Commit Graph

2033 Commits

  • Fix formatting
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
  • .NET: Support reasoning events in AGUI (#4953)
    * Support reasoning
    
    * MEAI gives the same MessageId for reasoning and text content because they are part of the same logical model response. Create a new GUID for reasoning messages to be consistent with AGUI protocol and establish no link between reasoning and text messages
    
    * When a frontend AG-UI client sends conversation history back in a subsequent POST, any accumulated role: "reasoning" messages fail deserialization in AGUIMessageJsonConverter because the role wasn't handled - causing the request to fail.
    
    This adds AGUIReasoningMessage with Content and EncryptedValue properties, registers it in the JSON converter and serializer context, and converts it to TextReasoningContent (with ProtectedData) in AsChatMessages.
    
    * Added MapReasoningMessage - converts a ChatMessage containing TextReasoningContent to AGUIReasoningMessage for c# client
    
    * review
    
    * Support reasoning
    
    * MEAI gives the same MessageId for reasoning and text content because they are part of the same logical model response. Create a new GUID for reasoning messages to be consistent with AGUI protocol and establish no link between reasoning and text messages
    
    * When a frontend AG-UI client sends conversation history back in a subsequent POST, any accumulated role: "reasoning" messages fail deserialization in AGUIMessageJsonConverter because the role wasn't handled - causing the request to fail.
    
    This adds AGUIReasoningMessage with Content and EncryptedValue properties, registers it in the JSON converter and serializer context, and converts it to TextReasoningContent (with ProtectedData) in AsChatMessages.
    
    * Added MapReasoningMessage - converts a ChatMessage containing TextReasoningContent to AGUIReasoningMessage for c# client
    
    * review
    
    * dotnet format
    
    * Replace hardcoded string with constant
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
  • Python: Add support for function approval flow in Foundry hosted agent (#5666)
    * Add support for function approval flow in Foundry hosted agent
    
    * Address comments
    
    * Address comments
    
    * Address comments
  • Python: Core: notify agent of external AgentModeProvider mode changes (#5650)
    When the operating mode is changed externally (e.g. via a slash-command handler
    calling set_agent_mode), the agent's chat history still shows the prior set_mode
    tool call near the end. Updating only the system instructions is insufficient —
    models tend to anchor on the recent tool call and ignore the new mode.
    
    Mirror the .NET AgentModeProvider behavior: when set_agent_mode detects an actual
    mode change, record the previous mode in provider state. On the next before_run,
    the provider pops that flag and injects a user-role notification message
    announcing the switch, so the most recent context unambiguously reflects the
    current mode. The agent-driven set_mode tool path bypasses this so it does not
    trigger a redundant notification on its own change.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Issue 5662 (#5668)
    * Fix dangling function_call on approval response in Foundry hosting (#5662)
    
    Make the wire<->AF approval translation in Microsoft.Agents.AI.Foundry.Hosting lossless so the resume turn pairs function_call/function_call_output correctly.
    
    Root cause: InputConverter.ConvertMcpApprovalResponse rebuilt FunctionCallContent with CallId set to the FICC-composed AF request id (ficc_<callId>) and Name hardcoded to 'mcp_approval'. This (a) broke Azure Conversations pairing because the persisted function_call had CallId <callId> without prefix, and (b) made FICC unable to invoke the original tool by name on resume.
    
    Fix: ToolApprovalIdMap now records the original FunctionCallContent (CallId, Name, Arguments) keyed by wire id at outbound time. InputConverter reconstructs the original FCC on inbound, falling back to the legacy placeholder when no mapping exists.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Suppress orphan function_call items at the wire (#5662)
    
    Foundry-Hosting's OutputConverter was emitting FunctionCallContent as wire `function_call` items while dropping the paired FunctionResultContent. The result: every auto-invoked tool call left an orphan `function_call` in the response store. The next turn (chained via previous_response_id or via a workflow that yields after one turn under externalLoop) reloaded that history and submitted it to Azure Conversations, which rejected it with HTTP 400 `No tool output found for function call ...`.
    
    Function call/result pairs are entirely internal to the agent's tool-calling loop and have no place on the wire. Approval-required calls already surface separately via ToolApprovalRequestContent → mcp_approval_request, so dropping FCC is safe.
    
    FCC's message-close behavior is preserved so pre-tool text doesn't accidentally concatenate with post-tool text under the same MessageId. Existing OutputConverter tests asserting FCC wire emission are updated to assert suppression.
    
    Verified end-to-end against the declarative-workflow-menu external_loop bench: three-turn previous_response_id chain (menu → carbonara price → EXIT) now completes, where it previously failed at turn 2 with HTTP 400.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fail fast when no approval mapping is recorded (#5662)
    
    The previous best-effort placeholder fallback in InputConverter.ConvertMcpApprovalResponse couldn't actually round-trip — it just delayed and obscured the failure as an HTTP 400 deep inside the agent loop. Throw InvalidOperationException with the wire id and a clear cause hint instead so the failure is local and actionable.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Trim narrative comments and exception message (#5662)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Defer FunctionCallContent emission until matched FunctionResultContent (#5662)
    
    Replace blanket FCC suppression with deferred emission. FunctionCallContent
    is buffered (name + serialized arguments) keyed by CallId; the function_call
    and function_call_output wire items are only flushed once the matching
    FunctionResultContent arrives.
    
    - Auto-invoked FCC/FRC pairs surface as paired wire items so Azure's stored
      conversation has matched call+output and previous_response_id resume
      works (closes the orphan-function_call symptom from #5662).
    - Orphan FCCs (e.g. workflow paused at a checkpoint mid-tool-loop) are
      dropped so they never poison the response store.
    - Approval flows are unchanged: TARC still emits mcp_approval_request and
      the post-approval FRC has no buffered FCC to pair with so it is dropped;
      the approval round-trip handles its own pairing via mcp_approval_*.
    - Leaves the door open for future client-side function calling: that
      pattern would surface an FCC without an FRC, would need to opt out of
      buffering, but the wire shape is already correct.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Emit FunctionCallContent and FunctionResultContent directly (option B)
    
    Replace the deferred-emission/buffer-and-drop strategy with direct emission of both function_call and function_call_output wire items.
    
    Rationale: a lone FunctionCallContent in OutputConverter's input can mean two semantically different things, and only the caller knows which:
    
    - Auto-invoke (FICC response surface): always paired with a matching FRC; both halves should appear on the wire as historical record.
    
    - HITL / port-pause request (typed RequestPort<FunctionCallContent,...> or workflow synthesizing a request): a lone FCC IS the wire signal that the caller must resume by supplying a function_call_output.
    
    Buffering+dropping orphans silently swallows the second case. Emitting both directly is the only correct shape for OpenAI Responses semantics.
    
    The InputConverter already accepts function_call_output and mcp_approval_response on resume, so the round-trip works for both kinds.
    
    The approval-flow round-trip fixes (ToolApprovalIdMap rich ApprovalEntry, fail-fast on missing mapping in ConvertMcpApprovalResponse) remain intact.
    
    Tests: updated 7 OutputConverter tests + 1 OutputConverterWorkflow test that asserted the old buffer/drop semantics; all 227 tests pass.
    
    Refs #5662
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5668 review feedback on TryLoadMap
    
    Stop swallowing JsonException in ToolApprovalIdMap.TryLoadMap. The catch block recovered to an empty map and a stale comment claimed the caller would gracefully degrade via a 'wire-id fallback path' — but that path no longer exists: InputConverter.ConvertMcpApprovalResponse fails fast when no entry is found.
    
    Letting the JsonException propagate produces an error message that points at the actual cause (a state-bag format incompatibility), instead of converting it into a confusing 'no approval mapping recorded' InvalidOperationException one stack frame later.
    
    Refs #5662, PR #5668
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5668 review feedback round 2
    
    - OutputConverter FRC: emit string results as raw text (no JSON-quoting),
      matching the wire contract for function_call_output.output.
    - OutputConverter FCC: validate non-empty CallId before closing the in-flight
      text message, so a skipped FCC no longer breaks output-item boundaries.
    - ToolApprovalIdMap.Record: take pre-serialized arguments JSON (string) and
      primitive callId/name. Drops [RequiresUnreferencedCode]/[RequiresDynamicCode]
      so trim/AOT warnings stop propagating to call sites.
    - ToolApprovalIdMap.Record: no-op when callId or name is empty.
    - Tests: dedup duplicate ConvertItemsToMessages_McpApprovalResponse no-mapping
      test; add coverage for empty-CallId boundary, raw-string FRC payload, and
      Record empty-key no-op.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Remove bespoke Foundry toolbox helpers; standardize on MCP for toolbox consumption (#5671)
    * Remove Foundry toolbox helpers; standardize on MCP for toolbox consumption
    
    - Remove RawFoundryChatClient.get_toolbox() and its fetch_toolbox import
    - Remove fetch_toolbox, select_toolbox_tools, get_toolbox_tool_name,
      get_toolbox_tool_type, FoundryHostedToolType, ToolboxToolSelectionInput
      from agent_framework_foundry._tools
    - Remove ExperimentalFeature.TOOLBOXES from _feature_stage.py (no consumers)
    - Drop toolbox re-exports from agent_framework_foundry/__init__.py and
      agent_framework.foundry namespace
    - Update _sanitize_foundry_response_tool docstring to remove toolbox framing;
      sanitization logic itself is unchanged
    - Update _agent.py docstring: 'toolbox-fetched MCP' → 'hosted MCP'
    - Delete tests/test_toolbox.py (all tests covered removed helpers)
    - Update test_foundry_chat_client.py: rename/redoc tests that mentioned
      toolbox but test sanitization that remains
    - Delete foundry_chat_client_with_toolbox.py (bespoke toolbox API sample)
    - Delete foundry_toolbox_context_provider.py (relied on select_toolbox_tools)
    - Rename foundry_chat_client_with_toolbox_mcp.py →
      foundry_chat_client_with_toolbox.py (canonical MCP pattern)
    - Rewrite 04_foundry_toolbox/main.py to use MCPStreamableHTTPTool
    - Update provider/README, context_providers/README, 04_foundry_toolbox/README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(samples): update 06_files sample to consume toolbox via MCP (#5670)
    
    Replace removed get_toolbox/select_toolbox_tools APIs with
    MCPStreamableHTTPTool, using allowed_tools=["code_interpreter"] to
    select only the code interpreter from the toolbox endpoint.
    
    Update .env.example and README to use FOUNDRY_TOOLBOX_ENDPOINT
    instead of TOOLBOX_NAME.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(foundry): remove non-existent toolbox helper APIs from README (#5670)
    
    Remove the 'fetch, optionally filter, and pass tools directly' pattern
    from the FoundryChatClient toolbox documentation, as select_toolbox_tools
    and get_toolbox were removed. Only the MCP endpoint pattern is documented.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(foundry): remove residual toolbox docstring references and reproduction report
    
    Remove REPRODUCTION_REPORT.md (workflow artifact that should not be committed),
    and update two remaining docstring references that still said 'toolbox reads'
    /'toolbox definition' after the toolbox helpers were removed.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Remove bespoke Foundry toolbox helpers; standardize on MCP for toolbox consumption
    
    Fixes #5670
    
    * fix(#5670): resolve toolbox endpoint from TOOLBOX_NAME fallback; add namespace regression tests
    
    - Add _resolve_toolbox_endpoint() helper in 04_foundry_toolbox/main.py and
      06_files/main.py that prefers FOUNDRY_TOOLBOX_ENDPOINT but falls back to
      deriving the MCP URL from FOUNDRY_PROJECT_ENDPOINT + TOOLBOX_NAME — fixing
      the startup KeyError when agents are deployed via azd provision (which injects
      TOOLBOX_NAME, not FOUNDRY_TOOLBOX_ENDPOINT).
    - Update 04_foundry_toolbox/.env.example to use FOUNDRY_TOOLBOX_ENDPOINT
      (consistent with 06_files).
    - Add TOOLBOX_NAME env var to 06_files/agent.yaml so deployed agents have it
      available for the fallback derivation.
    - Update both READMEs to document the two ways to supply the toolbox endpoint.
    - Add test_foundry_namespace_no_longer_exposes_toolbox_helpers() with negative
      assertions for FoundryHostedToolType, get_toolbox_tool_name,
      get_toolbox_tool_type, and select_toolbox_tools — guarding against accidental
      re-introduction of removed symbols.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(samples): fail fast on empty FOUNDRY_TOOLBOX_ENDPOINT; add unit tests
    
    Addresses review feedback for #5670:
    
    - In _resolve_toolbox_endpoint() (04_foundry_toolbox/main.py and
      06_files/main.py) change the walrus-operator check from a truthy
      test to an explicit 'is not None' guard.  An explicitly set empty
      string now raises ValueError immediately with a clear message
      instead of silently falling through to the fallback URL
      construction.
    
    - Add tests/samples/hosting/test_toolbox_endpoint.py covering both
      sample modules:
        (a) FOUNDRY_TOOLBOX_ENDPOINT set → returned as-is
        (b) FOUNDRY_TOOLBOX_ENDPOINT set to empty string → ValueError
        (c) fallback constructs URL from FOUNDRY_PROJECT_ENDPOINT + TOOLBOX_NAME,
            stripping trailing slashes
        (d) neither variable group set → KeyError
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback: remove extraneous test and docstring content
    
    - Remove test_foundry_namespace_no_longer_exposes_toolbox_helpers (no longer warranted)
    - Remove docstring from _agent.py _prepare_tools_for_openai (extraneous)
    - Trim _chat_client.py _prepare_tools_for_openai docstring to one-liner (toolbox references no longer relevant)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: remove remaining extraneous docstring from RawFoundryChatClient._prepare_tools_for_openai
    
    Address review comment on PR #5671: reviewer noted the description
    isn't warranted now that toolbox helpers have been removed. Matches
    the pattern in RawFoundryAgentChatClient which has no docstring.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add Foundry.Hosting.IntegrationTests (#5598)
    * Foundry.Hosting.IntegrationTests: scaffold project, fixtures, and 24 tests
    
    Add a new integration test project for Foundry hosted agents alongside the existing Foundry.IntegrationTests project. The project provisions a real Foundry hosted agent per scenario via AgentAdministrationClient.CreateAgentVersionAsync, points it at a single test container image (built and pushed out of band by scripts/it-build-image.ps1 in a follow up commit), and exercises the agent through AIProjectClient.AsAIAgent.
    
    Six scenario fixtures are introduced, each pointing at the same image but selecting behavior via the IT_SCENARIO environment variable on the HostedAgentDefinition:
    - HappyPathHostedAgentFixture (round trip, multi turn, stored=false flag)
    - ToolCallingHostedAgentFixture (server side AIFunctions)
    - ToolCallingApprovalHostedAgentFixture (approval flow)
    - ToolboxHostedAgentFixture (Foundry toolbox)
    - McpToolboxHostedAgentFixture (MCP backed toolbox)
    - CustomStorageHostedAgentFixture (custom storage provider)
    
    24 tests across 6 test classes are scaffolded. All are tagged Skip pending the test container build and the end to end smoke iteration in follow up commits. Once the container is in place the Skip annotations can be removed scenario by scenario.
    
    Adds an IT_HOSTED_AGENT_IMAGE constant to the shared TestSettings so every IT project agrees on the env var name the build script emits.
    
    * Foundry.Hosting.IntegrationTests: add TestContainer, build script, slnx, README
    
    Adds the rest of the integration test infrastructure on top of the previous scaffolding commit:
    
    * Foundry.Hosting.IntegrationTests.TestContainer csproj and Program.cs implementing the multi scenario container (one image, IT_SCENARIO env var dispatches between happy-path, tool-calling, tool-calling-approval, toolbox, mcp-toolbox, and custom-storage). The toolbox, mcp-toolbox, and custom-storage branches are placeholders pending API surface stabilization.
    * Dockerfile and dockerignore in the test container project, using the contributor pattern matching the investigation work (host side dotnet publish, container only does COPY out/).
    * scripts/it-build-image.ps1 with mandatory Registry parameter (no hardcoded ACR), content hashed tags so unchanged source results in a no op push, and emits IT_HOSTED_AGENT_IMAGE for shells and CI to consume.
    * slnx entry for both new projects.
    * README in the IT project covering env vars, image build, scenario table, and current placeholder status.
    
    Steps still pending: end to end smoke (step 5) and CI workflow integration (step 6) require a live Foundry deployment and ACR push, so they land in follow up commits.
    
    * Foundry.Hosting.IntegrationTests: address PR 5598 review feedback
    
    Fix issues raised by Copilot review:
    
    * it-build-image.ps1: hash file contents, not the path list, so any source edit produces a fresh tag. Normalize Registry input by stripping scheme and trailing slash before deriving the ACR short name. Validate the short name is non empty.
    * HostedAgentFixture: route GetAgentAsync through _adminClient (which has the FoundryFeaturesPolicy attached) instead of through _projectClient.AgentAdministrationClient (which does not).
    * HostedAgentFixture FoundryFeaturesPolicy: replace Headers.Add with Remove plus Add so retries cannot accumulate duplicate headers.
    * HappyPath, ToolCalling, ToolCallingApproval, CustomStorage tests: create the AgentSession before turn 1 and reuse it for both turns. The previous pattern created the session after turn 1 so turn 2 had no link to turn 1, defeating the multi turn assertion.
    
    * .NET: Foundry.Hosting.IntegrationTests: constrain to net10.0 + dotnet format autofix
    
    - Set <TargetFrameworks>net10.0</TargetFrameworks>: the project references both
      Microsoft.Agents.AI.Foundry.Hosting (net8/9/10 only) and AgentConformance.IntegrationTests
      (net10.0;net472 — inherits the tests-default TFM list). The intersection is net10.0;
      the previous $(TargetFrameworksCore) triple caused NU1702 + System.Text.Json version
      conflicts on the net8.0/net9.0 builds because AgentConformance had no matching asset.
    - Apply `dotnet format` autofix on the test files (IDE0005, IDE0009, IDE0032, IMPORTS).
    
    * .NET: Foundry.Hosting.IntegrationTests.TestContainer/Program.cs: add UTF-8 BOM
    
    CI's check-format requires charset=utf-8-bom per .editorconfig.
    
    * Foundry.Hosting IntegrationTests: wire end-to-end CI flow against hosted agents
    
    Make the integration tests usable end-to-end against a live Foundry deployment, including
    a per-run rebuild of the test container so framework code changes are exercised.
    
    Fixture (HostedAgentFixture.cs)
    
    * Switch from per-run unique agent names to stable scenario-keyed names (it-happy-path,
      it-tool-calling, ...). The agent's managed identity carries the Azure AI User role on
      the project scope, which is required for inbound inference; deleting the agent recycles
      the MI and breaks that role assignment, so we keep the agent across runs and only churn
      versions.
    * Add IT_RUN_ID env var to defeat Foundry's content-addressed version dedup; otherwise a
      rerun just receives the existing version and Dispose deletes it.
    * PATCH the per-agent endpoint with AgentEndpointConfig (Responses protocol, version
      selector at 100% to the new version). Without this, /agents/{name}/endpoint/protocols/
      openai/responses returns HTTP 400.
    * Build a per-agent ProjectOpenAIClient (not the cached projectClient.ProjectOpenAIClient,
      which is bound to the project-level URL); set AgentName in options so the URL routes
      through the agent endpoint, and add the Foundry-Features header to the inference
      pipeline.
    * Use Versions (which serializes to container_protocol_versions) instead of the
      deprecated ProtocolVersions; the server now rejects the legacy field.
    * On Dispose, delete only the version this fixture created. Never delete the agent.
    
    Tests
    
    * Tag every HostedAgentTests class with [Trait("Category", "FoundryHostedAgents")] so the
      CI workflow can route them to a separate Foundry project than the rest of the
      integration suite.
    
    CI workflow (.github/workflows/dotnet-build-and-test.yml)
    
    * Add a foundryHosting paths-filter covering Microsoft.Agents.AI.Foundry.Hosting and its
      in-repo dependency chain (Foundry, Agents.AI, Agents.AI.Abstractions), the test
      container, the test fixture, Directory.Packages.props, the build script, and this
      workflow file. Skip the costly hosted-agent steps when none of those changed.
    * Add "Build and push Foundry Hosted Agents test container" step that invokes
      scripts/it-build-image.ps1 against vars.IT_HOSTED_AGENT_REGISTRY and pipes the resulting
      IT_HOSTED_AGENT_IMAGE=<tag> into GITHUB_ENV.
    * Add "Run Foundry Hosted Agents Integration Tests" step that filters in only the new
      trait, with AZURE_AI_PROJECT_ENDPOINT/AZURE_AI_MODEL_DEPLOYMENT_NAME pointed at
      IT_HOSTED_AGENT_PROJECT_ENDPOINT/IT_HOSTED_AGENT_MODEL_DEPLOYMENT_NAME (Tao project,
      East US 2; the SK IT project's region does not yet support hosted agents preview).
    * Exclude the new trait from the existing "Run Integration Tests" step.
    * TEMP: drop the != 'pull_request' guard on the new steps and on Azure CLI Login when the
      paths-filter triggers, so PR #5598 can validate the wiring before promoting to merge
      queue only. Restore the original guard after one green PR run.
    
    Build script (scripts/it-build-image.ps1)
    
    * Hash now spans TestContainer source AND its referenced framework projects so any
      framework code change forces a fresh tag and a real docker push; the previous
      TestContainer-only hash silently reused stale images on framework edits.
    
    Bootstrap script (dotnet/tests/Foundry.Hosting.IntegrationTests/scripts/it-bootstrap-agents.ps1)
    
    * New idempotent script that creates the six stable scenario agents and grants Azure AI
      User on the project scope to each agent's MI. Run once per Foundry project. Includes
      AAD-graph propagation retries because newly created MIs take time to appear there.
    
    README (dotnet/tests/Foundry.Hosting.IntegrationTests/README.md)
    
    * Document the bootstrap prerequisite, the regional caveat (East US 2 is the only region
      we have validated; East US returned "Unsupported region" at the time of writing), the
      per-run image rebuild, and the CI wiring including the SP RBAC requirements.
    
    SDK pin (TEMP)
    
    * Bump Microsoft.Agents.AI.Foundry.Hosting's Azure.AI.Projects VersionOverride to
      2.1.0-alpha.20260505.1 from the azure-sdk public daily feed (added to nuget.config).
      This release is the first that builds the per-agent inference URL as
      /agents/{name}/endpoint/protocols/openai (the 2.1.0-beta.1 release builds
      .../openai/openai/v1, which the server rejects). Revert both the feed and the override
      once the URL fix lands in a stable Azure.AI.Projects release.
    
    * Foundry.Hosting IntegrationTests: revert alpha SDK pin; move endpoint PATCH to bootstrap
    
    The alpha SDK pin (Azure.AI.Projects 2.1.0-alpha.20260505.1 from the azure-sdk public
    daily feed) was needed only for the URL routing fix and the strongly-typed
    AgentEndpointConfig/PatchAgentOptions wrapper. We do not need either right now: the
    fixture stays compatible with the public 2.1.0-beta.1 by moving the one-time endpoint
    PATCH to the bootstrap script (it sets version_selector to FixedRatio @latest, so each
    new fixture run becomes the served version automatically without a per-run PATCH from
    the test code). The hosted-agent invocation path will start working end-to-end once the
    URL routing fix lands in a stable Azure.AI.Projects release; until then the tests stay
    [Fact(Skip = ...)] as documented.
    
    * Revert dotnet/nuget.config: drop the azure-sdk-for-net public feed.
    * Revert Microsoft.Agents.AI.Foundry.Hosting.csproj VersionOverride to 2.1.0-beta.1.
    * Revert Microsoft.Agents.AI.Foundry.UnitTests and Microsoft.Agents.AI.Foundry.Hosting.UnitTests
      Azure.AI.Projects pin (they had been bumped to align Azure.Core 1.54 transitive).
    * Drop the AgentEndpointConfig PATCH block from HostedAgentFixture.cs (the type is
      alpha-only). Replace with a comment pointing at the bootstrap script.
    * Bootstrap script (it-bootstrap-agents.ps1) now also PATCHes each agent's endpoint
      with version_selector=@latest if not already set. Idempotent.
    
    * Foundry.Hosting IntegrationTests: drop accidentally committed filtered.slnx
    
    * Foundry.Hosting IntegrationTests: revert TEMP PR override on Azure CLI Login + IT steps
    
    The previous attempt to validate the new hosted-agent IT wiring on PR #5598 failed
    because the PR is from a fork (rogerbarreto/agent-framework-public). GitHub never passes
    environment secrets to fork PRs regardless of event-name guards on individual steps,
    so 'azure/login@v2' fails with 'client-id and tenant-id are not supplied'. Restore the
    original github.event_name != 'pull_request' guard. The new steps will execute on
    push to main and on merge_group runs.
    
    * Foundry.Hosting IntegrationTests: invoke build-and-push script with absolute path
    
    The pwsh shell on the GitHub Actions runner couldn't resolve ./scripts/it-build-image.ps1
    when the step had no working-directory set; the step inherits the runner's PWD which is
    not always the repo root after preceding steps. Use github.workspace explicitly to remove
    the ambiguity.
    
    * Foundry.Hosting IntegrationTests: move it-build-image.ps1 inside the IT project tree
    
    The previous location at scripts/it-build-image.ps1 lived outside the sparse-checkout
    paths the workflow uses (.github, dotnet, python, declarative-agents), so the runner
    never had the file when the new step tried to invoke it. Move the script next to its
    sibling it-bootstrap-agents.ps1 inside the IT project tree, and anchor its relative
    paths to the repo root via  so callers can invoke it from any PWD.
    
    * Move scripts/it-build-image.ps1 -> dotnet/tests/Foundry.Hosting.IntegrationTests/scripts/it-build-image.ps1
    * Add Push-Location to the resolved repo root inside the script (Pop-Location in finally)
      so the existing relative paths (TestContainerProject, hashed src dirs) keep working
      no matter where the script is invoked from.
    * Update the workflow path filter and the step's invocation path to the new location.
    
    * Foundry.Hosting IntegrationTests: enable 5 HappyPath tests on the live Foundry endpoint
    
    The fixture already constructs ProjectOpenAIClient via the per-agent path that beta.1
    supports (new ProjectOpenAIClient(uri, cred, opts { AgentName })), so no SDK pin bump
    is required to run the smoke tests end-to-end. Un-skip the 5 tests that pass against
    the live test container.
    
    Tests un-skipped (verified passing locally against tao-foundry-prj):
    
    * RunAsync_ReturnsNonEmptyTextAsync
    * RunStreamingAsync_YieldsAtLeastOneUpdateAsync
    * MultiTurn_WithPreviousResponseId_PreservesContextAsync
    * StoredFalse_Baseline_DoesNotPersistResponseAsync
    * Instructions_FromContainerDefinition_AreObeyedAsync
    
    Tests still skipped with a more specific reason (4 of 9 in HappyPath plus all
    ToolCalling*, McpToolbox, Toolbox, CustomStorage) because the test container does not
    yet emit usable response_id / conversation_id chains, and the placeholder scenarios are
    not implemented in the test container's Program.cs. These are test container limitations,
    not infra bugs, and can be un-skipped as the container surfaces stabilize.
    
    * Foundry.Hosting IntegrationTests: extract hosted IT into parallel job, add Workflows dep
    
    Address Wesley's review feedback on PR #5598:
    
    1. Pull Foundry hosted-agent IT into its own dotnet-foundry-hosted-it job that runs in parallel to dotnet-build and dotnet-test. Same path-filter gate keeps it skipped on unrelated edits. Builds only the filtered solution containing Foundry.Hosting.IntegrationTests and src deps. dotnet-build-and-test-check now waits on it too.
    
    2. Add Microsoft.Agents.AI.Workflows to the foundryHosting paths-filter and to hashedDirs in it-build-image.ps1 since Foundry.Hosting transitively depends on it.
    
    TFM constraint on the IT csproj stays at net10.0 because AgentConformance.IntegrationTests targets net10/net472 and is consumed by ~12 other IT projects on net472.
    
    ---------
    
    Co-authored-by: Roger Barreto <rbarreto@microsoft.com>
  • .NET: Fix flaky declarative test (#5669)
    * Fix flaky declarative test
    
    * Addressed host gating and guid parsing concerns in test file.
  • .NET: Bump MEAI to 10.5.1 and add Foundry per-call x-client header support (#5652)
    * Bump MEAI to 10.5.1 and add per-call x-client header support
    
    Replaces the brittle UserAgentResponsesClient subclass with a clean
    per-call x-client-* header pipeline built on the new Microsoft.Extensions.AI
    10.5.1 OpenAIRequestPolicies hook.
    
    Public surface (Microsoft.Agents.AI.Foundry, [Experimental(MAAI001)]):
    * chatOptions.WithClientHeader(name, value) and .WithClientHeaders(IEnumerable)
      validate the x-client- prefix (case-insensitive), apply all-or-nothing on
      bulk, and throw InvalidOperationException on foreign-typed slot collision
    * myAgent.AsBuilder().UseClientHeaders().Build() opts a customer-built agent
      into the pipeline; idempotent via agent.GetService<ClientHeadersAgent>()
    * Foundry-built agents (FoundryAgent.Create*) pre-wire automatically
    
    Internals:
    * ClientHeadersAgent decorator snapshots the dict at scope-push time so
      concurrent runs sharing a ChatOptions reference do not leak headers
    * ClientHeadersScope is an AsyncLocal<IReadOnlyDictionary<string,string>?>
      with LIFO push/dispose semantics
    * ClientHeadersPolicy singleton stamps headers via Headers.Set so per-call
      values overwrite any same-name header from earlier policies and so
      duplicate registration is value-stable
    * OpenAIRequestPoliciesReflection dedups against MEAI's private _entries
      field and falls back to AddPolicy on any reflection failure; a CI test
      asserts the field shape on every MEAI bump
    
    Hosting cleanup:
    * Deleted UserAgentResponsesClient and its dummy throwing pipeline
    * HostedAgentUserAgentPolicy is now registered via OpenAIRequestPolicies
      in FoundryHostingExtensions.TryApplyUserAgent
    
    Tests:
    * 19 new unit tests in ClientHeadersExtensionsTests.cs covering validation,
      AsyncLocal isolation, snapshot semantics, end-to-end wire stamping, and
      shared-chat-client dedup
    * Updated OpenTelemetryAgentTests for MEAI 10.5.1 changes to web_search
      serialization and the reduced tool definition payload when sensitive
      data capture is disabled
    
    Microsoft.Extensions.Compliance.Abstractions stays at 10.5.0 because no
    10.5.1 release exists on nuget.org.
    
    * Address PR review: pre-wire AsAIAgent path and dedup TryApplyUserAgent
    
    * FoundryAgent: extract WireClientHeaders helper and call it from the
      internal (AIProjectClient, ChatClientAgent) constructor used by
      AzureAIProjectChatClientExtensions.AsAIAgent so those Foundry-built
      agents also pre-wire the x-client header pipeline.
    * Foundry.Hosting TryApplyUserAgent: dedup HostedAgentUserAgentPolicy
      registration per OpenAIRequestPolicies instance via
      ConditionalWeakTable so per-request resolution does not grow the
      policy list unboundedly on singleton agents.
    
    * Add tests covering AsAIAgent pre-wire and TryApplyUserAgent dedup
    
    Backs the PR review fixes from a4c8f91 with regression tests:
    * ClientHeadersExtensionsTests: AsAIAgent_FoundryAgent_HasPreWiredClientHeadersAgent
      asserts the FoundryAgent built via AzureAIProjectChatClientExtensions.AsAIAgent
      contains a ClientHeadersAgent in its delegating chain (catches future
      regressions of the bypass).
    * ClientHeadersExtensionsTests: FoundryAgent_PublicConstructor_HasPreWiredClientHeadersAgent
      covers the public constructor path the same way.
    * ClientHeadersExtensionsTests: UseClientHeaders_RepeatedRegistrations_OnSameChatClient_OnlyRegistersOnce
      invokes UseClientHeaders 25 times on a shared chat client and asserts via
      reflection that OpenAIRequestPolicies._entries length is exactly 1.
    * HostedTryApplyUserAgentDedupTests: two tests asserting
      FoundryHostingExtensions.TryApplyUserAgent stays at one entry per
      OpenAIRequestPolicies instance after 50 calls on the same agent and across
      distinct agents on different chat clients.
    
    * Move tests next to their SUT
    
    Removes the dedicated HostedTryApplyUserAgentDedupTests.cs test class.
    Tests are co-located with the SUT they exercise:
    
    * FoundryAgentTests.cs gains the Constructor_PreWiresClientHeadersAgent
      and Constructor_FromAsAIAgentExtension_PreWiresClientHeadersAgent
      cases, since FoundryAgent is the SUT for the pre-wire behavior.
    * HostedOutboundUserAgentTests.cs gains the two TryApplyUserAgent dedup
      cases, since FoundryHostingExtensions.TryApplyUserAgent is the SUT
      it already covers.
    * ClientHeadersExtensionsTests.cs keeps only the
      UseClientHeaders_RepeatedRegistrations_OnSameChatClient_OnlyRegistersOnce
      case, which exercises the public ClientHeadersExtensions surface.
    
    * Remove redundant WithCancellation on inner streaming call
    
    ct is already passed to InnerAgent.RunStreamingAsync, so
    .WithCancellation(ct) on the resulting IAsyncEnumerable is a no-op.
    Caught by Sergey on PR review.
    
    * Address PR review: surface downstream MEAI experimental ID
    
    * Add AIOpenAIRequestPolicies = MEAIExperiments alias to
      DiagnosticIds.Experiments (matches the existing AIResponseContinuations,
      AIMcpServers, AIFunctionApprovals pattern).
    * Mark public ClientHeadersExtensions with [Experimental(AIOpenAIRequestPolicies)]
      instead of AgentsAIExperiments. Consumers now see the MEAI001 warning,
      surfacing the dependency on MEAI's experimental OpenAIRequestPolicies hook.
    * Mark internal OpenAIRequestPoliciesReflection with the same alias to
      suppress warnings at the source rather than via project-wide NoWarn.
    * Remove MEAI001 from Foundry csproj NoWarn (kept on Foundry.Hosting where
      pre-PR usages remain).
    * Clarify ClientHeadersScope XML doc: AsyncLocal flows values forward but
      does NOT auto-restore on method return; explicit using/Dispose is what
      gives stack-style LIFO semantics.
  • Python: [Breaking] Restructure agent skills to use multi-source architecture (#5584)
    * migrate skills to multi source architecture
    
    * Fix ruff lint errors in skills module (ASYNC240, SIM108, E501)
    
    - Use anyio.Path for async file I/O in _FileSkillResource.read()
    - Use noqa: ASYNC240 for pure string os.path calls in async context
    - Restore pre-commit if/else pattern in InlineSkillScript.run()
    - Break long lines to fit 120-char limit in _skills.py and test_skills.py
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: collapse multi-line lambdas to single lines to fix pyright errors
    
    The pyright ignore comments only suppress errors on the same line, so
    multi-line lambdas left arguments on continuation lines uncovered.
    Collapse both lambdas to single lines matching the existing load_skill
    lambda pattern.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: replace untyped lambdas with typed inner functions to fix pyright errors
    
    Python lambdas cannot have type annotations, so pyright reports
    reportUnknownLambdaType and reportUnknownArgumentType errors that
    cannot be suppressed with inline ignore comments. Replace the
    lambdas for read_skill_resource and run_skill_script with typed
    inner async functions.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: address PR review feedback on docs and prompt template
    
    - Update with_prompt_template() docstring to document the
      {resource_instructions} placeholder requirement
    - Remove stray backslashes after {resource_instructions} and
      {runner_instructions} in DEFAULT_SKILLS_INSTRUCTION_PROMPT
    - Update subprocess_script_runner docstring to reflect
      FileSkillScript.full_path usage
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: replace dict[str, Skill] with Sequence[Skill] in SkillsProvider
    
    Replace internal dict-based skills storage with Sequence[Skill] to
    eliminate silent duplicate overwrites and simplify the code. Add
    _find_skill helper for case-insensitive linear lookup.
    
    Also fix pyright errors in tests by adding isinstance assertions
    before accessing .function on SkillResource/SkillScript base types.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: add read-time resource path validation in _FileSkillsSource
    
    Move security validation (path-traversal and symlink guards) for
    file-based skill resources into _FileSkillsSource, restoring the
    read-time checks that existed in main via _read_file_skill_resource.
    
    - Add _get_validated_resource_path static method on _FileSkillsSource
      that validates containment, existence, and symlink safety
    - _FileSkillsSource.get_skills() validates resource paths at discovery
      time via _get_validated_resource_path before passing to _FileSkillResource
    - Move _normalize_resource_path, _is_path_within_directory, and
      _has_symlink_in_path from module-level into _FileSkillsSource as
      static methods (only used there)
    - _FileSkillResource remains a simple path-to-content reader
    - Add tests for _get_validated_resource_path security checks
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: reject str/Path in SkillsProvider constructor to prevent str-as-Sequence ambiguity
    
    Since str is a Sequence, passing a path string to the source parameter
    would silently be treated as a sequence of characters instead of a
    file source. Add an explicit TypeError with a helpful message pointing
    callers to SkillsProvider.from_paths().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5584 review feedback
    
    - Remove .NET reference from _FileSkillResource docstring
    - Fix inconsistent resource name example (references/FAQ.md -> references/FAQ)
    - Simplify SkillsProvider usage in code_defined_skill sample (pass single skill directly)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * remove skillsproviderbuilder
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    * fix: remove dead code and fix sync function call in InlineSkillResource.read()
    
    - Change await self.function() to self.function() for sync functions
      without **kwargs; async results are handled by inspect.isawaitable()
    - Remove unreachable raise ValueError since __init__ already validates
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * remove full_path unnecessary property
    
    * replace anyio with asyncio.to_thread for file I/O in _FileSkillResource
    
    Replace anyio.Path usage with asyncio.to_thread + pathlib.Path since
    anyio is not a direct dependency of core (transitive via mcp).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * simplify awaitable check to return directly
    
    Use 'return await result' instead of assigning then returning.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address PR review feedback for skills refactoring
    
    - Replace anyio with asyncio.to_thread + pathlib.Path for file I/O
    - Simplify awaitable check to return directly
    - Remove unnecessary function None guard in InlineSkillResource.read()
    - Add assert for type narrowing on self.function
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address PR review feedback for skills refactoring
    
    - Replace anyio with asyncio.to_thread + pathlib.Path for file I/O
    - Simplify awaitable checks to return directly
    - Remove unnecessary function None guard in InlineSkillResource.read()
    - Use typing.cast instead of assert for type narrowing
    - Add caching behavior note to SkillsProvider docstring
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: move name/description from abstract properties to Skill.__init__
    
    Replace abstract properties for name and description on the Skill ABC
    with a base __init__ that validates and stores them as regular
    attributes. This simplifies custom Skill subclasses (only content
    remains abstract) and centralizes validation in the base class,
    consistent with SkillResource and SkillScript base classes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • .NET: Add hosted agent observability sample (#5660)
    * .Net: Add hosted agent observability sample
    
    Mirrors the Python sample added in #5608 for Foundry hosted agents. The
    .NET hosting library already wires OpenTelemetry automatically via
    Microsoft.Agents.AI.Foundry.Hosting (ApplyOpenTelemetry) plus
    Azure.AI.AgentServer.Core's AddAgentHostTelemetry, so no framework
    changes are needed. The sample is documentation plus a runnable artifact
    that produces an interesting span tree (invoke_agent / agent_invoke /
    chat / execute_tool).
    
    Adds Hosted-Observability under FoundryHostedAgents/responses with two
    small tools (GetCurrentLocation, GetWeather), agent.yaml /
    agent.manifest.yaml declaring OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT
    (the .NET equivalent of Python's ENABLE_SENSITIVE_DATA), Dockerfile +
    Dockerfile.contributor, .env.example and README explaining the .NET vs
    Python defaults. Project added to agent-framework-dotnet.slnx.
    
    * Address PR feedback: use Random.Shared and add .dockerignore
  • Python: Add Python parity for InvokeMcpTool in declarative workflow (#5630)
    * Add Python parity for HttpRequestAction in declarative workflow
    
    * Ran pyupgrade and pright to fix CI issues
    
    * Fix conversation ID dot parsing for http executor
    
    * Removed unnecessary export command
    
    * Initial implementation of invoke mcp tool in python
    
    * Update sample to support require approval to be toggled by environment variable.
    
    * Fix cache and PR comments
    
    * Update python/samples/03-workflows/declarative/invoke_mcp_tool/main.py
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: fix(bedrock): don't send toolChoice when no tools are configured (#5172)
    * fix(bedrock): don't send toolChoice when no tools are configured
    
    BedrockChatClient was sending toolConfig.toolChoice even when no tools
    were configured (tools=None). AWS Bedrock requires toolConfig.tools to
    be present whenever toolChoice is specified, causing a 400 validation
    error.
    
    Only set toolChoice when tool_config has a 'tools' key present.
    
    Fixes #5165
    
    Signed-off-by: bahtya <bahtyar153@qq.com>
    
    * test: add tests for toolChoice without tools
    
    - test_prepare_options_tool_choice_auto_without_tools_omits_tool_config
    - test_prepare_options_tool_choice_required_without_tools_omits_tool_config
    
    Verifies that toolConfig is omitted when tool_choice is set but no
    tools are provided, preventing ParamValidationError from Bedrock.
    
    * fix: address maintainer feedback — remove stray test file, raise ValueError for required without tools
    
    1. Remove test_addition.py — stray duplicate of tests already in
       python/packages/bedrock/tests/test_bedrock_client.py, missing all
       necessary imports and would fail with NameError.
    
    2. Change tool_choice='required' handling to raise ValueError when no
       tools are configured instead of silently falling through. Using
       'required' without tools is a logical contradiction — the model
       must invoke a tool but none exist — so surfacing this as a
       ValueError helps callers catch the misconfiguration early.
    
    3. Update the corresponding test to expect ValueError instead of
       silently omitted toolConfig.
    
    ---------
    
    Signed-off-by: bahtya <bahtyar153@qq.com>
  • Python: information-flow control prompt injection defense (#5331)
    * Python: Information-flow control based prompt injection defense (#5024)
    
    * fides integration
    
    * documentation
    
    * documentation
    
    * documentation
    
    * human-approval on policy violation
    
    * numenous hyena 'works'
    
    * IFC based implementation
    
    * minor edits in documentation
    
    * rebasing the branch and running the email example
    
    * Add security tests for IFC middleware
    
    * Fix Role.TOOL NameError in approval handling
    
    * tiered labelling scheme
    
    * 3 tier labelling scheme in middleware
    
    * Adapt security middleware to list[Content] tool results
    
    * Refactor SecureAgentConfig as context provider and address Copilot review comments
    
    * Update FIDES docs to reflect context provider pattern and update code for ContextProvider rename
    
    * Fix security examples: use OpenAIChatClient instead of non-existent AzureOpenAIChatClient
    
    * Address PR review: consolidate security modules, remove ContentLineage, update docs
    
    * remove unrelated files
    
    * remove comment from _tools.py and rename decision file
    
    * Fix CI failures: Bandit B110, broken md links, hosted approval passthrough
    
    * apply template to decision doc 0024
    
    * minor fixes to decision doc 0024
    
    ---------
    
    Co-authored-by: Aashish <t-akolluri@microsoft.com>
    
    * Python: follow up FIDES security flow (#5330)
    
    * Python: follow up FIDES security flow
    
    Refine the secure approval path, mark the security classes with the FIDES experimental feature label, and clean up the related docs/tests. Also fix workspace-level validation regressions uncovered while running the full Python check suite.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: remove FIDES GitHub MCP sample
    
    Drop the GitHub MCP security sample from the FIDES follow-up branch while keeping the remaining security docs and samples intact.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: fix paths and update FIDES implementation (#5352)
    
    * Python: updated import naming and comment from review (#5421)
    
    * updated import naming and comment from review
    
    * Add approval replay None call-id test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Address PR 5331 comments and track sesssion while calling Agent in email_security_example (#5446)
    
    * Address PR review: fix paths and update FIDES implementation
    
    * Address PR comments and add session tracking in email example in samples
    
    * Fix session creation and resolve merge conflict in docstring example
    
    * Resolve merge conflict in docstring example
    
    * Python: add test for empty-message pruning in approval result replacement (#5617)
    
    Adds test coverage for the second-pass logic in
    `_replace_approval_contents_with_results` that removes messages whose
    `contents` list becomes empty after first-pass content removal.
    
    Addresses review comment on PR #5331:
    https://github.com/microsoft/agent-framework/pull/5331#discussion_r3129039445
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: shrutitople <shruti.tople@gmail.com>
    Co-authored-by: Aashish <t-akolluri@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix YAML block scalar parsing for file skills (#5610)
    * Fix YAML block scalar parsing for file skills
    
    * Address block scalar parsing review feedback
  • .NET: Fix QuestionExecutor looping after GotoAction re-entry in declarative workflows (#5635)
    * Fix QuestionExecutor looping after GotoAction re-entry in declarative workflows
    
    * Addressed failing integration test and promptcount
  • fix: JSON Serialization issue with MultiPartyConversation (#5653)
    When MultiPartyConversation gets saved during checkpointing, the data for the chat history is not persisted, resulting in failures to deserialize after. The fix is to make the history visible to the source generated serialization code.
  • .NET: Improve Todo multithreading and inject todos into message list (#5655)
    * Improve Todo multithreading and inject todos into message list
    
    * Address PR comments
  • .NET: Add allow listing for WebBrowsingTool (#5605)
    * Add allow listing for WebBrowsingTool
    
    * Address PR comments.
  • .NET: feat: Implement message filtering to exclude non-portable content typ… (#5410)
    * feat: Implement message filtering to exclude non-portable content types before forwarding
    
    Co-authored-by: Copilot <copilot@github.com>
    
    * Added unit tests to cover forwarded message filtering within AI Agent executors
    
    Co-authored-by: Copilot <copilot@github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Workflows/Specialized/AIAgentHostExecutor.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Workflows/Specialized/AIAgentHostExecutor.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Workflows/Specialized/AIAgentHostExecutor.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * fix: Disable forwarding of incoming messages in AIAgentHostExecutor tests
    
    Co-authored-by: Copilot <copilot@github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration (.NET) (#5329)
    * Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration
    
    Introduces a new Microsoft.Agents.AI.Hyperlight package that enables CodeAct-style sandboxed code execution via Hyperlight (hyperlight-sandbox .NET SDK, PR #46) for .NET agents, following the docs/features/code_act/dotnet-implementation.md design and the Python agent_framework_hyperlight reference.
    
    Highlights:
    - HyperlightCodeActProvider (AIContextProvider): injects an execute_code tool and CodeAct guidance per invocation; single-instance-per-agent via a fixed StateKeys value; supports multiple provider-owned tools (exposed inside the sandbox via call_tool), file mounts, and an outbound domain allow-list; snapshot/restore per run.
    - HyperlightExecuteCodeFunction: standalone AIFunction for manual/static wiring when the sandbox configuration is fixed.
    - Approval model via CodeActApprovalMode (AlwaysRequire / NeverRequire) with propagation from ApprovalRequiredAIFunction-wrapped tools.
    - Unit tests (instruction builder, tool bridge, approval computation, provider CRUD, ProvideAIContextAsync snapshot isolation and approval wrapping).
    - Env-gated integration test (HYPERLIGHT_PYTHON_GUEST_PATH).
    - Three samples under samples/02-agents/AgentWithCodeAct (interpreter, tool-enabled, manual wiring).
    
    Build is not yet runnable: requires .NET SDK 10.0.200 and the not-yet-published HyperlightSandbox.Api 0.1.0-preview NuGet package. Package is marked IsPackable=false until the dependency is available.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5329 review feedback for Hyperlight CodeAct provider
    
    - A. Build-breakers: drop unused usings, override test TargetFrameworks
      off net472, drop redundant Microsoft.Extensions.AI.Abstractions PackageRef.
    - B. API: keep CRUD but rebuild sandbox when config fingerprint changes;
      add HyperlightCodeActProviderOptions.CreateForWasm/CreateForJavaScript
      factory methods (Backend/ModulePath now read-only); rename WorkspaceRoot
      to HostInputDirectory; convert AllowedDomain & FileMount from record to
      sealed class; drop ToolBridge.Unwrap (ApprovalRequiredAIFunction is
      invocable as-is).
    - C. ToolBridge: collapse SerializeResult switch; add comment explaining
      AOT-driven choice to keep JsonNode.Parse over typed Deserialize.
    - D. InstructionBuilder: drop language-specific 'Python code' phrasing;
      strip host filesystem paths from execute_code description.
    - E. Style polish: ternary expression-body for ComputeApprovalRequired,
      .Where(x is not null), .ToList() over .ToArray() in IReadOnlyList
      returns.
    - F. Samples: add guest-module / KVM-WHP build instructions to Step01;
      note future Excel-upload sample in Step02.
    
    Also adds SandboxExecutorTests covering the new RunSnapshot.ComputeFingerprint
    used for sandbox-rebuild detection.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Align Hyperlight package id and JS warm-up with merged upstream SDK
    
    The .NET SDK in hyperlight-dev/hyperlight-sandbox PR #46 has merged. The
    published package id is Hyperlight.HyperlightSandbox.Api (the bare
    HyperlightSandbox.Api remains the assembly/namespace) and the reference
    CodeExecutionTool uses 'void 0;' as the JavaScript warm-up no-op. Update
    the package reference, project comment, README, and SandboxExecutor warm-up
    accordingly.
    
    No functional change beyond that — all other public APIs we depend on
    (SandboxBuilder.With*, Sandbox.Run/RegisterToolAsync/AllowDomain/Snapshot/
    Restore, ExecutionResult, SandboxBackend) match the merged shape.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Bump Hyperlight package to 0.4.0 and fix build/test issues
    
    Hyperlight.HyperlightSandbox.Api 0.4.0 is now published on nuget.org. Bump
    the version reference and address the analyzer/runtime issues that surfaced
    once restore could complete:
    
    - Add HyperlightJsonContext source-generated JsonSerializerContext for the
      execute_code result + tool error envelopes; route arbitrary AIFunction
      results through AIJsonUtilities.DefaultOptions to keep IsAotCompatible=true.
    - Replace explicit ObjectDisposedException throws with
      ObjectDisposedException.ThrowIf (CA1513).
    - Use HyperlightSandbox.Api.SandboxBackend in cref docs to disambiguate.
    - Update tests to match AIContext.Tools being IEnumerable<AITool>, drop
      ConfigureAwait(false) in xUnit test methods (xUnit1030), use collection
      expressions for AllowedDomain methods.
    - Add 'using OpenAI.Chat;' to all three samples so AsAIAgent resolves.
    - Verified: dotnet build of all four hyperlight projects + samples succeeds
      on net8/9/10; dotnet test for the unit tests passes 32/32 on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI check failures: file encoding (UTF-8 BOM + LF) and broken markdown link
    
    - Convert all new .cs/.csproj files to UTF-8 with BOM and LF line endings
      to satisfy the dotnet/.editorconfig charset/end_of_line settings
      enforced by check-format.
    - Drop unused System.Collections.Generic using in HyperlightCodeActProviderTests.
    - Add missing using Microsoft.Extensions.AI in CodeActApprovalMode.cs and
      shorten ApprovalRequiredAIFunction cref (IDE0001).
    - Fix broken README link to docs/decisions/0024-codeact-integration.md.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: AIFunction inheritance, packaging, GetService approval check
    
    - HyperlightExecuteCodeFunction now inherits AIFunction directly. The
      AsAIFunction() indirection is gone; instances are accepted anywhere an
      AIFunction is. Approval requirement is surfaced via GetService<ApprovalRequiredAIFunction>()
      which lazily exposes a wrapping ApprovalRequiredAIFunction proxy when the
      effective ApprovalMode/tool stack requires it.
    - ComputeApprovalRequired now uses GetService<ApprovalRequiredAIFunction>() so
      approval-required tools nested anywhere in the AITool decorator stack are
      detected (not just the top-most class).
    - csproj: drop IsPackable=false (ready to release with the published
      Hyperlight.HyperlightSandbox.Api 0.4.0 dependency); add PackageReadmeFile
      and pack README.md at the package root, matching the pattern used by
      Aspire.Hosting.AgentFramework.DevUI / Microsoft.Agents.AI.DurableTask.
    - Update Step03 sample and README wording to reflect direct AIFunction usage.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Core: add experimental session-mode harness context provider (#5611)
    * Python: Core: add experimental session-mode harness context provider
    
    Introduces the _harness namespace and the first context provider:
    SessionModeContextProvider, with get_session_mode / set_session_mode
    helpers and a DEFAULT_MODE_SOURCE_ID constant. Behind
    @experimental(ExperimentalFeature.HARNESS).
    
    Also folds in a small _sessions.py cleanup (try/except ImportError
    -> contextlib.suppress) touched while developing the harness.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: align session-mode harness with .NET AgentModeProvider
    
    Mirror the default mode descriptions and instruction template used
    by the .NET AgentModeProvider so the cross-language harness UX is
    consistent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on session-mode harness
    
    - json.dumps tool outputs to stay valid for arbitrary mode names
    - normalize configured mode keys (lower+strip) so custom-cased configs work
    - raise TypeError instead of silently replacing non-dict session state
    - mark get_session_mode/set_session_mode as @experimental(HARNESS)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: rename SessionModeContextProvider to AgentModeProvider
    
    Match the .NET AgentModeProvider class name for cross-language
    consistency. Helpers renamed accordingly: get_session_mode ->
    get_agent_mode, set_session_mode -> set_agent_mode. The default
    source_id is now "agent_mode". Construction pattern stays Pythonic
    (kwargs, not an options object).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address AgentModeProvider review feedback
    
    - default_mode now defaults to None and falls back to the first configured
      mode, decoupling the kwarg from the built-in 'plan'/'execute' set.
    - get_agent_mode catches ValueError when a previously persisted mode is no
      longer in available_modes and resets to the default mode (matching the
      non-string recovery branch). Added regression coverage for both behaviors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix hyperlight WasmSandbox cross-thread Drop and harden hosted-agent sample (#5603)
    * update hyperlight to beta and move samples, add hosted agent sample
    
    * Python: Fix hyperlight WasmSandbox cross-thread Drop and harden sample
    
    Root cause: when a worker-side closure raised, the exception's __traceback__
    retained frame locals that included the partially constructed PyO3 sandbox.
    Future.result() re-raised that exception on the caller thread, and when the
    caller's exception was eventually GC'd the frame locals were released
    off-thread, dec_ref'ing the unsendable sandbox from the wrong thread and
    tripping the PyO3 panic
    '_native_wasm::WasmSandbox is unsendable, but is being dropped on another thread'.
    
    Fix:
    * Add _SandboxWorker._run_on_worker which catches every exception on the
      worker, drops __traceback__ there, deletes the original exception, and
      re-raises a fresh instance on the caller thread. initialize and execute
      route through it; dispose keeps its bare-submit semantics.
    * Add an opt-in diagnostic module _drop_diagnostic (no-op unless
      HYPERLIGHT_TRACE_DROPS=1) that installs a sys.unraisablehook and dumps
      owner-thread + per-thread stacks on any future cross-thread unsendable
      Drop. Useful for triaging similar PyO3 regressions.
    * Tests: cross-thread invocation, traceback-leak isolation, _SandboxEntry
      attribute-shape check, and a stale-reference stress test driven through
      asyncio.to_thread.
    
    Sample (samples/04-hosting/foundry-hosted-agents/responses/06_hyperlight_codeact):
    * Dockerfile installs agent-framework-* from in-tree source with python/ as
      build context so unreleased fixes can be validated end-to-end.
    * call_server.py pins the Responses API version.
    * main.py enables include_detailed_errors=True so future tool failures
      surface the actual exception text instead of a bare 'Error: Function
      failed.' string.
    * README.md documents the in-tree-package build and the Hyperlight
      hypervisor requirement (/dev/kvm on Linux, MSHV on Windows). Hosted
      environments without hypervisor passthrough surface 'No Hypervisor was
      found for Sandbox'; this is a hosting constraint, not a hyperlight bug.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: remove _drop_diagnostic from hyperlight package
    
    The diagnostic module was useful while bisecting the cross-thread Drop bug,
    but it is no longer needed now that _SandboxWorker._run_on_worker prevents
    the panic at the source.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: address PR review feedback on hyperlight
    
    - Use lazy agent_framework.hyperlight import in sample main.py.
    - Env-driven endpoint (FOUNDRY_AGENT_ENDPOINT) in call_server.py; remove personal URLs.
    - Align agent.yaml model deployment with manifest (gpt-4.1-mini).
    - Tighten Dockerfile requirements guard; drop dangling deploy.ps1 reference.
    - Preserve exception args when sanitizing tracebacks in _run_on_worker.
    - Add public _SandboxWorker.is_alive(); update test to avoid private attr.
    - Add namespace coverage tests for agent_framework.hyperlight lazy loader.
    - Add prominent note: Foundry hosted-agent runtime does not yet support
      Hyperlight (no hypervisor exposed); container works locally with /dev/kvm.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: bump hyperlight-sandbox dependencies to 0.4.x
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: renumber hyperlight codeact sample to 08
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Coerce worker exception args to strings for cross-thread safety
    
    Stringify exc.args on the worker thread before propagating, so any
    PyO3 unsendable object captured in args (e.g. via a caller-supplied
    callback or underlying SDK) cannot be Dropped on the calling thread.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * moved sample
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Core: add experimental todo-list harness context provider (#5612)
    * Python: Core: add experimental todo-list harness context provider
    
    Adds TodoListContextProvider with pluggable TodoStore backends:
    TodoSessionStore (in-session) and TodoFileStore (JSONL on disk).
    Public types: TodoItem, TodoInput. Behind
    @experimental(ExperimentalFeature.HARNESS).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: align todo harness instructions with .NET TodoProvider
    
    Reformat DEFAULT_TODO_INSTRUCTIONS to mirror the .NET TodoProvider
    DefaultInstructions wording and structure, and bring the class
    docstring closer to the .NET XML <remarks> block. Keeps Python tool
    names in snake_case.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on todo harness
    
    - mark TodoStore as @experimental(HARNESS) for surface consistency
    - TodoSessionStore.load_state now raises ValueError on malformed items
    - TodoFileStore now namespaces persisted state by source_id
    - TodoFileStore now safely encodes session_id/owner and verifies path containment (matches FileHistoryProvider pattern)
    - per-(session, source_id) asyncio.Lock around read-modify-write to avoid races
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: rename TodoListContextProvider to TodoProvider
    
    Match the .NET TodoProvider class name for cross-language consistency.
    Other public types (TodoStore, TodoSessionStore, TodoFileStore,
    TodoItem, TodoInput) are unchanged. Construction stays Pythonic
    (kwargs, not an options object).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address TodoProvider review feedback
    
    - TodoStore.load_state/save_state are now async; TodoFileStore performs
      disk I/O via asyncio.to_thread so the event loop is no longer blocked
      while the per-session mutation lock is held.
    - TodoSessionStore now raises ValueError for malformed top-level state
      (non-dict / non-list 'items' / non-int 'next_id') to match the
      TodoFileStore contract instead of silently re-defaulting.
    - Both stores now clamp next_id to max(item.id) + 1 after load to make
      ID collisions impossible after recovery or reconfiguration.
    - TodoFileStore writes atomically by writing a sibling temp file and
      os.replace-ing it so a crash mid-write cannot truncate the state file.
    - TodoFileStore.load_state no longer creates parent directories for
      sessions that never write; mkdir is deferred to save_state.
    - TodoProvider mutation locks now live in a weakref.WeakKeyDictionary
      keyed by AgentSession, so locks for GC'd sessions are evicted instead
      of leaking in long-running services.
    
    Tests cover each change including a TodoFileStore-backed end-to-end
    provider flow, atomic-write recovery, and lock GC eviction.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix incorrect workflow timings in DevUI by adding created_at to executor events (#5615)
    * fix(devui): add created_at to custom output item events for correct workflow timings (#5545)
    
    CustomResponseOutputItemAddedEvent and CustomResponseOutputItemDoneEvent lacked a
    created_at field, causing the frontend to synthesize timestamps using integer-second
    precision with a forced +1s minimum gap between events. This made instant workflows
    appear to take 3+ seconds in the DevUI timeline.
    
    Fix:
    - Add optional created_at: float | None field to both custom event models
    - Populate created_at=float(time.time()) in the mapper for executor_invoked,
      executor_completed, and executor_failed events
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(devui): use event created_at for accurate workflow timeline timings
    
    workflow-view.tsx synthesized _uiTimestamp using Math.max(baseTimestamp,
    lastTimestamp + 1) with integer-second precision, forcing a minimum 1-second
    gap between every sequential event. This made instant workflows appear to take
    several seconds in the DevUI timeline.
    
    The fix prefers event.created_at (a float Unix timestamp populated by the
    backend mapper for all executor events) and only falls back to the synthetic
    timestamp when created_at is absent. This matches the pattern already used in
    devuiStore.ts:addDebugEvent.
    
    Added a regression test in test_mapper.py verifying that the mapper attaches
    created_at to all executor lifecycle events (invoked, completed, failed).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(devui): address review feedback for issue #5545
    
    - Read data.timestamp (ISO string) and response.created_at in addition
      to top-level created_at when deriving _uiTimestamp, so
      response.workflow_event.completed events get a real server timestamp
      instead of a synthesized one
    - Change uniqueTimestamp tiebreaker: when a real server timestamp is
      available use Math.max(eventTimestamp, lastTimestamp) rather than
      lastTimestamp + 1, eliminating artificial 1-second gaps while still
      preserving monotonic ordering
    - Apply the same fix in the HIL streaming path (second setOpenAIEvents
      call in workflow-view.tsx)
    - Add assert event.created_at > 0 to regression test to guard against
      zero or negative timestamps
    - Add test_custom_output_item_event_models_have_created_at_field model-
      level test so removing the field produces a clear named failure rather
      than a downstream ValidationError
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(#5545): guard NaN timestamps, fix fallback ID uniqueness, add regression tests
    
    - workflow-view.tsx (×2): Wrap data.timestamp ISO→number conversion in a
      Number.isFinite() guard.  Python's datetime.now().isoformat() emits
      microseconds without a trailing 'Z' (e.g. '2024-01-15T12:34:56.123456'),
      which some JS engines cannot parse, returning NaN.  NaN !== undefined is
      true so the eventTimestamp !== undefined guard did not catch it, poisoning
      _uiTimestamp and resetting the monotonic ordering seed (NaN || 0 → 0).
    
    - execution-timeline.tsx: Replace uiTimestamp in the fallback syntheticItemId
      with the per-executor runNumber counter.  Two runs of the same executor
      within the same second previously received identical _uiTimestamp values
      and therefore identical syntheticItemIds, causing their output buckets,
      state, and run entries to collide (execution-timeline.tsx:360–408).
    
    - Add missing test_workflow_timings_bug.py source file (only a stale .pyc
      existed).  Three regression tests:
        · test_custom_event_models_lack_created_at_field – model field guard
        · test_workflow_executor_events_lack_created_at – mapper populates created_at
        · test_rapid_workflow_events_have_no_top_level_timestamps – confirms
          data.timestamp format that requires the frontend NaN guard
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5545: Python: [Bug]: Workflow timings in DevUI are incorrect
    
    * devui: move timing regression tests into test_mapper.py, remove dedicated bug file
    
    - Delete test_workflow_timings_bug.py; tests belong in existing module files
    - The two tests already present in test_mapper.py (test_executor_events_carry_created_at_timestamp
      and test_custom_output_item_event_models_have_created_at_field) cover the same ground as the
      first two tests in the deleted file
    - Add test_executor_completed_maps_to_output_item_done_event to test_mapper.py, replacing the
      third test from the deleted file with a generic, issue-agnostic name and docstring
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5545: review comment fixes
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • docs: enhance README with 1.0 features and improved structure (#5534)
    * docs: enhance README with 1.0 features and improved structure
    
    - Add GitHub star badge button for easier community engagement
    - Reorganize highlights to emphasize Foundry Hosted Agents, Agent Skills, and Orchestration Patterns
    - Add CodeAct callout in AF Labs experimental features
    - Improve Community & Feedback section with clearer call-to-action structure
    - Add Table of Contents for better navigation
    - Fix 'quickstar' typo to 'quickstart'
    - Reorder sections for improved readability (docs before code examples)
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * docs: fix .NET quickstart description to match JokerAgent code
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a0616215-1b8a-44ea-9a35-3ef33b97bdce
    
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    
    * docs: add required NuGet packages for .NET Foundry quickstart
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a035ce2c-e2e0-4b8d-b340-550704220975
    
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    
    * docs: sync and apply local README changes
    
    * Update README.md
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
    
    * docs: remove emojis from README
    
    * docs: refine README intro paragraph
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: chetantoshniwal <255221507+chetantoshniwal@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: Add hosted agent sample with observability (#5608)
    * Add hosted agent sample with observability
    
    * Address comments
    
    * Remove unneeded changes
    
    * Update README
  • .NET: Hosting updates to declarative workflows (#5589)
    * Make DeclarativeWorkflowExecutor ChatProtocol-compatible for AsAIAgent hosting
    
    Extends the existing DeclarativeWorkflowExecutor<TInput> root executor with
    additional ChatProtocol-compatible input routes (string, ChatMessage,
    IEnumerable<ChatMessage>, ChatMessage[], TurnToken) so that workflows built
    via DeclarativeWorkflowBuilder.Build<TInput>(...) work both for direct
    invocation and when hosted via Workflow.AsAIAgent(...).
    
    - Each input message advances the declarative graph immediately; the
      TurnToken that the host sends after the message batch is treated as a
      no-op since the message has already been processed.
    - Conversation id resolution now prefers persisted workflow system state,
      then DeclarativeWorkflowOptions.ConversationId, then a newly created
      conversation. This makes multi-turn invocations reuse the prior
      conversation rather than creating a fresh one each turn.
    - The separate DeclarativeChatProtocolStartExecutor and
      DeclarativeWorkflowBuilder.BuildChatProtocol overloads introduced
      earlier are removed; callers continue to use Build<TInput>(...).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: use DeclarativeWorkflowContext when reading workflow conversation id
    
    GetWorkflowConversation() requires a DeclarativeWorkflowContext (it calls ReadState which dynamic-casts via the DeclarativeContext helper). The chat-protocol auxiliary handlers receive a BoundWorkflowContext, so calling the extension on the raw IWorkflowContext throws `Invalid workflow context: BoundWorkflowContext`. Use the wrapped declarativeContext that we already constructed.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: surface ExecutorFailedEvent as ErrorContent in AsAIAgent response
    
    WorkflowSession.InvokeStageAsync only converted WorkflowErrorEvent into an ErrorContent payload. ExecutorFailedEvent fell through to the default branch which emits an empty AgentResponseUpdate carrying the event in RawRepresentation. OutputConverter then mapped that to a workflow_action item with status=failed and dropped the exception entirely, so callers got status=completed and error=null even when an executor threw.
    
    - WorkflowSession.cs: add ExecutorFailedEvent case mirroring WorkflowErrorEvent. Honors _includeExceptionDetails.
    
    - OutputConverter.cs: when an update carries both a WorkflowEvent in RawRepresentation and non-empty Contents, fall through to content processing so the unwrapped error (or any future content payload from a workflow event) is actually emitted.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * improve: walk inner exceptions when surfacing ExecutorFailedEvent
    
    DeclarativeActionExecutor wraps inner exceptions in DeclarativeActionException with a generic `Unhandled workflow failure` message, hiding the real cause. Walk InnerException so the response shows the full chain (e.g. the underlying HTTP 400 / auth error).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Surface declarative SendActivity output as chat content
    
    SendActivityExecutor now emits AgentResponseEvent in addition to
    MessageActivityEvent so chat protocols (e.g. AsAIAgent) receive the
    formatted activity text. The existing MessageActivityEvent is preserved
    for DevUI/observability.
    
    Also extend WorkflowSession.WorkflowOutputEvent handling to accept
    AgentResponse payloads, mapping them to their constituent ChatMessages.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Persist hosted-agent sessions to disk; fix System.LastMessageText
    
    Adds FileSystemAgentSessionStore that writes the serialized AgentSession JSON
    
    (which already embeds the workflow's in-memory checkpoint manager) to a per-
    
    conversation file under /.checkpoints when running in a Foundry hosted env
    
    or {cwd}/.checkpoints locally. Mirrors the python foundry_hosting._responses
    
    FileCheckpointStorage pattern so multi-turn workflow state survives process
    
    restarts without requiring callers to wire up storage themselves.
    
    AddFoundryResponses now defaults to FileSystemAgentSessionStore.CreateDefault()
    
    instead of InMemoryAgentSessionStore; callers can still override via DI.
    
    Also fixes {System.LastMessageText} resolving empty: DeclarativeWorkflowExecutor
    
    .AdvanceAsync was passing the message rehydrated from CreateMessageAsync to
    
    SetLastMessageAsync, but ResponseItem -> ChatMessage round-trip drops the .Text
    
    extension content. Use the original input ChatMessage (which still has the
    
    user-supplied text) and copy the server-assigned MessageId across when present.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Close multi-modal input parity gaps with python foundry_hosting
    
    InputConverter now mirrors the python _responses.py content handling:
    
    - ComputerScreenshotContent maps to UriContent/HostedFileContent (was dropped).
    
    - Plain TextContent and SummaryTextContent map to MEAI TextContent.
    
    - MessageContentReasoningTextContent maps to MEAI TextReasoningContent.
    
    - input_file with text/* file_data data URIs is decoded inline into
    
      TextContent with a [File: name] prefix, matching python _convert_file_data
    
      so {System.LastMessageText} surfaces the file body. Non-text data URIs and
    
      hosted/url file references preserve filename as AdditionalProperties.
    
    Image/file extraction logic is extracted into shared AppendImageContent and
    
    AppendFileContent helpers used by both the fresh-input and history-replay
    
    switches. Existing 37 InputConverter tests still pass.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Foundry hosting: round-trip tool-approval (HITL) content as mcp_approval_request/response
    
    Closes the gap where Microsoft.Agents.AI.Foundry.Hosting silently dropped
    MEAI ToolApprovalRequestContent/ToolApprovalResponseContent in both
    directions. We now serialize them onto the wire as the standard Responses
    API mcp_approval_request/mcp_approval_response items with
    server_label='agent_framework', and parse the symmetric inbound shapes
    back into MEAI content.
    
    Wire format:
    - The Responses API only standardizes mcp_approval_* as the approval
      primitive. We declare AF as a virtual MCP server via the server_label
      field, which is honest for AF's server-side tool-call holding pattern.
    - The SDK enforces a strict {prefix}_{50hex} wire-id format, so we hash
      the AF RequestId and persist a wireId<->afRequestId mapping in
      AgentSession.StateBag so a later mcp_approval_response can be matched
      back to the originating workflow request.
    
    Coexists with the existing ConsentAwareMcpClientAIFunction flow
    (AgentFrameworkResponseHandler.cs) which emits mcp_approval_request from
    a side-channel, not via OutputConverter's content switch.
    
    Known follow-up: python (foundry_hosting/_responses.py) has the same
    output-side gap (ToolApprovalRequestContent emission). Out of scope here.
    
    Tests: +9 unit tests covering both fresh-input and history-replay shapes,
    StateBag mapping resolution, and the non-FunctionCallContent skip path.
    Existing 108 converter tests still pass; full suite 370/370.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review feedback for hosted-declarative-dotnet
    
    FileSystemAgentSessionStore reliability/scoping:
    
    - Bound Sanitize() stackalloc at 256 chars, fall back to ArrayPool for longer ids so a long conversationId can no longer crash the hosting process with StackOverflowException.
    
    - Use a Guid-suffixed temp file (\{path}.{guid}.tmp\) so concurrent SaveSessionAsync calls on the same conversation can no longer race on the same temp file. Best-effort temp cleanup on failure.
    
    - Bucket session files by agent.Name when set so two keyed agents that happen to share a conversationId no longer overwrite each other's persisted state. Single-agent / unnamed-agent cases keep the original flat layout (Python parity).
    
    DeclarativeWorkflowExecutor chat-protocol routing:
    
    - ConfigureChatProtocolRoutes uses IsAssignableFrom rather than exact type equality so a broader TInput (object, base interfaces) does not have its inherited inputTransform shadowed by handlers we register here.
    
    - HandleChatMessagesAsync / HandleChatMessageArrayAsync now advance through every message in the batch instead of keeping only the trailing one, so multi-message turns and replayed history are no longer silently truncated. AdvanceAsync gains a finalizeTurn flag so only the last message in the batch sends the result.
    
    Tests:
    
    - New FileSystemAgentSessionStoreTests covering constructor, fresh-session fallback for missing/empty files, root-directory creation, save/get round-trip, agent-Name scoping isolation, long conversationId, invalid-character sanitization, and concurrent-save behavior.
    
    - New InputConverterTests covering AppendFileContent: text/* data URI decode (with and without filename prefix), non-text data URI passthrough, malformed data URI fallback, and filename propagation onto UriContent / HostedFileContent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for remaining PR review feedback (C2, D1, E1)
    
    C2: InputConverter — add 9 tests covering SDK content types that previously
    had no coverage:
      - SdkTextContent → TextContent (input + output paths)
      - SummaryTextContent → TextContent (input + output paths)
      - MessageContentReasoningTextContent → TextReasoningContent (input + output)
      - ComputerScreenshotContent (HTTP URL → UriContent, data: URI → DataContent,
        output path → UriContent)
    
    D1: OutputConverter — add 2 tests for the WorkflowEvent + Contents fall-through:
      - WorkflowEvent in RawRepresentation with text Contents must flow through
        the content-processing path (text-delta event emitted).
      - WorkflowEvent + ErrorContent must produce a failed event rather than be
        swallowed by the workflow branch.
    
    E1: SendActivityExecutor — extend CaptureActivityAsync to assert that the
    executor emits an AgentResponseEvent carrying the activity text with the
    correct ExecutorId and ChatRole.Assistant role.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Defense-in-depth: neutralize dot-segments in Sanitize and cap TryDecodeTextDataUri input size
    
    Addresses claude-opus-4.6 security review on PR #5589:
    
    - FileSystemAgentSessionStore.Sanitize now replaces all-dot segments
      (., .., ...) with underscores so a developer-controlled agent.Name
      cannot escape the root directory on Linux (where Path.GetInvalidFileNameChars
      only contains NUL and '/').
    
    - InputConverter.TryDecodeTextDataUri rejects encoded payloads larger than
      16 MiB before calling Convert.FromBase64String, preventing a single
      oversized data URI from triggering a multi-megabyte allocation.
    
    - Adds unit tests covering both fixes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Linux-only failure in SaveSessionAsync_SanitizesInvalidPathCharactersAsync
    
    '?' is in Path.GetInvalidFileNameChars only on Windows, not on Linux/macOS,
    so the test failed on Ubuntu in CI. Use Path.GetInvalidFileNameChars()[0]
    (skipping NUL) to pick a guaranteed-invalid character for the running OS,
    and assert the result no longer contains it.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address claude-opus-4.6 security/reliability review feedback
    
    WorkflowSession.cs:
    - ExecutorFailedEvent handler no longer leaks the internal executor ID
      in error messages. Mirror the WorkflowErrorEvent pattern: surface the
      exception's Message when _includeExceptionDetails is true, fall back
      to the generic 'An error occurred while executing the workflow.' otherwise.
      This also resolves the failing WorkflowHostSmokeTests assertions.
    
    FileSystemAgentSessionStore.cs:
    - GetSessionPath no longer has a write side effect. Directory.CreateDirectory
      for the per-agent bucket is now performed only on the SaveSessionAsync
      path, so a read miss on GetSessionAsync no longer leaves an empty
      directory on disk.
    - Adds GetSessionAsync_NoExistingFile_DoesNotCreateAgentDirectoryAsync
      to lock in the no-side-effect-on-read contract.
    
    OutputConverterTests.cs:
    - Strengthen ConvertUpdatesToEventsAsync_ToolApprovalRequest_NonFunctionToolCall_SkippedAsync
      to assert exactly one event (the terminal ResponseCompletedEvent) so a
      spurious output-item-added/-done leak would now fail the test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: clean up comments and rename TryParseArguments
    
    - Remove Python-codebase references from C# XML docs and inline comments.
    - Drop fix-history comments referring to previously-resolved issues.
    - Drop `Defense-in-depth:` prefixes; keep the concrete `what & why`.
    - Drop `previously we kept only the trailing message` comment in
      DeclarativeWorkflowExecutor; just describe current loop behavior.
    - Rename InputConverter.TryParseArguments to ParseFunctionArgumentsObject
      to make the intent obvious at the call site.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: collision-free Sanitize, MAF-style refactors
    
    - FileSystemAgentSessionStore.Sanitize now percent-encodes invalid chars
      (and `%` itself) instead of replacing them with `_`, eliminating
      collisions like `foo/bar` vs `foo_bar` mapping to the same bucket.
      All-dot segments encode every dot so Windows trailing-dot trimming
      cannot reintroduce a navigable name.
    - AddFoundryResponses XML doc updated to accurately describe the default
      store root (/.checkpoints when hosted, {cwd}/.checkpoints locally).
    - DeclarativeWorkflowExecutor.ConfigureChatProtocolRoutes now uses exact
      type equality instead of IsAssignableFrom so a broad TInput (e.g.
      object) does not skip registering IEnumerable<ChatMessage>, which
      ChatProtocolExtensions.IsChatProtocol requires verbatim.
    - SendActivityExecutor uses context.YieldOutputAsync(response) instead
      of manually constructing AgentResponseEvent, so the activity will
      participate in any future OutputFilter coverage.
    - WorkflowSession handles AgentResponseEvent in its own switch case,
      avoiding the second typecheck against output.Data.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(workflows): bridge declarative HITL through Foundry hosting via IExternalRequestEnvelope
    
    Introduce a new public interface IExternalRequestEnvelope in
    Microsoft.Agents.AI.Workflows that lets the runtime peek through a
    declarative-layer envelope without taking a circular reference back into
    the declarative package. ExternalInputRequest (declarative) implements
    it; ExternalInputResponse is constructed via the request's CreateResponse
    factory. WorkflowSession unwraps inner AIContent on the request side and
    rewraps the client's ChatMessage reply into an ExternalInputResponse on
    the response side. PortableValue cannot deserialize directly into an
    interface, so TryGetRequestEnvelope resolves the concrete type via
    RequestPortInfo.RequestType (TypeId -> Type.GetType) before casting.
    
    Public WorkflowHarness contract preserved: InvokeFunctionToolExecutor
    and WorkflowActionVisitor are unchanged from upstream, so public
    InvokeToolWorkflowTest scenarios continue to drive
    ExternalInputRequest / ExternalInputResponse directly through the
    harness.
    
    AgentFrameworkResponseHandler: skip prior conversation history replay
    when an existing session is being resumed (workflow checkpoint already
    holds the prior messages).
    
    WorkflowSession: when includeExceptionDetails is opted in, also unwrap
    DeclarativeActionException so HITL failures are debuggable.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • fix(openai): drop completed continuation_token from shared options in tool loop (#5462)
    Fixes #5394.
    
    When `background=True` is combined with local function tools,
    `FunctionInvocationLayer` calls `_inner_get_response(options=mutable_options)`
    repeatedly with the same dict reference across loop iterations. Once the
    first poll retrieves a completed background response, `continuation_token`
    stays in `mutable_options`, so every subsequent iteration takes the
    `continuation_token is not None` branch and `GET`s the same completed
    response instead of `POST`ing the tool results. The loop exits after
    `max_iterations` with empty text and the model never sees any tool output.
    
    After the retrieve, if the returned `ChatResponse.continuation_token` is
    `None` (the background response is no longer in progress), pop
    `continuation_token` and `background` from the shared options dict in
    place. The next loop iteration then falls through to the normal
    `responses.create`/`parse` path and posts tool results.
    
    The diagnosis and a verified runtime monkeypatch are in the issue; this
    is the same fix moved in-tree.
    
    Co-authored-by: Yufeng He <40085740+universeplayer@users.noreply.github.com>
  • Python: Support GPT-5 verbosity option and restore Foundry agent_reference (#5619)
    * Python: Support GPT-5 verbosity option and restore Foundry agent_reference
    
    Adds verbosity as a typed Literal["low","medium","high"] field on
    OpenAIChatOptions (Responses API) and OpenAIChatCompletionOptions (Chat
    Completions API), set in the same way as the existing reasoning options.
    For the Responses API, top-level verbosity is translated to the nested
    text.verbosity shape the OpenAI service expects. The same field flows
    through to FoundryChatClient via the existing FoundryChatOptions alias.
    
    Also fixes #5582: PR #5447 removed the agent_reference injection from
    RawFoundryAgentChatClient._prepare_options, so first-turn calls against
    a Foundry Prompt Agent went out without model and without agent_reference
    and were rejected by the Responses API with "Missing required parameter:
    'model'". Restores the injection on the non-preview path
    (allow_preview=False) and adds a guard test that asserts the preview
    path does not inject agent_reference, since the preview SDK injects it
    via project_client.get_openai_client(agent_name=...).
    
    Closes #5516
    Closes #5582
    
    * Python: Address Copilot review on PR #5619
    
    - Foundry verbosity sample docstring: replace the misleading "set deployment
      name on model=" instruction with the actual env-var pattern the sample relies
      on (FOUNDRY_PROJECT_ENDPOINT and FOUNDRY_MODEL).
    - _build_agent_reference docstring: clarify the helper is used for both
      Prompt Agents and HostedAgents on the non-preview path.
    - Add a Responses API test that locks in the documented precedence rule:
      when both top-level verbosity and text["verbosity"] are supplied, the
      top-level value wins.
    
    * Python: Drop redundant Foundry verbosity sample and list OpenAI sample in README
    
    - Remove samples/02-agents/providers/foundry/foundry_chat_client_verbosity.py
      per review feedback. The verbosity functionality is identical across the
      OpenAI and Foundry clients (FoundryChatOptions is an alias of
      OpenAIChatOptions), so a single sample on the OpenAI side is sufficient.
    - Add the new client_verbosity.py entry to the OpenAI samples README.
  • Python: Core: add experimental memory harness context provider (#5613)
    * Python: Core: add experimental memory harness context provider
    
    Adds MemoryContextProvider with topic-indexed long-term memory and
    chat-driven compaction. Pluggable MemoryStore backends include
    MemoryFileStore. Public types: MemoryIndexEntry, MemoryTopicRecord.
    Behind @experimental(ExperimentalFeature.HARNESS).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Core: address review feedback on memory harness
    
    - mark MemoryStore as @experimental(HARNESS) for surface consistency
    - safely encode owner id and verify path containment (matches FileHistoryProvider pattern)
    - namespace MemoryFileStore on-disk layout by source_id to avoid cross-provider collisions
    - before_run computes index_entries once and only rewrites MEMORY.md when content changes
    - asyncio locks around topic/state read-modify-write to avoid concurrent-write races
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: harden memory store IO + consolidation behavior
    
    - Atomic writes via os.replace + temp sibling for topic, state, and index files so
      crashes/disk-full failures cannot leave a truncated half-written file.
    - Stop creating directories on read paths: list_topics/read_state/search_transcripts
      and get_messages return empty when nothing has been written. mkdir is deferred to
      the actual save path (write_topic/write_state/save_messages).
    - Escape lines that look like markdown headings on render and unescape them on parse,
      so a memory or summary containing '## Summary'/'## Memories' cannot tamper with the
      topic file structure.
    - Narrow extraction/consolidation chat-client failure handling to ChatClientException,
      asyncio.TimeoutError, and OSError. Programmer errors (AttributeError, TypeError, ...)
      now propagate so misconfigured clients fail loudly.
    - Log a payload-prefix preview for every silent shape branch in _extract_memories and
      _consolidate_topic so unparsable extractor output is debuggable instead of invisible.
    - Restructure _run_consolidation: read maintenance state and topic snapshot under the
      state lock, run the LLM consolidation loop without holding the state lock, and only
      advance last_consolidated_at/sessions_since_consolidation if at least one topic
      succeeded. Transient consolidation failures now leave the maintenance window in
      place so the next after_run retries instead of silently sliding forward.
    - Add regression tests for: markdown-marker round-trip, atomic-write recovery on
      os.replace failure, no-mkdir on pure read paths, transient consolidation failure
      preserves state, and propagation of programmer errors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • docs: fix outdated @ai_function reference to @tool in workflows README (#5622)
    The @ai_function decorator was renamed to @tool in release 
    python-1.0.0b260128 (PR #3413) as a breaking change.
    
    Line 58 of python/samples/03-workflows/README.md still referenced 
    the old @ai_function name, causing users to hit:
    ImportError: cannot import name 'AIFunction'
    
    Changes made:
    - Fixed @ai_function to @tool on line 58 only
    - No formatting or whitespace changes
  • Python: docs(python/samples): recommend uv venv and document Windows ensurepip hang workaround (#5508)
    * docs(samples): recommend uv venv to avoid Windows ensurepip hang
    
    Replace bare 'python -m venv .venv' with 'uv venv .venv' as the
    recommended approach in azure_functions and foundry-hosted-agents
    READMEs. Add a note explaining that python -m venv can hang
    indefinitely on Windows with Microsoft Store Python due to a known
    ensurepip issue.
    
    This matches the pattern already used in a2a/README.md which uses
    uv run exclusively.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: docs(python/samples): recommend `uv venv` and document Windows ensurepip hang workaround
    
    Fixes #5401
    
    * fix: correct Windows venv activation commands in foundry-hosted-agents README (#5401)
    
    Split the Windows activation section into separate PowerShell (.venv\Scripts\Activate.ps1)
    and Command Prompt (.venv\Scripts\activate.bat) instructions, replacing the incorrect
    extensionless `Activate` path.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5401: Python: [Samples][Python] `python -m venv` hangs on Windows — READMEs should recommend uv or document workaround
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add redis[asyncio] to requirements.txt for streaming samples (#5509)
    * fix: add redis[asyncio] to streaming sample requirements.txt
    
    Both streaming samples import redis.asyncio in redis_stream_response_handler.py
    but neither included redis in their requirements.txt, causing ModuleNotFoundError
    on fresh installs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Add `redis[asyncio]` to requirements.txt for streaming samples
    
    Fixes #5396
    
    * Revert unrelated formatting and cleanup changes
    
    Revert formatting-only edits in sample files and unrelated cleanup
    (unused import removal, __all__ reordering) that were accidentally
    included in the redis dependency fix (issue #5396).
    
    The only intended changes for this PR are the Redis dependency
    additions to requirements.txt files for the streaming samples.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5396: Python: [Samples][Python] redis package missing from requirements.txt in streaming samples
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Document that W3C trace context injection does not apply to Foundry hosted/toolbox MCP tools (#5580)
    * docs: clarify MCP trace-context propagation scope for hosted/toolbox tools (#5547)
    
    Automatic W3C trace-context injection via params._meta applies only to
    MCP sessions opened by the agent process (MCPStreamableHTTPTool,
    MCPStdioTool, MCPWebsocketTool).  Hosted MCP tools
    (FoundryChatClient.get_mcp_tool) and toolbox-fetched tools
    (FoundryChatClient.get_toolbox) execute inside the Foundry agent service
    runtime; the framework never issues the tools/call for those and
    therefore cannot inject traceparent/tracestate.  The previous wording
    ("for all transports") implied coverage that does not exist.
    
    The updated section:
    - removes the inaccurate "for all transports" claim
    - adds a Scope paragraph naming the three client-opened transports that
      are covered
    - explicitly states that propagation across the agent-to-toolbox-to-MCP
      boundary is the responsibility of the Foundry service runtime
    - documents the workaround (use MCPStreamableHTTPTool directly) for
      users who need end-to-end distributed tracing today
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs: broaden MCP _meta scope note to cover all provider-managed transports (#5547)
    
    - List OpenAIChatClient.get_mcp_tool() and AnthropicClient.get_mcp_tool()
      alongside FoundryChatClient.get_mcp_tool() as hosted/provider-managed
      exceptions; restricting the carve-out to Foundry was misleading for
      readers using other providers
    - Fix get_toolbox() wording: use 'await client.get_toolbox(...)' and note
      that toolbox.tools is passed into Agent(tools=...) so it reads as an
      async instance method call, not a static/class method call
    - Add parenthetical '(or any other client-opened MCPTool subclass)' to
      future-proof the list of covered transports
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs: add GeminiChatClient to MCP scope note and add learn-site observability doc (#5547)
    
    - Add GeminiChatClient.get_mcp_tool(...) to the hosted/provider-managed
      list in the MCP trace propagation scope note; Gemini's get_mcp_tool()
      returns a types.Tool with an McpServer entry executed by the Gemini
      service runtime, so it belongs alongside FoundryChatClient,
      OpenAIChatClient, and AnthropicClient in that list.
    - Create docs/features/observability/README.md as the learn-site
      documentation surface for observability, covering telemetry setup and
      MCP trace propagation with the same scope note (including
      GeminiChatClient) so that both doc surfaces are consistent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unneeded observability docs README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add Python parity for HttpRequestAction in declarative workflow (#5599)
    * Add Python parity for HttpRequestAction in declarative workflow
    
    * Ran pyupgrade and pright to fix CI issues
    
    * Fix conversation ID dot parsing for http executor
    
    * Removed unnecessary export command
  • Python: Add sample for hosted agent with files (#5596)
    * Add sample for hosted agent with files
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/samples/04-hosting/foundry-hosted-agents/responses/06_files/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Improve README
    
    * Address comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Enforce approval_mode in Claude and GitHub Copilot agents (#5562)
    * Python: Enforce approval_mode in Claude and GitHub Copilot agents
    
    Tools declared with approval_mode="always_require" were bypassed by the
    ClaudeAgent and GitHubCopilotAgent because their SDK-managed tool-calling
    loops invoke FunctionTool.invoke() directly via package-supplied handlers,
    skipping the standard _try_execute_function_calls approval gate.
    
    Per discussion on #5494, the fix lives in the agents (not in FunctionTool):
    any flag added to the tool itself can be spoofed by code with the same
    level of access, so the security boundary is the agent that owns the
    tool-calling loop.
    
    - Add on_function_approval option to ClaudeAgentOptions and
      GitHubCopilotOptions. Callback receives a FunctionCallContent describing
      the pending call and returns bool (sync or async).
    - Gate FunctionTool.invoke() inside each agent's existing tool-handler
      closure when approval_mode == "always_require". Default policy is deny;
      callbacks that raise also deny safely.
    - Deny path returns a tool-error to the model (Claude: text content;
      Copilot: ToolResult(result_type="failure", error="approval_denied"))
      so the LLM can react gracefully instead of silently failing.
    - Tests for both agents covering: deny by default, sync False, sync True,
      async True, callback-raises -> deny, no-op for never_require tools.
    - Samples demonstrating sync, async, and deny-by-default flows for both
      agents.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: preserve empty arg dicts, reject runtime approval override
    
    - _resolve_function_approval no longer collapses {} into None when building
      the FunctionCallContent passed to the callback (Claude + Copilot).
    - Claude _apply_runtime_options and Copilot _run_impl/_stream_updates now
      raise ValueError if on_function_approval is supplied via per-run options,
      instead of silently ignoring it. Approval policy must be set at agent
      construction time.
    - Drop unnecessary # type: ignore[attr-defined] on Content.name/.arguments
      in samples (Content is a unified class with both attributes defined).
    - Add regression tests for the new runtime-options validation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * warning when non callback handler and approval needed
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Harness Feature branch (#5310)
    * .NET: Add a TODO AIContextProvider (#5233)
    
    * Add a TODO AIContextProvider
    
    * Add unit tests
    
    * Address PR comments
    
    * Address PR comments
    
    * Fix test after removing one tool
    
    * .NET: Add a ModeProvider for managing agent modes (#5247)
    
    * Add a ModeProvider for managing agent modes
    
    * Fix typo
    
    * Fix typo
    
    * Fix typo
    
    * Address PR comments
    
    * .NET: Add sample to show how to build a harness (#5268)
    
    * Add sample to show how to build a harness
    
    * Improve sample
    
    * Sample max output tokens and model
    
    * Fix encoding
    
    * Fix model name in readme
    
    * Address PR comments
    
    * .NET: Add context window size compaction strategy for harness (#5304)
    
    * Add context window size compaction strategy for harness
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Address PR comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * .NET: Add a file memory provider (#5315)
    
    * Add a file memory provider
    
    * Address PR comments
    
    * Fix review comments.
    
    * Add additional unit tests
    
    * Addressing PR comments.
    
    * .NET:  Harness: Improve prompts and add FileSystem store (#5365)
    
    * Harness: Improve prompts and add FileSystem store
    
    * Address PR comments
    
    * .NET: Harness: Improve path validation (#5404)
    
    * Harness: Improve path validation
    
    * Address PR comments
    
    * .NET: Add always approve helpers, improve sample and fix bug (#5451)
    
    * Add always approve helpers, improve sample and fix bug
    
    * Address PR comments
    
    * .NET: Make Todo, Mode and FileMemory providers more configurable (#5477)
    
    * Make Todo, Mode and FileMemory providers more configurable
    
    * Address PR comments.
    
    * .NET: Add subagents provider and sample (#5518)
    
    * Add subagents provider and sample
    
    * Addressing PR comments.
    
    * .NET: Harness filememory index plus instructions consistency (#5540)
    
    * Add FileMemoryProvider index and improve instruction consistency
    
    * Address PR comments.
    
    * Address PR comments
    
    * Address PR comments.
    
    * Apply suggestion from @rogerbarreto
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * .NET: Refactor harness console to be more extensible and easy to understand with better UX (#5573)
    
    * Refactor harness console to be more extensible and easy to understand with better UX.
    
    * Fix formatting issues.
    
    * Allow multiple clarifications in one response
    
    * Address PR comments
    
    * .NET: Add FileAccessProvdider and concurrency fix for FileMemoryProvider (#5583)
    
    * Add FileAccessProvdider and concurrency fix for FileMemoryProvider
    
    * Address PR comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: Reduce flaky integration tests and improve CI signal quality (#5454)
    * Enable Ollama integration tests in CI and rename report to Integration Test Report
    
    - Install Ollama, cache models (qwen2.5:0.5b + nomic-embed-text), and start
      server in the Misc integration job for both workflow files
    - Set OLLAMA_MODEL and OLLAMA_EMBEDDING_MODEL env vars so the 5 Ollama tests
      are no longer skipped
    - Rename Flaky Test Report to Integration Test Report throughout (job names,
      artifact names, cache keys, file names, script titles/docstrings)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Bump Ollama model to qwen2.5:1.5b for better instruction following
    
    The 0.5b model was too small to reliably follow simple prompts like
    'Say Hello World', causing test assertion failures. The 1.5b model
    follows instructions more reliably while still being small enough
    for fast CI pulls (~1GB).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable reliable streaming integration tests
    
    Remove the hard skip on test_03_reliable_streaming tests that was
    temporarily disabled for instability investigation. CI infrastructure
    (Azurite, DTS emulator, Redis, func CLI) is already in place.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable skipped Functions/DurableTask tests and bump timeout to 480s
    
    - Remove hard skips from 4 tests in test_11_workflow_parallel.py
    - Remove hard skip from test_conditional_branching in test_06_dt_multi_agent_orchestration_conditionals.py
    - Increase pytest --timeout from 360 to 480 for Functions+DurableTask CI job
    - Updated in both python-merge-tests.yml and python-integration-tests.yml
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-skip failing Functions/DurableTask tests with specific root causes
    
    - test_11_workflow_parallel (4 tests): xdist worker crashes during execution
    - test_conditional_branching: orchestration fails with RuntimeError, not a timeout
    - Keep 480s timeout bump for remaining Functions tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix auth routing in samples 06/11: api_key -> credential for Azure OpenAI
    
    Both samples passed a bearer token provider via api_key= which caused the
    client to route to api.openai.com instead of Azure OpenAI, resulting in
    401 Unauthorized. Changed to credential= which correctly triggers Azure
    routing and picks up AZURE_OPENAI_ENDPOINT from the environment.
    
    - samples/azure_functions/11_workflow_parallel/function_app.py: 1 fix
    - samples/durabletask/06_multi_agent_orchestration_conditionals/worker.py: 2 fixes
    - Re-enable 4 parallel workflow tests and 1 conditional branching test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-skip parallel workflow tests: xdist worker distribution issue
    
    The 4 parallel workflow tests crash because xdist worksteal distributes
    them across separate workers, each spawning its own func process against
    shared emulators. Auth fix (api_key->credential) was valid and stays.
    test_conditional_branching now passes with the auth fix.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix E501 line-too-long in azurefunctions parallel test skip reasons
    
    Wrap skip reason strings to stay within 120 char line limit.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add retry logic and port-conflict fix for Ollama CI setup
    
    - Kill any auto-started Ollama before launching serve (fixes port
      conflict: 'address already in use')
    - Retry ollama pull up to 3 times with 15s backoff (fixes 429 rate
      limit failures)
    - Applied to both python-merge-tests.yml and python-integration-tests.yml
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix flaky integration tests and re-enable skipped tests
    
    - Foundry agent: add allow_preview=True to custom client test
    - Foundry hosting: raise max_output_tokens 50->200, add temperature,
      relax assertion in test_temperature_and_max_tokens
    - Foundry embedding: update skip reason with root cause (endpoint mismatch)
    - OpenAI file search: fix vector store indexing race condition by polling
      file_counts before querying; fix get_streaming_response -> get_response(stream=True)
    - Azure OpenAI file search: remove skip (transient 500 resolved)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove temperature from foundry hosting test (unsupported by CI model)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Stabilize Ollama tool call integration tests with no-arg function
    
    Use a no-argument greet() function instead of hello_world(arg1) for
    integration tests. The 1.5B model in CI is unreliable at generating
    correct tool call arguments, causing 'Argument parsing failed' errors.
    A no-arg function eliminates this flakiness entirely.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Increase reliable streaming test timeouts from 30s to 60s
    
    The LLM call through Azure OpenAI + Redis streaming pipeline can exceed
    30s in CI due to cold starts or throttling. Raise to 60s to reduce
    flaky timeouts while still bounded by pytest's 120s per-test limit.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable workflow parallel tests with xdist_group marker
    
    The tests were skipped because xdist distributes module tests across
    workers, each spawning their own func process (port conflicts). Adding
    xdist_group forces all tests in this module onto a single worker so
    the module-scoped function_app_for_test fixture works correctly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert "Re-enable workflow parallel tests with xdist_group marker"
    
    This reverts commit 455c28da62.
    
    * Rename flaky_report to integration_test_report and add try/finally cleanup
    
    - Rename scripts/flaky_report/ to scripts/integration_test_report/ to
      reflect expanded scope beyond flaky-test detection
    - Update workflow references in both CI files
    - Wrap file search integration tests in try/finally to ensure vector
      store cleanup runs even on test failure or timeout
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Ollama pull failure propagation and Azure OpenAI vector store readiness
    
    - Ollama CI: fail the step immediately if model pull fails after 3
      retries instead of silently proceeding to tests
    - Azure OpenAI file search: add the same vector-store readiness polling
      that was applied to the non-Azure OpenAI tests, preventing eventual
      consistency race conditions
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * remove load_dotenv from test file
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add dedicated Foundry.Hosting UnitTest project (#5592)
    * Foundry.Hosting.UnitTests: extract project from Foundry.UnitTests
    
    Move all Hosting/* tests, three toolbox TestData JSONs, and the FakeAuthenticationTokenProvider/HttpHandlerAssert/TestDataUtil helpers (trimmed to toolbox getters) into a new Microsoft.Agents.AI.Foundry.Hosting.UnitTests project. Add it to the slnx and grant the new assembly InternalsVisibleTo from Microsoft.Agents.AI.Foundry and Microsoft.Agents.AI.Foundry.Hosting.
    
    * Foundry.Hosting.UnitTests: align namespaces to assembly name
    
    Rename namespaces from Microsoft.Agents.AI.Foundry.UnitTests(.Hosting) to Microsoft.Agents.AI.Foundry.Hosting.UnitTests across all moved tests, the duplicated helpers, and the trimmed TestDataUtil. Also fixes the prior namespace inconsistency in FoundryToolboxTests.
    
    * Foundry.Hosting.UnitTests: split WorkflowIntegrationTests by SUT
    
    Replace the WorkflowIntegrationTests file (an IT-named file inside a UT project) with two SUT-focused files plus a shared test-doubles file:
    
    - AgentFrameworkResponseHandlerWorkflowTests.cs - the 5 handler-driven tests that exercise AgentFrameworkResponseHandler with a real workflow agent.
    - OutputConverterWorkflowTests.cs - the 5 OutputConverter tests driven by hand-crafted update sequences mirroring real workflow patterns.
    - WorkflowTestAgents.cs - StreamingTextAgent and ThrowingStreamingAgent extracted as internal types used by both files.
    
    * Foundry.UnitTests: trim Hosting-related conditionals and dead testdata
    
    Now that Hosting tests live in their own project:
    - drop the Compile Remove guard for the Hosting subfolder,
    - drop the .NETCoreApp-only PackageReferences (Azure.AI.AgentServer.Responses, Microsoft.AspNetCore.TestHost, OpenTelemetry, OpenTelemetry.Exporter.InMemory),
    - drop the conditional ProjectReference to Microsoft.Agents.AI.Foundry.Hosting,
    - delete the three Toolbox JSON files and the matching Toolbox getters in TestDataUtil.
    
    * Foundry.Hosting.UnitTests: drop redundant 'using Microsoft.Agents.AI.Foundry.Hosting'
    
    The new project namespace is Microsoft.Agents.AI.Foundry.Hosting.UnitTests, which already brings the parent Microsoft.Agents.AI.Foundry.Hosting namespace into scope. The explicit using statement is therefore redundant (IDE0005). Caught by 'dotnet format --verify-no-changes' running on Linux against the .NET 10 SDK.
    
    * Foundry.Hosting: drop InternalsVisibleTo to Foundry.UnitTests
    
    The non-hosting Foundry.UnitTests project no longer holds any Hosting tests after the split, so it doesn't need access to internal types in Microsoft.Agents.AI.Foundry.Hosting. Only Microsoft.Agents.AI.Foundry.Hosting.UnitTests needs it.
    
    * Foundry.Hosting: rename DelegatingResponsesClient to UserAgentResponsesClient
    
    Address westey-m's review feedback on PR #5453: `Delegating*` is conventionally reserved for inheritable base classes (mirroring `DelegatingHandler`) where consumers override one or two members. This polyfill is sealed and only injects the User-Agent supplement, so the new name reflects its actual purpose.
    
    Renamed via `git mv` to preserve history:
    * `src/Microsoft.Agents.AI.Foundry.Hosting/DelegatingResponsesClient.cs` to `UserAgentResponsesClient.cs`
    * `tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/DelegatingResponsesClientTests.cs` to `UserAgentResponsesClientTests.cs`
    
    Class, constructor, and all references updated across:
    * `src/.../UserAgentResponsesClient.cs` (class + constructor + internal log message)
    * `src/.../ServiceCollectionExtensions.cs` (cref + type check + instantiation)
    * `src/.../HostedAgentUserAgentPolicy.cs` (cref)
    * `tests/Foundry.UnitTests/RequestOptionsExtensionsTests.cs` (comment)
    * `tests/Foundry.Hosting.UnitTests/UserAgentResponsesClientTests.cs` (class + cref + instantiations)
  • Python: Fix hosted MCP replay producing orphan function_call_output (#5581)
    * Python: Fix hosted MCP replay producing orphan function_call_output
    
    Resolves part of #5546. After a turn ran a hosted MCP / Foundry-toolbox-MCP
    tool, the next turn's replayed input array carried a function_call_output
    with an mcp_* call_id and no matching function_call, and the Responses API
    returned a 400.
    
    Two layers covered here:
    
    * Chat-client serialize layer (packages/openai): adds mcp_server_tool_call
      and mcp_server_tool_result cases to _prepare_message_for_openai and
      _prepare_content_for_openai. Pairs are coalesced via a post-pass into a
      single mcp_call input item carrying both arguments and output. Orphan
      results are dropped (debug-logged) rather than serialized as orphan
      function_call_output, which is what the Responses API rejected.
    
    * Host read layer (packages/foundry_hosting): _item_to_message and
      _output_item_to_message now route custom_tool_call_output whose
      call_id.startswith("mcp_") to Content.from_mcp_server_tool_result.
      Non-mcp_ call_ids continue to produce Content.from_function_result.
      Symmetric with the host write-side choice for hosted-MCP results.
    
    Two further fixes (agentserver SDK additions, host write-side single-item
    emission) remain tracked on the issue and depend on an SDK release.
    
    * Python: Fix pyright unknown-type in _stringify_mcp_output
    
    cast(Sequence[Any], output) after the isinstance check so pyright stops
    flagging the loop variable as unknown. Also normalizes a couple of
    em-dashes in docstrings I introduced in the prior commit.
    
    * Python: Harden _stringify_mcp_output for dict-shaped MCP outputs
    
    Address Copilot review on PR #5581. Today the helper falls back to
    str() for any non-string, non-text-attribute entry, which produces
    Python repr (single-quoted dicts) for the canonical MCP raw-JSON
    text-content shape `{"type": "text", "text": "..."}` and any other
    dict-shaped output.
    
    Three small changes:
    
    * List-entry path: prefer plain string entries, then `.text` attribute
      (Content objects), then `entry["text"]` for Mapping entries in the
      canonical MCP shape, then JSON-encode anything else.
    * Final fallback: `json.dumps(output, default=str)` so Mappings and
      scalars produce valid JSON rather than Python repr.
    * Two new unit tests covering the dict-with-text shape and the
      non-text-dict JSON fallback.
    
    * Python: Suppress mypy redundant-cast on _stringify_mcp_output narrowing
    
    The cast is needed by pyright (reportUnknownVariableType) but mypy
    considers it redundant after the preceding isinstance narrowing.
    Pyright's behavior is correct for the strict-mode reporting we run,
    so keep the cast and silence mypy on the line.
  • .NET: dotnet: Add hosted-agent User-Agent supplement to outgoing requests (#5453)
    * dotnet: Add hosted-agent User-Agent supplement to outgoing requests
    
    When an agent runs inside a Foundry Hosted Agent, the outgoing
    User-Agent header now includes 'agent-framework-hosted/{version}'
    alongside the existing 'MEAI/{version}' segment.
    
    - Add HostedAgentContext with AsyncLocal<string?> property
    - MeaiUserAgentPolicy reads the supplement per-call
    - AgentFrameworkResponseHandler sets/restores the context
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore: update hosted UA format to foundry-hosting/agent-framework-dotnet/{version}
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Trying to get UA flowing, no luck yet.
    
    * .NET: Polyfill MEAI OpenAIResponsesChatClient to add hosted-agent User-Agent supplement
    
    When AgentFrameworkResponseHandler resolves an agent (i.e. we are running in a
    hosted context), TryApplyUserAgent walks the agent's IChatClient decorator chain
    to find MEAI's internal OpenAIResponsesChatClient and reflectively swaps its
    inner _responseClient field with a DelegatingResponsesClient wrapper. The
    wrapper overrides the public-virtual protocol methods to add a per-call
    HostedAgentUserAgentPolicy to the RequestOptions and delegate to the inner
    ResponsesClient. The OpenAI SDK's internal streaming overloads bottom out in
    calls to the public-virtual non-streaming overloads via virtual dispatch on
    this, so streaming is covered without overriding any non-virtual member.
    
    The wrapper accepts any ResponsesClient-derived inner — both the Foundry
    ProjectResponsesClient and the native OpenAI ResponsesClient — and preserves
    the inner client's full pipeline (Transport, RetryPolicy, NetworkTimeout,
    OrganizationId / ProjectId / UserAgentApplicationId, custom policies).
    
    - Add DelegatingResponsesClient + HostedAgentUserAgentPolicy in Microsoft.Agents.AI.Foundry.Hosting.
    - Add TryApplyUserAgent next to ApplyOpenTelemetry in FoundryHostingExtensions; wire it into AgentFrameworkResponseHandler.GetAgent for both keyed and default-agent paths.
    - Drop earlier-iteration dead code: AddHostedAgentTelemetry extension, HostedUserAgentPolicy class, HostedAgentContext.cs, and the never-called ToRequestOptions helper.
    - Revert RequestOptionsExtensions.MeaiUserAgentPolicy to MEAI-only (the supplement is now injected by the polyfill).
    - Revert unrelated whitespace change in Agent_Step25_ToolboxServerSideTools sample.
    - Tests cover streaming AND non-streaming, retry policy preservation, OrganizationId/ProjectId/UserAgentApplicationId pass-through, idempotency, native OpenAI ResponsesClient, and reflection guards for MEAI/OpenAI shape drift.
    
    * .NET: Address review feedback on hosted-agent User-Agent polyfill
    
    - TryApplyUserAgent: replace silent null-return with ArgumentNullException to match the codebase's convention.
    - Add idempotency test (TryApplyUserAgent_CalledTwiceOnSameAgent_DoesNotDoubleWrap) — runs the polyfill twice on the same agent and asserts the wire UA contains exactly one foundry-hosting segment, proving the 'current is DelegatingResponsesClient' guard prevents nested wrapping.
    - Add retry-double-append test (Polyfill_RetryWithinCall_DoesNotDuplicateSupplementInUserAgent) — exercises the HostedAgentUserAgentPolicy Contains-guard via a custom retry policy that re-runs the inner pipeline on the same message.
    - Replace TryApplyUserAgent_NullAgent_ReturnsNullWithoutThrowing with TryApplyUserAgent_NullAgent_ThrowsArgumentNullException to match the new contract.
    
    * .NET: Drop null check from TryApplyUserAgent and its now-redundant test
    
    The two call sites in AgentFrameworkResponseHandler.GetAgent already null-check the agent before invoking TryApplyUserAgent, so the defensive ArgumentNullException is unreachable. Remove it and the corresponding test.
    
    * .NET: Remove unused Microsoft.Shared.Diagnostics import in ServiceCollectionExtensions
    
    The Throw.IfNull helper from this namespace was used by the now-removed null check in TryApplyUserAgent. Drop the unused import to satisfy IDE0005 in CI's full-project dotnet format run.
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • .NET: Add declarative HttpRequestAction sample (#5572)
    * Add declarative HttpRequestAction support to workflows
    
    * Clean up response body for diagnostics  and fix tests.
    
    * Fix merge with main.
    
    * Remove redundant fallback for request content headers.
    
    * Add declarative InvokeHttpRequest sample
    
    * Fix solution file and update sample yaml comments
    
    * Add final newline to sample class to fix formatting failure