Commit Graph

960 Commits

  • .NET: Fix declarative workflow regressions for hosted agents (#5905)
    * Fix declarative workflow regressions for hosted agents
    
    Three regressions surfaced when running a declarative workflow as a
    Foundry hosted agent. Together they caused every condition group to fall
    through to elseActions and the raw agent JSON to leak to the caller.
    
    1. AgentProviderExtensions.InvokeAgentAsync forced autoSend to true
       whenever the agent ran on the workflow conversation, which overrode
       the explicit autoSend: false declared in workflow.yaml and streamed
       the raw structured-output JSON straight to the user. Honor the
       caller-supplied autoSend instead.
    
    2. IWorkflowContextExtensions.ReadState / QueueStateUpdateAsync /
       QueueStateResetAsync took the variable name and namespace alias
       directly from PropertyPath.VariableName / NamespaceAlias. Against
       Microsoft.Agents.ObjectModel 2026.2.4.1 those properties return null
       for a dotted reference such as `Local.Triage` even when
       SegmentCount == 2 and IsValid == true, so every assignment threw
       ArgumentNullException via Throw.IfNull. Fall back to Segments() to
       reconstruct the name and alias when the parser returns null.
    
    3. The same ObjectModel version no longer recognizes the user-facing
       `Local` scope alias: VariableScopeNames.IsValidName(`Local`)
       returns false and GetNamespaceFromName(`Local`) returns Unknown, so
       the declarative interpreter's IsManagedScope check fails and the
       State.Set call is silently skipped. Translate the `Local` alias to
       its canonical `Topic` form before forwarding to
       QueueStateUpdateAsync; WorkflowFormulaState.Bind continues to expose
       it as `Local` to PowerFx.
    
    Verified end-to-end against a deployed Foundry hosted agent: the
    declarative triage workflow now routes Technical / Billing / General
    inputs correctly and only the autoSend-eligible messages reach the
    caller.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Hosted-agent HITL: persist session across previous_response_id chains; run approved local AIFunctions
    
    Two regressions hit declarative workflows that use require_approval=true when
    the client chains turns via previous_response_id (no conversation_id):
    
    1. AgentFrameworkResponseHandler keyed the AgentSession store solely on
       conversation_id, so when only previous_response_id was present the
       StateBag (which holds ToolApprovalIdMap) was discarded after each turn.
       The next turn then threw 'No approval mapping recorded for wire id ...'
       in InputConverter.ConvertMcpApprovalResponse.
    
       Fix: fall back to previous_response_id on load and to context.ResponseId
       on save so the response-id chain becomes a valid session key. Conversation
       id remains preferred when present.
    
    2. InvokeFunctionToolExecutor.CaptureResponseAsync only acted on
       FunctionResultContent. In the hosted Foundry path the approval response
       arrives as a ToolApprovalResponseContent with no FunctionResultContent,
       so the local AIFunction never ran and downstream PropertyPath/SendActivity
       consumers (e.g. {Local.RefundResult}) saw empty values.
    
       Fix: when no FunctionResultContent matches but an approved
       ToolApprovalResponseContent does, look up the registered AIFunction by
       name on agentProvider.Functions and invoke it with the evaluated
       arguments, surfacing the result through the existing assignment path.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply PropertyPath workaround to initialization path; share + tidy helpers
    
    Address PR #5905 review feedback:
    
    * Move the PropertyPath VariableName/NamespaceAlias fallback and 'Local'
      -> 'Topic' scope remap into a shared internal PropertyPathExtensions
      helper. Materializes Segments() once, names the magic 'Local' alias
      as a const, and carries a TODO referencing the tracking issue.
    
    * Apply the same helper in WorkflowDiagnostics.InitializeDefaults so a
      declared default for a dotted variable like 'Local.Triage' is no
      longer silently skipped at workflow startup (closes the gap flagged
      by the reviewer: runtime ReadState/QueueStateUpdateAsync worked but
      state.Initialize did not).
    
    * Restore the previous strict failure mode on namespace alias by
      wrapping GetNamespaceAlias() in Throw.IfNull at call sites so a
      malformed single-segment path keeps failing fast rather than
      silently passing null to State.Get/Set.
    
    All 821 unit tests pass.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for AgentProviderExtensions.InvokeAgentAsync autoSend behavior
    
    Covers the autoSend regression fix: when the agent runs on the workflow conversation with autoSend=false, no AgentResponseUpdateEvent or AgentResponseEvent is added to the context. Also covers autoSend=true (events emitted) and autoSend=false on a non-workflow conversation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Surface SendActivity output via AgentResponseUpdateEvent
    
    SendActivityExecutor previously only emitted the activity text via YieldOutputAsync, which the runtime converts to an AgentResponseEvent. WorkflowSession gates AgentResponseEvent behind includeWorkflowOutputsInResponse, so when a host opts out of summary outputs (the default for AsAIAgent) the SendActivity reply is silently dropped.
    
    Mirror the pattern used by AgentProviderExtensions for autoSend agent invocations: also emit an AgentResponseUpdateEvent, which WorkflowSession yields unconditionally. This makes SendActivity reliably reach chat-protocol clients without requiring includeWorkflowOutputsInResponse = true (which would also duplicate autoSend agent output).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert previous_response_id session-key fallback
    
    The fallback let a session be keyed by an unbroken previous_response_id chain,
    but conversation_id is the right way to thread state across turns: it survives
    shared/branched chains (e.g. when another agent generates a response in between)
    and is the documented model for stateful clients. Restore conversation_id as the
    sole session key and rely on the client to thread it. The InvokeFunctionTool
    approval/local-function half of 1baf4af4d remains.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Set Foundry ProductContext per-executor instead of via PropertyPath workaround
    
    ObjectModel 2026.2.4.1 resolves PropertyPath.VariableName / NamespaceAlias and VariableScopeNames.IsValidName against AsyncLocal<ProductContext> at access time. In hosted-agent scenarios each HTTP request runs on a fresh async context where that AsyncLocal is default, so dotted refs like Local.Triage returned null and the Local scope alias was rejected.
    
    Replace the PropertyPathExtensions helper (which papered over both symptoms) with a single WorkflowDiagnostics.SetFoundryProduct() call at the entry of DeclarativeActionExecutor.HandleAsync. The set writes to the request's logical async context before any code reads PropertyPath, letting the existing parser and scope resolver work as designed.
    
    Validated: 824/824 declarative unit tests pass; technical/billing/general routes all dispatch correctly against a deployed Foundry hosted agent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback on InvokeFunctionToolExecutor
    
    - Surface registered-function lookup failures and invocation exceptions via FunctionResultContent.Exception instead of returning the error text as a successful Result, so downstream {Local.X} assignments can distinguish failures from successes.
    
    - Use AIJsonUtilities.DefaultOptions to JSON-serialize non-string function results (matching FunctionInvokingChatClient / ToolBridge), so complex types stay consumable by PropertyPath consumers instead of degrading to Object.ToString().
    
    - Drop the explicit System. prefix on StringComparison / Exception now that the file imports System.
    
    - Add AutoSendTrueOnExternalConversationEmitsResponseEventsAndCopiesMessagesAsync to cover the (autoSend: true, external conversation) quadrant, asserting that response events are emitted and that messages are mirrored to the workflow conversation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Honor AutoSendIsDefaultValue when computing autoSend
    
    AzureAgentOutput.AutoSend and InvokeToolOutput.AutoSend in
    Microsoft.Agents.ObjectModel 2026.2.4.1 are never null — they
    return a literal-false default when the YAML omits the field.
    The previous null check in Get/AutoSendValue therefore always
    fell through to evaluating the literal false, so every action
    whose YAML had any output block but no explicit autoSend was
    treated as autoSend = false. This was previously masked by
    `autoSend |= isWorkflowConversation` in AgentProviderExtensions
    (removed earlier in this PR to honor explicit autoSend: false),
    which silently re-enabled autoSend on the workflow conversation.
    
    Use AutoSendIsDefaultValue to distinguish an explicit autoSend
    value from the implicit default and treat the implicit default
    as true, restoring the historical behavior for ValidateCaseAsync
    InvokeAgent.yaml (3 InvokeAzureAgent actions, last one captures
    to Local.RatingResponse via output.messages with no autoSend
    specified) while keeping the hosted-agent fix that honors an
    explicit autoSend: false.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Surface x-ms-served-model header as ChatResponse.ModelId for Foundry agents (#5979)
    * .NET: Surface x-ms-served-model header as ChatResponse.ModelId for Foundry agents
    
    Mirrors Python PR #5910. Adds an internal SCM PipelinePolicy that reads the x-ms-served-model HTTP response header on Azure OpenAI Responses calls and writes it into an AsyncLocal box. A DelegatingChatClient sits between OpenTelemetry and the MEAI OpenAIResponsesChatClient and overwrites ChatResponse.ModelId with the served snapshot so OTel spans report the actual model rather than the deployment alias. Wired through all AsAIAgent paths in Microsoft.Agents.AI.Foundry.
    
    * .NET: Fix line endings and BOM on ResponsesAgentServedModelTests
    
    * .NET: Address Copilot review on Foundry served-model PR
    
    - Restore previous ServedModelScope in finally to avoid AsyncLocal leak into caller execution context.
    - Make served-model integration test assertion robust to deployment names that already match the snapshot pattern.
    - Broaden UnitTests csproj comment to cover all conditional removals (net8.0+ requirement).
    
    * .NET: Split ServedModelTests into per-SUT files with regions
    
    Split the combined ServedModelTests.cs into one test class per SUT:
    
    - ServedModelScopeTests.cs (AsyncLocal carrier)
    - ServedModelPolicyTests.cs (SCM pipeline policy)
    - ServedModelChatClientTests.cs (delegating client, with regions for Non-streaming / Streaming / End-to-end)
    
    Shared helpers and fake clients moved into ServedModelTestHelpers.cs.
    
    Csproj net8.0+ exclusion list updated accordingly.
    
    * .NET: Consolidate served-model logic into FoundryChatClient
    
    Move x-ms-served-model header capture from the standalone ServedModelChatClient
    decorator directly into FoundryChatClient, eliminating a separate wrapper that
    had to be applied at every Foundry entry point via WireServedModel().
    
    - Register ServedModelPolicy in FoundryChatClient constructors (alongside the
      existing AgentFrameworkUserAgentPolicy registration)
    - Add StrongBox push/read logic to FoundryChatClient.GetResponseAsync and
      GetStreamingResponseAsync
    - Delete ServedModelChatClient.cs and its unit tests
    - Remove WireServedModel() from FoundryAgent and AIProjectClientExtensions
    - Update ServedModelPolicy/Scope XML docs to reference FoundryChatClient
    - Simplify ServedModelTestHelpers to use FoundryChatClient directly
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add shell support to the HarnessAgent (#6005)
    * Add shell support to the HarnessAgent
    
    * Address PR comments
    
    * Address PR comments
  • .NET: Add additional openai specific error observers and move them to openai project (#6004)
    * Add additional openai specific error observers and move them to openai project
    
    * Address PR comments
  • .NET: Add background agents support to HarnessAgent (#5977)
    * Add background agents support to HarnessAgent
    
    * Add unit tests
    
    * Address PR comments
  • .NET: Promote FoundryChatClient to public, add file/vector-store helpers and ToPromptAgentAsync converter (#5940)
    * Consolidate Foundry chat client decorators into FoundryChatClient
    
    - Replace AzureAIProjectChatClient and AzureAIProjectResponsesChatClient with a single internal sealed FoundryChatClient that covers three modes (pure responses, server-side agent reference, hosted agent endpoint).
    - Rename AzureAIProjectChatClientExtensions to AIProjectClientExtensions to reflect that it extends AIProjectClient.
    - All four AsAIAgent extension overloads and both FoundryAgent constructors now construct FoundryChatClient internally so the microsoft.foundry telemetry tag is uniform across paths.
    - Introduce AgentFrameworkUserAgentPolicy that stamps agent-framework-dotnet/{version} on outbound requests, mirroring the Python agent-framework-python/{version} contract.
    - Delete the Foundry-local MeaiUserAgentPolicy duplicate; rely on MEAI 10.5.1 to stamp MEAI/{version} automatically.
    - HostedAgentUserAgentPolicy keeps the combined foundry-hosting/agent-framework-dotnet/{version} segment (Python parity) and upgrades the bare segment in place to avoid duplication.
    - Tests reorganized: FoundryChatClientTests, AIProjectClientExtensionsTests, AgentFrameworkUserAgentPolicyTests, MeaiAutoUserAgentVerificationTests, plus in-place upgrade unit tests in HostedOutboundUserAgentTests.
    
    * Promote FoundryChatClient to public; add file/vector-store helpers and ToPromptAgentAsync converter
    
    - Promote FoundryChatClient from internal sealed to public sealed for Python parity, so .NET developers can hold and pass a FoundryChatClient directly the way Python developers do.
    - Mode 3 (hosted agent endpoint) now materializes an AIProjectClient from the parsed project root, making GetService<AIProjectClient>() non-null across all three construction modes. This eliminates the per-mode asymmetry that previously hid project-level helpers from agents constructed via an agent endpoint URL.
    - Add four new instance methods on FoundryChatClient mirroring Python's spec: UploadFileAsync, DeleteFileAsync, CreateVectorStoreAsync (bundles upload + create + wait), DeleteVectorStoreAsync. Single overload each, path-only inputs to start; additional overloads can be added later without breaking callers. All are Experimental, consistent with the rest of the Foundry package.
    - Add ToPromptAgentAsync extension methods on ChatClientAgent and FoundryAgent for the agent-to-prompt-agent converter described in the Foundry spec. Mode 1 (responses API) synthesizes a DeclarativeAgentDefinition from the agent's ChatOptions; mode 2 (server-side agent reference, version, or record) returns the cached or freshly fetched Definition; mode 3 throws InvalidOperationException because no local definition exists to convert.
    - Strict AITool to ResponseTool mapping for mode 1: AIFunction becomes CreateFunctionTool with the function's JSON schema; AITool instances that wrap a ResponseTool unwrap via GetService(typeof(ResponseTool)); anything else throws InvalidOperationException naming the offending tool type. Matches the Python spec's unsupported-tools-raise-ValueError contract.
    - New unit tests: FoundryChatClientVectorStoreTests (22 tests covering all four helpers across the three FoundryChatClient construction modes plus validation and cancellation), FoundryPromptAgentConverterTests (16 tests covering both extension entry points across mode 1 synthesis, mode 2 cached and fetched paths, all failure modes, and a Python-parity guard asserting both extensions produce equivalent definitions for equivalent inputs), plus four new tests in FoundryChatClientTests for the mode 3 AIProjectClient materialization.
    
    * Stop building duplicate ProjectOpenAIClient in FoundryAgent agent-endpoint ctor
    
    After Plan #2's mode-3 AIProjectClient materialization, the inner FoundryChatClient already exposes a project-level AIProjectClient (via GetService) that internally provides the project-level ProjectOpenAIClient via GetProjectOpenAIClient(). FoundryAgent's agent-endpoint constructor was still independently constructing a second project-level ProjectOpenAIClient via the now-redundant CreateProjectLevelOpenAIClientFromAgentEndpoint helper — two handles to the same logical resource.
    
    Refactor: the agent-endpoint constructor now reads the inner FoundryChatClient's materialized AIProjectClient via base.GetService(typeof(AIProjectClient)) and derives the project-level ProjectOpenAIClient from it. The dead helper on both FoundryAgent (private static wrapper) and FoundryChatClient (the actual implementation) is removed. The user-supplied per-agent ClientPipelineOptions primitives (Transport, RetryPolicy, NetworkTimeout, UserAgentApplicationId) are propagated into the materialized AIProjectClientOptions so test-injected transports and explicit retry / timeout / user-agent settings reach the project-level pipeline — preserving the behavior the dead helper used to provide.
    
    Updated AgentEndpointConstructor_GetServiceAIProjectClient_ReturnsNull to its now-correct counterpart AgentEndpointConstructor_GetServiceAIProjectClient_ReturnsNonNull, since after Plan #2 the agent-endpoint ctor surfaces a non-null AIProjectClient (per user direction in Plan #2 Q2).
    
    * Strip duplicated AIProjectClient/ProjectOpenAIClient state from FoundryAgent
    
    Both _aiProjectClient and _projectOpenAIClient fields on FoundryAgent were redundant:
    
    - _aiProjectClient: FoundryAgent's GetService<AIProjectClient> override returned this field, but DelegatingAIAgent.GetService → ChatClientAgent.GetService → FoundryChatClient.GetService<AIProjectClient> already returns the same instance through the delegating chain. Field + override are pure duplication.
    
    - _projectOpenAIClient: only used by FoundryAgent's own GetService<ProjectOpenAIClient> override and by CreateConversationSessionAsync. Per user direction, ProjectOpenAIClient is no longer exposed via GetService on either FoundryChatClient or FoundryAgent — callers retrieve it from the AIProjectClient themselves (aiProjectClient.GetProjectOpenAIClient()) the same way the framework does internally. This eliminates the mode-3 asymmetry where the chat client's stored ProjectOpenAIClient was per-agent (URL /agents/{name}/endpoint/protocols/openai) while the agent's was project-level.
    
    Refactor:
    - Delete both fields on FoundryAgent and the GetService override.
    - Delete the ProjectOpenAIClient branch from FoundryChatClient.GetService.
    - CreateConversationSessionAsync now resolves AIProjectClient at call time via this.GetService<AIProjectClient>() and derives the conversations client from it.
    - Update FoundryChatClient tests that asserted on GetService<ProjectOpenAIClient> to assert Null (deliberate removal).
    - Update FoundryAgent tests AgentEndpointConstructor_GetServiceProjectOpenAIClient_ReturnsNonNull and ProjectEndpointConstructor_GetServiceProjectOpenAIClient_ReturnsNonNull to ...ReturnsNull, and rewrite AgentEndpointConstructor_PropagatesUserAgentApplicationId_ToProjectLevelClient to look up AIProjectClient instead.
    
    No production code (only tests) referenced GetService<ProjectOpenAIClient>, so this is a safe surface reduction. Net: 30 insertions, 61 deletions; FoundryAgent shrinks to a pure delegator with only the two convenience methods (CreateSessionAsync, CreateConversationSessionAsync) on top of the delegating chain.
    
    * Rename FoundryChatClient.HostedAgentName to AgentName and populate it for mode 2
    
    The previous name implied a mode 3 only property tied to the hosted-agent endpoint URL. Today only hosted endpoints surface this name, but conceptually an agent name exists for every server-side agent the client talks to. Renaming to AgentName makes the property general-purpose and ready for future modes where the same chat client may target other server-side agent shapes that are not necessarily 'hosted'.
    
    Mode 2 (server-side agent reference) now mirrors AgentReference.Name into AgentName so callers have a uniform handle regardless of construction mode:
    
    * Mode 1 (pure responses): AgentName is null. There is no agent.
    * Mode 2 (AgentReference): AgentName == AgentReference.Name.
    * Mode 3 (agent endpoint URL): AgentName is parsed from the URL segment as before.
    
    Converter discriminator update: FoundryPromptAgentConverter previously used 'HostedAgentName is not null' to detect mode 3 and reject it. Now that mode 2 also populates AgentName, the mode 3 guard moves to the end of the resolution chain and uses the unambiguous 'AgentName is set AND no AgentReference exists' test. The user-visible error message and behavior are preserved.
    
    Dead-state cleanup spotted during format verify:
    
    * IDE0052 surfaced that FoundryChatClient._projectOpenAIClient is never read since the prior refactor stopped exposing ProjectOpenAIClient via GetService and rewired CreateConversationSessionAsync to resolve the AIProjectClient through the delegating chain. The field is deleted and its three ctor assignments removed.
    * HostedAgentEndpointInner.PerAgentClient only existed to plumb the per-agent ProjectOpenAIClient into that now-deleted field, so the property and its ctor parameter are removed. The local 'perAgentClient' variable inside BuildHostedAgentEndpointInner is still needed to derive the inner IChatClient, but no longer escapes the helper.
    
    Tests:
    
    * Mode1_PureResponses_ReturnsNullForAgentSpecificServices now also asserts AgentName is null.
    * New Mode2_AgentReference_PopulatesAgentNameFromAgentReference asserts the mode 2 mirror.
    * Mode3_HostedAgentEndpoint_ParsesAgentNameFromUrl renamed assertion target HostedAgentName to AgentName.
    
    Verification: 335/335 net10.0, 273/273 net472 Foundry unit; 229/229 Foundry.Hosting unit; format-verify (WSL2 + Docker mcr.microsoft.com/dotnet/sdk:10.0) clean on Microsoft.Agents.AI.Foundry.
    
    * Adopt canonical mode names: Responses Agent, Prompt Agent, Agent Endpoint
    
    Three FoundryChatClient construction modes now have one canonical noun used everywhere.
    
    * Responses Agent (Mode 1): inline ChatClientAgent, project-level Responses API, no server-side def.
    * Prompt Agent (Mode 2): server-side ProjectsAgentDefinition invoked by AgentReference.
    * Agent Endpoint (Mode 3): per-agent URL /agents/{name}/endpoint/protocols/openai. Hosted-or-not.
    
    'Hosted' stays the kind of agent (Microsoft.Agents.AI.Foundry.Hosting). Not synonym of Mode 3.
    
    Rings:
    1. XML docs + error messages use canonical names. en-GB to en-US: centralises, synthesise.
    2. HostedAgentEndpointInner -> AgentEndpointInner, BuildHostedAgentEndpointInner -> BuildAgentEndpointInner.
    3. Tests: Mode1_PureResponses_* -> Mode1_ResponsesAgent_*, Mode2_AgentReference_* -> Mode2_PromptAgent_*, Mode3_HostedAgentEndpoint_* -> Mode3_AgentEndpoint_*.
    
    Pure rename. No behavior change. 335/335 net10 + 273/273 net472 unit, format clean.
    
    * Address PR #5940 design feedback (Q-A through Q-F)
    
    Q-A: poll vector store til status leaves InProgress before return. Exp backoff 250ms-2s. Honor cancel.
    Q-B: try/catch upload loop. Mid-fail = best-effort DeleteFileAsync on already-uploaded ids. Swallow cleanup errors.
    Q-C: pinned AgentReference.Version uses GetAgentVersionAsync. Empty/whitespace/'latest' = GetLatest path.
    Q-D: HostedAgentUserAgentPolicy detects existing combined 'foundry-hosting/...' segment. No double prefix.
    Q-E: mode-3 vector-store test uses fake transport. No DNS to example.com.
    Q-F: no shim. Class always [Experimental] (since 8015e00f5, before dotnet-1.0.0). No compat contract. Callers rename to AIProjectClientExtensions.
    
    Rebase onto origin/main reconciliation: aad20c2b3 added public AsAIAgent(this AIProjectClient, Uri agentEndpoint, ...) extension that calls an internal FoundryAgent(AIProjectClient, Uri, ...) ctor. Reintroduced that ctor + a new FoundryChatClient(AIProjectClient, Uri, ProjectOpenAIClientOptions?) overload that reuses the supplied AIProjectClient's pipeline (via GetProjectResponsesClientForAgentEndpoint) instead of stamping a fresh credential.
    
    Verified: 346/346 net10 + 284/284 net472 Foundry unit, 230/230 Foundry.Hosting unit, format clean.
    
    * Add FoundryAgent helper extensions: UploadFile/DeleteFile/CreateVectorStore/DeleteVectorStore
    
    4 thin forwarders on FoundryAgent that route to the inner FoundryChatClient's helpers via agent.GetService<FoundryChatClient>().X(). Live in existing FoundryAgentExtensions.cs alongside ToPromptAgentAsync.
    
    Throws InvalidOperationException when agent does not expose a FoundryChatClient via GetService (same pattern as ToPromptAgentAsync).
    
    Unit tests: FoundryAgentExtensionsTests covers all 4 forwarders + null-agent ArgumentNullException for each. 8 new tests, 354/354 net10 + 292/292 net472.
    
    Integration tests: parallel FoundryAgentExtensionsTests under Foundry.IntegrationTests mirrors the existing CreateAgent_CreatesAgentWithVectorStoresAsync shape (upload -> create vector store -> FileSearch tool answers question -> cleanup), but routes every helper call through the new FoundryAgent extensions. 4 new IT tests, all verified pass live against the real Foundry project (12-30s each). Skipped by default like the existing vector-store IT.
    
    * Address Sergey's PR review comments
    
    #1 (FoundryAgent.cs:139): drop unused aiProjectClient param from internal FoundryAgent(AIProjectClient, ChatClientAgent) ctor. Was discarded after null-check. Inner FoundryChatClient already surfaces AIProjectClient via GetService. 3 call sites in AIProjectClientExtensions updated.
    
    #2 (FoundryChatClient.cs:376): add pollingTimeout param to CreateVectorStoreAsync. Defaults to 5 min, configurable, Timeout.InfiniteTimeSpan disables. Throws TimeoutException with vector store id and elapsed seconds when bound exceeded. CancellationToken still wins. New unit test PollingTimeout_ThrowsTimeoutExceptionAsync. FoundryAgentExtensions forwarder updated to plumb the new param.
    
    Verified: 355/355 net10 + 293/293 net472 Foundry unit, 230/230 Foundry.Hosting unit, format clean.
  • .NET: Add A2AAgentOptions and align A2AAgent constructors with ChatClientAgent pattern (#5954)
    * .NET: Add A2AAgentOptions and align A2AAgent constructors with ChatClientAgent pattern
    
    Adds a new A2AAgentOptions class (Id, Name, Description, Clone) and an options-based constructor on A2AAgent, mirroring ChatClientAgent/ChatClientAgentOptions. The existing parameter-based constructor is preserved for backward compatibility and now delegates to the options-based one.
    
    Extension methods are extended with options-based overloads:
    
    - A2AClientExtensions.AsAIAgent(IA2AClient, A2AAgentOptions, ...)
    
    - A2AAgentCardExtensions.AsAIAgent(AgentCard, A2AAgentOptions, ...)
    
    - A2ACardResolverExtensions.GetAIAgentAsync(A2ACardResolver, A2AAgentOptions, ...)
    
    For card-based creation, user-supplied options override values from the agent card; Name and Description fall back to card values when not set.
    
    Options are cloned when stored on the agent to prevent post-construction mutation, matching the ChatClientAgent pattern.
    
    Resolves #5870.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review comments
    
    - Add Throw.IfNull(client) in A2AClientExtensions.AsAIAgent
    
    - Add Throw.IfNull(card) in A2AAgentCardExtensions.AsAIAgent
    
    - Clarify httpClient docs in A2ACardResolverExtensions.GetAIAgentAsync: it applies to the created A2A client, not to card discovery
    
    - Rename test methods from GetAIAgent_* to AsAIAgent_* to match the API under test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Reduce re-rendering in harness console (#5953)
    * Reduce re-rendering in harness console
    
    * Address PR comments
    
    * Fix broken merge
  • .NET: Harness code act skill sample (#5930)
    * Add sample that shows code execution and skills together
    
    * Use nuget for python module path
    
    * Update readme.
    
    * Fix formatting.
    
    * Reduce flashing in rendering.
    
    * Improve screen clearing for Powershell
    
    * Add a couple of small UX fixes
  • .NET: Delegate MCP ContentBlock to AIContent conversion to the MCP SDK (#5903)
    * Add sample for invoking Foundry Toolbox tools from declarative workflows
    
    * Addressed initial PR comments.
    
    * Delegate MCP ContentBlock to AIContent conversion to the MCP SDK
    
    * Addressed additional properties metadata in the conversion fallback.
  • .NET: Bump Azure.AI.Projects to 2.1.0-beta.2 and add agent-endpoint AsAIAgent path (#5899)
    * .NET: Bump Azure.AI.Projects to 2.1.0-beta.2 and add agent-endpoint AsAIAgent path
    
    Bumps Azure.AI.Projects to 2.1.0-beta.2 with the matching transitive pins (Azure.Core 1.55.0, System.ClientModel 1.11.0).
    
    Foundry agent endpoint plumbing:
    * FoundryAgent now routes the agent-endpoint constructor through the new GetProjectResponsesClientForAgentEndpoint helper.
    * Adds an internal FoundryAgent ctor that takes an existing AIProjectClient plus a parsed agent endpoint so the public extension does not need to construct a second project client.
    * Adds public AIProjectClient.AsAIAgent(Uri agentEndpoint, ...) extension. This is the path consumer samples are expected to use for hosted agents because version selection happens server-side.
    * Trims the dangling "If you want to construct a FoundryAgent against a project endpoint..." sentence from ParseAgentEndpoint.
    
    Unit tests:
    * Four new tests in AzureAIProjectChatClientExtensionsTests cover the AIProjectClient.AsAIAgent(Uri agentEndpoint, ...) overload. 263/263 pass.
    
    Consumer samples (Using-Samples):
    * SimpleAgent and SessionFilesClient now read AZURE_AI_PROJECT_ENDPOINT and AZURE_AI_AGENT_NAME (both required, throw on missing), derive the agent endpoint with new Uri($"{projectEndpoint}/agents/{agentName}/endpoint/protocols/openai"), then call aiProjectClient.AsAIAgent(agentEndpoint, ...).
    * SessionFilesClient README updated.
    
    Contributor samples (responses/*):
    * New HostedContributorRouteExtensions.MapDevTemporaryLocalAgentEndpoint() wildcard route extension so localhost contributor servers accept the per-agent OpenAI endpoint shape the production Hosted runtime exposes.
    * All 11 contributor Program.cs files call MapDevTemporaryLocalAgentEndpoint() with a contributor-only warning comment.
    * Hosted-Files and Hosted-AzureSearchRag were importing Hosted_Shared_Contributor_Setup but never calling AddDevTemporaryLocalContributorSetup(). Both now call it so HostedSessionIsolationKeyProvider resolves correctly in dev.
    * Hosted-AzureSearchRag, Hosted-Files, Hosted-MemoryAgent csprojs drop stale VersionOverride="2.1.0-beta.1" pins.
    * Hosted-AzureSearchRag and Hosted-Files csprojs add ProjectReference to Hosted_Shared_Contributor_Setup.
    * Hosted-Observability/.dockerignore removed the out/ exclusion that was blocking COPY out/ . in Dockerfile.contributor.
    
    Verified:
    * Full solution-scoped build of changed projects: green.
    * Scoped CI-parity dotnet format via WSL2 + Docker (mcr.microsoft.com/dotnet/sdk:10.0) over every changed csproj: clean.
    * Foundry unit tests: 263/263.
    * Contributor docker smoke for 8 hosted samples (publish + docker build + docker run + curl POST to the wildcard route): HTTP 200 / 500 with route matched.
    * End-to-end smoke against the real Azure Foundry project with a fresh bearer token: Hosted-Files contributor container served HTTP 200, the agent invoked ListBundledFiles, and returned the expected file name.
    
    * Address PR review: forward pipeline settings; add UTs
    
    - CreateProjectClientOptions also carries RetryPolicy, NetworkTimeout, ClientLoggingOptions, MessageLoggingPolicy (was Transport+UserAgentApplicationId only).
    
    - Make CreateProjectClientOptions internal so tests can verify the copy directly.
    
    - Add AsAIAgent(Uri) UTs covering tools forwarding to inner ChatOptions and null tools handling.
    
    - Add CreateProjectClientOptions UTs covering null caller and full pipeline-settings copy.
  • .NET: Add ability to export/import sessions in harness console (#5920)
    * Add ability to export/import sessions in harness console
    
    * Address PR comments
  • .NET: Add otel file logging and switch samples to projects client with store=true (#5924)
    * Add otel file logging and switch samples to projects client with store=true
    
    * Fix formatting and remove rogue file
  • .NET: Require TODO finish reason and rename SubAgents to BackgroundAgents (#5902)
    * Require TODO finish reason and rename SubAgents to BackgroundAgents
    
    * Address PR comments
  • .NET: Adding default providers and tools to HarnessAgent (#5896)
    * Adding default providers and tools to HarnessAgent
    
    * Address PR comments
    
    * Add further comments to clarify certain setings.
    
    * Apply suggestion from @SergeyMenshykh
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
  • .NET: fix: avoid AGUI tool result message id collisions (#5800)
    * fix: avoid AGUI tool result message id collisions
    
    * fix: split mixed tool result message ids
  • .NET: Add observer for OpenAIWebSearch (#5894)
    * Add observer for OpenAIWebSearch
    
    * Update reference in comment
    
    * Use types where possible.
  • .NET: Fix bug in store-false helper to ensure addition rather than replacement (#5895)
    * Fix bug in store-false helper to ensure addition rather than replacement
    
    * Address PR comments
  • .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692) (#5702)
    * .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692)
    
    Adds HostedSessionContext + HostedSessionIsolationKeyProvider in Microsoft.Agents.AI.Foundry.Hosting so AIContextProviders (notably FoundryMemoryProvider) can scope per user via the platform's x-agent-user-isolation-key / x-agent-chat-isolation-key headers.
    
    - New types: HostedSessionContext (sealed), HostedSessionContextExtensions (public Get, internal Set), abstract HostedSessionIsolationKeyProvider (async), internal PlatformHostedSessionIsolationKeyProvider mapping ResponseContext.Isolation.
    
    - AgentFrameworkResponseHandler now resolves the provider, tags fresh sessions, and validates resumed sessions against the live request (strict 403 'Hosted session identity context mismatch' on any mismatch; 500 on null keys).
    
    - New shared sample project Hosted_Shared_Contributor_Setup hosts DevTemporaryTokenCredential and DevTemporaryLocalSessionIsolationKeyProvider plus AddDevTemporaryLocalContributorSetup. All 9 existing responses samples migrated to consume it so local runs keep working under the strict isolation contract.
    
    - New Hosted-MemoryAgent sample: travel assistant wired through FoundryMemoryProvider with stateInitializer reading session.GetHostedContext().UserId. Includes Dockerfile, smoke.ps1, agent.yaml/manifest.
    
    - New IT scenario 'memory' in Foundry.Hosting.IntegrationTests + MemoryHostedAgentFixture + MemoryHostedAgentTests. Verified end to end against the tao Foundry project.
    
    - ADR 0026 captures the design tree.
    
    * Address PR review feedback
    
    - Dockerfile: add header noting it targets NuGet builds; contributors must use Dockerfile.contributor for ProjectReference source builds.
    
    - PlatformHostedSessionIsolationKeyProvider: doc said 'returns context with empty values'; corrected to 'returns null' which the handler treats as 500.
    
    - FakeHostedSessionIsolationKeyProvider: doc clarifies that null configurations are allowed for testing the handler error path.
    
    - HostedSessionContextExtensions.SetHostedContext: enforce write-once with InvalidOperationException; doc + xml exception updated.
    
    - AgentFrameworkResponseHandler: cache PlatformHostedSessionIsolationKeyProvider as static readonly to avoid per-request allocation.
    
    - MemoryHostedAgentTests: tighten waits from 20s to 5s (FoundryMemoryProvider defaults UpdateDelay=0; ingestion ~3s).
    
    - Sample Program.cs imports reordered to satisfy IDE0005.
    
    * Add HostedFoundryMemoryProviderScopes built-in helpers (#5692)
    
    Addresses review feedback from @lokitoth on Hosted-MemoryAgent/Program.cs:54.
    
    - New HostedFoundryMemoryProviderScopes static class with PerUser, PerChat, PerUserAndChat factories returning Func<AgentSession?, FoundryMemoryProvider.State>.
    
    - All helpers throw InvalidOperationException when GetHostedContext() is null, with a message pointing at writing a custom stateInitializer for non-hosted scenarios.
    
    - New HostedFoundryMemoryScope enum and AddHostedFoundryMemoryProvider DI extension (two overloads: explicit AIProjectClient and DI-resolved). Singleton lifetime. Default scope = PerUser.
    
    - Hosted-MemoryAgent sample and the memory IT scenario container both swap their inline lambdas for HostedFoundryMemoryProviderScopes.PerUser().
    
    - 14 new unit tests (241/241 hosting unit tests pass).
    
    * Replace HostedFoundryMemoryScope enum with Func<...> parameter (#5692)
    
    Address PR review feedback from @westey-m: enums are a breaking-change hazard when extended, and the enum was redundant with the existing HostedFoundryMemoryProviderScopes static class.
    
    - Delete HostedFoundryMemoryScope.cs.
    
    - AddHostedFoundryMemoryProvider DI extensions now take Func<AgentSession?, FoundryMemoryProvider.State>? stateInitializer = null. When null, default to HostedFoundryMemoryProviderScopes.PerUser().
    
    - Callers pick a built-in helper (PerUser/PerChat/PerUserAndChat) or pass a custom delegate. New built-ins are a single static method addition with zero impact on existing callers.
    
    - Tests updated; 244/244 hosting unit tests pass.
    
    * Fix isolation context resume for externally-created conversations (#5692)
    
    Branch on the session's existing hosted-context (not on conversation_id presence) so a conversation provisioned externally (e.g. via conversations.CreateProjectConversationAsync) is treated as fresh on first hosted-agent request and stamped, rather than rejected with 403 hosted_session_identity_mismatch. Strict equality is preserved on real resume of an already-stamped session.
    
    Also tighten dotnet/global.json to version 10.0.204 + rollForward latestPatch so local builds match the CI Docker image SDK and avoid 10.0.300 dotnet format stripping required usings.
    
    * Revert global.json SDK pin to upstream (#5692)
    
    The 10.0.204 + latestPatch pin from the previous commit broke the dotnet-format CI job (hostfxr_resolve_sdk2 could not find a compatible SDK in the mcr.microsoft.com/dotnet/sdk:10.0 image). Restore upstream 10.0.200 + minor; local Release builds with SDK 10.0.300 should set GITHUB_ACTIONS=true to bypass the auto-format-on-build target.
  • .NET: Add Magentic E2E workflow coverage (#5833)
    * Add E2E test plan for Magentic orchestrator
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/96d76349-1ffd-482b-a3ee-ed208778b1bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add MagenticOrchestrationTests.cs scaffold for Magentic E2E tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/44a4fd8a-3828-40e5-9435-90381aeffdb8
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix MagenticOrchestrator output declaration and add first E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/322c9e2d-59bc-42ad-9a1e-f6fd4c866b26
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add plan review test and event emission tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/322c9e2d-59bc-42ad-9a1e-f6fd4c866b26
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add next speaker validation test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/322c9e2d-59bc-42ad-9a1e-f6fd4c866b26
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Magentic E2E implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/b2c60ce7-4d05-4a0d-b05d-d4284f5b7bb3
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add PlanSignoff_Disabled_Proceeds_Immediately E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add NextSpeaker_Empty_Falls_Back_To_First E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Task_Completes_After_Multiple_Rounds E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add PlanReview_Revised_Triggers_Replan E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add MaxRoundLimit_Terminates_Workflow E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add MaxStallCount_Triggers_Reset E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update MagenticE2E_ImplementationReview.md with full coverage status
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6e8bca46-448d-4f21-a7e9-240179571970
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite Magentic E2E implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/1f878ef4-61b0-410a-a8bc-ebf618b3e5de
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add MaxResetLimit_Terminates_Workflow E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/aba19507-7c7e-40dd-850d-d1fabb5dfa65
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add PlanReview_On_Stall_Replan E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/aba19507-7c7e-40dd-850d-d1fabb5dfa65
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Instruction_Message_Sent_When_Present E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/aba19507-7c7e-40dd-850d-d1fabb5dfa65
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update ImplementationReview.md to reflect 14 tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/aba19507-7c7e-40dd-850d-d1fabb5dfa65
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite Magentic E2E implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6fe88a80-2e05-40d5-9539-ca7c59b9022b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add ProgressLedger_Retry_On_Parse_Failure E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/125f6628-6b3b-4c51-9a51-ae84baece6bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add ProgressLedger_Max_Retries_Triggers_Reset E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/125f6628-6b3b-4c51-9a51-ae84baece6bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Stall_NoProgress_Increments_StallCount E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/125f6628-6b3b-4c51-9a51-ae84baece6bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add PlanReview_Multiple_Revisions E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/125f6628-6b3b-4c51-9a51-ae84baece6bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update ImplementationReview.md to reflect 18 tests and new coverage
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/125f6628-6b3b-4c51-9a51-ae84baece6bb
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite Magentic E2E implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/21f3b1ae-183e-4fea-99ad-14efc19f084d
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Preserve IsStalled on stall-triggered plan review requests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/1b9e74e8-69e1-43f2-8467-c5ba963c2622
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rename isStalled parameter to replanAfterStall for clarity
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/1b9e74e8-69e1-43f2-8467-c5ba963c2622
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Task_Delegates_To_Correct_Agent E2E test with multi-participant routing assertion
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/9b34e409-61b8-4650-ae55-34efad034ed0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Progress_Made_Decrements_StallCount E2E test verifying stall count decrement avoids reset
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/9b34e409-61b8-4650-ae55-34efad034ed0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add Consecutive_Stalls_Trigger_Reset E2E test for multi-stall threshold reset
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/9b34e409-61b8-4650-ae55-34efad034ed0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Magentic E2E: preserve IsStalled on stall-triggered plan reviews, add routing/stall tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/9b34e409-61b8-4650-ae55-34efad034ed0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix replan-on-every-turn: skip plan on agent return; align StallCount to > (match Python)
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/43e46b0d-4263-4353-856a-c3730abb1734
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update implementation review doc for replan-fix and stall threshold alignment
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/43e46b0d-4263-4353-856a-c3730abb1734
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite Magentic E2E implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/3d15763b-3a68-488e-9412-3fa280e083c0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update stall docs to use > semantics, skip checkpoint-state tests, simplify NextSpeaker fallback test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/cc9ea5a8-84d8-4b6d-bb60-ac9619824d81
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite Magentic implementation review
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/ed87670a-bf4d-4ba5-a2f3-395a2eead9de
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add empty-team validation to MagenticWorkflowBuilder.Build() and E2E test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e490fdf7-f107-4fde-ba1f-efdfd9a729c6
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add IsTerminated guard to TakeTurnAsync and post-termination rejection test
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e490fdf7-f107-4fde-ba1f-efdfd9a729c6
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Rewrite ImplementationReview.md with final 23-test status
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e490fdf7-f107-4fde-ba1f-efdfd9a729c6
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add PR description markdown
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/df9b4579-10c3-4bfb-927e-da3a0e70009e
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Remove temporary markdown files
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/b3e67553-a3a3-4282-98f2-afd8ad7a6b5d
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix IDE1006: add Async suffix to async test methods in MagenticOrchestrationTests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/629fcc07-865e-4832-9e59-ea13df561c5a
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Update error messages per review comments in MagenticOrchestrator and MagenticWorkflowBuilder
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/053e5ded-81e3-4e56-acf1-2a8a939a04b0
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Escape JSON string values in CreateProgressLedgerResponse test helper
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/ec610c61-0a14-44e2-82fd-1cf35e85d6cc
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: fix: allow naming handoff workflows (#5799)
    * fix: allow naming handoff workflows
    
    * Only set name/description if not NullOrWhitespace
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Jacob Alber <jalber@fernir.com>
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: Add Workflow Builder Specialized Edge tests (#5826)
    * Add workflow builder edge tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/3c3d5324-cdcd-4a38-8c67-94e4e78e29c5
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Strengthen workflow edge helper tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Normalize edge helper bad input validation
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Clarify edge helper target validation
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Use explicit target parameter names
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Document workflow edge test helpers
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Clarify null element validation messages
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add repeated chain executor coverage
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Preserve Throw helper validation style
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Cover empty switch case targets
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Relax builder null assertion parameter checks
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/af831ee2-0a99-4427-9ffd-a3b5022c1b3b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Inline ValidateTargets into call sites
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/cb9a6a6a-02c7-41a8-a4b4-da16ad62ef86
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Refactor ForwardExcept with TFM-specialized TryGetNonEnumeratedCount
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/b081f61f-93ce-45dc-abbd-82c465395470
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Use TFM-specialized count check: TryGetNonEnumeratedCount for NET6+, ICollection pattern for NETFX
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/8ec28a43-e7b7-456e-8d8e-921511b4accc
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Apply TFM-specialized count check to ForwardMessage as well
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/9238ea32-a3e8-4b83-9683-484ad400071f
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Address review feedback: simplify Throw.IfNull in SwitchBuilder per westey-m suggestion
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/299950fd-4457-47f3-a373-f65d601b7ea5
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Use indexed parameter name in SwitchBuilder Throw.IfNull: executors[index]
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/c5655707-5b0b-44f3-98a9-5f3961e32cfe
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Revert #if NET6_0_OR_GREATER back to #if NET; inline executorIndex++
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/c5655707-5b0b-44f3-98a9-5f3961e32cfe
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Add comment explaining unusual Throw.IfNull use for null elements inside collection
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/c5655707-5b0b-44f3-98a9-5f3961e32cfe
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: Fix flaky InputWaiter_WaitForInputAsync_BlocksUntilSignaledAsync (#5835)
    * test: remove finite timeout in BlocksUntilSignaledAsync to fix race
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/962b7404-4266-4a16-906c-ba3e607c2764
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * address review: clarify comment, add timeout test, cross-reference test names
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e406a5f2-ad31-4d37-b090-69e10713f885
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: Add sample for invoking Foundry Toolbox tools from declarative workflows (#5829)
    * Add sample for invoking Foundry Toolbox tools from declarative workflows
    
    * Addressed initial PR comments.
  • .NET: Harness console refactoring (#5811)
    * Restructure harness console so that reactive app is the entry point
    
    * Further refactoring to split tool formatters, improve UX, make console configurable and fix bugs
    
    * Address PR comments.
    
    * UX tweak
    
    * Fix streaming text bug
    
    * Address PR comments.
  • .NET: Add Executor RouteBuilder Unit Tests (#5824)
    * Add RouteBuilder unit tests
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/012f3b3b-acb9-4869-9084-b767cbe1885b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Address RouteBuilder test review feedback
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/012f3b3b-acb9-4869-9084-b767cbe1885b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix RouteBuilder test nullability warning
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/012f3b3b-acb9-4869-9084-b767cbe1885b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Refine RouteBuilder test helpers
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/012f3b3b-acb9-4869-9084-b767cbe1885b
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Refactor overload int constants to HandlerOverload enum
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/19397f58-a88a-41cf-bd85-588f520e0d0f
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix ValueTask compatibility with .NET Framework 4.7.2
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a8437809-0898-43a6-a950-09eb3417f58a
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * Fix IDE0001 format errors - simplify generic type names
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/8573214e-ec42-4969-ba94-76bdc8ad3e59
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: DevUI: quarantine flaky discovery integration test (#5845) (#5846)
    TestServerWithDevUI_ResolvesMixedAgentsAndWorkflows_AllRegistrationsAsync fails intermittently in the merge_group with NRE on the discovery response, blocking PRs unrelated to DevUI from merging. Skip via Fact(Skip=...) referencing #5845 while the underlying race is investigated.
  • .NET: Filestore improvements (#5842)
    * Filestore improvements
    
    * Address PR comments
  • Fix CA1873 in DevUI by using LoggerMessage source generator (#5831)
    Replaces two ILogger.LogWarning(string, params object?[]) calls in DevUIAuthFilter and DevUIExtensions with allocation-free [LoggerMessage] partial methods on a new internal DevUILog class. Preserves original message templates and structured property names ({RemoteIp}, {EnvVar}).
    
    Co-authored-by: alliscode <25218250+alliscode@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: feat(evals): add ground_truth/expected_output support for workflow evaluation (#5755)
    * .NET: feat(evals): add ground_truth/expected_output support for workflow eval
    
    Brings .NET to parity with Python PR #5234 for issue #5135:
    
    - Add expectedOutput parameter to Run.EvaluateAsync (workflow) and stamp on the overall EvalItem.ExpectedOutput.
    - Map EvalItem.ExpectedOutput -> ground_truth in the Foundry JSONL payload, item_schema, and data_mapping for similarity.
    - Add GroundTruthEvaluators set (currently builtin.similarity) and a FindMissingGroundTruthEvaluators helper.
    - Fail fast with InvalidOperationException when a ground-truth evaluator is selected but no item provides an ExpectedOutput, instead of surfacing a remote provider error.
    - Add tests in FoundryEvalConverterTests and WorkflowEvaluationTests.
    - Add Evaluation_WorkflowExpectedOutputs sample (workflow + Foundry similarity).
    
    Fixes microsoft/agent-framework#5135 (.NET side).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review: relax BuildOverallItem events to IReadOnlyList<WorkflowEvent>
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Sample: disable per-agent breakdown when using reference-based evaluator
    
    Per-agent EvalItems are intentionally left without ExpectedOutput, so the new fail-fast validation in FoundryEvals would throw when Similarity is invoked for per-agent items. Pass includePerAgent: false in the workflow + similarity sample, and document this gotcha in the EvaluateAsync XML doc.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix BuildOverallItem: fall back to last ExecutorCompletedEvent
    
    AgentResponseEvent is only emitted when AIAgentHostOptions.EmitAgentResponseEvents is enabled, which is not the default for WorkflowBuilder(agent).AddEdge(...). When it is absent, fall back to the last non-internal ExecutorCompletedEvent whose Data is an AgentResponse / ChatMessage / string so the overall EvalItem (and any expectedOutput) is produced. Without this, samples wired up the standard way returned 0 evaluation items.
    
    Update test to cover the fallback path.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Sample: enable EmitAgentResponseEvents; eval throws clear error when no overall response found
    
    Root cause of '0 results': AIAgentHostExecutor only emits AgentResponseEvent when AIAgentHostOptions.EmitAgentResponseEvents is true (default false). For ordinary AIAgent executors the runtime's ExecutorCompletedEvent.Data is null, so the prior fallback couldn't find a final response either.
    
    Sample now builds executors with EmitAgentResponseEvents=true via BindAsExecutor(hostOptions). EvaluateAsync now throws InvalidOperationException with a remediation hint when the user supplies expectedOutput but no overall final response can be located, instead of silently returning 0/0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Guard against null sample/error/usage/datasource_item in ParseDetailedItem
    
    Foundry eval responses can have these properties present with JSON null
    or non-object values, which caused JsonElement.TryGetProperty to throw
    'requires Object, has Null'. Check ValueKind == Object before drilling in.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: reorder expectedOutput, tighten ground-truth check, add fail-fast test
    
    * WorkflowEvaluationExtensions.EvaluateAsync: move 'expectedOutput' to
      after 'splitter' so the original positional contract of (splitter,
      cancellationToken) is preserved for existing callers.
    * FoundryEvals: require ALL items to carry ExpectedOutput when a
      ground-truth evaluator is selected (e.g. similarity), not just any.
      Reference-based evaluators score per-item, so a single missing GT
      would still surface as a provider-side validation error. Updated
      fail-fast message accordingly.
    * WorkflowEvaluationTests: add EvaluateAsync_WithExpectedOutputButNoFinalResponse_ThrowsAsync
      to verify the InvalidOperationException is thrown (and that the
      message mentions EmitAgentResponseEvents).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fail-fast on missing overall item regardless of expectedOutput; harden BuildOverallItem default
    
    * EvaluateAsync now throws InvalidOperationException whenever 'includeOverall'
      is requested but BuildOverallItem cannot produce an item, instead of only
      when 'expectedOutput' is supplied. Same misconfiguration (agents not bound
      with EmitAgentResponseEvents) used to silently return empty results — now
      it surfaces a clear, actionable error in both cases.
    * BuildOverallItem switch default now throws instead of returning null. The
      preceding for-loop already constrains Data to AgentResponse/ChatMessage/
      string, so reaching default would indicate a contract drift; throw to make
      the bug visible.
    * Test renamed and broadened to verify the throw fires without expectedOutput.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <25218250+alliscode@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: [Breaking Change] Auto-wire ChatClient with OpenTelemetryChatClient in OpenTelemetryAgent (#5750)
    * Initial plan
    
    * .NET: Auto-wire ChatClient with OpenTelemetryChatClient in OpenTelemetryAgent
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/96dd033a-0c48-4d3f-9148-324bfd436b75
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * Address review: remove extension overload; honor UseProvidedChatClientAsIs; drop redundant check
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/6ac3f75d-eeb7-4811-8043-9a27511b0a8b
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * Resolve ChatClientAgent via GetService before checking options/chat client
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/008d914d-8cbb-4e9f-81b6-f8c3c8bd8d04
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * Split OpenTelemetryAgent ctor to preserve original (innerAgent, sourceName) signature
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/a890c9a7-0b77-40ab-802c-dfbf09f8c260
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * Preserve base AgentRunOptions properties and avoid double-wrap on user factory
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/3afbf18c-de22-4236-a2f2-02ca1e98ae21
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * .NET: OpenTelemetryAgent normalize sourceName once and add OTEL wiring path coverage
    
    Normalize the configured source name once in the constructor so the outer OpenTelemetryChatClient and the auto-wired inner OpenTelemetryChatClient always emit spans on the same ActivitySource. A caller passing an empty string previously produced agent-level spans on DefaultSourceName but auto-wired chat spans on the empty source, causing the chat spans to be silently dropped by exporters subscribed to the default source.
    
    Tests added to cover the previously unexercised OTEL wiring branches:
    
    - Ctor_NullOrEmptySourceName_AutoWiredChatClientUsesDefaultSource_Async (Theory: null and empty)
    
    - AutoWireChatClient_PlainAgentRunOptions_PreservesContinuationToken_Async
    
    - AutoWireChatClient_ChatClientAgentRunOptions_NoUserFactory_PreservesChatOptions_Async
    
    - AutoWireChatClient_StreamingDisabled_DoesNotEmitChatSpan_Async
    
    * .NET: Mark OpenTelemetryAgent autoWireChatClient ctor as [Experimental]
    
    Annotate the new 3-arg OpenTelemetryAgent(AIAgent, string?, bool) constructor with [Experimental(DiagnosticIds.Experiments.AgentsAIExperiments)] (MAAI001) so callers must explicitly opt in to the auto-wire toggle. The original 2-arg constructor stays non-experimental and delegates with autoWireChatClient: true; the delegating call is locally suppressed so the existing source compatibility surface is preserved.
    
    * .NET: OpenTelemetryAgent address westey-m PR review
    
    - Use string.IsNullOrWhiteSpace (not IsNullOrEmpty) when normalizing the constructor sourceName, so callers passing whitespace-only strings still land on OpenTelemetryConsts.DefaultSourceName instead of an unsubscribed ActivitySource.
    
    - Fix the misleading pragma comment on the 2-arg ctor delegating call: auto-wiring is the new default, it does not preserve the original (pre-PR) behavior.
    
    - Expand the GetRunOptionsWithChatClientWiring XML doc to spell out that a base AgentRunOptions (not ChatClientAgentRunOptions) is also accepted: it is converted to ChatClientAgentRunOptions with the auto-wire factory installed and base properties copied.
    
    - Tests: extend the source-name normalization Theory with whitespace cases ('   ' and '\t'); add end-to-end coverage for plain AgentRunOptions over a real ChatClientAgent (sync + streaming) asserting the inner chat client is invoked and both invoke_agent + chat spans are emitted.
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
  • .NET: Add harness agent package (#5782)
    * Add harness agent package
    
    * Fix formatting.
    
    * Fix formatting.
    
    * Update release filter
    
    * Address PR comments.
  • .NET: CI hardening — split Functions tests, re-enable skipped integration tests (#5717)
    * Split DurableTask/AzureFunctions integration tests into dedicated CI job
    
    - Add -TestProjectNameExclude parameter to New-FilteredSolution.ps1
    - Add 'functions' and 'core' path filters to paths-filter job
    - Exclude DurableTask/AzureFunctions from main dotnet-test job
    - Remove emulator setup from dotnet-test (no longer needed)
    - Add new dotnet-test-functions job (ubuntu/net10.0 only, path-conditional)
    - Update merge gate and report job to include dotnet-test-functions
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: add Workflows.Generators to core filter, drop dotnetChanges gate from functions job
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable Anthropic integration tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Upgrade Anthropic SDK 12.13.0 -> 12.20.0 to fix M.E.AI incompatibility
    
    Fixes MissingMethodException on WebSearchToolResultContent.get_Results()
    caused by Anthropic 12.13.0 being compiled against an older
    Microsoft.Extensions.AI.Abstractions version.
    
    Suppress RT0003 in AI.Abstractions.csproj as the transitive reference
    from the upgraded Anthropic SDK conflicts with the explicit one.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Anthropic unit test mocks for SDK 12.20.0 interface changes
    
    Add missing interface members: IAnthropicClient.WebhookKey,
    IBetaService.MemoryStores, IBetaService.Webhooks, IBetaService.UserProfiles
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable CheckSystem declarative integration tests
    
    The CheckSystem.yaml tests were temporarily skipped in PR #4270 during
    the Azure.AI.Projects 2.0.0-beta.1 SDK update. Since then, the system
    variable plumbing (SystemScope, SetLastMessageAsync, conversation
    initialization) has been significantly updated and stabilized. The
    other tests in these same files pass reliably using the same
    infrastructure.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CheckSystem test case to expect 1 response
    
    The CheckSystem workflow sends a 'PASSED!' SendActivity when all system
    variables are populated, producing 1 AgentResponseEvent. The test case
    had min_response_count: 0 with no max, so the assertion defaulted max
    to 0 and failed with 'Response count greater than expected: 0 (Actual: 1)'.
    Updated to expect exactly 1 response, matching the SendActivity pattern.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Re-enable Foundry OpenAPI server-side tool integration test
    
    Remove Skip="For manual testing only" from
    AsAIAgent_WithOpenAPITool_NativeSDKCreation_InvokesServerSideToolAsync.
    The test already uses RetryFact(3 retries, 5s delay) to handle
    transient failures from the external restcountries.com API.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Include workflow file in functions/core path filters
    
    A PR editing only dotnet-build-and-test.yml would skip
    dotnet-test-functions because the workflow path was missing
    from both the functions and core path filter lists.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Rename filter parameters for consistency
    
    TestProjectNameFilter  -> TestProjectNameIncludeFilter
    TestProjectNameExclude -> TestProjectNameExcludeFilter
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary RT0003 warning suppression
    
    The RT0003 suppression was added during the Anthropic SDK 12.20.0
    upgrade but the warning no longer fires. Removing it to keep the
    NoWarn list minimal.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove duplicate WebhookKey properties from merge
    
    Both our branch and main added WebhookKey to the Anthropic test
    mock classes, resulting in CS0102 duplicate definition errors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix OpenAIResponsesAgentClient to include agentName in endpoint path (#5748)
    * Fix OpenAIResponsesAgentClient endpoint to include agentName in path (#5324)
    
    The sample OpenAIResponsesAgentClient used '/v1/' as the endpoint, which
    routes to the multi-agent endpoint requiring agent.name in the request body.
    However, AsIChatClient(agentName) maps agentName to the model field, not
    agent.name, causing HTTP 400 errors on OpenAI-compatible endpoints.
    
    Changed the endpoint to '/{agentName}/v1/' to match the pattern used by
    OpenAIChatCompletionsAgentClient, routing to the single-agent endpoint
    where no agent.name body field is needed.
    
    Added regression test verifying that the model field alone is insufficient
    for agent resolution on the multi-agent endpoint.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5324
    
    - URL-escape agentName in OpenAIResponsesAgentClient endpoint path to
      handle reserved characters safely
    - Add per-agent MapOpenAIResponses() calls in AgentHost so the sample
      host serves the /{agentName}/v1/responses routes the client now targets
    - Replace brittle Assert.Contains("agent.name") assertions with stable
      machine-readable error code assertion ("missing_required_parameter")
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address additional review feedback for #5324
    
    - Apply Uri.EscapeDataString to OpenAIChatCompletionsAgentClient endpoint
      for consistency with OpenAIResponsesAgentClient
    - Map OpenAI Responses and ChatCompletions endpoints for all builder-based
      agents (chemist, mathematician, literator, science workflows) so every
      discoverable agent is reachable via the single-agent endpoint path
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Feat/dotnet shell tool (#5604)
    * feat(dotnet): add Microsoft.Agents.AI.Tools.Shell with LocalShellTool
    
    Ports Python LocalShellTool to .NET as a new package (net8/9/10).
    
    - Microsoft.Agents.AI.Tools.Shell: LocalShellTool, ShellPolicy (deny-list
      guardrail), ShellResolver (cross-OS pwsh/powershell/cmd vs bash/sh),
      ShellResult with head+tail truncation, timeout + process-tree kill,
      AsAIFunction with required-by-default human approval gate.
    - Persistent mode via ShellSession (sentinel protocol over pwsh/bash).
    - acknowledgeUnsafe parity gate matches the Python implementation.
    - Auto-injected platform context in the AIFunction description so the
      LLM sees the active OS and shell at tool-discovery time.
    - 17 xunit.v3 tests cover policy allow/deny, echo roundtrip, exit
      codes, timeout/kill, AsAIFunction shape + approval wrapping,
      persistent cwd/env carry-over, head+tail truncation, sentinel race.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat(shell): close Python parity gaps for LocalShellTool
    
    Closes the .NET vs Python parity gaps identified in the competitive eval:
    
    - Default mode flipped to ShellMode.Persistent (matches Python). Every
      call now reuses a long-lived shell so cd/exports/functions persist;
      pass mode: ShellMode.Stateless to opt out.
    - New IShellExecutor interface — pluggable backend so future
      DockerShellTool / Hyperlight / SSH executors don't fork the framework.
      LocalShellTool implements it.
    - Workdir confinement: confineWorkingDirectory (default true) re-anchors
      every persistent-mode command back to workingDirectory so a wandering
      cd in one call doesn't leak to the next. Mirrors Python _maybe_reanchor.
    - Graceful interrupt on timeout: ShellSession sends SIGINT (POSIX) or
      Ctrl+C-on-stdin (Windows) before falling back to a hard close+respawn.
      Successfully-interrupted commands return exit 124 + TimedOut=true while
      preserving session state for the next call.
    - cleanEnvironment opt-in: when true, only PATH/HOME/USER/USERNAME/
      USERPROFILE/SystemRoot/TEMP/TMP plus user-supplied vars are visible.
    - shellArgv: IReadOnlyList<string> override accepted alongside the
      string shell binary param (mutually exclusive). Lets advanced callers
      inject flags like --rcfile or --login.
    - Typed exceptions ShellTimeoutException and ShellExecutionException
      replace InvalidOperationException for launch / liveness failures.
    
    Tests: 17 -> 23. New cases cover persistent-default ctor, mutually-
    exclusive shell/shellArgv, confined re-anchor, confine-disabled leak,
    clean-env strip, and IShellExecutor implementation. All green on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat(shell): add DockerShellTool sandboxed shell tier
    
    Ports the Python DockerShellTool to .NET. Mirrors the public surface of
    LocalShellTool but executes commands inside an isolated container, where
    the container is the security boundary. Stateless and persistent modes
    both supported; persistent mode reuses ShellSession by launching
    'docker exec -i <ctr> bash --noprofile --norc' as the long-lived REPL,
    so the sentinel protocol works unchanged.
    
    Defaults chosen for safety:
    - --network none, --user 65534:65534 (nobody), --read-only root
    - --cap-drop=ALL, --security-opt=no-new-privileges
    - 512m memory cap, pids-limit 256, --tmpfs /tmp
    - Optional host workdir mount, ro by default
    
    Public surface:
    - DockerShellTool ctor with image/container_name/mode/host_workdir/
      workdir/network/memory/pids_limit/user/read_only_root/extra_run_args/
      environment/policy/timeout/max_output_bytes/on_command/docker_binary
    - StartAsync, CloseAsync, RunAsync, AsAIFunction, IShellExecutor impl
    - IsAvailableAsync(binary) probe
    - Static argv builders (BuildRunArgv, BuildExecArgv) — pure, side-
      effect free, so unit tests don't need a Docker daemon
    
    AsAIFunction defaults to requireApproval: false (the container IS the
    boundary). LocalShellTool keeps the opposite default.
    
    Tests: 23 -> 35. 12 new tests cover argv builders, env/extra-args/host-
    workdir flags, exec interactive vs stateless, container name uniqueness,
    IShellExecutor implementation, AsAIFunction approval defaults, and
    IsAvailableAsync false-path. None require Docker. Multi-TFM build
    (net8/9/10) green.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * test(shell): add DockerShellTool integration tests
    
    Adds 9 end-to-end tests that exercise DockerShellTool against a live
    Docker (or Podman) daemon. Tests are tagged [Trait("Category",
    "Integration")] and auto-skip via Assert.Skip when no daemon is
    available, so they are CI-safe.
    
    Coverage:
    - IsAvailableAsync probe
    - Persistent mode basic command + state preservation across calls
    - --network none blocks outbound DNS
    - --read-only root prevents writes outside /tmp; /tmp tmpfs is writable
    - --user 65534:65534 (nobody) is in effect
    - Stateless mode: env vars do not leak across calls
    - HostWorkdir bind-mount + read-only enforcement
    - Environment variables passed via -e
    
    Tests use debian:stable-slim (alpine ships only busybox sh, which
    ShellSession persistent bash REPL cannot drive).
    
    Run locally:
      dotnet test --filter "Category=Integration"
    or filter by class on the test exe directly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * style(shell): apply dotnet format pass
    
    - Whitespace and code-style fixes from `dotnet format` across both
      projects
    - Convert all new files to UTF-8 with BOM and LF line endings
      (repo convention)
    - Rename ShellSession statics to s_ prefix (IDE1006)
    - Add Async suffix to async test methods (IDE1006)
    
    No behavioral changes. All 44 tests still pass on net10.0; multi-TFM
    build (net8/net9/net10) green. `dotnet format --verify-no-changes`
    now reports clean for both projects.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(shell): add DockerShellTool walkthrough with sequence diagrams
    
    Explains the mental model (we shell out to the docker CLI; we never speak the engine API), the hardened docker run argv, persistent vs stateless lifecycles with mermaid sequence diagrams, the full agent-to-bash call ladder, and the failure modes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * PR 5604 review fixes (group a): libc DllImport, namespace cleanup, policy-msg dedup
    
    Three quick-win review comments on PR #5604:
    
    1. ShellSession: the libc `killpg` P/Invoke was annotated with
       `DllImportSearchPath.System32`, a Windows-only loader hint that does
       nothing for libc.so on POSIX. Switched to `SafeDirectories` (CA5392
       /CA5393 clean) and added a comment noting the call site is gated to
       non-Windows.
    
    2. DockerShellToolTests: replaced the fully-qualified
       `Extensions.AI.ApprovalRequiredAIFunction` with a `using
       Microsoft.Extensions.AI;` import and the bare type name, matching
       `LocalShellToolTests`.
    
    3. LocalShellTool / DockerShellTool: `AsAIFunction`'s catch block was
       producing a doubled "Command blocked by policy: Command rejected by
       policy: ..." prefix because the `ShellPolicyException` message
       already starts with "Command rejected by policy". Now we return
       `ex.Message` directly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * PR 5604 review fix (group b): add ShellKind.Sh for /bin/sh fallback
    
    Review comment (#3): when /bin/bash is missing the resolver fell back to
    /bin/sh but tagged it as ShellKind.Bash, so the launcher passed bash-only
    flags --noprofile --norc to dash/ash/busybox, which interpret them as
    positional script names.
    
    Fix:
    
    * Added ShellKind.Sh for minimal POSIX shells (sh, dash, ash, busybox).
    * /bin/sh fallback is now tagged Sh.
    * ClassifyKind maps "SH" / "DASH" / "ASH" / "BUSYBOX" binary names to Sh.
    * StatelessArgvForCommand emits just `-c <command>` for Sh (no
      bash-only flags); PersistentArgv emits no flags at all.
    * LocalShellTool's system-prompt builder describes Sh distinctly and
      warns the model away from bash-only constructs.
    
    Tests: ShellResolverTests covers Sh/Bash classification through the
    observable argv output (14 new theory cases). Total: 58/58.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * PR 5604 review fix (group d): honor timeout=null, add DefaultTimeout
    
    Review comment (#5): both LocalShellTool and DockerShellTool documented
    `timeout: null` as "disables timeouts" but the constructor coerced null
    to 30 seconds, making the documented disable mechanism unreachable
    through the public API.
    
    Fix:
    
    * Drop the `?? TimeSpan.FromSeconds(30)` coercion in both ctors.
      `_timeout` now faithfully reflects what the caller passed (null =
      disabled). The downstream CTS-construction sites already short-circuit
      on null, so no other code changes are required.
    * Add `public static readonly TimeSpan DefaultTimeout` (30 s) on both
      tools so callers who want a bounded timeout can opt in explicitly.
    
    Tests:
    
    * New `RunAsync_NullTimeout_DoesNotTimeOutAsync` confirms a quick
      command runs to completion when the caller passes `timeout: null`.
    * New `DefaultTimeout_IsThirtySeconds` documents the constant.
    
    Behavioral note: this is a deliberate change-of-default. Callers that
    previously omitted `timeout` and relied on the implicit 30 s now get
    "no timeout". They should pass `LocalShellTool.DefaultTimeout` or
    `DockerShellTool.DefaultTimeout` explicitly to preserve the prior
    behavior.
    
    Tests: 60/60 (44 baseline + 14 resolver + 2 new timeout tests).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * PR 5604 review fix (group e): smart requireApproval default for DockerShellTool
    
    Review comment (#6, design): requireApproval: false baked in a
    safety decision the type cannot prove on its own. Callers can
    weaken any isolation knob (network, user, readOnlyRoot, mount,
    extraRunArgs) and still get an unapproved tool by default.
    
    Fix:
    
    * New public IsHardenedConfiguration property returns true iff the
      effective config matches the safe defaults: network=="none",
      non-root user, read-only root, host mount (if any) read-only,
      no extra run args.
    * AsAIFunction's requireApproval parameter is now bool? defaulting
      to null. When null, approval is enabled iff
      IsHardenedConfiguration is false. Pass false explicitly to opt
      out, or true to force.
    * docker-shell-tool.md updated with the new approval matrix.
    
    Tests: 4 new theory cases + 2 facts cover hardened-default,
    relaxed-network, root-user, writable-root, extraRunArgs, and
    explicit-opt-out branches. Total: 66/66.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * PR 5604 review fix (group c): wrap POSIX shell in setsid for correct killpg
    
    Review comment (#1): killpg(proc.Id, SIGINT) only behaves like a
    process-group signal when proc.Id IS a process group id. Since the
    .NET launcher does not call setsid() / setpgid() itself, the spawned
    shell inherits the agent host's process group — so killpg targeted
    the wrong group and the cancel signal could leak to the agent.
    
    Fix:
    
    * On non-Windows, EnsureStartedAsync probes for setsid (well-known
      paths first, then PATH). When found it wraps the shell launch as
      `setsid <shell> <args...>` so the spawned shell becomes a session
      leader (PID == PGID).
    * A new _isSessionLeader flag tracks whether the wrap succeeded.
    * InterruptCurrentCommandAsync only calls killpg when
      _isSessionLeader is true. Without setsid, killpg on an unsuited
      PID could signal the agent itself, so we skip the fast path and
      let the caller's hard close-and-respawn handle the timeout.
    * Windows behaviour is unchanged (Ctrl+C-via-stdin to pwsh).
    
    No public-API changes; existing tests cover the interrupt path and
    all 66/66 still pass.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .Net: DockerShellTool design + caller-cancel container leak fixes (PR #5604)
    
    Addresses three Copilot review findings on PR #5604.
    
    Design (group f):
    * StartAsync: change inner ResolvedShell from ShellKind.Bash to ShellKind.Sh.
      BuildExecArgv() already includes `--noprofile --norc` in ExtraArgv;
      Bash's PersistentArgv() was appending those flags a second time,
      yielding `bash --noprofile --norc --noprofile --norc`. Sh's
      PersistentArgv() returns Array.Empty so ExtraArgv is forwarded
      unchanged.
    * BuildExecArgv: remove the dead `interactive: false` branch and the
      `interactive` parameter. The `false` path produced an unusable argv
      ending in `-c` with no command and was never invoked internally
      (stateless mode uses BuildRunArgvStateless). Updated tests and
      docs/docker-shell-tool.md sequence diagram.
    
    Reliability (group g):
    * RunStatelessAsync: add a second `catch (OperationCanceledException)`
      guarded on `cancellationToken.IsCancellationRequested` that issues
      `docker kill --signal KILL <perCallName>` before rethrowing.
      Previously, caller-driven cancellation bypassed the timeout-only
      catch and propagated without killing the container; because `--rm`
      only fires when PID 1 exits, the container ran indefinitely.
      Extracted the kill-by-name logic into a `BestEffortKillContainerAsync`
      helper shared by both the timeout and caller-cancel paths.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .Net: Fill PR #5604 test coverage gaps for Shell tools
    
    Addresses the test-coverage findings in the latest Copilot review.
    
    * ShellResultTests (new): direct branch coverage for
      ShellResult.FormatForModel() — empty stdout, non-empty stderr,
      truncated, timed-out, success, and the truncated-with-empty-stdout
      edge where the marker is intentionally suppressed. This method's
      string is what the language model sees, so it benefits from
      explicit unit-level coverage independent of integration tests.
    * ShellSessionTests (new): direct unit tests for the internal
      TruncateHeadTail head-tail truncation utility — under-cap (no
      truncation), exactly at cap (no truncation), over-cap (truncated
      with marker, both head and tail preserved), and empty-string.
      Reachable via InternalsVisibleTo.
    * LocalShellToolTests: Theory test exercising 8 representative
      patterns from ShellPolicy.DefaultDenyList (rm -rf /, mkfs.ext4,
      curl|sh, wget|sh, Remove-Item /, shutdown, reboot, Format-Volume)
      to catch deny-list regex regressions; previously only 1/16 was
      tested.
    * LocalShellToolTests: explicit stderr-capture assertion (echo to
      stderr → result.Stderr contains the message). Stderr capture was
      not directly asserted anywhere in the suite.
    * DockerShellToolTests: RunAsync_RejectedCommand throws
      ShellCommandRejectedException. The Docker-side policy check is a
      pure-logic path that runs before any docker invocation, so this
      test covers the rejection branch without needing a Docker daemon.
    
    Total: 66 -> 85 tests, all passing on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat(dotnet/shell): add ShellEnvironmentProvider for OS-aware shell instructions
    
    Pairs LocalShellTool/DockerShellTool with an AIContextProvider that
    probes the live shell once per session (OS, family, version, CWD,
    configurable CLI versions) and injects authoritative instructions so
    the agent uses platform-native idioms (PowerShell vs POSIX). Fixes the
    class of bugs where the model emits 'VAR=value' / '/tmp' / '$VAR' on
    a Windows PowerShell session.
    
    - ShellEnvironmentProvider/Snapshot/Options public surface in the
      existing Microsoft.Agents.AI.Tools.Shell package (one new project
      reference to Microsoft.Agents.AI.Abstractions).
    - Probes go through the same IShellExecutor that runs agent commands,
      so they respect the configured policy and (for DockerShellTool) the
      container boundary.
    - 8 unit tests covering snapshot capture, default formatter idioms,
      missing-tool handling, custom formatter override, and refresh.
    - Agent_Step21_ShellWithEnvironment sample replays the DEMO_TOKEN
      cross-call scenario using a persistent local shell.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(dotnet/shell): address PR review feedback round 3
    
    - ShellEnvironmentProvider.cs split into one-type-per-file (ShellFamily,
      ShellEnvironmentSnapshot, ShellEnvironmentProviderOptions, plus the
      provider class) to match FoundryMemoryProvider/AgentSkillsProvider
      layout.
    - csproj: drop IsPackable=false (package will publish on merge), add
      IsReleased=true and disable package validation baseline (first release),
      use TargetFrameworksCore, add InjectSharedDiagnosticIds and
      InjectExperimentalAttributeOnLegacy to align with shipping packages.
    - Sample: refactor to demonstrate stateless mode first (independent
      read-only commands), then persistent mode (state carried across calls,
      e.g. DEMO_TOKEN). Strip narrative/historical comments.
    - Move docker-shell-tool.md out of the package — that doc lives in
      the docs repo (semantic-kernel-pr/agent-framework, branch
      feat/dotnet-shell-tool).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 4 review feedback
    
    - Sample (Agent_Step21_ShellWithEnvironment): add prominent WARNING block
      noting LocalShellTool runs real commands on the host. Restructure sample
      to demonstrate stateless mode first (cd does not carry across calls) then
      persistent mode (cd and env vars persist), motivating when to pick each.
    - DockerShellTool class XML doc: reframe as a best-effort baseline rather
      than a security guarantee; list mitigations users should still apply.
    - DockerShellTool ShellKind.Sh comment: rephrase as forward-looking design
      rationale (avoid duplicate --noprofile/--norc if Bash is reintroduced)
      instead of bug-history narrative.
    - DockerShellTool.IsHardenedConfiguration / AsAIFunction XML docs: clarify
      these are configuration-shape checks and convenience defaults, not
      security guarantees.
    - Drop IDisposable from LocalShellTool and DockerShellTool. The previous
      sync Dispose() blocked on DisposeAsync().GetAwaiter().GetResult() with a
      VSTHRD002 suppression, which is fragile under sync contexts. Both tools
      now expose IAsyncDisposable only; tests updated to await using.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add Async suffix to async test methods to satisfy IDE1006
    
    Fixes check-format CI failure on PR #5604.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CPU busy-spin in WaitForSentinelAsync
    
    When new bytes arrived in the stdout read loop, the producer called
    TrySetResult on _stdoutSignal but did not replace it with a fresh TCS.
    A consumer looping inside WaitForSentinelAsync would then re-read the
    same already-completed TCS, causing WaitAsync(100ms) to return
    synchronously every iteration — a tight busy-spin that pinned a core
    until the sentinel arrived or the timeout fired.
    
    Swap the signal before completing the old one so the next consumer
    iteration observes a fresh (uncompleted) TCS, matching the pattern
    already used in ReadExitCodeAsync.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unused onCommand audit hook from shell tools
    
    The Action<string> onCommand callback was a redundant audit-logging seam:
    no production callers, no Python parity, and the framework already
    provides function-invocation middleware for cross-cutting concerns at
    the AIFunction layer. Removing the parameter from LocalShellTool and
    DockerShellTool keeps the public surface lean.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Align Shell csproj with Foundry.Hosting preview-package conventions
    
    - Add RootNamespace
    - Move Title/Description into the primary PropertyGroup with
      TargetFrameworks/VersionSuffix to match the Foundry.Hosting layout
    - Drop IsReleased (preview packages do not set it)
    - Drop UTF-8 BOM
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Document why ShellEnvironmentProvider uses Instructions, not Messages
    
    Expand the class XML doc to record the design rationale: the shell
    environment is stable runtime metadata, not per-turn retrieval, so it
    belongs in AIContext.Instructions (matching AgentSkillsProvider).
    Messages is reserved for retrieval payloads (TextSearchProvider,
    ChatHistoryMemoryProvider). System-role placement also has higher
    steering weight and benefits from prompt caching in major providers.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Clarify which probe failures ShellEnvironmentProvider swallows
    
    Name the four exception types explicitly (timeout, policy rejection,
    spawn failure, cancellation) and note that all other exceptions
    propagate normally. Avoids the misleading impression that the provider
    is a blanket try/catch.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Strip cross-language and bug-history narrative from shell tool comments
    
    Remove "hard-won" framing and explicit "Mirrors the Python ..." cross
    references from class XML docs and inline comments in ShellSession,
    DockerShellTool, and ShellResolver. Comments now describe current
    behavior without commentary on prior implementations or development
    history.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 5 review feedback
    
    - ShellResolver: classify only `bash` as ShellKind.Bash; sh/zsh/dash/ash/ksh/busybox now route through ShellKind.Sh so bash-only --noprofile/--norc flags are not emitted to shells that reject them. Update enum doc and tests.
    
    - ShellEnvironmentProvider.ProbeToolVersionAsync: validate the tool name against ^[A-Za-z0-9._-]+$ before interpolating into a shell command (prevents injection if ProbeTools is sourced from untrusted config). Fall back to stderr when stdout is empty so CLIs like java/older gcc still report a version. Drop misleading 'quoted' comment.
    
    - ShellSession.TruncateHeadTail: truncate by UTF-8 byte count on rune boundaries, honouring the documented maxOutputBytes contract for non-ASCII output.
    
    - ShellEnvironmentProviderTests: drop reflection on private _options; assert against the options instance the test already owns. Rename misnamed RefreshAsync test to reflect re-probing semantics. Add coverage for invalid tool names and stderr-only version output.
    
    - ShellSessionTests: add multi-byte UTF-8 truncation tests (byte-budget honoured, no rune split, no U+FFFD).
    
    - Move DockerShellToolIntegrationTests.cs from the unit test project into a new Microsoft.Agents.AI.Tools.Shell.IntegrationTests project so 'dotnet test' on the unit suite no longer requires a Docker daemon. Wire the new project into agent-framework-dotnet.slnx.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 6 review feedback
    
    - ShellSession.MaybeReanchor: switch from double-quoted to single-quoted literal-quoting per shell. Double quotes still expand $VAR, ``, and backticks in both PowerShell and POSIX, so a working directory containing shell metacharacters could trigger command substitution. Add QuotePowerShell (escape ' as '') and QuotePosix (close-and-reopen around ') helpers and route MaybeReanchor through them. Add tests covering ``, $VAR, backticks, and embedded single quotes.
    
    - ShellEnvironmentProvider.RunProbeAsync: narrow the OperationCanceledException filter to `when (!cancellationToken.IsCancellationRequested)` so caller-driven cancellation propagates instead of being silently converted to a null snapshot. Update the class XML doc to call out the distinction. Add tests for both paths (caller cancellation throws, probe-timeout returns null fields).
    
    - DockerShellTool.RunStatelessAsync / RunDockerCommandAsync: replace unbounded StringBuilder accumulators with a shared HeadTailBuffer (extracted from LocalShellTool into its own internal type). Caps memory at roughly maxOutputBytes regardless of how much output a command emits; drops the now-redundant trailing TruncateHeadTail call. RunDockerCommandAsync caps helper-command output at 1 MiB (defends against chatty docker pull progress streams). Add HeadTailBufferTests covering bounded behaviour over 10 MiB of streamed input.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 7 review feedback
    
    - HeadTailBuffer: switch to UTF-8 byte-aware truncation. The class previously
    
      capped on UTF-16 char count while callers pass _maxOutputBytes, so multi-byte
    
      output could exceed the budget and head/tail boundaries could split surrogate
    
      pairs into orphaned halves. Now tracks UTF-8 byte counts and treats each rune
    
      as an indivisible unit (encode -> bytes -> head/tail), guaranteeing the final
    
      string round-trips through UTF-8 and never contains an unpaired surrogate.
    
      The truncation marker now reads `bytes` instead of `chars` to match.
    
    - ShellEnvironmentProvider: clear cached _snapshotTask on failure. Previously a
    
      faulted/cancelled first probe permanently poisoned the provider — every later
    
      ProvideAIContextAsync await replayed the same exception. Now the failed task
    
      is cleared via a CompareExchange so the next caller starts a fresh probe.
    
    Tests: added rune-boundary coverage for HeadTailBuffer, plus two regression
    
    tests for poison-recovery (executor-throw and caller-cancellation paths).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 8 review feedback
    
    - HeadTailBuffer odd-cap data loss: previously _halfCap = cap / 2 was used as
    
      both the head fill bound and the tail eviction threshold, so an odd cap (e.g.
    
      cap=5 -> halfCap=2) would silently drop a byte while ToFinalString still
    
      reported truncated == false. Split into _headCap = cap / 2 and _tailCap =
    
      cap - _headCap so head + tail budgets always sum to exactly cap; any input
    
      whose UTF-8 size is <= cap now round-trips losslessly.
    
    - ShellSession.TakePrefixByBytes unpaired-high-surrogate: the prefix walker
    
      advanced 2 chars whenever it saw a high surrogate, without verifying that the
    
      next char was actually a low surrogate. Mirrored the pair check from
    
      TakeSuffixByBytes so unpaired surrogates are treated as a single (invalid)
    
      BMP char and the encoder substitutes U+FFFD as it would anywhere else.
    
    - Centralize clean-environment preserved-vars list. The {PATH, HOME, USER,
    
      USERNAME, USERPROFILE, SystemRoot, TEMP, TMP} allowlist was duplicated in
    
      LocalShellTool (stateless launch) and ShellSession (persistent startup), so
    
      adding a new variable required touching both. Extracted into
    
      CleanEnvironmentHelper.PreservedVariables / ApplyPreserved; both call sites
    
      collapse to a single line.
    
    Tests: HeadTailBuffer round-trip-at-odd-cap regression, ShellSession unpaired-
    
    surrogate test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 9 review feedback
    
    - ShellSession.TruncateHeadTail odd-cap budget: same fix applied to
    
      HeadTailBuffer last round but missed here. Use headCap = cap/2 +
    
      tailCap = cap - headCap so the head/tail budgets sum to exactly cap.
    
    - Replace TakePrefixByBytes / TakeSuffixByBytes Encoder.Convert loops with
    
      rune iteration. The old code ignored Encoder.charsUsed and trusted the
    
      caller's hand-rolled surrogate-pair detection, which made the byte count
    
      fragile around unpaired surrogates. EnumerateRunes + Utf8SequenceLength
    
      is stateless and self-evidently correct.
    
    - ShellEnvironmentProvider.ProbeAsync now skips case-insensitive duplicates
    
      in the user-supplied ProbeTools list. Previously {\"git\",\"GIT\"} would
    
      probe twice and rely on insertion order to determine the kept value.
    
    - DockerShellToolTests.AsAIFunction_RelaxedConfig_DefaultsToApprovalGated:
    
      removed unused trailing ool _ parameter and matching InlineData column.
    
    Tests: added duplicate-ProbeTools regression test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5604 round 10 review feedback
    
    * ShellSession.ReadLoopAsync: replace per-byte buf.Add(chunk[i]) loop with a single buf.AddRange(new ArraySegment<byte>(chunk, 0, n)) bulk copy on the read hot path.
    
    * ShellPolicy: compile allow-list patterns with RegexOptions.IgnoreCase, matching the deny-list and avoiding case-mismatch surprises.
    
    * LocalShellToolTests.RunAsync_NonZeroExit: drop the redundant ternary that selected between two identical 'exit 7' literals.
    
    * DockerShellToolIntegrationTests.NetworkNone: fix the comment to reference 'getent' (matching the actual command) instead of the stale 'wget' phrasing.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(dotnet): address PR #5604 round-3 review feedback
    
    - Rename LocalShellTool/DockerShellTool -> LocalShellExecutor/DockerShellExecutor
    - Rename IShellExecutor.StartAsync/CloseAsync -> InitializeAsync/ShutdownAsync
    - Rename ShellDecision -> ShellPolicyOutcome
    - Rename CleanEnvironmentHelper.ApplyPreserved -> EnvironmentSanitizer.RemoveNonPreserved
    - Convert ShellRequest/ShellPolicyOutcome from record struct to plain readonly struct (with IEquatable<T>)
    - Split ShellMode, ShellTimeoutException, ShellExecutionException into their own files
    - Add DockerNetworkMode static class with None/Bridge/Host constants
    - Convert DockerShellExecutor memory parameter from string to long? memoryBytes
    - Use Throw.IfNull(image) in DockerShellExecutor ctor
    - Make ShellResolver.EnvVarName public const
    - Inline-comment each DefaultDenyList regex; document allow-precedence-over-deny on ShellPolicy.Evaluate
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(dotnet): address PR #5604 round-3 follow-up nits
    
    - DockerShellExecutor / LocalShellExecutor: drop redundant IAsyncDisposable from class declarations (IShellExecutor : IAsyncDisposable already covers it)
    - DockerShellExecutor: scope DefaultImage / DefaultContainerUser / DefaultNetwork / DefaultMemoryBytes / DefaultPidsLimit / DefaultContainerWorkdir to internal (only used as parameter defaults; tests have InternalsVisibleTo)
    - DockerShellExecutor.RunAsync: blank line after the null-guard block (style consistency)
    - csproj: move <Title>/<Description> below the nuget-package.props import so they are not overwritten by the shared defaults; refresh wording to match new executor names
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Refactor shell tool: abstract ShellExecutor, options classes, ContainerUser record
    
    Round-3 review responses for PR #5604:
    
    * Replace IShellExecutor interface with abstract ShellExecutor base class so the surface can be extended without breaking implementers (review feedback from @westey-m).
    
    * Drop ShutdownAsync from the executor surface; DisposeAsync is the canonical teardown (review feedback from @SergeyMenshykh).
    
    * Replace the long parameter lists on Local/DockerShellExecutor constructors with LocalShellExecutorOptions and DockerShellExecutorOptions classes so adding new knobs is no longer a breaking change (review feedback from @SergeyMenshykh).
    
    * Introduce ContainerUser(Uid, Gid) record in place of a 'uid:gid' string for the Docker user, with Default and Root statics (review feedback from @lokitoth).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove IsHardenedConfiguration; AsAIFunction defaults to approval-gated
    
    Addresses PR #5604 review thread AZpMj. The IsHardenedConfiguration
    property was a configuration-shape check, not a security guarantee,
    and using it to auto-disable approval gating gave false confidence.
    
    - Delete IsHardenedConfiguration property.
    - AsAIFunction(requireApproval: null) now always wraps in
      ApprovalRequiredAIFunction; callers must explicitly pass false to
      opt out.
    - Update class- and method-level XML docs to drop hardened-attestation
      language and call out approval gating as the primary safety control.
    - Drop two hardening-assertion tests and the relaxed-config theory;
      add one test asserting null requireApproval is approval-gated.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Replace ShellExecutionException/ShellTimeoutException with standard exceptions
    
    Addresses PR #5604 review threads AaqVP and Aasod. The custom
    exception types added no behavior beyond the base type — only a
    different name — so callers gain nothing from them.
    
    - Delete ShellExecutionException.cs and ShellTimeoutException.cs.
    - Process spawn failures (LocalShellExecutor, DockerShellExecutor)
      and broken-pipe to a long-lived shell (ShellSession) now throw
      IOException, which is the natural .NET shape for these failures.
    - ShellTimeoutException was declared but never thrown; the only
      in-process timeout path uses the OperationCanceledException raised
      by the linked CancellationTokenSource. The catch-and-swallow in
      ShellEnvironmentProvider now matches IOException + TimeoutException.
    - Update XML doc comments accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove ShellPolicy.DefaultDenyList; default policy is empty
    
    Addresses PR #5604 review thread AY7Ba. A regex deny-list is
    bypassed in seconds by hex escapes ($(echo -e "\x72\x6D")),
    command substitution ($(base64 -d <<<...)), and envvar splicing
    ($(A=r B=m; echo $A$B)). No major agent framework uses regex
    matching as a primary control; AutoGen explicitly removed theirs
    in v2. The real defenses are approval gating (default) and the
    Docker sandbox tier.
    
    - Delete DefaultDenyList property from ShellPolicy.
    - ShellPolicy(denyList: null) now means an empty deny-list.
    - Rewrite ShellPolicy class XML docs to frame as a UX pre-filter
      for operator-supplied patterns, not as a security control.
    - Update LocalShellExecutorOptions/DockerShellExecutorOptions
      Policy docs to match.
    - Tests that exercise the deny-list mechanism now supply patterns
      explicitly, mirroring real operator usage.
    - Add Policy_DefaultConstruction_AllowsAnyNonEmptyCommand test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Document single-session ownership for persistent shell mode
    
    Several PR #5604 review threads (notably AaQh2) raised that the persistent
    shell experience has no concurrency story. The framework's actual design
    is "one executor per conversation" — there is no per-caller isolation —
    but that contract was only stated briefly on ShellExecutor and not at all
    on the types and properties developers reach for first.
    
    Strengthen the docs in the places a user is most likely to land:
    
    - ShellMode.Persistent: explicit single-session-ownership paragraph
      (state visible across calls, single pipe, no isolation, one per session).
    - ShellExecutor: rewrite the Concurrency paragraph to enumerate what
      leaks (cwd, env, history, background jobs) and call out DI scoping.
    - LocalShellExecutor: new Single-session-ownership paragraph mirroring
      the executor-level contract and pointing at Stateless mode as the
      escape hatch.
    - DockerShellExecutor: same, framed around the container + bash REPL
      the persistent-mode executor owns end-to-end.
    - ShellSession: add a Single-owner paragraph on the type docs and a
      comment on _runLock clarifying that it serializes the owner's calls,
      not multiple tenants.
    - LocalShellExecutorOptions.Mode / DockerShellExecutorOptions.Mode:
      per-property note pointing at the executor remarks.
    
    Docs-only; src builds clean with zero warnings, zero errors.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: fix: align Anthropic Extensions AI version (#5709)
    * fix: align Anthropic Extensions AI version
    
    * test: update Anthropic test stubs for new interfaces
    
    ---------
    
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • .NET: Refactor harness console rendering (#5751)
    * Refactor harness console rendering
    
    * Fix formatting issues
    
    * Address PR comments
  • .NET fix: Synthesized Handoff FunctionResult is never sent to agent (#5718)
    * test: Split out Handoff Orchestration tests
    
    * fix: Synthesized Handoff FunctionResult is never sent to agent
    
    When we receive a handoff request from the agent, we need to service it outside of the Agent Loop to terminate the loop. What this means is that we take ownership of terminating the call by feeding the result back into the agent on a subsequent invocation.
    
    When we refactored Handoff to support HITL and make use of AgentSession, we inadvertantly removed this step, causing subsequent invocations to the Handoff agent to fail (first works, but breaks the state).
    
    The fix is to be more precise about the agent's bookmark when concatenating the result of agent invocation to the shared conversation history.
    
    * test: Add unit tests for Handoff FunctionCall/Result matching fix
  • .NET: Add A2A input-request content for human-in-the-loop scenarios (#5743)
    * .NET: Add A2A input-request content for human-in-the-loop scenarios
    
    Adds first-class support for handling user input requests from A2A agents
    when they return an `input-required` task state.
    
    - Add `A2AInputRequestContent` (wraps the requested `AIContent`) and
      `A2AInputResponseContent` (wraps the user's `AIContent` reply), with
      `CreateResponse` helper overloads on the request type.
    - Surface input requests on `AgentResponse` / `AgentResponseUpdate` via
      `AgentTask` and `TaskStatusUpdateEvent` mappings.
    - Link follow-up messages containing `A2AInputResponseContent` to the
      existing task via `TaskId` instead of `ReferenceTaskIds`.
    - Add `A2AAgent_HumanInTheLoop` sample and register it in the solution
      and parent README.
    - Add unit tests for the new types, extensions, and `A2AAgent` paths.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary using directive flagged by CI format check
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address feedback
    
    * Guard against null TaskId when sending A2AInputResponseContent
    
    Throw InvalidOperationException if TaskId is missing when the message
    contains A2AInputResponseContent, preventing silent no-op responses.
    Also adds tests for both RunAsync and RunStreamingAsync paths.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Leave Contents null for non-InputRequired status updates
    
    Remove unnecessary '?? []' fallback so Contents stays null when there
    are no input requests, matching the other update mapping patterns.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use consistent GUID format for request IDs
    
    Use ToString("N") to match message ID format used elsewhere in
    the A2A component.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove Debug build exclusion for the HumanInTheLoop sample so it                                                                                                                                                                                                               participates in normal solution validation.
    
    * Add missing using Microsoft.Extensions.AI to A2AAgent_HumanInTheLoop
    
    The sample uses ChatMessage, TextContent, and ChatRole types from
    Microsoft.Extensions.AI but was missing the using directive, causing
    CS0246 build errors on all CI jobs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * change the way user input requests are handled based on pr review comments
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: DevUI: add configurable access controls for the DevUI HTTP surface (#5739)
    * .NET: DevUI: add configurable access controls for the DevUI HTTP surface
    
    * .NET: DevUI: address review and fix dotnet format
    
    - Restore parameterless AddDevUI overloads for binary compatibility on
      IServiceCollection and IHostApplicationBuilder.
    - Keep /meta outside the auth-filtered group so the frontend can discover
      whether a bearer token is required before prompting for one. Surface the
      actual requirement via MetaResponse.auth_required.
    - Invoke DevUIOptions.ConfigureEndpoints before mapping protected endpoints
      so RouteGroupBuilder conventions (RequireAuthorization, rate limiting)
      reliably apply.
    - Treat a null RemoteIpAddress as non-loopback in DevUIAuthFilter; tests
      now set IPAddress.Loopback explicitly when exercising the loopback path.
    - Add a DEVUI_AUTH_TOKEN env-var fallback test and a /meta-public test.
    - Fix dotnet format: add UTF-8 BOM to new files, simplify a cref in
      DevUIOptions, and drop an unused using in the new test.
    
    * .NET: DevUI: add missing authRequired param XML tag
    
    * .NET: DevUI tests: set loopback/AllowRemoteAccess for null-RemoteIp default
    
    DevUIIntegrationTests use the default TestServer which leaves RemoteIpAddress
    null. With the new conservative loopback default those tests now hit 403; set
    AllowRemoteAccess on the option since those tests are not exercising access
    control. Also add the missing SimulateRemoteIp call in the wrong-bearer test.
    
    * .NET: DevUI tests: capture DEVUI_AUTH_TOKEN before parallel tests can see it
    
    The env-var test was leaking DEVUI_AUTH_TOKEN into parallel DevUIIntegrationTests,
    intermittently causing their requests to be rejected as 401. Eagerly resolve the
    singleton DevUIAuthFilter so its constructor captures the token, then restore the
    env var before any HTTP requests run.
  • .NET: Remove Foundry Toolbox server-side tools support (#5753)
    * .NET: Remove Foundry Toolbox server-side tools support
    
    Mirrors the Python cleanup in microsoft/agent-framework#5671. Passing
    toolbox tools as server-side Responses tools is not the experience we
    want to support; the hosted-agent MCP toolbox path (HostedMcpToolboxAITool
    + FoundryToolboxService) remains the supported way to consume Foundry
    Toolboxes.
    
    Removed:
    - FoundryToolbox static class (GetToolboxVersionAsync / GetToolsAsync /
      ToAITools / SanitizeAndConvert)
    - AIProjectClient.GetToolboxToolsAsync extension
    - Agent_Step25_ToolboxServerSideTools sample (+ slnx entry)
    - FoundryToolboxTests, TestDataUtil, HttpHandlerAssert, and the toolbox
      JSON fixtures only those tests referenced
    - ToolboxHostedAgentTests and ToolboxHostedAgentFixture; the "toolbox"
      switch arm + CreateToolboxAgent helper in TestContainer; matching
      README scenario row and bootstrap script entry
    
    Kept (MCP path, unchanged):
    - HostedMcpToolboxAITool, FoundryAITool.CreateHostedMcpToolbox,
      FoundryAIToolExtensions.CreateHostedMcpToolbox(ToolboxRecord/Version)
    - FoundryToolboxService, AddFoundryToolboxes, marker injection in
      AgentFrameworkResponseHandler, InputConverter.ReadMcpToolboxMarkers
    - Hosted-Toolbox sample, McpToolbox* tests, FoundryToolboxServiceTests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add Foundry Toolbox MCP sample (Agent_Step25_FoundryToolboxMcp)
    
    Adds a non-hosted-agent equivalent of the Python foundry_chat_client_with_toolbox.py sample. The agent connects to a Foundry Toolbox's MCP endpoint via Streamable HTTP, injects a fresh Azure AI bearer token on every request, and discovers the toolbox's tools at runtime via McpClient.ListToolsAsync.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Tighten Agent_Step25_FoundryToolboxMcp README/Program comments
    
    Drop 'non-hosted agent' framing from README (this sample isn't related to hosted agents) and remove narrative comparison to server-side tools from the Program.cs header comment.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop python sample reference from Agent_Step25 README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop incorrect .NET 10 prereq from Agent_Step25 README
    
    Toolboxes don't require .NET 10 (Microsoft.Agents.AI.Foundry targets net8.0+); the parent AgentsWithFoundry README already lists the sample SDK prereq.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Toolsets api-version in Agent_Step25 example endpoint
    
    Use 2025-05-01-preview to match FoundryToolboxOptions.ApiVersion. The placeholder 'v1' is not accepted by the Toolsets endpoint.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: alliscode <bentho@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>