Commit Graph

7 Commits

  • .NET: Hosted Agent Sample - Toolbox with various Auth (#5777) (#6018)
    * .NET: Add Hosted-Toolbox-AuthPaths sample and auto-map /readiness with toolbox health gating (#5777)
    
    Add a new hosted agent sample demonstrating five MCP tool authentication paths
    (API key, agent MI, project MI, custom OAuth, literal token) via a Foundry Toolbox.
    
    Package changes (Microsoft.Agents.AI.Foundry.Hosting):
    - MapFoundryResponses now auto-maps GET /readiness via MapHealthChecks, idempotent
      across Tier 1/2 (AgentHost, already mapped) and Tier 3 (WebApplication, gap filled).
    - AddFoundryResponses registers AddHealthChecks() so the pipeline is available.
    - AddFoundryToolboxes registers FoundryToolboxHealthCheck on the /readiness aggregate,
      gating readiness on pre-registered toolbox startup outcome (per spec section 3.1).
    - FoundryToolboxService now exposes StartupStatus and FailedToolboxNames properties.
    
    New types:
    - FoundryToolboxStartupStatus (public enum): Pending, Healthy, Failed, NoEndpoint.
    - FoundryToolboxHealthCheck (internal IHealthCheck): adapts startup status to the
      AspNetCore HealthChecks pipeline with failed toolbox names in result data.
    
    Tests:
    - 3 new tests for /readiness auto-mapping (Tier 3 default, pre-mapped skip, idempotent).
    - 4 new tests for FoundryToolboxHealthCheck (Pending, NoEndpoint, Failed, Healthy).
    - 3 enhanced FoundryToolboxServiceTests with StartupStatus assertions.
    
    * .NET: Align FoundryToolboxService with tools-integration-spec (#5777 Part A)
    
    Bring Microsoft.Agents.AI.Foundry.Hosting's toolbox path into compliance with
    tools-integration-spec.md sections 2-4, 6.3, and 9. Empirically validated
    against tao-foundry-prj: the previous code (reading FOUNDRY_AGENT_TOOLSET_ENDPOINT,
    which the platform never injects) silently registered zero tools in production.
    
    Package changes (Microsoft.Agents.AI.Foundry.Hosting):
    
    - FoundryToolboxService.StartAsync now derives the toolbox proxy base URL from
      the platform-injected FOUNDRY_PROJECT_ENDPOINT and constructs the per-toolbox
      URL as {FOUNDRY_PROJECT_ENDPOINT}/toolboxes/{name}/mcp?api-version={ApiVersion}
      per spec sections 2-3. The legacy FOUNDRY_AGENT_TOOLSET_ENDPOINT env var is
      removed outright (preview package, no production consumers).
    - FoundryToolboxOptions.ApiVersion default flipped to 'v1' to match spec example.
    - FoundryToolboxBearerTokenHandler always sends the mandatory
      Foundry-Features: Toolboxes=V1Preview header per spec section 2, merging any
      additional flags supplied via the FOUNDRY_AGENT_TOOLSET_FEATURES env var.
    - FoundryToolboxBearerTokenHandler token scope changed from
      https://cognitiveservices.azure.com/.default to https://ai.azure.com/.default
      per spec section 4.
    - FoundryToolboxBearerTokenHandler propagates W3C trace context (traceparent,
      tracestate, baggage) from Activity.Current per spec section 6.3.
    
    Sample changes:
    
    - Hosted-Toolbox-AuthPaths and Hosted-Toolbox Program.cs, README.md, and
      .env.example corrected to describe the actual env-var contract
      (FOUNDRY_PROJECT_ENDPOINT auto-injected; AZURE_AI_PROJECT_ENDPOINT as the
      local-dev fallback). Removes the misleading 'auto-injected by Foundry runtime'
      claims for FOUNDRY_AGENT_TOOLSET_ENDPOINT.
    - Hosted-Toolbox-AuthPaths/agent.manifest.yaml declares the toolbox and model
      dependencies under resources[] per the AgentManifest schema so azd ai agent
      init users get them provisioned automatically.
    
    Tests:
    
    - 4 new FoundryToolboxServiceTests covering env-var derivation, EndpointOverride
      precedence, trailing-slash normalization, and the existing NoEndpoint behavior
      under the new env var name.
    - 4 new FoundryToolboxBearerTokenHandlerTests covering token scope, mandatory
      feature header always present, header merging with override, no duplicate
      mandatory flag, trace context propagation from Activity.Current, and no
      override of caller-set traceparent.
    - New FoundryProjectEndpointEnvFixture xUnit collection definition serializes
      env-var-mutating tests across FoundryToolboxServiceTests and
      FoundryToolboxHealthCheckTests, preventing parallel-execution races.
    - FoundryToolboxHealthCheckTests adjusted for the new env var name.
    
    * .NET: Drop ACA prereq from Hosted-Toolbox-AuthPaths README (#5777 Part B)
    
    Empirically verified that any Azure Cognitive Services MCP endpoint already in
    the Foundry project (e.g., a Language service MCP) accepts Entra tokens and can
    serve Paths 2 and 3 without deploying a separate Azure MCP Server to ACA.
    
    README updates:
    - Step 0 rewritten: 'Identify an Entra-authenticated MCP target in your project'
      instead of 'Deploy Azure MCP Server to Azure Container Apps' (the original
      azmcp-foundry-aca-mi setup is now optional, not required).
    - Auth-paths matrix updated to describe AAD-based connections targeting a
      Cognitive Services MCP URL (e.g., Language service) instead of an ACA URL.
    - Step 2 connections table updated: the Entra ID category is now a single 'AAD'
      authType. The original 'Agent Identity' vs 'Project Managed Identity' as
      selectable connection sub-types is NOT exposed via the ARM control plane
      today; the platform selects the calling principal contextually. Both
      connections in the walkthrough share the same shape and target.
    - Added an explicit RBAC note: the agent identity AND project MI must hold the
      required role (typically Cognitive Services User) on the target resource;
      without it the MCP server returns HTTP 401 even though the connection wiring
      is correct.
    - Toolbox tool entries renamed lang_entra_agent / lang_entra_project to
      match the new connection names.
    
    Empirical validation supporting these changes is captured in the session
    plan.md (Part B addendum).
    
    * .NET: Document correct connection shape for Hosted-Toolbox-AuthPaths Paths 2/3 (#5777)
    
    Updates the sample README with the verified connection shape and RBAC procedure
    for Microsoft Entra agent-identity and project-managed-identity MCP authentication:
    
    - Connection authType values: AgenticIdentityToken (agent identity) and
      ProjectManagedIdentity (project MI), both with category=RemoteTool.
    - Top-level audience property required; for Cognitive Services targets the value
      is https://cognitiveservices.azure.com.
    - Connections created via ARM REST (the Foundry portal wizard does not yet
      expose these authTypes).
    - RBAC grants target the project's shared agent identity blueprint principal
      (project.properties.agentIdentity.agentIdentityId) for Path 2 and the
      project's system-assigned MI (project.identity.principalId) for Path 3.
    - Troubleshooting table updated with the audience-mismatch symptom and the
      startup-cache behavior of FoundryToolboxService.
    
    * .NET: Drop Path 3 (project MI) and align with new agent model in Hosted-Toolbox-AuthPaths (#5777)
    
    Updates the sample to use only the new Foundry agent object model and removes
    the project managed identity path:
    
    - Auth-path matrix reduced to four paths: key, Entra agent identity, custom
      OAuth, inline authorization. Project managed identity is moved into a note
      describing when it applies (multiple agents sharing access) rather than as
      a documented sample path.
    - RBAC instructions reference the agent's own instance_identity.principal_id
      from the agent ARM resource (new agent object model) instead of the
      project's shared agent identity blueprint (legacy model).
    - Step 2 (connections) creates only the AgenticIdentityToken connection.
    - Step 3 (toolbox tools) lists four tool entries instead of five.
    - Sample prompts and troubleshooting table updated to match.
    
    * .NET: Restore Path 3 (project MI) to Hosted-Toolbox-AuthPaths matrix (#5777)
    
    The sample's purpose is to enumerate every authentication path a Foundry toolbox
    can drive, not to pick one. Path 3 belongs alongside the other four with
    explicit guidance for when each path is the right choice.
    
    - Path 3 (project managed identity, authType=ProjectManagedIdentity) restored
      to the matrix with a 'When to pick this' column.
    - Step 2 (connections) provisions both lang-mcp-agent-id and lang-mcp-project-mi
      via ARM REST.
    - Step 3 (toolbox) lists five tool entries (one per path).
    - RBAC instructions cover both the agent's instance identity (Path 2) and the
      project's system-assigned MI (Path 3).
    - Sample prompts include all five paths.
    - Troubleshooting table updated accordingly.
    
    * .NET: Fix duplicate line in Hosted-Toolbox-AuthPaths README (#5777)
    
    * .NET: Fix broken markdown link to ToolCallingApprovalHostedAgentFixture (#5777)
    
    * .NET: Fix relative path depth in markdown link (#5777)
    
    * .NET: Address Copilot review feedback for #5777
    
    - FoundryToolboxHealthCheck description: rename FOUNDRY_AGENT_TOOLSET_ENDPOINT
      → FOUNDRY_PROJECT_ENDPOINT (stale reference; operator-facing in /readiness body).
    - FoundryToolboxStartupStatus.NoEndpoint XML doc: same rename.
    - ServiceCollectionExtensions XML docs: same rename + URL shape update.
    - Foundry.Hosting.IntegrationTests.TestContainer: remove explicit
      app.MapGet('/readiness') — now redundant + would conflict with the
      auto-mapped readiness route from MapFoundryResponses.
    - Hosted-Toolbox-AuthPaths agent.manifest.yaml: parameterize TOOLBOX_NAME via
      {{TOOLBOX_NAME}} template substitution and declare it under parameters with a
      default of 'auth-paths-toolbox' so the README's 'use any name' guidance
      actually works for hosted deployments.
    
    * .NET: Address Copilot review round 2 — fallback env + dedup + naming (#5777)
    
    - FoundryToolboxService.StartAsync: fall back to AZURE_AI_PROJECT_ENDPOINT when
      FOUNDRY_PROJECT_ENDPOINT is absent. Matches the local-dev convention used by
      the samples and resolves the doc/code mismatch flagged in review.
    - FoundryToolboxHealthCheck description updated for the fallback.
    - AddFoundryToolboxes: guard against duplicate health-check registration via an
      explicit name-uniqueness check on HealthCheckServiceOptions.Registrations.
      AddCheck<T>(name, ...) does not dedupe by name, so repeated AddFoundryToolboxes
      calls would have registered multiple instances.
    - FoundryToolboxOptions.EndpointOverride doc: clarify URL becomes
      {EndpointOverride}/toolboxes/{name}/mcp (was missing /toolboxes/ segment).
    - Hosted-Toolbox sample (Program.cs + README): switch FOUNDRY_TOOLBOX_NAME to
      TOOLBOX_NAME (the FOUNDRY_* prefix is reserved by the platform), default
      changed from 'my-toolset' to 'my-toolbox', terminology updated from 'Toolset'
      to 'Toolbox'.
    - FoundryToolboxServiceTests: 2 test renames to reflect what they actually
      assert (StartupStatus + FailedToolboxNames, not URL shape directly).
    - Tests adjusted to clear both env vars in NoEndpoint scenarios.
    
    * .NET: Fix stale NoEndpoint XML doc and misleading test comment (#5777)
    
    Update FoundryToolboxStartupStatus.NoEndpoint XML doc to mention both
    FOUNDRY_PROJECT_ENDPOINT and AZURE_AI_PROJECT_ENDPOINT (the service
    checks both since the fallback was added).
    
    Fix test comment that claimed URL derivation validation when the test
    only asserts on StartupStatus and FailedToolboxNames.
    
    * Remove OAuth consent path from AuthPaths sample, keep four working auth paths
    
    The interactive OAuth identity passthrough path needs a protocol gap closed in the
    hosting package (the proprietary oauth_consent_request item is not representable
    through the OpenAI/MEAI abstractions), so it is deferred to a separate spike branch.
    
    This strips the OAuth path from the AuthPaths sample, the companion REPL client, the
    agent manifest, and the docs, then renumbers the inline Authorization path so the
    sample teaches four contiguous paths: API key via connection, Entra agent identity,
    Entra project managed identity, and inline Authorization (anti-pattern).
    
    Package code is unchanged; the consent infrastructure already present in main stays
    as baseline. Both samples build with --warnaserror and all 246 hosting unit tests pass.
    
    * .NET: Drop project MI auth path and dedicated client from Hosted-Toolbox-AuthPaths (#5777)
    
    Live validation against tao-foundry-prj showed the ProjectManagedIdentity
    path failing with an unresolved token audience 401, so the sample now ships
    three working auth paths instead of four: connection key, agent managed
    identity, and inline Authorization.
    
    Changes:
    - Remove the project managed identity path from the AuthPaths sample matrix,
      prerequisites, connections, toolbox table, prompts, Program.cs instructions
      and agent.manifest.yaml.
    - Delete the near duplicate Hosted-Toolbox-AuthPaths-Client project and remove
      it from the solution. The README now drives the agent with the shared
      SimpleAgent REPL via AsAIAgent(agentEndpoint).
    - Correct the troubleshooting note: the Foundry toolbox tools/list is all or
      nothing, so one bad source returns -32007, fails startup, and returns 424
      for every path. Add the allowed_tools caveat that names must match the
      upstream server.
    - Mark the toolbox startup status and health check experimental under
      AgentsAIExperiments (MAAI001) instead of AIOpenAIResponses, and update the
      package NoWarn set accordingly.
    
    * .NET: Address PR review nits for Hosted-Toolbox-AuthPaths (#5777)
    
    - Remove duplicated NU1903 comment in Foundry.Hosting csproj.
    
    - Fix stale 'four-tool' cross-links in Hosted-Toolbox and Hosted-McpTools READMEs to describe the three-path toolbox driven by the shared SimpleAgent REPL.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Address toolbox startup-status review feedback (#5777)
    
    - Rename FoundryToolboxStartupStatus.Failed to Unhealthy so it is the proper opposite of Healthy, and clarify the doc comment covers the partial-failure case.
    
    - Raise the missing-endpoint toolbox log from Information to Warning, since enabling toolboxes is an explicit opt-in and a silently disabled toolbox warrants a higher-severity signal.
    
    - Update unit tests and the AuthPaths README troubleshooting row accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Reword toolbox-wiring comment to avoid hosting-layer internals (#5777)
    
    Address PR review feedback: explain how a Foundry Toolbox is attached using the public API (AddFoundryToolboxes vs the CreateHostedMcpToolbox marker) and observable behavior, instead of naming the internal AgentFrameworkResponseHandler type and FoundryToolboxService.Tools property.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add Hosted-AgentSkills sample with Foundry Skills integration (#6013)
    * .NET: Add Hosted-AgentSkills sample for Foundry Skills integration
    
    Add a new hosted agent sample that demonstrates how to load behavioral
    guidelines from Foundry Skills at startup using AgentSkillsProvider and
    the progressive disclosure pattern (advertise -> load on demand).
    
    The sample:
    - Downloads SKILL.md files from Foundry via ProjectAgentSkills SDK
    - Extracts ZIP archives with zip-slip protection
    - Wires skills into AgentSkillsProvider as an AIContextProvider
    - Hosts the agent via the Responses protocol
    
    Ships two Contoso Outdoors skills matching the Python sample (PR #5822):
    - support-style: tone, formatting, signature guidelines
    - escalation-policy: when and how to escalate tickets
    
    Includes convenience provisioning gated behind PROVISION_SAMPLE_SKILLS
    env var, clearly documented as NOT a production pattern.
    
    Closes #5776
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add unit tests and integration test for Hosted-AgentSkills
    
    Unit tests (14 tests, all passing):
    - ZIP extraction with zip-slip guard (valid archive, traversal attack,
      sibling-prefix attack, directory entries)
    - Skill name validation (rejects dots, separators, traversal patterns)
    - AgentSkillsProvider with downloaded skills (advertises both skills,
      load_skill returns canary tokens, unknown skill returns error)
    
    Container integration test:
    - New 'agent-skills' scenario in the test container that creates
      Contoso Outdoors skills on disk and wires AgentSkillsProvider
    - AgentSkillsHostedAgentFixture + 4 integration tests verifying:
      - Routine questions load support-style skill (STYLE-CANARY-3318)
      - Escalation triggers load escalation-policy (ESC-CANARY-7742)
      - Skills are advertised in system prompt
      - load_skill tool is invoked via FunctionCallContent
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add smoke test, bootstrap, and docs for agent-skills integration
    
    - Add scripts/smoke.ps1 for local Docker smoke testing: builds the
      contributor image, runs the container, verifies both skills are loaded
      via canary tokens (STYLE-CANARY-3318, ESC-CANARY-7742)
    - Add 'agent-skills' to the bootstrap script scenario list
    - Add agent-skills row to the integration test README scenarios table
    - Exclude HostedAgentSkillsPatternTests from net472 (uses net8.0+ APIs)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Update commented-out package versions to latest across all hosted samples
    
    Update the end-user PackageReference versions (in the commented-out
    sections) from 1.0.0 to the current latest NuGet versions:
    
    - Microsoft.Agents.AI: 1.6.1
    - Microsoft.Agents.AI.Foundry: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.Foundry.Hosting: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.Hosting: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.OpenAI: 1.6.1
    - Microsoft.Agents.AI.Workflows: 1.6.1
    
    Also adds explicit versions to Hosted-Workflow-Handoff which had bare
    PackageReference entries without Version attributes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Fix broken markdown links in Hosted-AgentSkills README
    
    Remove references to non-existent ../../README.md. Replace with
    inline instructions matching other hosted samples that don't have
    a parent README.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Use OS-appropriate string comparison in zip-slip guard
    
    Use Ordinal on Unix (case-sensitive FS) and OrdinalIgnoreCase on
    Windows to prevent case-based path bypass on Linux containers.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692) (#5702)
    * .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692)
    
    Adds HostedSessionContext + HostedSessionIsolationKeyProvider in Microsoft.Agents.AI.Foundry.Hosting so AIContextProviders (notably FoundryMemoryProvider) can scope per user via the platform's x-agent-user-isolation-key / x-agent-chat-isolation-key headers.
    
    - New types: HostedSessionContext (sealed), HostedSessionContextExtensions (public Get, internal Set), abstract HostedSessionIsolationKeyProvider (async), internal PlatformHostedSessionIsolationKeyProvider mapping ResponseContext.Isolation.
    
    - AgentFrameworkResponseHandler now resolves the provider, tags fresh sessions, and validates resumed sessions against the live request (strict 403 'Hosted session identity context mismatch' on any mismatch; 500 on null keys).
    
    - New shared sample project Hosted_Shared_Contributor_Setup hosts DevTemporaryTokenCredential and DevTemporaryLocalSessionIsolationKeyProvider plus AddDevTemporaryLocalContributorSetup. All 9 existing responses samples migrated to consume it so local runs keep working under the strict isolation contract.
    
    - New Hosted-MemoryAgent sample: travel assistant wired through FoundryMemoryProvider with stateInitializer reading session.GetHostedContext().UserId. Includes Dockerfile, smoke.ps1, agent.yaml/manifest.
    
    - New IT scenario 'memory' in Foundry.Hosting.IntegrationTests + MemoryHostedAgentFixture + MemoryHostedAgentTests. Verified end to end against the tao Foundry project.
    
    - ADR 0026 captures the design tree.
    
    * Address PR review feedback
    
    - Dockerfile: add header noting it targets NuGet builds; contributors must use Dockerfile.contributor for ProjectReference source builds.
    
    - PlatformHostedSessionIsolationKeyProvider: doc said 'returns context with empty values'; corrected to 'returns null' which the handler treats as 500.
    
    - FakeHostedSessionIsolationKeyProvider: doc clarifies that null configurations are allowed for testing the handler error path.
    
    - HostedSessionContextExtensions.SetHostedContext: enforce write-once with InvalidOperationException; doc + xml exception updated.
    
    - AgentFrameworkResponseHandler: cache PlatformHostedSessionIsolationKeyProvider as static readonly to avoid per-request allocation.
    
    - MemoryHostedAgentTests: tighten waits from 20s to 5s (FoundryMemoryProvider defaults UpdateDelay=0; ingestion ~3s).
    
    - Sample Program.cs imports reordered to satisfy IDE0005.
    
    * Add HostedFoundryMemoryProviderScopes built-in helpers (#5692)
    
    Addresses review feedback from @lokitoth on Hosted-MemoryAgent/Program.cs:54.
    
    - New HostedFoundryMemoryProviderScopes static class with PerUser, PerChat, PerUserAndChat factories returning Func<AgentSession?, FoundryMemoryProvider.State>.
    
    - All helpers throw InvalidOperationException when GetHostedContext() is null, with a message pointing at writing a custom stateInitializer for non-hosted scenarios.
    
    - New HostedFoundryMemoryScope enum and AddHostedFoundryMemoryProvider DI extension (two overloads: explicit AIProjectClient and DI-resolved). Singleton lifetime. Default scope = PerUser.
    
    - Hosted-MemoryAgent sample and the memory IT scenario container both swap their inline lambdas for HostedFoundryMemoryProviderScopes.PerUser().
    
    - 14 new unit tests (241/241 hosting unit tests pass).
    
    * Replace HostedFoundryMemoryScope enum with Func<...> parameter (#5692)
    
    Address PR review feedback from @westey-m: enums are a breaking-change hazard when extended, and the enum was redundant with the existing HostedFoundryMemoryProviderScopes static class.
    
    - Delete HostedFoundryMemoryScope.cs.
    
    - AddHostedFoundryMemoryProvider DI extensions now take Func<AgentSession?, FoundryMemoryProvider.State>? stateInitializer = null. When null, default to HostedFoundryMemoryProviderScopes.PerUser().
    
    - Callers pick a built-in helper (PerUser/PerChat/PerUserAndChat) or pass a custom delegate. New built-ins are a single static method addition with zero impact on existing callers.
    
    - Tests updated; 244/244 hosting unit tests pass.
    
    * Fix isolation context resume for externally-created conversations (#5692)
    
    Branch on the session's existing hosted-context (not on conversation_id presence) so a conversation provisioned externally (e.g. via conversations.CreateProjectConversationAsync) is treated as fresh on first hosted-agent request and stamped, rather than rejected with 403 hosted_session_identity_mismatch. Strict equality is preserved on real resume of an already-stamped session.
    
    Also tighten dotnet/global.json to version 10.0.204 + rollForward latestPatch so local builds match the CI Docker image SDK and avoid 10.0.300 dotnet format stripping required usings.
    
    * Revert global.json SDK pin to upstream (#5692)
    
    The 10.0.204 + latestPatch pin from the previous commit broke the dotnet-format CI job (hostfxr_resolve_sdk2 could not find a compatible SDK in the mcr.microsoft.com/dotnet/sdk:10.0 image). Restore upstream 10.0.200 + minor; local Release builds with SDK 10.0.300 should set GITHUB_ACTIONS=true to bypass the auto-format-on-build target.
  • .NET: Remove Foundry Toolbox server-side tools support (#5753)
    * .NET: Remove Foundry Toolbox server-side tools support
    
    Mirrors the Python cleanup in microsoft/agent-framework#5671. Passing
    toolbox tools as server-side Responses tools is not the experience we
    want to support; the hosted-agent MCP toolbox path (HostedMcpToolboxAITool
    + FoundryToolboxService) remains the supported way to consume Foundry
    Toolboxes.
    
    Removed:
    - FoundryToolbox static class (GetToolboxVersionAsync / GetToolsAsync /
      ToAITools / SanitizeAndConvert)
    - AIProjectClient.GetToolboxToolsAsync extension
    - Agent_Step25_ToolboxServerSideTools sample (+ slnx entry)
    - FoundryToolboxTests, TestDataUtil, HttpHandlerAssert, and the toolbox
      JSON fixtures only those tests referenced
    - ToolboxHostedAgentTests and ToolboxHostedAgentFixture; the "toolbox"
      switch arm + CreateToolboxAgent helper in TestContainer; matching
      README scenario row and bootstrap script entry
    
    Kept (MCP path, unchanged):
    - HostedMcpToolboxAITool, FoundryAITool.CreateHostedMcpToolbox,
      FoundryAIToolExtensions.CreateHostedMcpToolbox(ToolboxRecord/Version)
    - FoundryToolboxService, AddFoundryToolboxes, marker injection in
      AgentFrameworkResponseHandler, InputConverter.ReadMcpToolboxMarkers
    - Hosted-Toolbox sample, McpToolbox* tests, FoundryToolboxServiceTests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add Foundry Toolbox MCP sample (Agent_Step25_FoundryToolboxMcp)
    
    Adds a non-hosted-agent equivalent of the Python foundry_chat_client_with_toolbox.py sample. The agent connects to a Foundry Toolbox's MCP endpoint via Streamable HTTP, injects a fresh Azure AI bearer token on every request, and discovers the toolbox's tools at runtime via McpClient.ListToolsAsync.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Tighten Agent_Step25_FoundryToolboxMcp README/Program comments
    
    Drop 'non-hosted agent' framing from README (this sample isn't related to hosted agents) and remove narrative comparison to server-side tools from the Program.cs header comment.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop python sample reference from Agent_Step25 README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop incorrect .NET 10 prereq from Agent_Step25 README
    
    Toolboxes don't require .NET 10 (Microsoft.Agents.AI.Foundry targets net8.0+); the parent AgentsWithFoundry README already lists the sample SDK prereq.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Toolsets api-version in Agent_Step25 example endpoint
    
    Use 2025-05-01-preview to match FoundryToolboxOptions.ApiVersion. The placeholder 'v1' is not accepted by the Toolsets endpoint.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Hosted Agents - RAG Sample with Azure AI Search (#5693) (#5701)
    * .NET: Hosted Agents - RAG Sample with Azure AI Search (#5693)
    
    Adds a Hosted-AzureSearchRag sample plus a live Foundry.Hosting integration
    test scenario backed by a real Azure AI Search index.
    
    Sample (Hosted-AzureSearchRag): keyword-only Azure AI Search via
    SearchClient adapter into TextSearchProvider, scope-aware
    DevTemporaryTokenCredential consuming AZURE_BEARER_TOKEN_FOUNDRY +
    AZURE_BEARER_TOKEN_SEARCH for local Docker, Dockerfile + contributor
    Dockerfile mirroring Hosted-TextRag.
    
    Integration test: AzureSearchRagHostedAgentFixture extends the PR #5598
    HostedAgentFixture with the new azure-search-rag scenario branch in the
    shared test container; AzureSearchRagHostedAgentTests asserts the model
    returns canary tokens (TR-CANARY-7821, SHIP-CANARY-4493) that exist only
    in the seeded documents - real proof the agent grounded its answer in
    retrieved content rather than training data.
    
    * Address PR 5701 Copilot review feedback
    
    - Sample README: drop stale 'bootstraps the index on first run' line; index is pre-provisioned out of band
    
    - Sample + TestContainer search adapters: propagate CancellationToken to await foreach via .WithCancellation()
  • .NET: Hosted-Files sample + AgentSessionFiles SDK companion + integration test (#5698)
    * .NET: Add Hosted-Files sample + alpha AgentSessionFiles SDK companion + integration test
    
    Closes #5691
    
    - Hosted-Files server sample (mirrors python 06_files): 3 local tools reading
      the per-session \C:\Users\rbarreto sandbox volume.
    - SessionFilesClient REPL companion: code-first equivalent of
      zd ai agent files upload using the alpha
      Azure.AI.Projects.AgentSessionFiles SDK (upload/ls/download/rm + session
      lifecycle with isolation key).
    - session-files scenario added to the Foundry.Hosting.IntegrationTests
      multi-scenario harness (PR #5598): SessionFilesHostedAgentFixture +
      SessionFilesHostedAgentTests.UploadAndAgentReadsFileAsync, end-to-end
      validating upload then agent-reads-file (agent_session_id pinned via
      CreateResponseOptions.Patch). Bundled testdata is linked from the sample
      so there is a single source of truth.
    
    * .NET: Hosted-Files: REPL companion now demonstrates file-as-knowledge end-to-end
    
    Adds an 'ask <prompt>' command to SessionFilesClient that pins
    agent_session_id (via CreateResponseOptions.Patch) so the agent invoked from
    the REPL reads files this REPL just uploaded. Surfaces the file content as
    agent knowledge in the same in-process loop instead of telling the user to
    shell out to azd ai agent invoke.
    
    * .NET: Reshape Hosted-Files sample - bake files into image, SessionFilesClient becomes thin chat REPL
    
    The previous SessionFilesClient leaned on the alpha AgentSessionFiles SDK
    to upload files at runtime, which made it diverge from the canonical
    Using-Samples shape (SimpleAgent / SimpleInvocationsAgent: tiny chat REPLs).
    
    This change:
    
    - Bakes the sample resources/ directory into the published output via a
      Content Include in HostedFiles.csproj. Inside the container the files live
      at /app/resources/. Two local function tools (ListFiles, ReadFile) surface
      them to the model.
    - Reshapes SessionFilesClient as a thin FoundryAgent chat REPL, identical
      shape to SimpleAgent. AGENT_ENDPOINT + AGENT_NAME, that is it.
    - Demo flow: user asks 'Give me the total revenue in the contoso file' and
      the agent answers with the figure read from its bundled file. Validated
      end-to-end locally against Hosted-Files on http://localhost:60419.
    - Bypasses SampleEnvironment alias on optional env vars to avoid stdin
      prompts when running unattended.
    
    The Foundry.Hosting.IntegrationTests session-files scenario continues to
    validate the alpha AgentSessionFiles SDK end-to-end (upload + agent reads
    from session HOME) and is unchanged.
    
    * .NET: Foundry.Hosting.IntegrationTests TestContainer - constrain session-files tools to $HOME
    
    Addresses the path-traversal review comment on the session-files scenario:
    ResolveSessionPath in TestContainer used to allow absolute paths and ..
    traversals, which (when chained with indirect prompt injection in an
    uploaded file) would let the model read or list arbitrary container files
    via the ReadFile / ListFiles tools.
    
    Mirrors the canonicalize + StartsWith(home) pattern from the framework's
    own FileSystemAgentFileStore.ResolveSafePath: rejects rooted paths, calls
    Path.GetFullPath, and verifies the result stays under $HOME, throwing
    ArgumentException otherwise.
    
    The Hosted-Files sample is already safe (uses Path.GetFileName which strips
    any directory component) so no change there. The integration test continues
    to upload and read 'contoso_q1_2026_report.txt', a single relative filename
    which passes the new validation unchanged.
    
    * .NET: SessionFilesHostedAgentTests - shrink to alpha SDK round-trip
    
    The previous test attempted to pin agent_session_id into the /responses
    payload via JsonPatch so the agent would read the file uploaded through
    AgentSessionFiles. The Foundry alpha service now consistently rejects the
    explicit-session-id pin with HTTP 400 conflict on /responses, regardless
    of whether the session was pre-created via AgentAdministrationClient or
    left to be auto-provisioned, so the agent leg of the test is no longer
    reachable from the SDK surface.
    
    Reshape the test to exercise what the alpha SDK actually guarantees:
    create session, upload, list (assert presence + size), download (assert
    deterministic token), delete (assert removed), cleanup. Everything stays
    inside Azure.AI.Projects.Agents.AgentSessionFiles.
    
    Verified live against tao-foundry-prj:
      UploadListDownloadAndDeleteAsync passed in 30s.
      Full Foundry.Hosting.IntegrationTests run: 25 total, 6 passed, 19
      skipped (existing placeholders), 0 failed.
    
    * .NET: SessionFilesHostedAgentTests - rewrite as upload-then-FoundryAgent.RunAsync e2e
    
    Per review feedback the integration test must validate the hosted agent
    itself: client uploads a file via the alpha AgentSessionFiles SDK, then
    FoundryAgent.RunAsync invokes the deployed agent and the agent's
    container-side ReadFile tool surfaces the uploaded file content into the
    response.
    
    Test flow:
      1. agent.RunAsync(warmup) - platform provisions a per-session container.
      2. AgentAdministrationClient.GetSessionsAsync(latest) - resolve the
         just-provisioned agent_session_id.
      3. AgentSessionFiles.UploadSessionFileAsync - upload contoso file to
         that session, asserts BytesWritten + GetSessionFiles listing.
      4. agent.RunAsync(real prompt, options=PreviousResponseId chain) -
         chained to warmup so the platform routes back to the same container.
      5. Assert response contains '1,482.6' (deterministic token from file).
      6. Best-effort cleanup.
    
    The test is annotated with [Fact(Skip=...)] right now: the Foundry alpha
    service consistently returns HTTP 400 conflict on /responses requests
    that link to a prior session via previous_response_id, conversation_id,
    or agent_session_id pinning - verified across multiple retries with
    multiple chaining strategies. Without that link we cannot route the
    second invocation to the same container the file was uploaded to. When
    the platform regression is resolved, removing the Skip will exercise
    the full flow.
    
    Full Foundry.Hosting.IntegrationTests run with this change: 25 total,
    5 passed, 20 skipped (existing placeholders + this one), 0 failed.
    
    * .NET: SessionFilesHostedAgentTests - end-to-end upload-then-FoundryAgent.RunAsync now passes
    
    The blocker was a routing problem combined with a platform race:
    
    1. Routing two /responses calls to the same per-session container.
       - agent_session_id pin in body -> 400 (platform treats it as create)
       - conversation_id created at project root -> 404 at agent endpoint
       - previous_response_id chain -> different session
       The working answer is to create the conversation on a per-agent
       ProjectOpenAIClient (AgentName option, URL becomes
       /agents/{name}/endpoint/protocols/openai/conversations) and pass that
       conversation_id on both calls. Both then resolve to the SAME
       x-agent-session-id (verified by capturing the response header).
    
    2. Race after AgentSessionFiles upload. The upload mutates session/
       conversation revision; a /responses call issued immediately after
       400-conflicts with 'modified concurrently. Please retry.' Bounded
       exponential retry handles it (5 attempts, 2*attempt seconds).
    
    Test flow:
      1. Create per-agent OpenAI client + ProjectConversationsClient + ProjectResponsesClient.
      2. CreateProjectConversationAsync on the per-agent client.
      3. Warm-up agent.RunAsync(prompt, ChatOptions { ConversationId = ... })
         - captures x-agent-session-id from the response header via a custom pipeline policy.
      4. AgentSessionFiles.UploadSessionFileAsync to that session id.
      5. ProjectResponsesClient.CreateResponseAsync (raw, retry-on-conflict)
         with the same conversation_id -> routes back to the same container.
      6. Assert response contains '1,482.6' (deterministic token from file).
      7. Cleanup: delete file, leave session for TTL.
    
    Verified live against tao-foundry-prj:
      UploadedFile_IsReadByHostedAgentAsync passed in 24.9s.
      Full Foundry.Hosting.IntegrationTests run: 25 total, 6 passed, 19
      skipped (existing placeholders), 0 failed.
    
    * .NET: address Copilot PR review findings
    
    - agent.manifest.yaml: description + tags now reflect bundled-files agent (image-baked /app/resources), not the obsolete session-sandbox tools the prior shape claimed.
    - SessionFilesHostedAgentTests: wrap test body in try/finally to call DeleteConversationAsync on the conversation we created (matches HappyPathHostedAgentTests pattern; prevents conversation leakage across runs).
    - ResponseHeaderCapturePolicy: drop unused LastRequestBody capture left over from diagnosis.
    
    Test still passes live (40s).
    
    * .NET: Hosted-Files: split into bundled vs session-file tool pairs
    
    The previous Hosted-Files agent only exposed bundled (image-baked) file
    knowledge. The platform also surfaces session-uploaded files at \C:\Users\rbarreto
    inside the per-session container per container-image-spec.md line 172
    (verified live by SessionFilesHostedAgentTests). The sample now teaches
    both patterns.
    
    Two distinct tool pairs, each scoped to its own root:
    
      Bundled (image-baked):    ListBundledFiles, ReadBundledFile
                                -> /app/resources/ (BUNDLED_FILES_DIR override)
    
      Session-uploaded (\C:\Users\rbarreto): ListSessionFiles, ReadSessionFile
                                -> \C:\Users\rbarreto (default /home/session per container spec)
    
    Security model -- distinct tools, distinct sandboxes:
      - Tool input is a fileName, not a path. Schema-level: model cannot
        request directories or traversals.
      - Path.GetFileName(input) strips any directory components.
      - Path.GetFullPath + StartsWith(root) check rejects anything outside
        the tool's root, mirroring FileSystemAgentFileStore.ResolveSafePath.
      - Read-only, non-recursive listing. No glob, no '..'.
      - Failures non-revealing: 'File <name> not found in <scope>.'
    
    The two roots are physically isolated (image-baked vs platform-mounted
    per-session volume). A bundled-root tool can never reach a session file
    and vice-versa, even if the implementation has a bug.
    
    README updated to document both flows, the security pattern, and cite
    the container-image-spec.md line 172 contract for \C:\Users\rbarreto. Live IT
    SessionFilesHostedAgentTests.UploadedFile_IsReadByHostedAgentAsync
    re-passed in 42s after the change (TestContainer is unchanged; the
    sample-agent split does not affect the IT).
    
    * .NET: Hosted-Files README - fix broken relative link to IT (4..5 dots)
  • .NET: Add Foundry.Hosting.IntegrationTests (#5598)
    * Foundry.Hosting.IntegrationTests: scaffold project, fixtures, and 24 tests
    
    Add a new integration test project for Foundry hosted agents alongside the existing Foundry.IntegrationTests project. The project provisions a real Foundry hosted agent per scenario via AgentAdministrationClient.CreateAgentVersionAsync, points it at a single test container image (built and pushed out of band by scripts/it-build-image.ps1 in a follow up commit), and exercises the agent through AIProjectClient.AsAIAgent.
    
    Six scenario fixtures are introduced, each pointing at the same image but selecting behavior via the IT_SCENARIO environment variable on the HostedAgentDefinition:
    - HappyPathHostedAgentFixture (round trip, multi turn, stored=false flag)
    - ToolCallingHostedAgentFixture (server side AIFunctions)
    - ToolCallingApprovalHostedAgentFixture (approval flow)
    - ToolboxHostedAgentFixture (Foundry toolbox)
    - McpToolboxHostedAgentFixture (MCP backed toolbox)
    - CustomStorageHostedAgentFixture (custom storage provider)
    
    24 tests across 6 test classes are scaffolded. All are tagged Skip pending the test container build and the end to end smoke iteration in follow up commits. Once the container is in place the Skip annotations can be removed scenario by scenario.
    
    Adds an IT_HOSTED_AGENT_IMAGE constant to the shared TestSettings so every IT project agrees on the env var name the build script emits.
    
    * Foundry.Hosting.IntegrationTests: add TestContainer, build script, slnx, README
    
    Adds the rest of the integration test infrastructure on top of the previous scaffolding commit:
    
    * Foundry.Hosting.IntegrationTests.TestContainer csproj and Program.cs implementing the multi scenario container (one image, IT_SCENARIO env var dispatches between happy-path, tool-calling, tool-calling-approval, toolbox, mcp-toolbox, and custom-storage). The toolbox, mcp-toolbox, and custom-storage branches are placeholders pending API surface stabilization.
    * Dockerfile and dockerignore in the test container project, using the contributor pattern matching the investigation work (host side dotnet publish, container only does COPY out/).
    * scripts/it-build-image.ps1 with mandatory Registry parameter (no hardcoded ACR), content hashed tags so unchanged source results in a no op push, and emits IT_HOSTED_AGENT_IMAGE for shells and CI to consume.
    * slnx entry for both new projects.
    * README in the IT project covering env vars, image build, scenario table, and current placeholder status.
    
    Steps still pending: end to end smoke (step 5) and CI workflow integration (step 6) require a live Foundry deployment and ACR push, so they land in follow up commits.
    
    * Foundry.Hosting.IntegrationTests: address PR 5598 review feedback
    
    Fix issues raised by Copilot review:
    
    * it-build-image.ps1: hash file contents, not the path list, so any source edit produces a fresh tag. Normalize Registry input by stripping scheme and trailing slash before deriving the ACR short name. Validate the short name is non empty.
    * HostedAgentFixture: route GetAgentAsync through _adminClient (which has the FoundryFeaturesPolicy attached) instead of through _projectClient.AgentAdministrationClient (which does not).
    * HostedAgentFixture FoundryFeaturesPolicy: replace Headers.Add with Remove plus Add so retries cannot accumulate duplicate headers.
    * HappyPath, ToolCalling, ToolCallingApproval, CustomStorage tests: create the AgentSession before turn 1 and reuse it for both turns. The previous pattern created the session after turn 1 so turn 2 had no link to turn 1, defeating the multi turn assertion.
    
    * .NET: Foundry.Hosting.IntegrationTests: constrain to net10.0 + dotnet format autofix
    
    - Set <TargetFrameworks>net10.0</TargetFrameworks>: the project references both
      Microsoft.Agents.AI.Foundry.Hosting (net8/9/10 only) and AgentConformance.IntegrationTests
      (net10.0;net472 — inherits the tests-default TFM list). The intersection is net10.0;
      the previous $(TargetFrameworksCore) triple caused NU1702 + System.Text.Json version
      conflicts on the net8.0/net9.0 builds because AgentConformance had no matching asset.
    - Apply `dotnet format` autofix on the test files (IDE0005, IDE0009, IDE0032, IMPORTS).
    
    * .NET: Foundry.Hosting.IntegrationTests.TestContainer/Program.cs: add UTF-8 BOM
    
    CI's check-format requires charset=utf-8-bom per .editorconfig.
    
    * Foundry.Hosting IntegrationTests: wire end-to-end CI flow against hosted agents
    
    Make the integration tests usable end-to-end against a live Foundry deployment, including
    a per-run rebuild of the test container so framework code changes are exercised.
    
    Fixture (HostedAgentFixture.cs)
    
    * Switch from per-run unique agent names to stable scenario-keyed names (it-happy-path,
      it-tool-calling, ...). The agent's managed identity carries the Azure AI User role on
      the project scope, which is required for inbound inference; deleting the agent recycles
      the MI and breaks that role assignment, so we keep the agent across runs and only churn
      versions.
    * Add IT_RUN_ID env var to defeat Foundry's content-addressed version dedup; otherwise a
      rerun just receives the existing version and Dispose deletes it.
    * PATCH the per-agent endpoint with AgentEndpointConfig (Responses protocol, version
      selector at 100% to the new version). Without this, /agents/{name}/endpoint/protocols/
      openai/responses returns HTTP 400.
    * Build a per-agent ProjectOpenAIClient (not the cached projectClient.ProjectOpenAIClient,
      which is bound to the project-level URL); set AgentName in options so the URL routes
      through the agent endpoint, and add the Foundry-Features header to the inference
      pipeline.
    * Use Versions (which serializes to container_protocol_versions) instead of the
      deprecated ProtocolVersions; the server now rejects the legacy field.
    * On Dispose, delete only the version this fixture created. Never delete the agent.
    
    Tests
    
    * Tag every HostedAgentTests class with [Trait("Category", "FoundryHostedAgents")] so the
      CI workflow can route them to a separate Foundry project than the rest of the
      integration suite.
    
    CI workflow (.github/workflows/dotnet-build-and-test.yml)
    
    * Add a foundryHosting paths-filter covering Microsoft.Agents.AI.Foundry.Hosting and its
      in-repo dependency chain (Foundry, Agents.AI, Agents.AI.Abstractions), the test
      container, the test fixture, Directory.Packages.props, the build script, and this
      workflow file. Skip the costly hosted-agent steps when none of those changed.
    * Add "Build and push Foundry Hosted Agents test container" step that invokes
      scripts/it-build-image.ps1 against vars.IT_HOSTED_AGENT_REGISTRY and pipes the resulting
      IT_HOSTED_AGENT_IMAGE=<tag> into GITHUB_ENV.
    * Add "Run Foundry Hosted Agents Integration Tests" step that filters in only the new
      trait, with AZURE_AI_PROJECT_ENDPOINT/AZURE_AI_MODEL_DEPLOYMENT_NAME pointed at
      IT_HOSTED_AGENT_PROJECT_ENDPOINT/IT_HOSTED_AGENT_MODEL_DEPLOYMENT_NAME (Tao project,
      East US 2; the SK IT project's region does not yet support hosted agents preview).
    * Exclude the new trait from the existing "Run Integration Tests" step.
    * TEMP: drop the != 'pull_request' guard on the new steps and on Azure CLI Login when the
      paths-filter triggers, so PR #5598 can validate the wiring before promoting to merge
      queue only. Restore the original guard after one green PR run.
    
    Build script (scripts/it-build-image.ps1)
    
    * Hash now spans TestContainer source AND its referenced framework projects so any
      framework code change forces a fresh tag and a real docker push; the previous
      TestContainer-only hash silently reused stale images on framework edits.
    
    Bootstrap script (dotnet/tests/Foundry.Hosting.IntegrationTests/scripts/it-bootstrap-agents.ps1)
    
    * New idempotent script that creates the six stable scenario agents and grants Azure AI
      User on the project scope to each agent's MI. Run once per Foundry project. Includes
      AAD-graph propagation retries because newly created MIs take time to appear there.
    
    README (dotnet/tests/Foundry.Hosting.IntegrationTests/README.md)
    
    * Document the bootstrap prerequisite, the regional caveat (East US 2 is the only region
      we have validated; East US returned "Unsupported region" at the time of writing), the
      per-run image rebuild, and the CI wiring including the SP RBAC requirements.
    
    SDK pin (TEMP)
    
    * Bump Microsoft.Agents.AI.Foundry.Hosting's Azure.AI.Projects VersionOverride to
      2.1.0-alpha.20260505.1 from the azure-sdk public daily feed (added to nuget.config).
      This release is the first that builds the per-agent inference URL as
      /agents/{name}/endpoint/protocols/openai (the 2.1.0-beta.1 release builds
      .../openai/openai/v1, which the server rejects). Revert both the feed and the override
      once the URL fix lands in a stable Azure.AI.Projects release.
    
    * Foundry.Hosting IntegrationTests: revert alpha SDK pin; move endpoint PATCH to bootstrap
    
    The alpha SDK pin (Azure.AI.Projects 2.1.0-alpha.20260505.1 from the azure-sdk public
    daily feed) was needed only for the URL routing fix and the strongly-typed
    AgentEndpointConfig/PatchAgentOptions wrapper. We do not need either right now: the
    fixture stays compatible with the public 2.1.0-beta.1 by moving the one-time endpoint
    PATCH to the bootstrap script (it sets version_selector to FixedRatio @latest, so each
    new fixture run becomes the served version automatically without a per-run PATCH from
    the test code). The hosted-agent invocation path will start working end-to-end once the
    URL routing fix lands in a stable Azure.AI.Projects release; until then the tests stay
    [Fact(Skip = ...)] as documented.
    
    * Revert dotnet/nuget.config: drop the azure-sdk-for-net public feed.
    * Revert Microsoft.Agents.AI.Foundry.Hosting.csproj VersionOverride to 2.1.0-beta.1.
    * Revert Microsoft.Agents.AI.Foundry.UnitTests and Microsoft.Agents.AI.Foundry.Hosting.UnitTests
      Azure.AI.Projects pin (they had been bumped to align Azure.Core 1.54 transitive).
    * Drop the AgentEndpointConfig PATCH block from HostedAgentFixture.cs (the type is
      alpha-only). Replace with a comment pointing at the bootstrap script.
    * Bootstrap script (it-bootstrap-agents.ps1) now also PATCHes each agent's endpoint
      with version_selector=@latest if not already set. Idempotent.
    
    * Foundry.Hosting IntegrationTests: drop accidentally committed filtered.slnx
    
    * Foundry.Hosting IntegrationTests: revert TEMP PR override on Azure CLI Login + IT steps
    
    The previous attempt to validate the new hosted-agent IT wiring on PR #5598 failed
    because the PR is from a fork (rogerbarreto/agent-framework-public). GitHub never passes
    environment secrets to fork PRs regardless of event-name guards on individual steps,
    so 'azure/login@v2' fails with 'client-id and tenant-id are not supplied'. Restore the
    original github.event_name != 'pull_request' guard. The new steps will execute on
    push to main and on merge_group runs.
    
    * Foundry.Hosting IntegrationTests: invoke build-and-push script with absolute path
    
    The pwsh shell on the GitHub Actions runner couldn't resolve ./scripts/it-build-image.ps1
    when the step had no working-directory set; the step inherits the runner's PWD which is
    not always the repo root after preceding steps. Use github.workspace explicitly to remove
    the ambiguity.
    
    * Foundry.Hosting IntegrationTests: move it-build-image.ps1 inside the IT project tree
    
    The previous location at scripts/it-build-image.ps1 lived outside the sparse-checkout
    paths the workflow uses (.github, dotnet, python, declarative-agents), so the runner
    never had the file when the new step tried to invoke it. Move the script next to its
    sibling it-bootstrap-agents.ps1 inside the IT project tree, and anchor its relative
    paths to the repo root via  so callers can invoke it from any PWD.
    
    * Move scripts/it-build-image.ps1 -> dotnet/tests/Foundry.Hosting.IntegrationTests/scripts/it-build-image.ps1
    * Add Push-Location to the resolved repo root inside the script (Pop-Location in finally)
      so the existing relative paths (TestContainerProject, hashed src dirs) keep working
      no matter where the script is invoked from.
    * Update the workflow path filter and the step's invocation path to the new location.
    
    * Foundry.Hosting IntegrationTests: enable 5 HappyPath tests on the live Foundry endpoint
    
    The fixture already constructs ProjectOpenAIClient via the per-agent path that beta.1
    supports (new ProjectOpenAIClient(uri, cred, opts { AgentName })), so no SDK pin bump
    is required to run the smoke tests end-to-end. Un-skip the 5 tests that pass against
    the live test container.
    
    Tests un-skipped (verified passing locally against tao-foundry-prj):
    
    * RunAsync_ReturnsNonEmptyTextAsync
    * RunStreamingAsync_YieldsAtLeastOneUpdateAsync
    * MultiTurn_WithPreviousResponseId_PreservesContextAsync
    * StoredFalse_Baseline_DoesNotPersistResponseAsync
    * Instructions_FromContainerDefinition_AreObeyedAsync
    
    Tests still skipped with a more specific reason (4 of 9 in HappyPath plus all
    ToolCalling*, McpToolbox, Toolbox, CustomStorage) because the test container does not
    yet emit usable response_id / conversation_id chains, and the placeholder scenarios are
    not implemented in the test container's Program.cs. These are test container limitations,
    not infra bugs, and can be un-skipped as the container surfaces stabilize.
    
    * Foundry.Hosting IntegrationTests: extract hosted IT into parallel job, add Workflows dep
    
    Address Wesley's review feedback on PR #5598:
    
    1. Pull Foundry hosted-agent IT into its own dotnet-foundry-hosted-it job that runs in parallel to dotnet-build and dotnet-test. Same path-filter gate keeps it skipped on unrelated edits. Builds only the filtered solution containing Foundry.Hosting.IntegrationTests and src deps. dotnet-build-and-test-check now waits on it too.
    
    2. Add Microsoft.Agents.AI.Workflows to the foundryHosting paths-filter and to hashedDirs in it-build-image.ps1 since Foundry.Hosting transitively depends on it.
    
    TFM constraint on the IT csproj stays at net10.0 because AgentConformance.IntegrationTests targets net10/net472 and is consumed by ~12 other IT projects on net472.
    
    ---------
    
    Co-authored-by: Roger Barreto <rbarreto@microsoft.com>