mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
feature/python-add-workflow-reset
80 Commits
-
.NET: Only use the output from the last message for structured output (#6499)
* Only use the output from the last message for structured output * Address PR comments * Address PR comment * Address PR comments
westey ·
2026-06-12 15:47:32 +00:00 -
.NET: [BREAKING] Align FileAccess tools with Python; add directory discovery and recursive search (#6474)
* Align FileAccess with python and improve functionality * Addressing PR comments
westey ·
2026-06-12 14:28:26 +00:00 -
.NET: Align Foundry sample environment variables and credentials. (#6422)
* dotnet: refresh Foundry sample guidance Carry forward the still-relevant sample guidance and Foundry-specific documentation fixes from the old stacked sample migration work, adapted to the current repo layout and policy. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dotnet: rename Foundry sample env vars Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dotnet: remove persistent provider sample Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dotnet: drop SAMPLE_GUIDELINES.md from this PR Defer the guidelines doc and its cross-link to a follow-on PR to avoid broken-link failures in CI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dotnet: add DefaultAzureCredential warning to remaining samples Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * dotnet: address PR review feedback Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-06-11 17:26:00 +00:00 -
.NET: Add LoopAgent capability for Harnesses (#6384)
* Add LoopAgent capability for Harnesses * Address PR comments. * Add support for returning user messages and response aggregation * Support fresh context per iteration with input sessions via cloning * Add ability to receive newly created sessions via callback * Address PR comments * Add judge criteria * Address PR comments
westey ·
2026-06-11 15:00:01 +00:00 -
.NET: Adds Valkey to chat message history - issue 5445 (#5542)
* Adds Valkey to chat message history * Address review: switch to Valkey.Glide, add options class, remove context provider - Switch from StackExchange.Redis to Valkey.Glide 1.1.0 (official Valkey .NET client) - Extract optional params into ValkeyChatHistoryProviderOptions - Add JsonSerializerOptions support, remove [RequiresUnreferencedCode] - Make MaxMessages/MaxMessagesToRetrieve readonly via options - Remove ValkeyContextProvider (overlaps with ChatHistoryMemoryProvider + MEVD) - Remove ValkeyProviderScope (only used by context provider) - Remove connection string constructors (caller manages IConnectionMultiplexer) - Update samples to use new API and gpt-5.4-mini * Use type-safe JsonSerializer overloads, remove suppress attributes Use JsonSerializerOptions.GetTypeInfo() for Serialize/Deserialize calls to enable NativeAOT/trimming compatibility without suppress attributes. Default to AgentAbstractionsJsonUtilities.DefaultOptions when no options provided. Signed-off-by: Matthias Howell <matthias.howell@improving.com> * Update READMEs: remove context provider references Remove ValkeyContextProvider and long-term memory references from sample READMEs since the context provider was removed from this PR. Simplify Valkey server requirements (no search module needed for chat history). Signed-off-by: Matthias Howell <matthias.howell@improving.com> * Apply suggestion from @westey-m * Fix formatting (dotnet format) Signed-off-by: Matthias Howell <matthias.howell@improving.com> * Update dotnet/src/Microsoft.Agents.AI.Valkey/Microsoft.Agents.AI.Valkey.csproj Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> --------- Signed-off-by: Matthias Howell <matthias.howell@improving.com> Co-authored-by: Matthias Howell <matthias.howell@yoppworks.com> Co-authored-by: westey <164392973+westey-m@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
Matthias Howell ·
2026-06-11 13:18:00 +00:00 -
.NET: Bump Microsoft.Extensions.AI packages to 10.6.0, align transitive dependency floor, and update Merge Gatekeeper ignores (#6148)
* Bump Microsoft.Extensions.AI packages to 10.6.0 * Align transitive package versions for Microsoft.Extensions.AI 10.6.0 * Ignore external review check in Merge Gatekeeper --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
Copilot ·
2026-06-10 10:02:22 +00:00 -
.NET: Remove required token params from HarnessAgent, make compaction opt-in (#6409)
* Move token params from HarnessAgent constructor to options Remove the required maxContextWindowTokens and maxOutputTokens constructor parameters from HarnessAgent and AsHarnessAgent, replacing them with optional MaxContextWindowTokens and MaxOutputTokens properties on HarnessAgentOptions. When both values are provided, compaction is enabled as before (in-loop CompactionProvider and chat reducer on the default InMemoryChatHistory Provider). When either is null, compaction is disabled entirely, making it opt-in. New constructor: HarnessAgent(IChatClient, HarnessAgentOptions?, ILoggerFactory?, IServiceProvider?) Closes #6333 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Improving comments. * feat: Add custom CompactionStrategy and DisableCompaction to HarnessAgentOptions Allow users to provide their own CompactionStrategy via options, with a clear priority system: 1. DisableCompaction=true: no compaction regardless of other settings 2. Custom CompactionStrategy provided: use it (token params ignored) 3. Both MaxContextWindowTokens and MaxOutputTokens set: default strategy 4. Otherwise: no compaction Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Address PR review comments on compaction opt-in - Update chatClient param XML doc to reflect compaction is opt-in - Strengthen compaction tests to assert ChatReducer is null/not-null rather than just asserting construction succeeds Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
westey ·
2026-06-09 13:06:00 +00:00 -
.NET: [BREAKING] Migrate .NET GitHub Copilot SDK to v1.0.0 (#6381)
* Migrate .NET GitHub Copilot SDK from 1.0.0-beta.2 to 1.0.0 - Update namespace from GitHub.Copilot.SDK to GitHub.Copilot - Replace PermissionRequestResult/PermissionRequestResultKind with PermissionDecision - Remove ConnectionState check (StartAsync is now idempotent) - Rename ConfigDir to ConfigDirectory - Use SessionConfig.Clone() for CopySessionConfig - Update Tools type from List<AIFunction> to List<AIFunctionDeclaration> - Rename UserMessageAttachmentFile to AttachmentFile - Update usage data types (CacheWriteTokens: long, Duration: TimeSpan) - Add GHCP001 NoWarn for experimental SDK APIs (matches framework convention) - Specify type argument on CopilotSession.On<SessionEvent>() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix formatting: remove unused using directive Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Skip AzureFunctions SamplesValidation tests pending func tools fix Azure Functions Core Tools v4 can no longer auto-detect the worker runtime in CI (local.settings.json is gitignored). All 7 active SamplesValidation tests fail with 'Worker runtime cannot be None'. Tracked by: https://github.com/microsoft/agent-framework/issues/6402 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Skip additional failing integration tests in CI WorkflowSamplesValidation (5 tests): same func tools issue as #6402. WorkflowConsoleAppSamplesValidation (4 tests): KeyNotFoundException during workflow execution, tracked by #6404. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Giles Odigwe ·
2026-06-08 22:34:05 +00:00 -
.NET: Bug fixes for AGUI hosting and workflows (#6311)
* Add mcp tool execution fix * Apply IsolationKeyScopedAgentSessionStore to MapAGUI by default if not yet set and improve comments in samples * Address PR comments * Fix formatting
westey ·
2026-06-03 17:45:58 +00:00 -
.NET: Fix render dupe and text input clear bugs, and improve guardrail error messaging (#6136)
* Fix render dupe and text input clear bugs * Fix another text rendering issue and improve guardrails messaging * Address PR comments * Improve guardrail rendering and json error handling * Another tweak for input box render issue * Address PR comments
westey ·
2026-05-28 16:38:04 +01:00 -
.NET: Add Foundry Toolbox MCP skills discovery sample (#6134)
* feat: add Agent_Step26_FoundryToolboxMcpSkills sample Add a new sample demonstrating MCP-based skills discovery from a Foundry Toolbox endpoint using AgentSkillsProviderBuilder and AIContextProviders. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review comments for Step26 sample - Add Foundry-Features: Toolboxes=V1Preview header to MCP transport options, matching the Step25 pattern - Document skill://index.json prerequisite in README Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step26_FoundryToolboxMcpSkills/Program.cs Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
semenshi-m ·
2026-05-28 12:41:33 +00:00 -
Python: Align c# and python TodoProvider tool names (#6107)
* Align c# and python TodoProvider tool names * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Address PR review: remove __slots__ and add typed schemas for tool params - Remove __slots__ from TodoItem, TodoInput, and TodoCompleteInput classes (not needed for low-instance-count objects and hinders dev scenarios) - Add _TodoAddItemSchema and _TodoCompleteItemSchema TypedDicts to provide proper JSON schema for todos_add and todos_complete tool parameters - Use typing_extensions for Python 3.10 compatibility Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
westey ·
2026-05-28 08:40:13 +00:00 -
.NET: Add MCP-based skills support (skill-md type) (#6108)
* Add MCP-based skills support - Add AgentMcpSkill, AgentMcpSkillResource, AgentMcpSkillsSource, and McpSkillIndex to Microsoft.Agents.AI.Mcp - Add AgentSkillsProviderBuilderMcpExtensions for DI integration - Add Agent_Step06_McpBasedSkills sample project - Add unit tests for AgentMcpSkillsSource - Update solution file and project references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unnecessary [Experimental] attributes from MCP package The package is already alpha, so the [Experimental] attribute is redundant. Removed from both AgentSkillsProviderBuilderMcpExtensions and AgentMcpSkillsSource classes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Make Agent_Step06_McpBasedSkills self-contained and add to verify-samples Embed an internal MCP server (launched via --server flag as a child process) that serves skill://index.json and skill://unit-converter/SKILL.md resources, replacing the external MCP_SKILLS_ENDPOINT dependency. The sample now uses StdioClientTransport and a fixed prompt instead of an interactive loop. Added SampleDefinition to AgentsSamples.cs for automated verification. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Sort usings --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
semenshi-m ·
2026-05-27 18:38:57 +00:00 -
Python: Align ModeProvider tool names and instructions (#6071)
* Align ModeProvider tool names and instructions * Address PR comments
westey ·
2026-05-26 14:37:34 +00:00 -
.NET: [Breaking] Refactor AgentSkill API to async resource and script lookup (#6030)
* .NET: Refactor AgentSkill API to async resource and script lookup Replace property-based AgentSkill.Content, Resources, and Scripts with async-by-name lookup methods plus boolean availability flags: - Content (string getter) -> GetContentAsync(CancellationToken) - Resources (full list) -> HasResources + GetResourceAsync(name, ct) - Scripts (full list) -> HasScripts + GetScriptAsync(name, ct) This makes the API friendlier for sources like MCP where enumerating all resources up front is expensive or impossible, and allows skill implementations to fetch content lazily. Subclass changes: - AgentFileSkill and AgentInlineSkill implement the new async API while preserving content caching. - AgentClassSkill<TSelf> keeps virtual Resources/Scripts properties for reflection-based discovery and seals the new HasResources/HasScripts/ GetResourceAsync/GetScriptAsync overrides. Its previously non-thread-safe lazy initialization is replaced with Lazy<T> (default thread-safety) wired up in a new protected constructor, so concurrent first-access from multiple threads is safe. - AgentSkillsProvider calls the new async API and exposes ead_skill_resource / load_skill / un_skill_script tools that await the per-name lookups. Includes baseline CompatibilitySuppressions.xml entries for the removed property getters. Tests: - Direct coverage for HasResources, HasScripts, GetResourceAsync, and GetScriptAsync on all three skill implementations (positive, missing-name, and no-resources/no-scripts cases). - Thread-safety regression test for AgentClassSkill<TSelf> that exercises concurrent first-access to Resources, Scripts, and GetContentAsync from many tasks and asserts all observers see the same cached instance. - Provider-level coverage for the ead_skill_resource tool (invocation + error paths) and for the previously untested error paths of load_skill and un_skill_script (empty names, skill/resource/script not found). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review comments - Move GetScriptAsync inside try/catch in RunSkillScriptAsync for error-handling parity - Remove dead _reflectedResources branch from AgentSkillTestExtensions - Fix XML docs to reference virtual Resources/Scripts properties (not sealed methods) - Add Async suffix to async test methods per naming convention - Make no-await tests synchronous to eliminate CS1998 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix formatting: add UTF-8 BOM and remove unused using Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix XML cref: Resources/Scripts are on AgentClassSkill<TSelf> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove HasResources and HasScripts properties from AgentSkill Drop the virtual HasResources and HasScripts properties from AgentSkill and all concrete subclasses (AgentFileSkill, AgentInlineSkill, AgentClassSkill). AgentSkillsProvider now always includes all three tools (load_skill, read_skill_resource, run_skill_script) and both instruction blocks, since the tools already handle missing resources/scripts gracefully. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add blank line for readability in file-based skills sample Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix HostedAgentSkillsPatternTests for always-included tools Update assertions to expect read_skill_resource and run_skill_script tools are always present, matching the new behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SergeyMenshykh ·
2026-05-25 17:16:03 +00:00 -
.NET: HarnessConsole: Improve rendering perf / reduce flickering (#6014)
* HarnessConsole: Improve rendering perf / reduce flickering * Address PR comments
westey ·
2026-05-25 09:25:58 +00:00 -
.NET: Add MCP long-running task support for MCP client tools (#5994)
* Add MCP long-running task support for MCP client tools * Fixed project file formatting issue. * Removed experimentation tag from MCP alpha project. * Addressed PR comments
Peter Ibekwe ·
2026-05-22 19:09:54 +00:00 -
.NET: Add additional openai specific error observers and move them to openai project (#6004)
* Add additional openai specific error observers and move them to openai project * Address PR comments
westey ·
2026-05-21 13:54:47 +00:00 -
.NET: Add background agents support to HarnessAgent (#5977)
* Add background agents support to HarnessAgent * Add unit tests * Address PR comments
westey ·
2026-05-21 10:57:06 +00:00 -
.NET: Reduce re-rendering in harness console (#5953)
* Reduce re-rendering in harness console * Address PR comments * Fix broken merge
westey ·
2026-05-19 19:10:57 +00:00 -
.NET: Harness code act skill sample (#5930)
* Add sample that shows code execution and skills together * Use nuget for python module path * Update readme. * Fix formatting. * Reduce flashing in rendering. * Improve screen clearing for Powershell * Add a couple of small UX fixes
westey ·
2026-05-19 15:49:03 +00:00 -
westey ·
2026-05-19 15:32:14 +00:00 -
.NET: Add ability to export/import sessions in harness console (#5920)
* Add ability to export/import sessions in harness console * Address PR comments
westey ·
2026-05-18 18:44:50 +00:00 -
.NET: Add otel file logging and switch samples to projects client with store=true (#5924)
* Add otel file logging and switch samples to projects client with store=true * Fix formatting and remove rogue file
westey ·
2026-05-18 17:39:29 +00:00 -
.NET: Require TODO finish reason and rename SubAgents to BackgroundAgents (#5902)
* Require TODO finish reason and rename SubAgents to BackgroundAgents * Address PR comments
westey ·
2026-05-18 15:37:25 +00:00 -
.NET: Adding default providers and tools to HarnessAgent (#5896)
* Adding default providers and tools to HarnessAgent * Address PR comments * Add further comments to clarify certain setings. * Apply suggestion from @SergeyMenshykh Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com> --------- Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
westey ·
2026-05-18 10:07:16 +00:00 -
.NET: Add observer for OpenAIWebSearch (#5894)
* Add observer for OpenAIWebSearch * Update reference in comment * Use types where possible.
westey ·
2026-05-15 17:30:01 +00:00 -
.NET: Harness console refactoring (#5811)
* Restructure harness console so that reactive app is the entry point * Further refactoring to split tool formatters, improve UX, make console configurable and fix bugs * Address PR comments. * UX tweak * Fix streaming text bug * Address PR comments.
westey ·
2026-05-14 15:22:11 +00:00 -
Fixing FoundryToolboxMcp sample to use created toolbox. (#5786)
Co-authored-by: alliscode <bentho@microsoft.com>
Ben Thomas ·
2026-05-13 16:53:16 +00:00 -
.NET: Add harness agent package (#5782)
* Add harness agent package * Fix formatting. * Fix formatting. * Update release filter * Address PR comments.
westey ·
2026-05-13 10:58:05 +00:00 -
.NET: Feat/dotnet shell tool (#5604)
* feat(dotnet): add Microsoft.Agents.AI.Tools.Shell with LocalShellTool Ports Python LocalShellTool to .NET as a new package (net8/9/10). - Microsoft.Agents.AI.Tools.Shell: LocalShellTool, ShellPolicy (deny-list guardrail), ShellResolver (cross-OS pwsh/powershell/cmd vs bash/sh), ShellResult with head+tail truncation, timeout + process-tree kill, AsAIFunction with required-by-default human approval gate. - Persistent mode via ShellSession (sentinel protocol over pwsh/bash). - acknowledgeUnsafe parity gate matches the Python implementation. - Auto-injected platform context in the AIFunction description so the LLM sees the active OS and shell at tool-discovery time. - 17 xunit.v3 tests cover policy allow/deny, echo roundtrip, exit codes, timeout/kill, AsAIFunction shape + approval wrapping, persistent cwd/env carry-over, head+tail truncation, sentinel race. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(shell): close Python parity gaps for LocalShellTool Closes the .NET vs Python parity gaps identified in the competitive eval: - Default mode flipped to ShellMode.Persistent (matches Python). Every call now reuses a long-lived shell so cd/exports/functions persist; pass mode: ShellMode.Stateless to opt out. - New IShellExecutor interface — pluggable backend so future DockerShellTool / Hyperlight / SSH executors don't fork the framework. LocalShellTool implements it. - Workdir confinement: confineWorkingDirectory (default true) re-anchors every persistent-mode command back to workingDirectory so a wandering cd in one call doesn't leak to the next. Mirrors Python _maybe_reanchor. - Graceful interrupt on timeout: ShellSession sends SIGINT (POSIX) or Ctrl+C-on-stdin (Windows) before falling back to a hard close+respawn. Successfully-interrupted commands return exit 124 + TimedOut=true while preserving session state for the next call. - cleanEnvironment opt-in: when true, only PATH/HOME/USER/USERNAME/ USERPROFILE/SystemRoot/TEMP/TMP plus user-supplied vars are visible. - shellArgv: IReadOnlyList<string> override accepted alongside the string shell binary param (mutually exclusive). Lets advanced callers inject flags like --rcfile or --login. - Typed exceptions ShellTimeoutException and ShellExecutionException replace InvalidOperationException for launch / liveness failures. Tests: 17 -> 23. New cases cover persistent-default ctor, mutually- exclusive shell/shellArgv, confined re-anchor, confine-disabled leak, clean-env strip, and IShellExecutor implementation. All green on net10.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(shell): add DockerShellTool sandboxed shell tier Ports the Python DockerShellTool to .NET. Mirrors the public surface of LocalShellTool but executes commands inside an isolated container, where the container is the security boundary. Stateless and persistent modes both supported; persistent mode reuses ShellSession by launching 'docker exec -i <ctr> bash --noprofile --norc' as the long-lived REPL, so the sentinel protocol works unchanged. Defaults chosen for safety: - --network none, --user 65534:65534 (nobody), --read-only root - --cap-drop=ALL, --security-opt=no-new-privileges - 512m memory cap, pids-limit 256, --tmpfs /tmp - Optional host workdir mount, ro by default Public surface: - DockerShellTool ctor with image/container_name/mode/host_workdir/ workdir/network/memory/pids_limit/user/read_only_root/extra_run_args/ environment/policy/timeout/max_output_bytes/on_command/docker_binary - StartAsync, CloseAsync, RunAsync, AsAIFunction, IShellExecutor impl - IsAvailableAsync(binary) probe - Static argv builders (BuildRunArgv, BuildExecArgv) — pure, side- effect free, so unit tests don't need a Docker daemon AsAIFunction defaults to requireApproval: false (the container IS the boundary). LocalShellTool keeps the opposite default. Tests: 23 -> 35. 12 new tests cover argv builders, env/extra-args/host- workdir flags, exec interactive vs stateless, container name uniqueness, IShellExecutor implementation, AsAIFunction approval defaults, and IsAvailableAsync false-path. None require Docker. Multi-TFM build (net8/9/10) green. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test(shell): add DockerShellTool integration tests Adds 9 end-to-end tests that exercise DockerShellTool against a live Docker (or Podman) daemon. Tests are tagged [Trait("Category", "Integration")] and auto-skip via Assert.Skip when no daemon is available, so they are CI-safe. Coverage: - IsAvailableAsync probe - Persistent mode basic command + state preservation across calls - --network none blocks outbound DNS - --read-only root prevents writes outside /tmp; /tmp tmpfs is writable - --user 65534:65534 (nobody) is in effect - Stateless mode: env vars do not leak across calls - HostWorkdir bind-mount + read-only enforcement - Environment variables passed via -e Tests use debian:stable-slim (alpine ships only busybox sh, which ShellSession persistent bash REPL cannot drive). Run locally: dotnet test --filter "Category=Integration" or filter by class on the test exe directly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style(shell): apply dotnet format pass - Whitespace and code-style fixes from `dotnet format` across both projects - Convert all new files to UTF-8 with BOM and LF line endings (repo convention) - Rename ShellSession statics to s_ prefix (IDE1006) - Add Async suffix to async test methods (IDE1006) No behavioral changes. All 44 tests still pass on net10.0; multi-TFM build (net8/net9/net10) green. `dotnet format --verify-no-changes` now reports clean for both projects. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(shell): add DockerShellTool walkthrough with sequence diagrams Explains the mental model (we shell out to the docker CLI; we never speak the engine API), the hardened docker run argv, persistent vs stateless lifecycles with mermaid sequence diagrams, the full agent-to-bash call ladder, and the failure modes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fixes (group a): libc DllImport, namespace cleanup, policy-msg dedup Three quick-win review comments on PR #5604: 1. ShellSession: the libc `killpg` P/Invoke was annotated with `DllImportSearchPath.System32`, a Windows-only loader hint that does nothing for libc.so on POSIX. Switched to `SafeDirectories` (CA5392 /CA5393 clean) and added a comment noting the call site is gated to non-Windows. 2. DockerShellToolTests: replaced the fully-qualified `Extensions.AI.ApprovalRequiredAIFunction` with a `using Microsoft.Extensions.AI;` import and the bare type name, matching `LocalShellToolTests`. 3. LocalShellTool / DockerShellTool: `AsAIFunction`'s catch block was producing a doubled "Command blocked by policy: Command rejected by policy: ..." prefix because the `ShellPolicyException` message already starts with "Command rejected by policy". Now we return `ex.Message` directly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group b): add ShellKind.Sh for /bin/sh fallback Review comment (#3): when /bin/bash is missing the resolver fell back to /bin/sh but tagged it as ShellKind.Bash, so the launcher passed bash-only flags --noprofile --norc to dash/ash/busybox, which interpret them as positional script names. Fix: * Added ShellKind.Sh for minimal POSIX shells (sh, dash, ash, busybox). * /bin/sh fallback is now tagged Sh. * ClassifyKind maps "SH" / "DASH" / "ASH" / "BUSYBOX" binary names to Sh. * StatelessArgvForCommand emits just `-c <command>` for Sh (no bash-only flags); PersistentArgv emits no flags at all. * LocalShellTool's system-prompt builder describes Sh distinctly and warns the model away from bash-only constructs. Tests: ShellResolverTests covers Sh/Bash classification through the observable argv output (14 new theory cases). Total: 58/58. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group d): honor timeout=null, add DefaultTimeout Review comment (#5): both LocalShellTool and DockerShellTool documented `timeout: null` as "disables timeouts" but the constructor coerced null to 30 seconds, making the documented disable mechanism unreachable through the public API. Fix: * Drop the `?? TimeSpan.FromSeconds(30)` coercion in both ctors. `_timeout` now faithfully reflects what the caller passed (null = disabled). The downstream CTS-construction sites already short-circuit on null, so no other code changes are required. * Add `public static readonly TimeSpan DefaultTimeout` (30 s) on both tools so callers who want a bounded timeout can opt in explicitly. Tests: * New `RunAsync_NullTimeout_DoesNotTimeOutAsync` confirms a quick command runs to completion when the caller passes `timeout: null`. * New `DefaultTimeout_IsThirtySeconds` documents the constant. Behavioral note: this is a deliberate change-of-default. Callers that previously omitted `timeout` and relied on the implicit 30 s now get "no timeout". They should pass `LocalShellTool.DefaultTimeout` or `DockerShellTool.DefaultTimeout` explicitly to preserve the prior behavior. Tests: 60/60 (44 baseline + 14 resolver + 2 new timeout tests). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group e): smart requireApproval default for DockerShellTool Review comment (#6, design): requireApproval: false baked in a safety decision the type cannot prove on its own. Callers can weaken any isolation knob (network, user, readOnlyRoot, mount, extraRunArgs) and still get an unapproved tool by default. Fix: * New public IsHardenedConfiguration property returns true iff the effective config matches the safe defaults: network=="none", non-root user, read-only root, host mount (if any) read-only, no extra run args. * AsAIFunction's requireApproval parameter is now bool? defaulting to null. When null, approval is enabled iff IsHardenedConfiguration is false. Pass false explicitly to opt out, or true to force. * docker-shell-tool.md updated with the new approval matrix. Tests: 4 new theory cases + 2 facts cover hardened-default, relaxed-network, root-user, writable-root, extraRunArgs, and explicit-opt-out branches. Total: 66/66. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group c): wrap POSIX shell in setsid for correct killpg Review comment (#1): killpg(proc.Id, SIGINT) only behaves like a process-group signal when proc.Id IS a process group id. Since the .NET launcher does not call setsid() / setpgid() itself, the spawned shell inherits the agent host's process group — so killpg targeted the wrong group and the cancel signal could leak to the agent. Fix: * On non-Windows, EnsureStartedAsync probes for setsid (well-known paths first, then PATH). When found it wraps the shell launch as `setsid <shell> <args...>` so the spawned shell becomes a session leader (PID == PGID). * A new _isSessionLeader flag tracks whether the wrap succeeded. * InterruptCurrentCommandAsync only calls killpg when _isSessionLeader is true. Without setsid, killpg on an unsuited PID could signal the agent itself, so we skip the fast path and let the caller's hard close-and-respawn handle the timeout. * Windows behaviour is unchanged (Ctrl+C-via-stdin to pwsh). No public-API changes; existing tests cover the interrupt path and all 66/66 still pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .Net: DockerShellTool design + caller-cancel container leak fixes (PR #5604) Addresses three Copilot review findings on PR #5604. Design (group f): * StartAsync: change inner ResolvedShell from ShellKind.Bash to ShellKind.Sh. BuildExecArgv() already includes `--noprofile --norc` in ExtraArgv; Bash's PersistentArgv() was appending those flags a second time, yielding `bash --noprofile --norc --noprofile --norc`. Sh's PersistentArgv() returns Array.Empty so ExtraArgv is forwarded unchanged. * BuildExecArgv: remove the dead `interactive: false` branch and the `interactive` parameter. The `false` path produced an unusable argv ending in `-c` with no command and was never invoked internally (stateless mode uses BuildRunArgvStateless). Updated tests and docs/docker-shell-tool.md sequence diagram. Reliability (group g): * RunStatelessAsync: add a second `catch (OperationCanceledException)` guarded on `cancellationToken.IsCancellationRequested` that issues `docker kill --signal KILL <perCallName>` before rethrowing. Previously, caller-driven cancellation bypassed the timeout-only catch and propagated without killing the container; because `--rm` only fires when PID 1 exits, the container ran indefinitely. Extracted the kill-by-name logic into a `BestEffortKillContainerAsync` helper shared by both the timeout and caller-cancel paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .Net: Fill PR #5604 test coverage gaps for Shell tools Addresses the test-coverage findings in the latest Copilot review. * ShellResultTests (new): direct branch coverage for ShellResult.FormatForModel() — empty stdout, non-empty stderr, truncated, timed-out, success, and the truncated-with-empty-stdout edge where the marker is intentionally suppressed. This method's string is what the language model sees, so it benefits from explicit unit-level coverage independent of integration tests. * ShellSessionTests (new): direct unit tests for the internal TruncateHeadTail head-tail truncation utility — under-cap (no truncation), exactly at cap (no truncation), over-cap (truncated with marker, both head and tail preserved), and empty-string. Reachable via InternalsVisibleTo. * LocalShellToolTests: Theory test exercising 8 representative patterns from ShellPolicy.DefaultDenyList (rm -rf /, mkfs.ext4, curl|sh, wget|sh, Remove-Item /, shutdown, reboot, Format-Volume) to catch deny-list regex regressions; previously only 1/16 was tested. * LocalShellToolTests: explicit stderr-capture assertion (echo to stderr → result.Stderr contains the message). Stderr capture was not directly asserted anywhere in the suite. * DockerShellToolTests: RunAsync_RejectedCommand throws ShellCommandRejectedException. The Docker-side policy check is a pure-logic path that runs before any docker invocation, so this test covers the rejection branch without needing a Docker daemon. Total: 66 -> 85 tests, all passing on net10.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(dotnet/shell): add ShellEnvironmentProvider for OS-aware shell instructions Pairs LocalShellTool/DockerShellTool with an AIContextProvider that probes the live shell once per session (OS, family, version, CWD, configurable CLI versions) and injects authoritative instructions so the agent uses platform-native idioms (PowerShell vs POSIX). Fixes the class of bugs where the model emits 'VAR=value' / '/tmp' / '$VAR' on a Windows PowerShell session. - ShellEnvironmentProvider/Snapshot/Options public surface in the existing Microsoft.Agents.AI.Tools.Shell package (one new project reference to Microsoft.Agents.AI.Abstractions). - Probes go through the same IShellExecutor that runs agent commands, so they respect the configured policy and (for DockerShellTool) the container boundary. - 8 unit tests covering snapshot capture, default formatter idioms, missing-tool handling, custom formatter override, and refresh. - Agent_Step21_ShellWithEnvironment sample replays the DEMO_TOKEN cross-call scenario using a persistent local shell. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet/shell): address PR review feedback round 3 - ShellEnvironmentProvider.cs split into one-type-per-file (ShellFamily, ShellEnvironmentSnapshot, ShellEnvironmentProviderOptions, plus the provider class) to match FoundryMemoryProvider/AgentSkillsProvider layout. - csproj: drop IsPackable=false (package will publish on merge), add IsReleased=true and disable package validation baseline (first release), use TargetFrameworksCore, add InjectSharedDiagnosticIds and InjectExperimentalAttributeOnLegacy to align with shipping packages. - Sample: refactor to demonstrate stateless mode first (independent read-only commands), then persistent mode (state carried across calls, e.g. DEMO_TOKEN). Strip narrative/historical comments. - Move docker-shell-tool.md out of the package — that doc lives in the docs repo (semantic-kernel-pr/agent-framework, branch feat/dotnet-shell-tool). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 4 review feedback - Sample (Agent_Step21_ShellWithEnvironment): add prominent WARNING block noting LocalShellTool runs real commands on the host. Restructure sample to demonstrate stateless mode first (cd does not carry across calls) then persistent mode (cd and env vars persist), motivating when to pick each. - DockerShellTool class XML doc: reframe as a best-effort baseline rather than a security guarantee; list mitigations users should still apply. - DockerShellTool ShellKind.Sh comment: rephrase as forward-looking design rationale (avoid duplicate --noprofile/--norc if Bash is reintroduced) instead of bug-history narrative. - DockerShellTool.IsHardenedConfiguration / AsAIFunction XML docs: clarify these are configuration-shape checks and convenience defaults, not security guarantees. - Drop IDisposable from LocalShellTool and DockerShellTool. The previous sync Dispose() blocked on DisposeAsync().GetAwaiter().GetResult() with a VSTHRD002 suppression, which is fragile under sync contexts. Both tools now expose IAsyncDisposable only; tests updated to await using. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add Async suffix to async test methods to satisfy IDE1006 Fixes check-format CI failure on PR #5604. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix CPU busy-spin in WaitForSentinelAsync When new bytes arrived in the stdout read loop, the producer called TrySetResult on _stdoutSignal but did not replace it with a fresh TCS. A consumer looping inside WaitForSentinelAsync would then re-read the same already-completed TCS, causing WaitAsync(100ms) to return synchronously every iteration — a tight busy-spin that pinned a core until the sentinel arrived or the timeout fired. Swap the signal before completing the old one so the next consumer iteration observes a fresh (uncompleted) TCS, matching the pattern already used in ReadExitCodeAsync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unused onCommand audit hook from shell tools The Action<string> onCommand callback was a redundant audit-logging seam: no production callers, no Python parity, and the framework already provides function-invocation middleware for cross-cutting concerns at the AIFunction layer. Removing the parameter from LocalShellTool and DockerShellTool keeps the public surface lean. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Align Shell csproj with Foundry.Hosting preview-package conventions - Add RootNamespace - Move Title/Description into the primary PropertyGroup with TargetFrameworks/VersionSuffix to match the Foundry.Hosting layout - Drop IsReleased (preview packages do not set it) - Drop UTF-8 BOM Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Document why ShellEnvironmentProvider uses Instructions, not Messages Expand the class XML doc to record the design rationale: the shell environment is stable runtime metadata, not per-turn retrieval, so it belongs in AIContext.Instructions (matching AgentSkillsProvider). Messages is reserved for retrieval payloads (TextSearchProvider, ChatHistoryMemoryProvider). System-role placement also has higher steering weight and benefits from prompt caching in major providers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Clarify which probe failures ShellEnvironmentProvider swallows Name the four exception types explicitly (timeout, policy rejection, spawn failure, cancellation) and note that all other exceptions propagate normally. Avoids the misleading impression that the provider is a blanket try/catch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Strip cross-language and bug-history narrative from shell tool comments Remove "hard-won" framing and explicit "Mirrors the Python ..." cross references from class XML docs and inline comments in ShellSession, DockerShellTool, and ShellResolver. Comments now describe current behavior without commentary on prior implementations or development history. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 5 review feedback - ShellResolver: classify only `bash` as ShellKind.Bash; sh/zsh/dash/ash/ksh/busybox now route through ShellKind.Sh so bash-only --noprofile/--norc flags are not emitted to shells that reject them. Update enum doc and tests. - ShellEnvironmentProvider.ProbeToolVersionAsync: validate the tool name against ^[A-Za-z0-9._-]+$ before interpolating into a shell command (prevents injection if ProbeTools is sourced from untrusted config). Fall back to stderr when stdout is empty so CLIs like java/older gcc still report a version. Drop misleading 'quoted' comment. - ShellSession.TruncateHeadTail: truncate by UTF-8 byte count on rune boundaries, honouring the documented maxOutputBytes contract for non-ASCII output. - ShellEnvironmentProviderTests: drop reflection on private _options; assert against the options instance the test already owns. Rename misnamed RefreshAsync test to reflect re-probing semantics. Add coverage for invalid tool names and stderr-only version output. - ShellSessionTests: add multi-byte UTF-8 truncation tests (byte-budget honoured, no rune split, no U+FFFD). - Move DockerShellToolIntegrationTests.cs from the unit test project into a new Microsoft.Agents.AI.Tools.Shell.IntegrationTests project so 'dotnet test' on the unit suite no longer requires a Docker daemon. Wire the new project into agent-framework-dotnet.slnx. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 6 review feedback - ShellSession.MaybeReanchor: switch from double-quoted to single-quoted literal-quoting per shell. Double quotes still expand $VAR, ``, and backticks in both PowerShell and POSIX, so a working directory containing shell metacharacters could trigger command substitution. Add QuotePowerShell (escape ' as '') and QuotePosix (close-and-reopen around ') helpers and route MaybeReanchor through them. Add tests covering ``, $VAR, backticks, and embedded single quotes. - ShellEnvironmentProvider.RunProbeAsync: narrow the OperationCanceledException filter to `when (!cancellationToken.IsCancellationRequested)` so caller-driven cancellation propagates instead of being silently converted to a null snapshot. Update the class XML doc to call out the distinction. Add tests for both paths (caller cancellation throws, probe-timeout returns null fields). - DockerShellTool.RunStatelessAsync / RunDockerCommandAsync: replace unbounded StringBuilder accumulators with a shared HeadTailBuffer (extracted from LocalShellTool into its own internal type). Caps memory at roughly maxOutputBytes regardless of how much output a command emits; drops the now-redundant trailing TruncateHeadTail call. RunDockerCommandAsync caps helper-command output at 1 MiB (defends against chatty docker pull progress streams). Add HeadTailBufferTests covering bounded behaviour over 10 MiB of streamed input. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 7 review feedback - HeadTailBuffer: switch to UTF-8 byte-aware truncation. The class previously capped on UTF-16 char count while callers pass _maxOutputBytes, so multi-byte output could exceed the budget and head/tail boundaries could split surrogate pairs into orphaned halves. Now tracks UTF-8 byte counts and treats each rune as an indivisible unit (encode -> bytes -> head/tail), guaranteeing the final string round-trips through UTF-8 and never contains an unpaired surrogate. The truncation marker now reads `bytes` instead of `chars` to match. - ShellEnvironmentProvider: clear cached _snapshotTask on failure. Previously a faulted/cancelled first probe permanently poisoned the provider — every later ProvideAIContextAsync await replayed the same exception. Now the failed task is cleared via a CompareExchange so the next caller starts a fresh probe. Tests: added rune-boundary coverage for HeadTailBuffer, plus two regression tests for poison-recovery (executor-throw and caller-cancellation paths). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 8 review feedback - HeadTailBuffer odd-cap data loss: previously _halfCap = cap / 2 was used as both the head fill bound and the tail eviction threshold, so an odd cap (e.g. cap=5 -> halfCap=2) would silently drop a byte while ToFinalString still reported truncated == false. Split into _headCap = cap / 2 and _tailCap = cap - _headCap so head + tail budgets always sum to exactly cap; any input whose UTF-8 size is <= cap now round-trips losslessly. - ShellSession.TakePrefixByBytes unpaired-high-surrogate: the prefix walker advanced 2 chars whenever it saw a high surrogate, without verifying that the next char was actually a low surrogate. Mirrored the pair check from TakeSuffixByBytes so unpaired surrogates are treated as a single (invalid) BMP char and the encoder substitutes U+FFFD as it would anywhere else. - Centralize clean-environment preserved-vars list. The {PATH, HOME, USER, USERNAME, USERPROFILE, SystemRoot, TEMP, TMP} allowlist was duplicated in LocalShellTool (stateless launch) and ShellSession (persistent startup), so adding a new variable required touching both. Extracted into CleanEnvironmentHelper.PreservedVariables / ApplyPreserved; both call sites collapse to a single line. Tests: HeadTailBuffer round-trip-at-odd-cap regression, ShellSession unpaired- surrogate test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 9 review feedback - ShellSession.TruncateHeadTail odd-cap budget: same fix applied to HeadTailBuffer last round but missed here. Use headCap = cap/2 + tailCap = cap - headCap so the head/tail budgets sum to exactly cap. - Replace TakePrefixByBytes / TakeSuffixByBytes Encoder.Convert loops with rune iteration. The old code ignored Encoder.charsUsed and trusted the caller's hand-rolled surrogate-pair detection, which made the byte count fragile around unpaired surrogates. EnumerateRunes + Utf8SequenceLength is stateless and self-evidently correct. - ShellEnvironmentProvider.ProbeAsync now skips case-insensitive duplicates in the user-supplied ProbeTools list. Previously {\"git\",\"GIT\"} would probe twice and rely on insertion order to determine the kept value. - DockerShellToolTests.AsAIFunction_RelaxedConfig_DefaultsToApprovalGated: removed unused trailing ool _ parameter and matching InlineData column. Tests: added duplicate-ProbeTools regression test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 10 review feedback * ShellSession.ReadLoopAsync: replace per-byte buf.Add(chunk[i]) loop with a single buf.AddRange(new ArraySegment<byte>(chunk, 0, n)) bulk copy on the read hot path. * ShellPolicy: compile allow-list patterns with RegexOptions.IgnoreCase, matching the deny-list and avoiding case-mismatch surprises. * LocalShellToolTests.RunAsync_NonZeroExit: drop the redundant ternary that selected between two identical 'exit 7' literals. * DockerShellToolIntegrationTests.NetworkNone: fix the comment to reference 'getent' (matching the actual command) instead of the stale 'wget' phrasing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet): address PR #5604 round-3 review feedback - Rename LocalShellTool/DockerShellTool -> LocalShellExecutor/DockerShellExecutor - Rename IShellExecutor.StartAsync/CloseAsync -> InitializeAsync/ShutdownAsync - Rename ShellDecision -> ShellPolicyOutcome - Rename CleanEnvironmentHelper.ApplyPreserved -> EnvironmentSanitizer.RemoveNonPreserved - Convert ShellRequest/ShellPolicyOutcome from record struct to plain readonly struct (with IEquatable<T>) - Split ShellMode, ShellTimeoutException, ShellExecutionException into their own files - Add DockerNetworkMode static class with None/Bridge/Host constants - Convert DockerShellExecutor memory parameter from string to long? memoryBytes - Use Throw.IfNull(image) in DockerShellExecutor ctor - Make ShellResolver.EnvVarName public const - Inline-comment each DefaultDenyList regex; document allow-precedence-over-deny on ShellPolicy.Evaluate Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet): address PR #5604 round-3 follow-up nits - DockerShellExecutor / LocalShellExecutor: drop redundant IAsyncDisposable from class declarations (IShellExecutor : IAsyncDisposable already covers it) - DockerShellExecutor: scope DefaultImage / DefaultContainerUser / DefaultNetwork / DefaultMemoryBytes / DefaultPidsLimit / DefaultContainerWorkdir to internal (only used as parameter defaults; tests have InternalsVisibleTo) - DockerShellExecutor.RunAsync: blank line after the null-guard block (style consistency) - csproj: move <Title>/<Description> below the nuget-package.props import so they are not overwritten by the shared defaults; refresh wording to match new executor names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor shell tool: abstract ShellExecutor, options classes, ContainerUser record Round-3 review responses for PR #5604: * Replace IShellExecutor interface with abstract ShellExecutor base class so the surface can be extended without breaking implementers (review feedback from @westey-m). * Drop ShutdownAsync from the executor surface; DisposeAsync is the canonical teardown (review feedback from @SergeyMenshykh). * Replace the long parameter lists on Local/DockerShellExecutor constructors with LocalShellExecutorOptions and DockerShellExecutorOptions classes so adding new knobs is no longer a breaking change (review feedback from @SergeyMenshykh). * Introduce ContainerUser(Uid, Gid) record in place of a 'uid:gid' string for the Docker user, with Default and Root statics (review feedback from @lokitoth). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove IsHardenedConfiguration; AsAIFunction defaults to approval-gated Addresses PR #5604 review thread AZpMj. The IsHardenedConfiguration property was a configuration-shape check, not a security guarantee, and using it to auto-disable approval gating gave false confidence. - Delete IsHardenedConfiguration property. - AsAIFunction(requireApproval: null) now always wraps in ApprovalRequiredAIFunction; callers must explicitly pass false to opt out. - Update class- and method-level XML docs to drop hardened-attestation language and call out approval gating as the primary safety control. - Drop two hardening-assertion tests and the relaxed-config theory; add one test asserting null requireApproval is approval-gated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Replace ShellExecutionException/ShellTimeoutException with standard exceptions Addresses PR #5604 review threads AaqVP and Aasod. The custom exception types added no behavior beyond the base type — only a different name — so callers gain nothing from them. - Delete ShellExecutionException.cs and ShellTimeoutException.cs. - Process spawn failures (LocalShellExecutor, DockerShellExecutor) and broken-pipe to a long-lived shell (ShellSession) now throw IOException, which is the natural .NET shape for these failures. - ShellTimeoutException was declared but never thrown; the only in-process timeout path uses the OperationCanceledException raised by the linked CancellationTokenSource. The catch-and-swallow in ShellEnvironmentProvider now matches IOException + TimeoutException. - Update XML doc comments accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove ShellPolicy.DefaultDenyList; default policy is empty Addresses PR #5604 review thread AY7Ba. A regex deny-list is bypassed in seconds by hex escapes ($(echo -e "\x72\x6D")), command substitution ($(base64 -d <<<...)), and envvar splicing ($(A=r B=m; echo $A$B)). No major agent framework uses regex matching as a primary control; AutoGen explicitly removed theirs in v2. The real defenses are approval gating (default) and the Docker sandbox tier. - Delete DefaultDenyList property from ShellPolicy. - ShellPolicy(denyList: null) now means an empty deny-list. - Rewrite ShellPolicy class XML docs to frame as a UX pre-filter for operator-supplied patterns, not as a security control. - Update LocalShellExecutorOptions/DockerShellExecutorOptions Policy docs to match. - Tests that exercise the deny-list mechanism now supply patterns explicitly, mirroring real operator usage. - Add Policy_DefaultConstruction_AllowsAnyNonEmptyCommand test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Document single-session ownership for persistent shell mode Several PR #5604 review threads (notably AaQh2) raised that the persistent shell experience has no concurrency story. The framework's actual design is "one executor per conversation" — there is no per-caller isolation — but that contract was only stated briefly on ShellExecutor and not at all on the types and properties developers reach for first. Strengthen the docs in the places a user is most likely to land: - ShellMode.Persistent: explicit single-session-ownership paragraph (state visible across calls, single pipe, no isolation, one per session). - ShellExecutor: rewrite the Concurrency paragraph to enumerate what leaks (cwd, env, history, background jobs) and call out DI scoping. - LocalShellExecutor: new Single-session-ownership paragraph mirroring the executor-level contract and pointing at Stateless mode as the escape hatch. - DockerShellExecutor: same, framed around the container + bash REPL the persistent-mode executor owns end-to-end. - ShellSession: add a Single-owner paragraph on the type docs and a comment on _runLock clarifying that it serializes the owner's calls, not multiple tenants. - LocalShellExecutorOptions.Mode / DockerShellExecutorOptions.Mode: per-property note pointing at the executor remarks. Docs-only; src builds clean with zero warnings, zero errors. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-05-12 16:17:49 +00:00 -
.NET: Refactor harness console rendering (#5751)
* Refactor harness console rendering * Fix formatting issues * Address PR comments
westey ·
2026-05-12 15:13:53 +00:00 -
.NET: Remove Foundry Toolbox server-side tools support (#5753)
* .NET: Remove Foundry Toolbox server-side tools support Mirrors the Python cleanup in microsoft/agent-framework#5671. Passing toolbox tools as server-side Responses tools is not the experience we want to support; the hosted-agent MCP toolbox path (HostedMcpToolboxAITool + FoundryToolboxService) remains the supported way to consume Foundry Toolboxes. Removed: - FoundryToolbox static class (GetToolboxVersionAsync / GetToolsAsync / ToAITools / SanitizeAndConvert) - AIProjectClient.GetToolboxToolsAsync extension - Agent_Step25_ToolboxServerSideTools sample (+ slnx entry) - FoundryToolboxTests, TestDataUtil, HttpHandlerAssert, and the toolbox JSON fixtures only those tests referenced - ToolboxHostedAgentTests and ToolboxHostedAgentFixture; the "toolbox" switch arm + CreateToolboxAgent helper in TestContainer; matching README scenario row and bootstrap script entry Kept (MCP path, unchanged): - HostedMcpToolboxAITool, FoundryAITool.CreateHostedMcpToolbox, FoundryAIToolExtensions.CreateHostedMcpToolbox(ToolboxRecord/Version) - FoundryToolboxService, AddFoundryToolboxes, marker injection in AgentFrameworkResponseHandler, InputConverter.ReadMcpToolboxMarkers - Hosted-Toolbox sample, McpToolbox* tests, FoundryToolboxServiceTests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Add Foundry Toolbox MCP sample (Agent_Step25_FoundryToolboxMcp) Adds a non-hosted-agent equivalent of the Python foundry_chat_client_with_toolbox.py sample. The agent connects to a Foundry Toolbox's MCP endpoint via Streamable HTTP, injects a fresh Azure AI bearer token on every request, and discovers the toolbox's tools at runtime via McpClient.ListToolsAsync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Tighten Agent_Step25_FoundryToolboxMcp README/Program comments Drop 'non-hosted agent' framing from README (this sample isn't related to hosted agents) and remove narrative comparison to server-side tools from the Program.cs header comment. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Drop python sample reference from Agent_Step25 README Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Drop incorrect .NET 10 prereq from Agent_Step25 README Toolboxes don't require .NET 10 (Microsoft.Agents.AI.Foundry targets net8.0+); the parent AgentsWithFoundry README already lists the sample SDK prereq. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix Toolsets api-version in Agent_Step25 example endpoint Use 2025-05-01-preview to match FoundryToolboxOptions.ApiVersion. The placeholder 'v1' is not accepted by the Toolsets endpoint. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-05-11 22:05:14 +00:00 -
.NET: Add IChatMessageInjector for message injection during function loop (#5679)
* Adding the ability to inject messages during the function call loop * Split message injection functionality * Remove interface, since it is not required not that we split the chat client. * Address conversation id propogation * Fix formatting issue
westey ·
2026-05-08 17:16:03 +00:00 -
.NET: Update FoundryAgent to address HostedAgents strict URL routing (#5677)
* .NET: Foundry agent-endpoint constructor uses ProjectOpenAIClient directly to fix hosted-agent URL routing Fixes the experimental FoundryAgent(Uri agentEndpoint, AuthenticationTokenProvider, ...) constructor so it actually works against Foundry hosted agents. The previous implementation routed through AzureAIProjectChatClient, which internally called aiProjectClient.GetProjectOpenAIClient().GetProjectResponsesClientForAgent(...). For an agent-endpoint URL of the canonical shape https://<host>/api/projects/<project>/agents/<agentName>/endpoint/protocols/openai the chain produced POST https://<host>/api/projects/<project>/openai/v1/responses (project-level path, no /agents/ segment). The Foundry service rejects this with HTTP 400 "Hosted agents can only be called through the agent endpoint: .../agents/<agentName>/endpoint/protocols/openai/responses". The constructor also extracted the agent name via agentEndpoint.Segments[^1].TrimEnd('/'), which returns "openai" (the last segment), not the agent name. What changed - Public ctor signature: clientOptions parameter type changed from AIProjectClientOptions? to ProjectOpenAIClientOptions?. The constructor is fundamentally building a ProjectOpenAIClient; accepting AIProjectClientOptions was a leaky abstraction whose translation silently dropped any pipeline policies the caller added via AddPolicy(...). With the direct type, caller policies pass through to the per-agent traffic verbatim. - Per-agent client construction: `new ProjectOpenAIClient(BearerTokenPolicy, ProjectOpenAIClientOptions)` with Endpoint and AgentName set, then `GetProjectResponsesClient().AsIChatClient()`. The SDK auto-appends ?api-version=v1 when AgentName is set. - New private static ParseAgentEndpoint helper: single source of truth for both agent-name extraction and project-root derivation. Tolerates trailing slash, case variants on /agents/ and the suffix segment, strips query/fragment, and throws ArgumentException with paramName=nameof(agentEndpoint) for malformed input. - Project-level client (used by CreateConversationSessionAsync) is built fresh from the derived project root with primitive properties copied (RetryPolicy/NetworkTimeout/Transport/UserAgentApplicationId) plus MEAI UA. - New GetService<ProjectOpenAIClient>() entry alongside the existing GetService<AIProjectClient>() (the latter returns null in agent-endpoint mode since no AIProjectClient is constructed on that path). - Endpoint and AgentName on caller-supplied ProjectOpenAIClientOptions are overridden by values derived from agentEndpoint. Compatibility - FoundryAgent is [Experimental(OPENAI001)]. No GA surface touched. The Foundry project does not maintain PublicAPI.*.txt baselines so there is no shipped baseline to update. - The Microsoft.Agents.AI.Foundry csproj pins Azure.AI.Projects to VersionOverride 2.1.0-beta.1 (matching what the IT and hosting projects already use); the central pin in Directory.Packages.props stays at 2.0.0. - WireClientHeaders from PR #5652 is invoked on the agent-endpoint path so per-call x-client-* headers behave identically across both ctors. Tests - 23 new unit tests in FoundryAgentTests.cs: - 12 for the agent-endpoint constructor (URL routing for non-streaming and streaming, conversations URL shape, MEAI UA stamping, caller-policy passthrough on the per-agent pipeline, Endpoint/AgentName override semantics, GetService matrix, ProjectOpenAIClient propagation, UserAgentApplicationId propagation, null-arg validation, ID/Name slug) - 9 for ParseAgentEndpoint (standard shape, trailing slash, casing, sovereign-cloud host without /api/projects/ literal prefix, special chars in agent name, query/fragment stripping, three negative cases) - 2 null-arg tests for the public ctor - All 250 Microsoft.Agents.AI.Foundry.UnitTests pass (was 221 baseline plus 29 from PR #5652 plus 23 new in this PR equals 273; pre-existing tests collapsed by the rebase merge keep the total at 250). - All 225 Microsoft.Agents.AI.Foundry.Hosting.UnitTests pass; no behavioral change to the hosting layer. - dotnet build clean across net8/9/10/netstandard2.0/net472 with TreatWarningsAsErrors=true. - dotnet format --verify-no-changes clean for the touched src and test projects. * .NET: Bump central Azure.AI.Projects pin to 2.1.0-beta.1 and flip Microsoft.Agents.AI.Foundry to preview Required to fix the NU1109 downgrade chain that broke CI on the agent-endpoint constructor rewire (#5677). Microsoft.Agents.AI.Foundry now depends on ProjectOpenAIClientOptions.AgentName and the (AuthenticationPolicy, options) constructor that only exist in Azure.AI.Projects 2.1.0-beta.1. Changes: * Directory.Packages.props: Azure.AI.Projects 2.0.0 -> 2.1.0-beta.1. * Microsoft.Agents.AI.Foundry.csproj: drop IsReleased=true so the package ships as preview (matches the beta SDK we now depend on). Add a comment noting the flip is temporary and should revert once Azure.AI.Projects ships a stable 2.1.0. * Drop redundant VersionOverride="2.1.0-beta.1" from the 10 csprojs that had it as a workaround; the central pin now suffices. Verified: * dotnet build agent-framework-dotnet.slnx --warnaserror clean across all TFMs. * Microsoft.Agents.AI.Foundry.UnitTests 250/250 pass. * Microsoft.Agents.AI.Foundry.Hosting.UnitTests 211/211 pass. * dotnet format --verify-no-changes clean for the touched src and test projects.Roger Barreto ·
2026-05-08 14:46:52 +00:00 -
.NET: feat: Update Github Copilot SDK to 1.0.0-beta.2 (#5699)
* feat: Update Github Copilot SDK to 1.0.0-beta.2 * Fix formatting Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: Update for breaking changes in Github.Copilot.SDK * fix sample project * fix: whitespace formatting --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Jacob Alber ·
2026-05-07 19:15:10 +01:00 -
.NET: Improve Todo multithreading and inject todos into message list (#5655)
* Improve Todo multithreading and inject todos into message list * Address PR comments
westey ·
2026-05-05 15:21:51 +00:00 -
.NET: Add allow listing for WebBrowsingTool (#5605)
* Add allow listing for WebBrowsingTool * Address PR comments.
westey ·
2026-05-05 15:20:55 +00:00 -
.NET: Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration (.NET) (#5329)
* Add Microsoft.Agents.AI.Hyperlight package for CodeAct integration Introduces a new Microsoft.Agents.AI.Hyperlight package that enables CodeAct-style sandboxed code execution via Hyperlight (hyperlight-sandbox .NET SDK, PR #46) for .NET agents, following the docs/features/code_act/dotnet-implementation.md design and the Python agent_framework_hyperlight reference. Highlights: - HyperlightCodeActProvider (AIContextProvider): injects an execute_code tool and CodeAct guidance per invocation; single-instance-per-agent via a fixed StateKeys value; supports multiple provider-owned tools (exposed inside the sandbox via call_tool), file mounts, and an outbound domain allow-list; snapshot/restore per run. - HyperlightExecuteCodeFunction: standalone AIFunction for manual/static wiring when the sandbox configuration is fixed. - Approval model via CodeActApprovalMode (AlwaysRequire / NeverRequire) with propagation from ApprovalRequiredAIFunction-wrapped tools. - Unit tests (instruction builder, tool bridge, approval computation, provider CRUD, ProvideAIContextAsync snapshot isolation and approval wrapping). - Env-gated integration test (HYPERLIGHT_PYTHON_GUEST_PATH). - Three samples under samples/02-agents/AgentWithCodeAct (interpreter, tool-enabled, manual wiring). Build is not yet runnable: requires .NET SDK 10.0.200 and the not-yet-published HyperlightSandbox.Api 0.1.0-preview NuGet package. Package is marked IsPackable=false until the dependency is available. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5329 review feedback for Hyperlight CodeAct provider - A. Build-breakers: drop unused usings, override test TargetFrameworks off net472, drop redundant Microsoft.Extensions.AI.Abstractions PackageRef. - B. API: keep CRUD but rebuild sandbox when config fingerprint changes; add HyperlightCodeActProviderOptions.CreateForWasm/CreateForJavaScript factory methods (Backend/ModulePath now read-only); rename WorkspaceRoot to HostInputDirectory; convert AllowedDomain & FileMount from record to sealed class; drop ToolBridge.Unwrap (ApprovalRequiredAIFunction is invocable as-is). - C. ToolBridge: collapse SerializeResult switch; add comment explaining AOT-driven choice to keep JsonNode.Parse over typed Deserialize. - D. InstructionBuilder: drop language-specific 'Python code' phrasing; strip host filesystem paths from execute_code description. - E. Style polish: ternary expression-body for ComputeApprovalRequired, .Where(x is not null), .ToList() over .ToArray() in IReadOnlyList returns. - F. Samples: add guest-module / KVM-WHP build instructions to Step01; note future Excel-upload sample in Step02. Also adds SandboxExecutorTests covering the new RunSnapshot.ComputeFingerprint used for sandbox-rebuild detection. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Align Hyperlight package id and JS warm-up with merged upstream SDK The .NET SDK in hyperlight-dev/hyperlight-sandbox PR #46 has merged. The published package id is Hyperlight.HyperlightSandbox.Api (the bare HyperlightSandbox.Api remains the assembly/namespace) and the reference CodeExecutionTool uses 'void 0;' as the JavaScript warm-up no-op. Update the package reference, project comment, README, and SandboxExecutor warm-up accordingly. No functional change beyond that — all other public APIs we depend on (SandboxBuilder.With*, Sandbox.Run/RegisterToolAsync/AllowDomain/Snapshot/ Restore, ExecutionResult, SandboxBackend) match the merged shape. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Bump Hyperlight package to 0.4.0 and fix build/test issues Hyperlight.HyperlightSandbox.Api 0.4.0 is now published on nuget.org. Bump the version reference and address the analyzer/runtime issues that surfaced once restore could complete: - Add HyperlightJsonContext source-generated JsonSerializerContext for the execute_code result + tool error envelopes; route arbitrary AIFunction results through AIJsonUtilities.DefaultOptions to keep IsAotCompatible=true. - Replace explicit ObjectDisposedException throws with ObjectDisposedException.ThrowIf (CA1513). - Use HyperlightSandbox.Api.SandboxBackend in cref docs to disambiguate. - Update tests to match AIContext.Tools being IEnumerable<AITool>, drop ConfigureAwait(false) in xUnit test methods (xUnit1030), use collection expressions for AllowedDomain methods. - Add 'using OpenAI.Chat;' to all three samples so AsAIAgent resolves. - Verified: dotnet build of all four hyperlight projects + samples succeeds on net8/9/10; dotnet test for the unit tests passes 32/32 on net10.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix CI check failures: file encoding (UTF-8 BOM + LF) and broken markdown link - Convert all new .cs/.csproj files to UTF-8 with BOM and LF line endings to satisfy the dotnet/.editorconfig charset/end_of_line settings enforced by check-format. - Drop unused System.Collections.Generic using in HyperlightCodeActProviderTests. - Add missing using Microsoft.Extensions.AI in CodeActApprovalMode.cs and shorten ApprovalRequiredAIFunction cref (IDE0001). - Fix broken README link to docs/decisions/0024-codeact-integration.md. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: AIFunction inheritance, packaging, GetService approval check - HyperlightExecuteCodeFunction now inherits AIFunction directly. The AsAIFunction() indirection is gone; instances are accepted anywhere an AIFunction is. Approval requirement is surfaced via GetService<ApprovalRequiredAIFunction>() which lazily exposes a wrapping ApprovalRequiredAIFunction proxy when the effective ApprovalMode/tool stack requires it. - ComputeApprovalRequired now uses GetService<ApprovalRequiredAIFunction>() so approval-required tools nested anywhere in the AITool decorator stack are detected (not just the top-most class). - csproj: drop IsPackable=false (ready to release with the published Hyperlight.HyperlightSandbox.Api 0.4.0 dependency); add PackageReadmeFile and pack README.md at the package root, matching the pattern used by Aspire.Hosting.AgentFramework.DevUI / Microsoft.Agents.AI.DurableTask. - Update Step03 sample and README wording to reflect direct AIFunction usage. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg ·
2026-05-05 12:56:24 +00:00 -
.NET: Harness Feature branch (#5310)
* .NET: Add a TODO AIContextProvider (#5233) * Add a TODO AIContextProvider * Add unit tests * Address PR comments * Address PR comments * Fix test after removing one tool * .NET: Add a ModeProvider for managing agent modes (#5247) * Add a ModeProvider for managing agent modes * Fix typo * Fix typo * Fix typo * Address PR comments * .NET: Add sample to show how to build a harness (#5268) * Add sample to show how to build a harness * Improve sample * Sample max output tokens and model * Fix encoding * Fix model name in readme * Address PR comments * .NET: Add context window size compaction strategy for harness (#5304) * Add context window size compaction strategy for harness * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Address PR comments --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * .NET: Add a file memory provider (#5315) * Add a file memory provider * Address PR comments * Fix review comments. * Add additional unit tests * Addressing PR comments. * .NET: Harness: Improve prompts and add FileSystem store (#5365) * Harness: Improve prompts and add FileSystem store * Address PR comments * .NET: Harness: Improve path validation (#5404) * Harness: Improve path validation * Address PR comments * .NET: Add always approve helpers, improve sample and fix bug (#5451) * Add always approve helpers, improve sample and fix bug * Address PR comments * .NET: Make Todo, Mode and FileMemory providers more configurable (#5477) * Make Todo, Mode and FileMemory providers more configurable * Address PR comments. * .NET: Add subagents provider and sample (#5518) * Add subagents provider and sample * Addressing PR comments. * .NET: Harness filememory index plus instructions consistency (#5540) * Add FileMemoryProvider index and improve instruction consistency * Address PR comments. * Address PR comments * Address PR comments. * Apply suggestion from @rogerbarreto Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> --------- Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> * .NET: Refactor harness console to be more extensible and easy to understand with better UX (#5573) * Refactor harness console to be more extensible and easy to understand with better UX. * Fix formatting issues. * Allow multiple clarifications in one response * Address PR comments * .NET: Add FileAccessProvdider and concurrency fix for FileMemoryProvider (#5583) * Add FileAccessProvdider and concurrency fix for FileMemoryProvider * Address PR comments --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
westey ·
2026-05-01 10:52:38 +00:00 -
.NET: [Breaking] Support string[] arguments for file-based skill scripts (#5475)
* support arguments of string[] shape for file-based skill scripts * suppress breaking changes errors * address feedback * remove unnecessary usung directive
SergeyMenshykh ·
2026-04-27 15:37:10 +00:00 -
.NET: dotnet: Add server-side Foundry Toolbox support and fix SDK beta.4 br… (#5450)
* dotnet: Add server-side Foundry Toolbox support and fix SDK beta.4 breaking changes Add FoundryToolbox and AIProjectClient extensions to Microsoft.Agents.AI.Foundry.Hosting for server-side toolbox tool integration matching Python's FoundryChatClient.get_toolbox() pattern. Tools are fetched from the Foundry project SDK and passed as server-side tools in the Responses API request. New files: - FoundryToolbox.cs: Core implementation using AgentAdministrationClient SDK - AIProjectClientToolboxExtensions.cs: Extension methods on AIProjectClient - Agent_Step25_ToolboxServerSideTools sample with create helper and combine flow - 19 unit tests covering param validation, conversion, sanitization, and extensions SDK breaking changes (Azure.AI.AgentServer.Responses beta.3 -> beta.4): - FunctionToolCallOutputResource renamed to OutputItemFunctionToolCallOutput - AzureAIAgentServerResponsesModelFactory made internal, replaced with direct constructors - ResponseUsage constructor now requires non-null token details parameters Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: reuse endpoint variable in CreateSampleToolboxAsync Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: pass endpoint through static local functions to avoid capture Static local functions cannot capture top-level variables. Thread the endpoint parameter through Main, CombineToolboxes, and CreateSampleToolboxAsync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * refactor: remove unused projectClient param from CreateSampleToolboxAsync Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step25_ToolboxServerSideTools/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step25_ToolboxServerSideTools/Program.cs Co-authored-by: westey <164392973+westey-m@users.noreply.github.com> * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step25_ToolboxServerSideTools/Program.cs Co-authored-by: westey <164392973+westey-m@users.noreply.github.com> * Removing GetToolbocVersion. * Removing tests for GetToolboxVersion * fix: map cached/reasoning token counts in ConvertUsage instead of hardcoding zeros Extract InputTokenDetails.CachedTokenCount and OutputTokenDetails.ReasoningTokenCount from UsageDetails.AdditionalCounts, matching the pattern in AgentResponseExtensions. Also accumulate detail counts when merging with existing usage. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
Ben Thomas ·
2026-04-23 18:52:03 +00:00 -
.NET: Add dynamic tool expansion sample (#5425)
* Add dynamic tool expansion sample * Address PR comments * Remove tool names from tool call response to avoid confusing LLM
westey ·
2026-04-23 15:10:57 +00:00 -
.NET: [Breaking] Migrate A2A agent and hosting to A2A SDK v1 (#5423)
* update a2a agent to the latest a2a sdk (#5257) * Move A2A samples from 04-hosting to 02-agents (#5267) Move the A2A sample projects (A2AAgent_AsFunctionTools and A2AAgent_PollingForTaskCompletion) from samples/04-hosting/A2A/ to samples/02-agents/A2A/ to better align with the sample directory structure. Update solution file and samples README accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Fix stream reconnection for A2AAgent (#5275) * Add SSE stream reconnection support to A2AAgent Implement automatic reconnection for SSE streams that disconnect mid-task, using the Last-Event-ID header to resume from where the stream left off. Changes: - Add InvokeStreamingWithReconnectAsync method to A2AAgent with configurable max retries and delay between attempts - Add new log messages for reconnection events - Add A2AAgent_StreamReconnection sample demonstrating the feature - Update existing polling sample to use simplified SendMessageAsync API - Add unit tests for stream reconnection logic Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * address comments * Address PR review feedback - Dispose SSE enumerator before GetTaskAsync fallback to release HTTP connection - Wrap StreamWriter in using blocks with leaveOpen:true and explicit UTF-8 encoding - Print update.Text instead of update object in stream reconnection sample Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Use IA2AClientFactory to create A2AClient (#5277) * Refactor A2A extensions to use IA2AClientFactory and add ProtocolSelection sample - Update A2AAgentCardExtensions to accept IA2AClientFactory instead of A2AClientOptions - Update A2ACardResolverExtensions to accept IA2AClientFactory - Update A2AClientExtensions to accept IA2AClientFactory - Update A2AAgent to use IA2AClientFactory for client creation - Add A2AAgent_ProtocolSelection sample demonstrating protocol selection - Add comprehensive unit tests for all changes - Update README files with new sample reference Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Reorder params: options before loggerFactory in A2A extensions Move A2AClientOptions parameter before ILoggerFactory in AsAIAgent and GetAIAgentAsync extension methods to follow the repo convention of keeping LoggerFactory and CancellationToken as the last parameters. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Migrate A2A hosting to A2A SDK v1 (#5363) * .NET: Migrate A2A hosting to A2A SDK v1 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * remove unused agent card --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Split A2A endpoint mapping into protocol-specific methods (#5413) * .NET: Refactor A2A hosting registration into A2AServerServiceCollectionExtensions - Rename A2AHostingOptions to A2AServerRegistrationOptions - Move server registration logic from A2AEndpointRouteBuilderExtensions and AIAgentExtensions into new A2AServerServiceCollectionExtensions - Remove A2AProtocolBinding and AIAgentExtensions (consolidated) - Update samples and tests to use the new registration API Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * address copilot comments --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unnecessary using directive in AgentWebChat.AgentHost Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * restore AsyncEnumerable package version * address copilot initial feedback * address automated code review and formatting issues * fix formatting issues * Add DI wiring verification tests for AddA2AServer Add three tests to A2AServerServiceCollectionExtensionsTests that verify custom keyed services are actually wired through to the A2AServer, not just that the server resolves non-null: - Custom IAgentHandler: verifies the keyed handler is invoked when processing a SendMessageRequest instead of the default A2AAgentHandler. - Custom AgentSessionStore (no handler): verifies the keyed session store's GetSessionAsync is called during request processing when no custom handler is registered. - Default stores end-to-end: verifies the InMemoryAgentSessionStore and InMemoryTaskStore defaults successfully process a request. Uses a new CreateAgentMockForRequests helper that includes SerializeSessionCoreAsync setup needed by InMemoryAgentSessionStore. All tests call A2AServer.SendMessageAsync directly (no HTTP layer needed) and use CancellationToken timeouts to guard against hangs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SergeyMenshykh ·
2026-04-23 07:53:00 +00:00 -
.NET: Add Code Interpreter container file download samples (#5014)
* Add Code Interpreter container file download samples (#3081) - Add Agent_OpenAI_Step06_CodeInterpreterFileDownload (Public OpenAI) - Add Agent_Step24_CodeInterpreterFileDownload (Microsoft Foundry) - Both samples demonstrate downloading cfile_/cntr_ container files via ContainerClient instead of the standard Files API - Update solution file and parent READMEs * Address review feedback: flatten nested foreach loops using SelectMany Addresses https://github.com/microsoft/agent-framework/pull/5014#discussion_r3046908449 and https://github.com/microsoft/agent-framework/pull/5014#discussion_r3046920209 --------- Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> Co-authored-by: rogerbarreto <rogerbarreto@users.noreply.github.com>
chetantoshniwal ·
2026-04-17 16:55:03 +00:00 -
.NET: Foundry Evals integration for .NET (#4914)
* Foundry Evals integration for .NET - Core evaluation framework: EvalItem, LocalEvaluator, FunctionEvaluator, EvalChecks - IAgentEvaluator interface with MeaiEvaluatorAdapter bridge - AgentEvaluationExtensions for agent.EvaluateAsync() overloads - FoundryEvals wrapping MEAI quality/safety evaluators - ConversationSplitters (LastTurn, Full) and IConversationSplitter - EvalItem.PerTurnItems() for multi-turn decomposition - HasImageContent for multimodal content detection - WorkflowEvaluationExtensions for per-agent workflow evaluation - 7 eval samples mirroring Python parity: 02-agents/Evaluation: SimpleEval, ExpectedOutputs, Multimodal 03-workflows/Evaluation: WorkflowEval 05-end-to-end/Evaluation: FoundryQuality, MixedProviders, ConversationSplits - Comprehensive unit tests (1958 passing) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Rewrite FoundryEvals to use real Foundry Evals API Replace MEAI evaluator shim with actual OpenAI EvaluationClient protocol methods. FoundryEvals now creates eval definitions, submits runs, polls for completion, and fetches per-item results server-side. - New constructor: FoundryEvals(AIProjectClient, model, evaluators) - Add FoundryEvalConverter for MEAI ChatMessage -> Foundry JSON format - Add EvalId, RunId, ReportUrl to AgentEvaluationResults - All 20 built-in evaluator constants now work (agent, tool, quality, safety) - Remove Microsoft.Extensions.AI.Evaluation.Quality/Safety dependencies - Update all samples for new constructor (no more ChatConfiguration) - Replace BuildEvaluators tests with ResolveEvaluator tests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add response output to CustomEvals and ExpectedOutputs samples Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: pagination, validation, error handling, tests FoundryEvals fixes: - Add pagination for output items (has_more/after cursor) - Add guard clauses for pollIntervalSeconds/timeoutSeconds <= 0 - Fix double TryGetProperty for passed field parsing - Throw on all-tool-evaluators with no tool definitions - Fix XML doc (default 300s, not 180s) New tests (30 added, 1989 total): - EvalChecks: NonEmpty, ContainsExpected (pass/fail/skip/case), HasImageContent, ToolCallsPresent - FoundryEvalConverter: ConvertMessage (text, image, function call, function results fan-out, empty fallback, mixed content), ConvertEvalItem, BuildTestingCriteria (quality/agent/tool/groundedness data mappings), BuildItemSchema Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix review: null-refs, Data.ToString() bug, ContainsExpected, add tests - Fix NullReferenceException in sample Response display (pattern matching) - Fix WorkflowEvaluationExtensions Data?.ToString() producing type names instead of message text (pattern-match ChatMessage/AgentResponse/list) - Change EvalChecks.ContainsExpected to return Passed=false when no ExpectedOutput (was silently passing, masking misconfiguration) - Add EvalItem constructor tests with LastTurn/Full/null splitters - Add FoundryEvalConverter.ConvertMessage DataContent (base64 image) test - Add ExtractAgentData tests with ChatMessage, list, and AgentResponse data Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix review: conversation fidelity, eval caching, fallback tests - WorkflowEvaluationExtensions: preserve full response messages (tool calls, intermediate) instead of synthetic 2-message conversation. Cast completed Data to AgentResponse and use Messages when available, fallback to text. - FoundryEvals: cache evalId per schema shape (hasContext, hasTools) so subsequent EvaluateAsync calls create runs under the same eval definition. - MeaiEvaluatorAdapter: code already correctly passes queryMessages (not full conversation) to IEvaluator — no change needed, verified by inspection. - Add tests: AgentResponse full messages preservation, unknown object ToString() fallback for ExtractAgentData. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Rename AzureAI→Foundry: move eval files, update references - Move FoundryEvals.cs and FoundryEvalConverter.cs from Microsoft.Agents.AI.AzureAI to Microsoft.Agents.AI.Foundry - Update namespace from AzureAI to Foundry in both files - Add explicit usings required by Foundry project (no implicit usings) - Move FoundryEvalConverter tests to Foundry.UnitTests project (avoids ReplacingRedactor type conflict from dual project refs) - Update all sample csproj references and using statements - Remove Foundry project reference from AI UnitTests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR review round 4: wire up tool extraction, remove eval cache, fix null safety - BuildEvalItem: extract tools from agent via GetService<ChatOptions>() into EvalItem.Tools (Python parity) - FoundryEvals: remove eval ID cache - each call creates fresh definition (matches Python behavior) - FoundryEvals: replace null-forgiving operators with descriptive InvalidOperationException - MixedProviders sample: remove unnecessary explicit PackageReferences (transitively provided) - FoundryEvalConverter: document that tool results take precedence over text content - Add LocalEvaluator zero-checks test documenting 0 metrics = failed behavior Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Python-dotnet parity: 9 feature gaps filled New checks: - ToolCallArgsMatch() — verify tool call names + argument subset match - ToolCalledCheck(ToolCalledMode.Any, ...) — match any of the specified tools - ToolCalledMode enum (All/Any) FoundryEvals enhancements: - Default evaluators now [Relevance, Coherence, TaskAdherence] (was Relevance, Coherence) - Auto-add ToolCallAccuracy when items have tool definitions - EvaluateTracesAsync — evaluate by response_ids, trace_ids, or agent_id - EvaluateFoundryTargetAsync — evaluate deployed Foundry targets Result type enrichment: - AgentEvaluationResults: added Status, Error, PerEvaluator, DetailedItems - New EvalItemResult/EvalScoreResult/PerEvaluatorResult types - FoundryEvals populates all new fields from API responses Workflow fix: - Skip internal executors (_*, input-conversation, end-conversation, end) Tests: 8 new tests covering ToolCallArgsMatch, ToolCalledMode.Any, internal executor filtering Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add MeaiEvaluatorAdapter and PerTurnItems edge case tests - 3 tests for MeaiEvaluatorAdapter: query message forwarding, synthetic response fallback, multiple items aggregation - 3 tests for EvalItem.PerTurnItems: empty conversation, no user messages, system+assistant only - StubEvaluator and StubChatClient test helpers Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Blocking link check for outdated package in DevUI. * Replace Dictionary<string, object> payloads with typed wire models Introduce internal FoundryEvalWireModels.cs with compile-time-safe types for the OpenAI Evals API wire format. The OpenAI .NET SDK (2.9.1) only provides protocol-level methods with BinaryContent/ClientResult — no typed request models. These internal models replace scattered dictionary literals with [JsonPropertyName]-annotated classes, giving: - Compile-time safety (typos become build errors) - Single point of change when the API evolves - IntelliSense discoverability - Cleaner serialization via JsonPolymorphic for content items Models: WireContentItem hierarchy (text, image, tool_call, tool_result), WireMessage, WireEvalItemPayload, WireTestingCriterion, WireItemSchema, WireCreateEvalRequest, WireCreateRunRequest, and data source variants. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Skip metric when Foundry returns neither score nor passed When an evaluator returns no score and no passed value, the previous code created BooleanMetric(name, false), which falsely failed items via ItemPassed. Now we skip the MEAI metric entirely for indeterminate results — the raw data remains available in DetailedItems for diagnostics. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #4914 review comments: fix tool evaluator bug and add tests - Fix duplicate ToolCallAccuracy: resolve evaluator names before checking against ToolEvaluators set (Comment 2) - Make FilterToolEvaluators internal for testability; add tests for the ArgumentException edge case when all evaluators are tool-type (Comment 3) - Add CancellationToken test for LocalEvaluator (Comment 4) - Add EvaluateAsync integration test on Run with sequential workflow and per-agent SubResults verification (Comment 5) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address Peter's review comments on PR #4914 - Add trailing newline to Evaluation_FoundryQuality.csproj (Comment 6) - Make evaluator name lookups case-insensitive: switch BuiltinEvaluators, ToolEvaluators, AgentEvaluators, and ResolveEvaluator's StartsWith check from Ordinal to OrdinalIgnoreCase (Comment 7) - Add Trace.TraceWarning when Foundry returns fewer results than submitted items, indicating expected vs actual count before padding (Comment 8) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add Microsoft.Extensions.AI.Evaluation packages to Directory.Packages.props These were removed in #5269 as unused, but are needed by the Foundry and core evaluation integration added in this PR. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-04-16 19:40:07 +00:00 -
.NET: Support reflection for discovery of resources and scripts in class-based skills (#5183)
* support reflection for discovery of resources and scripts in class-based skills * fix format issues * refactor samples to use reflection * Validate resource member signatures during discovery Add discovery-time validation in AgentClassSkill.DiscoverResources() to fail fast when [AgentSkillResource] is applied to members with incompatible signatures: - Reject indexer properties (getter has parameters) - Reject methods with parameters other than IServiceProvider or CancellationToken Throws InvalidOperationException with actionable error messages instead of allowing silent runtime failures when ReadAsync invokes the AIFunction with no named arguments. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * prevent duplicates --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SergeyMenshykh ·
2026-04-10 11:56:28 +01:00 -
.NET: Update models used in dotnet samples to gpt-5.4-mini (#5080)
* Update models used in dotnet samples to gpt-5.4-mini * Fix additional missed sample
westey ·
2026-04-07 15:34:00 +00:00 -
Fix and simplify ComputerUse sample (#5075)
* fix the computer use sample * rollback changes to the search state enum * address review comments * address review comments
SergeyMenshykh ·
2026-04-07 12:29:31 +00:00 -
.NET: skill as class (#5027)
* add class-based skills * address formating issues * Remove generated filtered-unit.slnx and add to .gitignore The filtered solution file is generated dynamically by eng/scripts/New-FilteredSolution.ps1 during CI. Checking it in risks it becoming stale and out-of-sync with the real solution. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove generated filtered-unit.slnx and add to .gitignore The filtered solution file is generated dynamically by eng/scripts/New-FilteredSolution.ps1 during CI. Checking it in risks it becoming stale and out-of-sync with the real solution. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * consolidate DI samples into one * fix file encoding * suppress compatibility warning --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SergeyMenshykh ·
2026-04-03 11:27:36 +00:00