequisites, CU link
    
    * fix: resolve pyright errors in _format_result segment cast
    
    * docs: add numbered section comments and fresh sample output to all samples
    
    - Add numbered section comments (# 1. ..., # 2. ...) per SAMPLE_GUIDELINES
    - Re-run all 6 samples and update expected output with real results
    - Fix duplicate sample output blocks in 04 and 05
    - Update README code example to use public invoice URL
    
    * feat: add load_settings support for env var configuration
    
    - Make endpoint optional in constructor — auto-loads from
      AZURE_CONTENTUNDERSTANDING_ENDPOINT env var via load_settings()
    - Add ContentUnderstandingSettings TypedDict
    - Add env_file_path/env_file_encoding params for .env file support
    - Add 4 unit tests: env var loading, explicit override, missing
      endpoint error, missing credential error
    - Update README with env var auto-resolution docs
    - Follows framework convention used by all other packages
    
    * docs: polish README — fix duplicate env var, add Next steps, service limits link
    
    * chore: trim invoice fixture from 199K to 33 lines
    
    Keep only VendorName, InvoiceTotal, DueDate, InvoiceDate, InvoiceId
    fields and first 500 chars of markdown. Strip spans/source/coordinates.
    Reduces fixture from 6.6MB to 1.2KB.
    
    * feat: per-file analyzer_id override via additional_properties
    
    - Read analyzer_id from Content.additional_properties for per-file override
    - Resolution order: per-file > provider-level > auto-detect by media type
    - Update class docstring documenting filename and analyzer_id properties
    - Update sample 04 to demonstrate per-file override (prebuilt-invoice)
    - Add unit test for per-file analyzer override
    
    * Trim PDF test fixture and clarify unique filename requirement
    
    - Trim analyze_pdf_result.json from 4427 to 23 lines by removing
      pages, words, lines, paragraphs, sections, spans, and source
      fields that are not used by any unit test.
    - Add docstring note that filename must be unique within a session;
      duplicate filenames are rejected and the file will not be analyzed.
    
    * Update python/packages/azure-ai-contentunderstanding/agent_framework_azure_ai_contentunderstanding/_context_provider.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/azure-ai-contentunderstanding/agent_framework_azure_ai_contentunderstanding/_context_provider.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/azure-ai-contentunderstanding/samples/02-devui/02-file_search_agent/azure_openai_backend/agent.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/azure-ai-contentunderstanding/samples/02-devui/01-multimodal_agent/agent.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/azure-ai-contentunderstanding/samples/01-get-started/06_large_doc_file_search.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Fix AGENTS.md to match implementation; remove unused variable in test helper
    
    AGENTS.md:
    - Remove _ensure_initialized() reference (client is created in __init__)
    - Fix multi-segment docs: segments kept as list, not merged into fields
    - Remove get_analyzed_document() reference (only list_documents registered)
    - Update sample names to match current directory structure
    
    test_context_provider.py:
    - Simplify _make_data_uri() — remove unused 'encoded' variable
    
    * Fix premature file_search instruction for background-completed docs
    
    - Change _resolve_pending_tasks() instruction from 'Use file_search'
      to 'being indexed' since the upload hasn't completed yet at that point.
    - Add LLM instruction on upload failure in step 1b so the agent can
      inform the user the document isn't searchable.
    
    * fix: wrap long line in devui agent instructions (E501)
    
    * Fix Copilot review: unused logger, stray code in README, await cancelled tasks
    
    - _file_search.py: Remove unused logger and logging import
    - 01-multimodal_agent/README.md: Remove accidentally pasted Python script
    - _context_provider.py close(): Await cancelled tasks before closing
      client to prevent 'Task destroyed but pending' warnings
    
    * Sanitize doc keys and fix duplicate filename re-injection
    
    - Add _sanitize_doc_key() to strip control characters, collapse
      whitespace, and cap length at 255 chars — prevents prompt injection
      via crafted filenames in extend_instructions() calls.
    - Track accepted doc_keys in step 3 so step 5 only injects content
      for files actually analyzed this turn, not pre-existing duplicates.
    - Soften duplicate upload instruction wording (remove IMPORTANT/caps).
    
    * fix: add type annotation to tasks_to_cancel for pyright
    
    * Move per-session mutable state to state dict for session isolation
    
    Previously _pending_tasks, _pending_uploads, and _uploaded_file_ids
    were stored on self, shared across all sessions. This caused
    cross-session leakage: Session A's background task results could be
    injected into Session B's context.
    
    Now these are stored in the per-session state dict. Global copies
    (_all_pending_tasks, _all_uploaded_file_ids) are kept on self only
    for best-effort cleanup in close().
    
    Add 2 new TestSessionIsolation tests verifying that background tasks
    and resolved content stay within their originating session.
    
    * Remove unused AnalysisSection enum values
    
    Only MARKDOWN and FIELDS are handled by _extract_sections().
    Remove FIELD_GROUNDING, TABLES, PARAGRAPHS, SECTIONS to avoid
    exposing dead options to users.
    
    * Recursively flatten object/array field values for cleaner LLM output
    
    - Use SDK .value property with recursive extraction for object/array fields
    - Object: AmountDue -> {Amount: 610, CurrencyCode: USD} (was raw SDK dict)
    - Array: LineItems -> list of flattened items (was raw SDK list)
    - Update invoice fixture with object/array fields from prebuilt-invoice
    - Add 3 unit tests for object, array, and nested object field extraction
    
    * Preserve sub-field confidence; compare full expected JSON in tests
    
    * Remove incorrect MIME aliases (audio/mp4, video/x-matroska)
    
    * feat: add AnalysisInput, content_range, warnings, and category support
    
    - Use SDK AnalysisInput model instead of raw body dict for begin_analyze
    - Forward content_range from additional_properties to CU (page/time ranges)
    - Extract CU warnings with code/message/target (ODataV4Format) into output
    - Include content-level category from classifier analyzers
    - Add 5 new tests: warnings, category, content_range forwarding
    - Fix pyright with explicit casts; fix en-dash lint (RUF002)
    
    * fix: falsy-0 bug in duration calc; improve test coverage
    
    - Fix start_time_ms=0 treated as falsy by 'or' short-circuit, use
      'is None' checks instead for duration and segment time extraction
    - Update warnings test to use RAI ContentFiltered codes
    - Enrich warnings extraction to include code/message/target (ODataV4Format)
    - Add multi-segment video category test with per-segment assertions
    
    * refactor: split _context_provider.py into focused modules
    
    - Extract _constants.py: SUPPORTED_MEDIA_TYPES, MIME_ALIASES, analyzer maps
    - Extract _detection.py: file detection, MIME sniffing, doc key derivation
    - Extract _extraction.py: result extraction, field flattening, LLM formatting
    - _context_provider.py delegates via thin wrappers (793 lines, was 1255)
    - Update test imports to use _constants.py for SUPPORTED_MEDIA_TYPES
    
    * docs: update AGENTS.md with DocumentStatus, FileSearchBackend, and _file_search.py
    
    * refactor: replace AnalysisSection enum with Literal type for simpler DX
    
    - Remove AnalysisSection(str, Enum) class, replace with Literal["markdown", "fields"] type alias
    - Users can now pass plain strings: output_sections=["markdown"] — no extra import needed
    - AnalysisSection type alias still exported for type annotation use
    - Update all samples, tests, and internal code to use string literals
    - Address PR review feedback (eavanvalkenburg)
    
    * refactor: replace asyncio.Task with continuation tokens for serializable state
    
    - Replace state["_pending_tasks"] (asyncio.Task — not serializable) with
      state["_pending_tokens"] (dict of continuation token strings) so the
      framework can persist session state to disk/storage
    - Resume pending analyses via Azure SDK continuation_token mechanism
    - Fix: resumed pollers have stale cached status (done() always False),
      use asyncio.wait_for(poller.result()) with 10s min timeout instead
    - Remove _background_poll(), _all_pending_tasks, and task cancellation
    - Address PR review feedback (eavanvalkenburg): state must be serializable
    
    * fix: resolve CI lint (RUF052) and mypy (call-overload) errors
    
    * feat: add structured output (Pydantic model) to invoice processing sample
    
    - Use response_format=InvoiceResult for schema-constrained LLM output
    - Use output_sections=["fields"] only (no markdown needed for structured output)
    - Add LowConfidenceField model with confidence values
    - Add comments about prebuilt-invoice extensive schema vs simplified model
    - Address PR review feedback (eavanvalkenburg): use structured response
    
    * fix: use FOUNDRY_PROJECT_ENDPOINT and FOUNDRY_MODEL env vars in all samples
    
    Replace AZURE_AI_PROJECT_ENDPOINT → FOUNDRY_PROJECT_ENDPOINT and
    AZURE_OPENAI_DEPLOYMENT_NAME → FOUNDRY_MODEL across all sample .py and
    README.md files. Address PR review feedback (eavanvalkenburg).
    
    * refactor: remove background_analysis sample, use FoundryChatClient in DevUI
    
    - Remove 05_background_analysis.py (per reviewer feedback — discuss max_wait
      design separately from samples)
    - Renumber 06_large_doc_file_search.py → 05_large_doc_file_search.py
    - Replace AzureOpenAIResponsesClient with FoundryChatClient in all DevUI samples
    - Replace client.as_agent() with Agent(client=client, ...) everywhere
    - Add max_wait comments explaining interactive vs batch usage
    - Update README.md and AGENTS.md
    - Address PR review feedback (eavanvalkenburg)
    
    * fix: vector_stores API moved from beta namespace in OpenAI SDK
    
    * docs: add comments about multi-file support and CU service limits in file_search sample
    
    * fix: broken markdown links after sample removal and renumbering
    
    * fix: migrate BaseContextProvider to ContextProvider (non-deprecated)
    
    * fix: Message(text=) -> Message(contents=[]) for API compatibility
    
    * Inline _constants.py into consuming modules
    
    Remove _constants.py and move constants to where they are used:
    - SUPPORTED_MEDIA_TYPES, MIME_ALIASES → _detection.py
    - MEDIA_TYPE_ANALYZER_MAP, DEFAULT_ANALYZER → _context_provider.py
    
    Addresses review feedback to reduce file count.
    
    * Mark package as alpha per package management skill
    
    - Version: 1.0.0b260401 → 1.0.0a260401
    - Classifier: Development Status 4 - Beta → 3 - Alpha
    - Add to PACKAGE_STATUS.md as alpha
    
    Follows the alpha package checklist from python-package-management skill.
    
    * Replace extend_instructions with extend_messages for status notifications
    
    Status/error/result notifications now use extend_messages (conversation
    context) instead of extend_instructions (system prompt). This avoids
    system prompt bloat and keeps behavioral directives separate from
    event notifications.
    
    - 11 extend_instructions calls → extend_messages (role='user')
    - 1 extend_instructions retained: tool usage guidelines (behavioral)
    - 6 test assertions updated to check context_messages
    
    All 84 unit tests + 5 live integration tests pass.
    
    * Fix lint: E402 import order, ISC004 implicit string concatenation
    
    - Move constants after all imports to fix E402
    - Wrap multi-line strings in parentheses inside contents=[] to fix ISC004
    
    * Fix lint: remove unused json import in invoice sample
    
    * Fix CI: apply ruff format + fix E501 line length after reformatting
    
    ruff format expands Message() calls to multi-line, pushing string
    indentation deeper. Break long strings to fit within 120 char limit
    after formatting. Also removes unused json import in sample.
    
    * Address review feedback: keyword-only args, accept pre-built client, remove wrappers
    
    - All __init__ args now keyword-only (matches FoundryChatClient pattern)
    - New 'client' param accepts pre-built ContentUnderstandingClient
    - core dep bound: >=1.0.0rc5 → >=1.0.0,<2
    - Self import moved after local imports
    - Removed 9 static method wrappers; callsites use module functions directly
    - Tests updated to import derive_doc_key and format_result directly
    
    * fix: remove duplicate ContentUnderstandingClient instantiation
    
    The client was being created twice — once inside the if/else block and
    again unconditionally after it. The second instantiation overwrote the
    pre-built client path and failed type checking when credential was None.
    
    * rename: azure-ai-contentunderstanding → azure-contentunderstanding
    
    Package: agent-framework-azure-ai-contentunderstanding → agent-framework-azure-contentunderstanding
    Module: agent_framework_azure_ai_contentunderstanding → agent_framework_azure_contentunderstanding
    Directory: packages/azure-ai-contentunderstanding → packages/azure-contentunderstanding
    
    Per agreement with PM and MAF team to drop 'AI' from the package name.
    
    * feat: add ContentUnderstanding re-export to agent_framework.foundry namespace
    
    Enables: from agent_framework.foundry import ContentUnderstandingContextProvider
    
    Exports: ContentUnderstandingContextProvider, FileSearchConfig,
    FileSearchBackend, AnalysisSection, DocumentStatus
    
    Updates all samples and README to use the foundry namespace import.
    
    * fix: add missing copyright headers to standalone sample scripts
    
    * chore: remove .vscode/settings.json and add to .gitignore
    
    * refactor: reuse FoundryChatClient.client for vector store ops in file_search sample
    
    Address review feedback from TaoChenOSU:
    - 05_large_doc_file_search.py: use client.client instead of manually
      constructing AsyncAzureOpenAI; remove openai dependency
    - azure_openai_backend/agent.py: import reorder only (AIProjectClient
      kept — required for sync vector store creation in DevUI)
    
    * fix: skip closing client when caller passes pre-built client
    
    When a ContentUnderstandingClient is passed via client=, the caller
    owns its lifecycle. Added _owns_client flag so close() only closes
    the client when we created it internally.
    
    ---------
    
    Co-authored-by: yungshinlin <yungshin@msn.com>
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: bump package versions for 1.2.1 release (#5536)
    * Python: bump package versions for 1.2.1 release
    
    PATCH bump (1.2.0 -> 1.2.1) for the released cohort. The release window
    covers two PRs, no new public APIs:
    
    - agent-framework-core: prevent inner_exception from being lost in
      AgentFrameworkException (#5167)
    - samples: add requirements.txt and .env.example to the a2a/ hosting
      sample for pip-based setup (#5510)
    
    Per lockstep convention, all 21 beta packages stamp 1.0.0b260428 and all
    3 alpha packages stamp 1.0.0a260428, regardless of per-package code
    churn. Every non-core package floor on agent-framework-core is raised to
    >=1.2.1 to keep cohort signaling consistent. Date stamp reflects the
    local (Asia) cut date 2026-04-28.
    
    * Python: silence pyright unknown-type warnings in hosted-env detection
    
    `azure.ai.agentserver.core` is probed at runtime via `importlib.util.find_spec`
    and is not a declared dependency. The existing `# pyright: ignore[reportMissingImports]`
    suppresses the missing-import warning, but at `lowest-direct` resolution pyright
    still reports the imported symbol (`AgentConfig`) and its members (`from_env`,
    `is_hosted`) as unknown, breaking `validate-dependency-bounds-test` for
    `packages/core`.
    
    Extend the existing ignore to cover `reportUnknownVariableType` on the import
    and `reportUnknownMemberType` on the call site so the bounds check returns to
    green. Behavior is unchanged.
    
    Latent since #5455 (shipped in 1.2.0).
    
    * Python: raise agent-framework-gemini lower bound to google-genai>=1.65.0
    
    The Gemini chat client references several `google.genai.types` symbols
    (`FileSearch`, `ThinkingLevel`, `SearchTypes`, `McpServer`,
    `StreamableHttpTransport`, plus call-site keyword args `mcp_servers` and
    `search_types`) that are not present at the lower bound of `google-genai>=1.0.0`.
    At `lowest-direct` resolution this caused `validate-dependency-bounds-test` to
    fail for `packages/gemini` with eleven `reportAttributeAccessIssue` /
    `reportUnknownVariableType` errors.
    
    Walking the upstream `google.genai.types` API:
    - `GoogleMaps`, `AuthConfig`: present from 1.40.0
    - `FileSearch`: introduced in 1.49.0
    - `ThinkingLevel`: introduced in 1.55.0
    - `SearchTypes`, `McpServer`, `StreamableHttpTransport`: introduced in 1.65.0
    
    Bump the lower bound to 1.65.0 — the minimum version that exposes every symbol
    the package actually uses. Keep the `<2.0.0` upper cap unchanged. With this
    bump `validate-dependency-bounds-test` passes for both lower and upper
    resolution scenarios across all 27 workspace packages.
    
    Latent since #4847 (Gemini package introduction in 1.1.0); aggravated by
    subsequent feature additions that pulled in newer `types.*` symbols.
    
    * Python: add dependabot bumps to 1.2.1 CHANGELOG
    
    Catalog the 15 dependabot dependency updates that merged on `upstream/main`
    between python-1.2.0 and the 1.2.1 cut window under a new Changed section:
    
    - Workspace dev/runtime deps: `rich`, `prek`, `python-multipart`, `pyasn1`,
      `pytest` (ag-ui, devui, lab), `uv` (lab)
    - Frontend deps: `vite` (devui, chatkit), `postcss` (devui, chatkit, handoff),
      `picomatch` (devui, handoff)
    
    CHANGELOG-only — no source or pyproject.toml changes. PRs themselves merged
    upstream independently of this release branch and will be brought in via the
    PR merge.
  • Python: Bump prek from 0.3.8 to 0.3.9 in /python (#5228)
    * Bump prek from 0.3.8 to 0.3.9 in /python
    
    Bumps [prek](https://github.com/j178/prek) from 0.3.8 to 0.3.9.
    - [Release notes](https://github.com/j178/prek/releases)
    - [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/j178/prek/compare/v0.3.8...v0.3.9)
    
    ---
    updated-dependencies:
    - dependency-name: prek
      dependency-version: 0.3.9
      dependency-type: direct:development
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Fix CI: bump prek to 0.3.9 in lab package and update uv.lock
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/f17751e5-c5a8-4d42-9555-6bf708a2ef47
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
  • Bump vite in /python/samples/05-end-to-end/chatkit-integration/frontend (#5126)
    Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.12 to 7.3.2.
    - [Release notes](https://github.com/vitejs/vite/releases)
    - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
    - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)
    
    ---
    updated-dependencies:
    - dependency-name: vite
      dependency-version: 7.3.2
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump vite from 7.1.12 to 7.3.2 in /python/packages/devui/frontend (#5127)
    Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.12 to 7.3.2.
    - [Release notes](https://github.com/vitejs/vite/releases)
    - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
    - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)
    
    ---
    updated-dependencies:
    - dependency-name: vite
      dependency-version: 7.3.2
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump pytest from 9.0.2 to 9.0.3 in /python/packages/ag-ui (#5461)
    * Bump pytest from 9.0.2 to 9.0.3 in /python/packages/ag-ui
    
    Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3.
    - [Release notes](https://github.com/pytest-dev/pytest/releases)
    - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
    - [Commits](https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3)
    
    ---
    updated-dependencies:
    - dependency-name: pytest
      dependency-version: 9.0.3
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Fix CI: bump pytest to 9.0.3 across all workspace packages and update uv.lock
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a9996d8b-3fb7-436b-a22f-f4a8c436b213
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
  • Python: Bump pytest from 9.0.2 to 9.0.3 in /python/packages/devui (#5492)
    * Bump pytest from 9.0.2 to 9.0.3 in /python/packages/devui
    
    Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3.
    - [Release notes](https://github.com/pytest-dev/pytest/releases)
    - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
    - [Commits](https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3)
    
    ---
    updated-dependencies:
    - dependency-name: pytest
      dependency-version: 9.0.3
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Fix CI: bump pytest to 9.0.3 in all workspace pyproject.toml files and update uv.lock
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/60822a0e-8a54-412f-9999-051cf1ce2c7c
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
  • Bump picomatch (#4936)
    Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4.
    - [Release notes](https://github.com/micromatch/picomatch/releases)
    - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)
    
    ---
    updated-dependencies:
    - dependency-name: picomatch
      dependency-version: 4.0.4
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Update rich requirement in /python (#5227)
    Updates the requirements on [rich](https://github.com/Textualize/rich) to permit the latest version.
    - [Release notes](https://github.com/Textualize/rich/releases)
    - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/Textualize/rich/compare/v13.7.1...v15.0.0)
    
    ---
    updated-dependencies:
    - dependency-name: rich
      dependency-version: 15.0.0
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump python-multipart from 0.0.22 to 0.0.26 in /python (#5286)
    Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.26.
    - [Release notes](https://github.com/Kludex/python-multipart/releases)
    - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26)
    
    ---
    updated-dependencies:
    - dependency-name: python-multipart
      dependency-version: 0.0.26
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Python: Bump uv from 0.11.3 to 0.11.6 in /python/packages/lab (#5469)
    * Bump uv from 0.11.3 to 0.11.6 in /python/packages/lab
    
    Bumps [uv](https://github.com/astral-sh/uv) from 0.11.3 to 0.11.6.
    - [Release notes](https://github.com/astral-sh/uv/releases)
    - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/astral-sh/uv/compare/0.11.3...0.11.6)
    
    ---
    updated-dependencies:
    - dependency-name: uv
      dependency-version: 0.11.6
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Fix CI: update uv from 0.11.3 to 0.11.6 in python/pyproject.toml and regenerate uv.lock
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a1a7c648-b26f-44e7-bace-d56ed8489053
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    * Fix code quality CI: update uv-pre-commit rev from 0.11.3 to 0.11.6 in .pre-commit-config.yaml
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/cdfdd211-9f1e-4570-bc7c-86fd15240e91
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
  • Python: Bump pytest from 9.0.2 to 9.0.3 in /python/packages/lab (#5470)
    * Bump pytest from 9.0.2 to 9.0.3 in /python/packages/lab
    
    Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3.
    - [Release notes](https://github.com/pytest-dev/pytest/releases)
    - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
    - [Commits](https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3)
    
    ---
    updated-dependencies:
    - dependency-name: pytest
      dependency-version: 9.0.3
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Update pytest from 9.0.2 to 9.0.3 across all workspace packages
    
    Fix dependency conflict: agent-framework workspace packages were pinning
    pytest==9.0.2 while agent-framework-lab required pytest==9.0.3, causing
    uv dependency resolution to fail. Updated all pyproject.toml files and
    regenerated uv.lock to use pytest==9.0.3 consistently.
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/d274f7c5-b5ed-4b18-8eab-4db3cfd9d1bf
    
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: moonbox3 <35585003+moonbox3@users.noreply.github.com>
  • Bump postcss from 8.5.6 to 8.5.10 in /python/packages/devui/frontend (#5484)
    Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.10.
    - [Release notes](https://github.com/postcss/postcss/releases)
    - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.10)
    
    ---
    updated-dependencies:
    - dependency-name: postcss
      dependency-version: 8.5.10
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump postcss (#5491)
    Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.10.
    - [Release notes](https://github.com/postcss/postcss/releases)
    - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.10)
    
    ---
    updated-dependencies:
    - dependency-name: postcss
      dependency-version: 8.5.10
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump postcss (#5527)
    Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.12.
    - [Release notes](https://github.com/postcss/postcss/releases)
    - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.12)
    
    ---
    updated-dependencies:
    - dependency-name: postcss
      dependency-version: 8.5.12
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump picomatch in /python/packages/devui/frontend (#4921)
    Bumps  and [picomatch](https://github.com/micromatch/picomatch). These dependencies needed to be updated together.
    
    Updates `picomatch` from 4.0.3 to 4.0.4
    - [Release notes](https://github.com/micromatch/picomatch/releases)
    - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)
    
    Updates `picomatch` from 2.3.1 to 2.3.2
    - [Release notes](https://github.com/micromatch/picomatch/releases)
    - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)
    
    ---
    updated-dependencies:
    - dependency-name: picomatch
      dependency-version: 4.0.4
      dependency-type: indirect
    - dependency-name: picomatch
      dependency-version: 2.3.2
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>