2295 Commits

  • .NET: Forward Magentic participant replies to manager (#6156)
    MagenticOrchestrator.TakeTurnAsync dropped the `messages` parameter
    on subsequent turns, so participant replies never reached the manager's
    ChatHistory. The manager kept re-dispatching the same speaker every
    round until MaxRounds.
    
    Append the incoming messages to taskContext.ChatHistory before running
    the coordination round (matches Python's _handle_response).
    
    Adds RecordingReplayAgent + regression test that asserts the worker's
    reply reaches round-2's progress-ledger call.
    
    Co-authored-by: Jacob Alber <jaalber@microsoft.com>
  • Bump Azure.AI.AgentServer.* packages and align Azure.Core/System.ClientModel (#6178)
    * Bump Azure.AI.AgentServer.* package versions
    
    * Align Azure.Core/System.ClientModel to AgentServer transitive deps
    
    Bump Azure.Core 1.55->1.56 and System.ClientModel 1.11->1.12 to match Azure.AI.AgentServer.* requirements, and add explicit references in transitive-pinning-off Foundry consumers to avoid CS1705/MSB3277 version conflicts.
  • .NET: Fix InvokeMcpTool approval path for declarative workflows (#6177)
    * Fix InvokeMcpTool approval path for declarative workflows
    
    * Added more test for coverage.
  • .NET: Quarantine flaky DevUI test (#6159)
    * Bump Microsoft.Extensions.AI packages to 10.6.0
    
    * Align transitive package versions for Microsoft.Extensions.AI 10.6.0
    
    * Initial plan
    
    * Temporarily skip flaky DevUI keyed/default workflow test
    
    * Revert Microsoft.Extensions.AI package bumps, keep only flaky test quarantine
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Python: [A2A] Set message_id on AgentResponseUpdate for message-bearing paths (#6163)
    Map A2A protocol message_id to AgentResponseUpdate.message_id in two paths
    where it was previously omitted, aligning with .NET behavior:
    
    1. Standalone A2AMessage: set message_id=msg.message_id (matches .NET
       ConvertToAgentResponseUpdate(Message) which sets both ResponseId and
       MessageId to message.MessageId)
    
    2. TaskStatusUpdateEvent (terminal/input_required): set
       message_id=message.message_id (matches .NET which sets
       MessageId=statusUpdateEvent.Status.Message?.MessageId)
    
    Fixes #5949
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: consolidate MCP reliability fixes (#6145)
    * Python: consolidate MCP reliability fixes
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix MCP cleanup and metadata typing
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Satisfy MCP metadata mypy typing
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Pyright metadata mapping type
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add Mistral AI embedding client package (#5480)
    * Python: Add Mistral AI embedding client package
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
    
    * Address review feedback: fix dimensions check, sort embeddings by index, align docs
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
    
    * Address review feedback: downgrade to alpha, remove integration tests - Change version to 1.0.0a260505 (alpha) - Update classifier to Development Status :: 3 - Alpha - Update PACKAGE_STATUS.md to alpha - Remove Mistral from integration test workflows (no API keys yet)
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
    
    * Add samples directory for alpha package compliance Per python-package-management skill: alpha packages must include samples inside the package directory.
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
    
    * Fix ruff formatting in sample file
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
    
    ---------
    
    Signed-off-by: Daria Korenieva <daric2612@gmail.com>
  • .NET: Workflow Outputs Overhaul: Support Tagging, Filtering Agent Outputs (#6045)
    * test: reshuffle .NET Workflow tests in preparation for Outputs overhaul
    
    Phase 1 of the .NET Workflows outputs overhaul (see
    working/implementation-plan.md). Pure moves/renames in
    dotnet/tests/Microsoft.Agents.AI.Workflows.UnitTests; no production code
    changes, no new test cases. The split keeps each orchestration mode in
    its own source file so the upcoming tag-aware and orchestration-default
    test additions land on clean diffs.
    
    Renames:
    * WorkflowBuilderSmokeTests.cs -> WorkflowBuilderTests.cs (with class
      rename to match). The scope is no longer "smoke"-only once subsequent
      phases add tag-aware builder tests.
    * InputWaiterAndOutputFilterTests.cs -> InputWaiterTests.cs +
      OutputFilterTests.cs. The file already declared the two test classes
      separately; this split simply gives each its own file so the
      output-filter cases have a dedicated home for tag-aware additions.
    
    Split of AgentWorkflowBuilderTests.cs:
    * AgentWorkflowBuilderTests.cs is now the outer
      `public static partial class AgentWorkflowBuilderTests` holding the
      shared test helpers (DoubleEchoAgent + session + WithBarrier variant,
      WorkflowRunResult, RunWorkflow* methods) bumped from `private` to
      `internal` so the new top-level GroupChatWorkflowBuilderTests in the
      same assembly can reach them.
    * AgentWorkflowBuilder.SequentialTests.cs (nested SequentialTests):
      BuildSequential_InvalidArguments_Throws,
      BuildSequential_AgentsRunInOrderAsync.
    * AgentWorkflowBuilder.ConcurrentTests.cs (nested ConcurrentTests):
      BuildConcurrent_InvalidArguments_Throws,
      BuildConcurrent_AgentsRunInParallelAsync.
    
    Sequential and Concurrent are kept as nested classes because they're
    modes of the same `AgentWorkflowBuilder` static factory and do not
    produce dedicated builder types.
    
    New file:
    * GroupChatWorkflowBuilderTests.cs (top-level): the existing
      BuildGroupChat_* and GroupChatManager_* cases moved out of the old
      AgentWorkflowBuilderTests file. They exercise the
      `GroupChatWorkflowBuilder` type (returned by
      `AgentWorkflowBuilder.CreateGroupChatBuilderWith`), so a dedicated
      top-level test class - matching the convention reserved by the plan
      for HandoffWorkflowBuilderTests / MagenticWorkflowBuilderTests - is
      the right home. Cross-class helper references qualify with
      `AgentWorkflowBuilderTests.DoubleEchoAgent` and
      `AgentWorkflowBuilderTests.RunWorkflowAsync`.
    
    The outer partial class is `static` (and nested classes carry the
    instance test methods) because the outer holds only static helpers;
    this satisfies CA1052 without suppressions and is invisible to xUnit
    discovery, which finds tests on the nested classes as
    `AgentWorkflowBuilderTests.SequentialTests.*` etc.
    
    Validation: `dotnet build` clean on both target frameworks; all 547
    tests in Microsoft.Agents.AI.Workflows.UnitTests pass on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat: introduce OutputTag, Futures, and tag-aware WorkflowBuilder API
    
    Phase 2 of the .NET Workflows outputs overhaul. Additive code change
    only - no observable runtime behavior change. The runner still uses the
    legacy bypass for AgentResponse / AgentResponseUpdate payloads, and the
    new `Futures.EnableAgentResponseOutputTaggingAndFiltering` flag defaults
    to false. Phase 3 will wire the flag into the runner; this commit only
    introduces the types and the builder API.
    
    New public surface:
    * `OutputTag` (readonly struct): wraps a string Value with ordinal
      equality (IEquatable, GetHashCode, == / !=) so it can participate as a
      HashSet element. Internal ctor closes the set. One public singleton:
      `OutputTag.Intermediate`. Terminal / regular outputs carry no tag
      (empty Tags set). JSON-serialized as a bare string via
      [JsonConverter(typeof(OutputTagJsonConverter))], with the converter
      rehydrating to the well-known singleton on read.
    * `Futures` (static class): hosts opt-in pre-GA behavior switches.
      First flag is `EnableAgentResponseOutputTaggingAndFiltering`; XML doc
      captures the v2.0.0 obsoletion / v3.0.0 removal lifecycle.
    * `WorkflowOutputEvent.Tags`: `HashSet<OutputTag>` exposed directly
      (concrete collection, matches the JSON-serialization convention used
      for `WorkflowInfo.OutputExecutorIds`). Never null; empty for legacy /
      terminal events. New ctors take a single `OutputTag` or
      `IEnumerable<OutputTag>?`; the existing (data, executorId) ctor
      remains and produces an untagged event. `HasTag(OutputTag)` helper.
      `AgentResponseEvent` and `AgentResponseUpdateEvent` gain matching
      tag-accepting ctors forwarding to the base.
    * `WorkflowOutputEventExtensions.IsIntermediate(this WorkflowOutputEvent)`:
      extension method returning `evt.HasTag(OutputTag.Intermediate)`. The
      preferred way to ask "is this an intermediate output?" without
      reaching into the Tags set.
    * `WorkflowBuilder.WithOutputFrom(IEnumerable<ExecutorBinding>, OutputTag)`
      and `WorkflowBuilder.WithOutputFrom(ExecutorBinding, OutputTag)`:
      forward-looking tagged overloads. The IEnumerable form is the primary
      tagged surface; the single-executor form is a convenience for the
      common one-executor case. Currently usable for the
      `OutputTag.Intermediate` singleton; will become the primary surface
      once the `OutputTag` constructor is opened to user-defined tags in
      a future release. Callers in this release should prefer the
      intent-specific `WithIntermediateOutputFrom` extension for the
      intermediate case. Tags accumulate across repeated calls; same tag
      repeated dedupes via the HashSet.
    * `WorkflowBuilderExtensions.WithIntermediateOutputFrom(this WorkflowBuilder, IEnumerable<ExecutorBinding>)`:
      helper that forwards to `WithOutputFrom(executors, OutputTag.Intermediate)`.
      Takes an IEnumerable (matching the tagged WithOutputFrom shape) -
      callers pass collection literals: `builder.WithIntermediateOutputFrom([a, b])`.
      XML doc remarks call out the Futures-flag interaction and the
      AIAgent-payload forwarding contract.
    
    Internal shape changes:
    * `WorkflowBuilder._outputExecutors`: HashSet<string> -> Dictionary<
      string, HashSet<OutputTag>>. The value set is empty for executors
      designated only via the untagged WithOutputFrom; contains Intermediate
      (and possibly future tags) otherwise.
    * `Workflow.OutputExecutors`: HashSet<string> -> Dictionary<string,
      HashSet<OutputTag>>.
    * `OutputFilter.CanOutput`: `Contains(id)` -> `ContainsKey(id)`.
    * `WorkflowInfo.OutputExecutorIds`: HashSet<string> -> Dictionary<
      string, HashSet<OutputTag>>, with a custom JsonConverter that reads
      both the new map shape (`{id: ["intermediate", ...]}`) and the legacy
      array shape (`[id1, id2]`, where each id is treated as an untagged
      output). Always writes the map shape. IsMatch updated to compare
      per-id tag sets.
    
    Tests landing in this commit (per the test-with-feature principle):
    * `OutputTagTests.cs` (6 tests): KnownValues, EqualityIsOrdinalOnValue,
      DefaultStructValueIsDistinct (default(OutputTag) does not collide
      with the Intermediate singleton in a HashSet),
      GetHashCodeMatchesEquals, JsonConverter_RoundtripsValueAsString,
      ConstructorIsInternal (reflection-based assertion that the (string)
      ctor is `internal`).
    * `WorkflowBuilderTests.cs` adds 7 new tests pinning the builder
      API contract: RegistersWithEmptyTagSet, AddsIntermediateTag,
      MultipleExecutorsAllUntagged, ThenIntermediate_AccumulatesTags,
      RepeatedDedupes, OnlyRegistersWithoutPriorWithOutputFrom,
      TracksExecutorBinding.
    * `BackwardsCompatibility/JsonCheckpointSerializationTests.cs`
      (new folder + file, 5 tests): event-level ctor contract tests
      (single-tag, no-tag, multi-tag — the last with a custom tag);
      IsIntermediate() asserted; load-bearing JSON BC tests for
      `WorkflowInfo.OutputExecutorIds` -
      `WorkflowOutputExecutorsReadsLegacyArrayShape` (legacy ids map to
      empty tag sets) and `WorkflowOutputExecutorsWritesMapShape`.
    
    The plan's three JSON round-trip tests for `WorkflowOutputEvent.Tags`
    were dropped: `WorkflowEvent` is not currently a serialized checkpoint
    shape (see the comment in WorkflowsJsonUtilities.cs about events not
    being persisted), so there is no real back-compat surface to pin
    through JSON. They are substituted with in-process ctor/property
    round-trip tests that exercise the `Tags` / `HasTag` / `IsIntermediate`
    contract.
    
    Validation: full `Microsoft.Agents.AI.Workflows.UnitTests` suite runs
    green on net10.0 (565 passing, 0 failing). Core library builds clean
    on net472, netstandard2.0, net8.0, net9.0, and net10.0. Test project
    builds clean on net472 + net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat: route AgentResponse(Update) through the output filter under a Futures flag
    
    `InProcessRunnerContext.YieldOutputAsync` historically special-cased AgentResponse and
    AgentResponseUpdate payloads: it built the typed event subclass and emitted it directly,
    bypassing the output filter. Rewrites the method so that:
    
    - When `Futures.EnableAgentResponseOutputTaggingAndFiltering` is `false` (the current
      default), AgentResponse(Update) keep the legacy bypass — emitted as
      AgentResponseEvent / AgentResponseUpdateEvent with no tags. Existing callers see no
      behavior change.
    - When the flag is `true`, AIAgent payloads flow through the output filter just like
      every other payload type: undesignated sources are dropped, and the emitted event
      carries the source's tag set (empty for terminal `WithOutputFrom`, `{Intermediate}`
      for `WithIntermediateOutputFrom`, the set union when both designations apply).
    
    Non-AIAgent (POCO) outputs also now carry the source's tag set on the emitted
    WorkflowOutputEvent unconditionally — additive, since no existing assertion inspected
    Tags. Subclass events (`AgentResponseEvent` / `AgentResponseUpdateEvent`) continue to
    be emitted under both modes so `switch (evt) { case AgentResponseEvent: ... }`
    consumer code keeps matching.
    
    Adds `OutputFilter.TryGetTags` as the tag-aware lookup used by the runner.
    `OutputFilter.CanOutput` is kept (still used by the existing sync tests in
    `OutputFilterTests.cs`).
    
    Tests
    -----
    - `Futures/Futures.AgentResponseOutputFilteringAndTaggingTests.cs` (new): the F1–F13
      matrix from the plan, covering every combination of `(flag on/off) × (designation)
      × (payload shape)`. Uses a `FuturesScope` IDisposable + a `FuturesSerial` xUnit
      collection (DisableParallelization = true) to keep the process-global flag from
      leaking across parallel tests.
    - `OutputFilterTests.cs`: four new `Test_OutputFilter_…` cases for the `TryGetTags`
      surface (empty-tag-set for terminal designation, `{Intermediate}` for intermediate
      designation, union for accumulated designation, `false` for unregistered).
    
    582/582 unit tests pass on net10.0 (565 baseline + 17 new).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat: tag-aware defaults and designation API on orchestration builders
    
    Aligns the .NET orchestration builders with Python's output / intermediate-output
    distinction. Each builder either applies a Python-aligned default designation set or
    replays the user's explicit `WithOutputFrom` / `WithIntermediateOutputFrom` calls,
    never both.
    
    Static `AgentWorkflowBuilder.BuildSequential` / `BuildConcurrent` apply defaults
    unconditionally (no user-facing fluent surface to take control through):
    
    - Sequential: terminal `end` + every agent designated intermediate.
    - Concurrent: terminal `end` + every agent and per-agent accumulator designated
      intermediate.
    
    The three fluent instance builders memoize agent-typed designation calls in a
    `Dictionary<AIAgent, HashSet<OutputTag>>` (empty set = terminal-only, non-empty =
    intermediate tag(s)) so repeated calls dedupe naturally. They replay the entries
    at `Build()` time, suppressing defaults when any call has been made:
    
    - `HandoffWorkflowBuilder` / `HandoffWorkflowBuilderCore<TBuilder>` (also picked up
      by the obsolete `HandoffsWorkflowBuilder` via inheritance).
      Default: terminal `HandoffEnd` + every handoff agent intermediate.
      (Bug fix: legacy code relied on `WithOutputFrom(end)` to bind `HandoffEnd`. The
      new explicit-designation path bypasses that, so `Build()` now calls
      `BindExecutor(end)` unconditionally to keep validation happy.)
    - `GroupChatWorkflowBuilder` — default: terminal host + every participant intermediate.
    - `MagenticWorkflowBuilder` — default: terminal orchestrator + every team member
      intermediate.
    
    Designating a non-participant agent throws `InvalidOperationException`.
    
    The bare `WorkflowBuilder` default is unchanged — only the orchestration-style
    builders gain implicit defaults, matching the plan's non-goal.
    
    Tests
    -----
    - `AgentWorkflowBuilder.SequentialTests` / `.ConcurrentTests`: one default-spec
      assertion each.
    - `GroupChatWorkflowBuilderTests`: defaults-match-spec, explicit-replaces-defaults,
      non-participant throws.
    - `HandoffWorkflowBuilderTests` (new file): same three.
    - `MagenticWorkflowBuilderTests` (new file): same three.
    
    593/593 unit tests pass on net10.0 (582 baseline + 11 new).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat: WorkflowHostAgent forwards AgentResponseEvent unconditionally under Futures-on
    
    Aligns the .NET Workflow-as-Agent surface with Python `as_agent`. Under
    `Futures.EnableAgentResponseOutputTaggingAndFiltering = true`,
    `WorkflowSession.InvokeStageAsync` now forwards `AgentResponseEvent`
    unconditionally — joining `AgentResponseUpdateEvent` in ignoring the host's
    `includeWorkflowOutputsInResponse` switch. That switch keeps governing the
    generic `WorkflowOutputEvent` path for non-AIAgent payloads, where it is
    further short-circuited by an `IsIntermediate()` check (tagged intermediate
    outputs always surface).
    
    Under Futures-off the legacy asymmetry is preserved: `AgentResponseUpdateEvent`
    always forwarded, `AgentResponseEvent` gated by `includeWorkflowOutputsInResponse`.
    
    Back-compat: with `Futures.EnableAgentResponseOutputTaggingAndFiltering` left at
    its default `false`, observable behavior is identical to before.
    
    `Futures` documentation gains a remark explaining the `Workflow.AsAIAgent()`
    interaction in both flag states.
    
    Runner fix
    ----------
    `InProcessRunnerContext.YieldOutputAsync` now skips `Executor.CanOutput` for
    AgentResponse-shaped payloads under both Futures branches. `AIAgentHostExecutor`
    doesn't declare AgentResponse(Update) in its `Yields` set, so the historical
    legacy bypass had silently skipped the check; Phase 3's Futures-on path was
    running it and would reject AIAgent payloads. AIAgent-shaped payloads are now
    always a valid output shape, matching the legacy bypass semantics.
    
    Phase 4 follow-on
    -----------------
    Switched the three orchestration-builder designation-replay loops to iterate
    `Dictionary.Keys` with a value lookup instead of constructing/destructuring
    `KeyValuePair<,>`. Cleaner shape and avoids the netstandard2.0 / net472
    `KeyValuePair<,>.Deconstruct` unavailability that surfaced when this branch
    multi-TFM-built.
    
    Tests
    -----
    `WorkflowHostSmokeTests.IntermediateForwarding` (new nested class, 6 tests):
    - intermediate AgentResponse forwarded past the include-outputs gate (Futures on)
    - terminal AgentResponse forwarded unconditionally (Futures on)
    - terminal AgentResponse gated by include flag (Futures off, legacy)
    - undesignated AIAgent executor emits no AgentResponseEvent under Futures-on
    - legacy bypass still emits AgentResponseEvent under Futures-off
    - intermediate tag is observable via `update.RawRepresentation`
    
    The class joins the `FuturesSerial` xUnit collection so the process-global flag
    is serialized against other Futures-toggling tests.
    
    599/599 unit tests pass on net10.0 (593 baseline + 6 new).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat: SequentialWorkflowBuilder and ConcurrentWorkflowBuilder, OrchestrationBuilderBase
    
    Promotes the Sequential and Concurrent orchestration shapes to first-class fluent
    builder classes, matching Handoff / GroupChat / Magentic. Users can call
    `WithOutputFrom(agents)` / `WithIntermediateOutputFrom(agents)` to control which
    agents are designated output / intermediate sources; when no designation call is
    made, the Python-aligned defaults apply (terminal aggregator output + every agent
    intermediate; Concurrent also tags per-agent accumulators).
    
    `AgentWorkflowBuilder.BuildSequential(...)` and `BuildConcurrent(...)` are kept
    and now delegate to the new builders; observable behavior unchanged. Five static
    factories now mirror each other:
    
    - `AgentWorkflowBuilder.CreateSequentialBuilderWith(params IEnumerable<AIAgent>)`
    - `AgentWorkflowBuilder.CreateConcurrentBuilderWith(params IEnumerable<AIAgent>)`
    - `AgentWorkflowBuilder.CreateHandoffBuilderWith(AIAgent)`        (already existed)
    - `AgentWorkflowBuilder.CreateGroupChatBuilderWith(Func<...>)`    (already existed)
    - `AgentWorkflowBuilder.CreateMagenticBuilderWith(AIAgent)`       (new)
    
    OrchestrationBuilderBase
    ------------------------
    New abstract `OrchestrationBuilderBase<TBuilder>` unifies the shared fluent
    surface across all five orchestration builders: `WithName`, `WithDescription`,
    `WithOutputFrom`, `WithIntermediateOutputFrom`, and the
    `ApplyOutputDesignations(builder, agentMap, kind, applyDefaults)` helper that
    either replays the user's designations or invokes the orchestration-specific
    defaults.
    
    Removes ~150 LOC of duplicated designation-management code from the four
    non-Handoff builders, plus the equivalent from `HandoffWorkflowBuilderCore`.
    
    Tests
    -----
    - New `SequentialWorkflowBuilderTests.cs` / `ConcurrentWorkflowBuilderTests.cs`
      (replace the old `AgentWorkflowBuilder.{Sequential,Concurrent}Tests.cs`
      nested-class files). Method names normalized to
      `Test_<BuilderType>_<Scenario>[Async]`.
    - Shared helpers (`DoubleEchoAgent`, `DoubleEchoAgentWithBarrier`,
      `WorkflowRunResult`, `RunWorkflow*`) moved from the old
      `AgentWorkflowBuilderTests` partial class into a new
      `OrchestrationTestHelpers` static class in `OrchestrationTestHelpers.cs`.
      Downstream test files (Group Chat, Handoff, Sequential, Concurrent) updated
      to qualify with `OrchestrationTestHelpers.*`.
    - A new `AgentWorkflowBuilderTests.cs` covers the static surface directly:
      `BuildSequential` / `BuildConcurrent` invariants and aggregator wiring, plus
      null-rejection + round-trip checks for every `Create*BuilderWith` factory.
    - New AsAgent intermediate-suppression tests on a nested `AsAgentForwarding`
      class for each of Sequential and Concurrent: build with only the terminal
      agent designated via `WithOutputFrom`, run via `AsAIAgent(...)`, assert via
      `AgentResponseUpdate.AuthorName` that intermediate agents do not surface.
      Both join the `FuturesSerial` collection.
    - New `Test_<Builder>_WithDescriptionPropagatesToWorkflow` smoke tests on
      Sequential and Concurrent (newly available via the base class).
    
    625/625 unit tests pass on net10.0.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore: dotnet format
    
    * fixup: encoding
    
    * fixup: charset
    
    * fixup: Updates for PR feedback
    
    * fixup: format
    
    * fixup: merge issue
    
    * Fix intermediate filtering on .AsAgent()
    
    * fix filter logic
    
    * fix: Revert logic change and add comments
    
    ---------
    
    Co-authored-by: Jacob Alber <jalber@lokitoth.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Adding AgentFileStore and FileAccessProvider to support file access operations. (#6099)
    * Adding AgentFileStore and FileAccessProvider to support file ased operations for agents.
    
    * Address PR review feedback on FileAccessProvider
    
    - Probe symlinks on the unresolved candidate path so in-root symlinks
      cannot silently pass and out-of-root symlinks surface the correct
      error message.
    - Validate matching_lines elements in FileSearchResult.from_dict and
      raise a clean ValueError for non-mapping entries.
    - Cap search regex pattern length (256 chars) via a new
      _compile_search_regex helper to mitigate ReDoS, and surface the cap
      in the file_access_search_files tool description.
    - Skip non-UTF-8 files during filesystem search instead of aborting
      the entire directory walk.
    - Replace the module-scope trailing string in the data-processing
      sample with comments to avoid Ruff B018.
    - Remove the checked-in working/region_totals.md sample artifact so
      the save flow works from a clean checkout.
    - Expand the Windows stdout reconfiguration comment in task_runner.py
      for clarity.
    - Add tests for invalid/oversize regex, non-UTF-8 file search, and
      in-root symlink rejection.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix mypy redundant-cast in FileSearchResult.from_dict
    
    Use cast(list[object], ...) instead of cast(list[Any], ...) so the
    cast represents a real type change (lists are invariant) and is no
    longer flagged by mypy as redundant, while still satisfying pyright's
    reportUnknownVariableType. Matches the existing pattern in _memory.py.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Tighten path normalization and directory resolution in FileAccess
    
    - _normalize_relative_path now strips surrounding whitespace up front
      so leading/trailing spaces never leak into file segments, and
      rejects trailing path separators for file paths so 'foo/' is no
      longer silently coerced to 'foo'.
    - FileSystemAgentFileStore._resolve_safe_directory_path normalizes
      with is_directory=True and maps an empty normalized result to the
      root. This matches InMemoryAgentFileStore so whitespace-only
      directory inputs resolve to the root instead of raising.
    - Added tests for whitespace stripping, trailing-separator rejection,
      and whitespace-only directory listing on the filesystem store.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Harden FileAccess search and atomic save in store API
    
    - Add wall-clock timeout (10s) around regex scans so a pathological pattern (e.g. `(a+)+`) below the length cap cannot stall the event loop.
    - Offload the InMemoryAgentFileStore regex scan to a worker thread, matching the filesystem store.
    - Fail closed when `Path.is_symlink` raises during the safe-path probe so a permission error cannot silently bypass the symlink/reparse-point rejection.
    - Add `overwrite: bool = True` to `AgentFileStore.write_file`; the in-memory store performs the check under the existing lock and the filesystem store uses `open(mode='x')` so concurrent callers cannot race past `overwrite=False`.
    - `file_access_save_file` now relies on the atomic store call instead of a separate `file_exists` round-trip.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Python 3.10 timeout handling and add directory arg to list/search tools
    
    - Catch asyncio.TimeoutError in _run_search_with_timeout. In Python 3.10
      asyncio.wait_for raises asyncio.exceptions.TimeoutError, which is
      distinct from the builtin TimeoutError (the two were unified in 3.11).
      Catching the asyncio alias works on every supported version.
    - Add an optional directory parameter to file_access_list_files and
      file_access_search_files so agents can enumerate / scope searches to
      nested folders, not just the store root.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address FileAccess review feedback: case, errors, signal, TOCTOU
    
    - InMemoryAgentFileStore now stores (display_name, content) so list_files
      and search_files return the original-case names callers wrote, matching
      the behaviour of FileSystemAgentFileStore on case-preserving filesystems
      and removing the silent in-memory vs. on-disk contract divergence.
    - FileSystemAgentFileStore.read_file raises ValueError instead of letting
      UnicodeDecodeError bubble for binary / non-UTF-8 input, restoring
      symmetry with search_files (which still skips) and giving the tool
      layer a recoverable type to translate.
    - Tool wrappers now catch ValueError and OSError around every operation
      and surface them as readable strings, so 'you used ..' and 'the file
      already exists' are both reported to the model the same way instead of
      the former crashing out as an unhandled exception.
    - _search_files_sync logs per skipped non-UTF-8 file at WARNING and an
      aggregate INFO summary so operators can distinguish 'no matches' from
      'half the corpus was unreadable'.
    - FileSystemAgentFileStore softens its docstrings to acknowledge the
      inherent probe-then-open TOCTOU window. On POSIX both read and write
      now pass O_NOFOLLOW so the kernel refuses if the leaf segment becomes
      a symlink between the probe and the open. Windows has no equivalent
      flag; the limitation is documented.
    - Tests cover: case preservation on list/search, ValueError on non-UTF-8
      read at the store and tool layer, tool-layer string responses for
      path-traversal and oversized-regex inputs, search-skip log output,
      symlink rejection on delete/search/list, and symlinked intermediate
      directory rejection.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address FileAccess nit comments: docstrings, enumerate, opt-in delete approval
    
    - Expand FileSearchMatch/FileSearchResult.to_dict docstrings to explain why
      the override is needed (__slots__ defeats the mixin's __dict__ iteration)
      and why exclude/exclude_none are accepted-but-ignored (mixin signature
      compatibility for callers like to_json).
    - Use enumerate(lines, start=1) in _search_file_content so the +1 below is
      no longer needed; rename loop variable to line_number for clarity.
    - Add opt-in require_delete_approval: bool = False on FileAccessProvider.
      When True, file_access_delete_file is registered with approval_mode
      'always_require' so the host must approve every delete. Default False
      preserves current behaviour and matches the .NET reference, but
      deployments that want a safer-by-default posture can enable it.
    - Add tests covering both delete approval modes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * FileAccess: require delete approval by default
    
    Flip the default for FileAccessProvider(require_delete_approval=...) from
    False to True so destructive deletes are gated by host approval out of the
    box. Callers that want the previous autonomous behaviour (which matches the
    .NET reference) can pass require_delete_approval=False.
    
    Tests updated accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fixing linkinspector by installing Chrome for puppeteer first.
    
    ---------
    
    Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python A2A: Expose supported_protocol_bindings as configurable parameter (#6098)
    * Expose supported_protocol_bindings as configurable parameter on A2AAgent
    
    Add supported_protocol_bindings parameter to A2AAgent.__init__() allowing
    users to configure which A2A protocol bindings (JSONRPC, GRPC, HTTP+JSON)
    the client prefers when connecting to remote agents.
    
    - Defaults to ["JSONRPC"] matching current behavior
    - Passes through to ClientConfig for transport negotiation
    - Replaces 4 hardcoded references with the configurable value
    
    Closes #6057
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix empty list falsy trap and add fallback path test coverage
    
    - Use 'is not None' check instead of 'or' to preserve explicit empty list
    - Add test verifying empty list is not silently replaced with defaults
    - Add test verifying fallback path uses custom bindings
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Document known protocol binding values in docstring
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use Literal union for protocol binding type hint
    
    Provides IDE autocomplete for known values while keeping the type
    open for custom bindings (Literal is str at runtime).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: feat: Update GroupChatManager semantics to match other Orchestration patterns (#6140)
    * Refactor group chat workflow to prevent message echoing and enhance checkpointing
    
    - Updated GroupChatWorkflowBuilder to disable forwarding incoming messages to prevent duplicates.
    - Enhanced RoundRobinGroupChatManager with checkpointing support to preserve state across executions.
    - Modified GroupChatHost to maintain a history of messages and track the current speaker for message broadcasting.
    - Implemented broadcasting logic to ensure participants receive messages from others while excluding their own responses.
    - Added comprehensive unit tests for group chat orchestration, including scenarios for tool approval and function calls.
    - Introduced a new ApprovalHarness for testing tool invocation and approval workflows.
    
    * fixup: format
    
    * Add JSON serialization support for GroupChatManagerState and RoundRobinGroupChatManagerState
    
    ---------
    
    Co-authored-by: Jacob Alber <jalber@lokitoth.com>
  • .NET: [Breaking] Refactor AgentFileSkillsSource for depth-based discovery and predicate filters (#6109)
    * Refactor AgentFileSkillsSource to use filter predicates and add AgentFileSkillFilterContext
    
    - Replace hardcoded script/resource directory lists with configurable ScriptFilter and ResourceFilter predicates
    - Add AgentFileSkillFilterContext class to provide contextual file information to filter predicates
    - Replace MaxSearchDepth constant with configurable SearchDepth option
    - Update AgentFileSkillsSourceOptions with new filter and search depth properties
    - Update tests to reflect the new filtering approach
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Log '(none)' instead of empty string for missing file extensions in debug output
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: feat: Bring Handoff Orchestration to parity with Python (#6138)
    * feat: implement autonomous mode and termination conditions in handoff workflow
    
    * fixup: format
    
    * feat: enhance autonomous mode with per-agent configurations and add unit tests
    
    * fixup: remove empty file
    
    ---------
    
    Co-authored-by: Jacob Alber <jalber@lokitoth.com>
  • .NET: Support ClaimsIdentity-based scoping of agent sessions (#5696)
    * feat: Add DelegatingAgentSessionStore
    
    Add helper for decorator pattern for AgentSessionStore
    
    * feat: Add UserIdentityScopedSessionStore
    
    Add support for using the ASP.Net Core ambient `ClaimsIdentity` User, along with a user-specified claim type to scope the session store based on authenticated identity.
    
    * fix: Harden scope mapping
    
    * fix: Add UserIdentityScopeSessionStoreOptions to avoid future breaking changes
    
    * Split UserIdentityScopedSessionStore into a separate IsolationKeyProvider and IsolationKeyScopedSessionStore
    
    * Add GetService<>() capabilities to interrogate AgentSessionStore delegation chain
    
    * Harden default for A2A hosting by using an IsolationKeyScopedAgentSessionStore when no store is available.
    
    * Pipe isolation through Hosting helper extension methods
    
    * Add comment to samples about adding SessionIsolationKeyProvider
    
    * Fix isolation key provider nullability semantics
    
    * fix A2A defaults
    
    * fixup
    
    * remove unneeded keyProvider requirement test
    
    * Add trust-model XML docs to AgentSessionStore, InMemoryAgentSessionStore, MapAGUI, A2A entry points
    
    Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e466c53a-faad-40a8-8b5f-83cf0dce0b1d
    
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
    
    * fix: Switch ClaimsBasedIsolationKeyProvider to be Singleton
    
       * matches HttpContextAccessor and related MAF services
    
    * release: Ensure new project is in the release filter
    
    * fixup: Integraitaon tests
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
  • Python: [Breaking] Refactor Skill API to async resource and script lookup (#6135)
    Port of .NET commit 08541ee5a9.
    
    Replace property-based Skill.content/resources/scripts with async
    by-name lookup methods:
    - content property -> async get_content() -> str
    - resources property -> async get_resource(name) -> SkillResource | None
    - scripts property -> async get_script(name) -> SkillScript | None
    
    SkillsProvider now always includes all three tools (load_skill,
    read_skill_resource, run_skill_script) and both instruction blocks
    regardless of whether any skills have resources or scripts.
    
    ClassSkill retains resources/scripts properties as overridable hooks
    for subclass reflection-based discovery.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix render dupe and text input clear bugs, and improve guardrail error messaging (#6136)
    * Fix render dupe and text input clear bugs
    
    * Fix another text rendering issue and improve guardrails messaging
    
    * Address PR comments
    
    * Improve guardrail rendering and json error handling
    
    * Another tweak for input box render issue
    
    * Address PR comments
  • .NET: Add Foundry Toolbox MCP skills discovery sample (#6134)
    * feat: add Agent_Step26_FoundryToolboxMcpSkills sample
    
    Add a new sample demonstrating MCP-based skills discovery from a Foundry
    Toolbox endpoint using AgentSkillsProviderBuilder and AIContextProviders.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: address PR review comments for Step26 sample
    
    - Add Foundry-Features: Toolboxes=V1Preview header to MCP transport
      options, matching the Step25 pattern
    - Document skill://index.json prerequisite in README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step26_FoundryToolboxMcpSkills/Program.cs
    
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
  • Bump Python package versions for 1.7.0 release (#6142)
    Bumps the released 1.6.0 packages agent-framework, agent-framework-core, agent-framework-foundry, and agent-framework-openai to 1.7.0, with root continuing to exactly pin agent-framework-core[all]. Bumps the changed prerelease packages agent-framework-a2a, agent-framework-chatkit, agent-framework-declarative, agent-framework-devui, and agent-framework-foundry-hosting to the 260528 date stamp, raises core floors on the packages included in this release, raises Foundry's OpenAI floor alongside OpenAI, and raises ChatKit's openai-chatkit floor to the minimum version required by the current typed API usage. No beta cohort bump was applied; the absent mistal/mistral package was intentionally not bumped because no such package exists in this branch.
  • Python: [Breaking] Remove Python-only declarative actions and rename alias kinds to C# canonical names (#6126)
    * Remove Python-only declarative actions and rename alias kinds to C# canonical names
    
    * Address PR comments.
    
    * Address PR comments.
    
    * Reduce verbose and duplicate output from sample workflow.
  • Python: fix: pass Foundry agent default headers (#6040)
    * fix: pass Foundry agent default headers
    
    * test: loosen Foundry default header assertions
  • Python: Allow hosted checkpoints to restore MessageRole (#6049)
    * Python: Allow hosted checkpoints to restore MessageRole
    
    Allow Responses hosting checkpoint storage to deserialize the Azure Responses MessageRole enum that hosted workflows can persist inside Agent Framework Message objects.
    
    Add regression coverage for both direct load() and the hosted get_latest() restore path, including the plain-storage failure mode where list_checkpoints logs the blocked type and get_latest() returns None.
    
    Ruff also normalizes a duplicate contextlib import in the touched hosting module.
    
    * Address MessageRole checkpoint review comments
    
    * Cover hosted MessageRole checkpoint restore path
  • Python: Align c# and python TodoProvider tool names (#6107)
    * Align c# and python TodoProvider tool names
    
    * Potential fix for pull request finding
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    
    * Address PR review: remove __slots__ and add typed schemas for tool params
    
    - Remove __slots__ from TodoItem, TodoInput, and TodoCompleteInput classes
      (not needed for low-instance-count objects and hinders dev scenarios)
    - Add _TodoAddItemSchema and _TodoCompleteItemSchema TypedDicts to provide
      proper JSON schema for todos_add and todos_complete tool parameters
    - Use typing_extensions for Python 3.10 compatibility
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: read headers defensively to support stream wrappers without .headers (#6028) (#6029)
    `OpenAIChatClient._inner_get_response()` reads `.headers` on the raw streaming
    response returned by `client.responses.with_raw_response.create(stream=True)`
    (and its three sibling call sites - retrieve-streaming, non-streaming create
    and background retrieve) to surface the `x-ms-served-model` Azure header,
    introduced in #5910.
    
    When `azure-ai-projects>=2.1.0` experimental GenAI tracing is enabled
    (`AZURE_EXPERIMENTAL_ENABLE_GENAI_TRACING=true`), the instrumentor wraps the
    raw streaming response in an inline `AsyncStreamWrapper` that exposes
    `.response` but not `.headers`. Reading `raw_create_response.headers` then
    raises `AttributeError: 'AsyncStreamWrapper' object has no attribute 'headers'`,
    which `FoundryChatClient` rethrows as a `ChatClientException` and breaks every
    streaming call (workflows and free chat).
    
    Fix: read the header dict via `getattr(raw_response, "headers", None)` at all
    four call sites. `_extract_served_model()` already short-circuits on `None`,
    so the served-model surfacing degrades gracefully (model stays the deployment
    alias) instead of crashing when the response is wrapped by an instrumentor
    that does not proxy `.headers`.
    
    Regression test added:
    `test_streaming_response_without_headers_attribute_does_not_crash`
    simulates a stream wrapper that raises `AttributeError` on `.headers` and
    asserts the stream still completes with the deployment alias as `update.model`.
    
    Fixes #6028
    
    Co-authored-by: Emilien Mottet <emilien.mottet@michelin.com>
  • feat(a2a): add A2AAgentSession with reference_task_ids and input-required support (#5980)
    * feat(a2a): link follow-up messages via reference_task_ids
    
    Track the task_id from A2A responses (task, status_update, artifact_update,
    and message payloads) on session.state and include it as reference_task_ids
    on subsequent outgoing messages. This enables remote agents to correlate
    follow-up messages as task refinements per the A2A spec.
    
    Resolves #5938
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat(a2a): add A2AAgentSession for typed protocol state tracking
    
    Introduce A2AAgentSession (subclass of AgentSession) with context_id,
    task_id, and task_state properties. This follows the DurableAgentSession
    pattern and mirrors the .NET A2AAgentSession design.
    
    - Track task_id, context_id, and task_state from all response payload types
    - Validate context_id consistency (raise on mismatch)
    - Auto-assign server-generated context_id when not set
    - Only A2AAgentSession gets reference tracking (no state dict fallback)
    - Plain AgentSession continues to work without reference tracking
    - Add serialization support (to_dict/from_dict)
    - Export via agent_framework.a2a and agent_framework_a2a
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * style: remove unnecessary string annotation (pyupgrade)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: use AgentSession.from_dict for state deserialization
    
    Avoids importing private _deserialize_state, matching the
    DurableAgentSession pattern.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: track context_id from message payloads in A2AAgentSession
    
    Previously, context_id was only captured from task, status_update, and
    artifact_update payloads. Message-only responses (which carry context_id
    but may lack task_id) were silently lost. This fix:
    
    - Captures msg.context_id in the message handler
    - Persists session state when either last_task_id or last_context_id is
      present (not only when task_id is truthy)
    - Only updates task_id/task_state when a task_id was actually returned
    - Adds a test for message-only context_id tracking
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * addressed comments
    
    * Gate status content to INPUT_REQUIRED/terminal states (match .NET)
    
    Match .NET's GetUserInputRequests pattern: only emit TaskStatusUpdateEvent
    message content when state is INPUT_REQUIRED or terminal. Intermediate
    status text (WORKING, SUBMITTED) is no longer surfaced to callers.
    
    When state is INPUT_REQUIRED, set additional_properties['input_required']
    = True so callers can distinguish input requests from final responses.
    
    Closes #5937
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review: remove message task_id tracking, defensive fallbacks, and input_required flag
    
    - Do not track task_id from Message payloads (simple interactions
      without task tracking)
    - Remove 'or last_task_id' fallback from status_update and
      artifact_update handlers (spec guarantees task_id is always set)
    - Remove additional_properties['input_required'] flag (content gating
      to INPUT_REQUIRED/terminal states is the signal itself)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix deprecated asyncio.iscoroutinefunction usage in test_cleanup_hooks.py (#4563)
    Fixes #4522
    
    Replace deprecated `asyncio.iscoroutinefunction()` with `inspect.iscoroutinefunction()`
    to resolve Python 3.13+ deprecation warning.
    
    Changes:
    - Added `import inspect` to imports
    - Replaced `asyncio.iscoroutinefunction(hook)` with `inspect.iscoroutinefunction(hook)` on line 126
    - This makes the code consistent with other test methods in the same file (lines 201, 236)
    
    The rest of the file already uses `inspect.iscoroutinefunction()` correctly, making
    this change consistent with the existing codebase pattern.
    
    🤖 Generated with [Claude Code](https://claude.com/claude-code)
    
    Co-authored-by: Claude <noreply@anthropic.com>
    Co-authored-by: Tao Chen <taochen@microsoft.com>
  • .NET: [BREAKING] Remove Support for Code-Gen in Declarative Workflows (#6095)
    * Removed
    
    * Remove sample
    
    * Remove orphaned code-gen related code path
    
    * Remove remaining references to code gen.
    
    ---------
    
    Co-authored-by: Chris Rickman <crickman@microsoft.com>
    Co-authored-by: Chris <66376200+crickman@users.noreply.github.com>
  • Python: fix: keep citation get_url metadata (#6037)
    * fix: keep citation get_url metadata
    
    * fix: satisfy citation metadata mypy check
  • .NET: Add MCP-based skills support (skill-md type) (#6108)
    * Add MCP-based skills support
    
    - Add AgentMcpSkill, AgentMcpSkillResource, AgentMcpSkillsSource, and McpSkillIndex to Microsoft.Agents.AI.Mcp
    - Add AgentSkillsProviderBuilderMcpExtensions for DI integration
    - Add Agent_Step06_McpBasedSkills sample project
    - Add unit tests for AgentMcpSkillsSource
    - Update solution file and project references
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary [Experimental] attributes from MCP package
    
    The package is already alpha, so the [Experimental] attribute is redundant.
    Removed from both AgentSkillsProviderBuilderMcpExtensions and
    AgentMcpSkillsSource classes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Make Agent_Step06_McpBasedSkills self-contained and add to verify-samples
    
    Embed an internal MCP server (launched via --server flag as a child process)
    that serves skill://index.json and skill://unit-converter/SKILL.md resources,
    replacing the external MCP_SKILLS_ENDPOINT dependency. The sample now uses
    StdioClientTransport and a fixed prompt instead of an interactive loop.
    
    Added SampleDefinition to AgentsSamples.cs for automated verification.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Sort usings
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add a HarnessAgent with available features and sample (#6041)
    * Add a HarnessAgent with available features and sample
    
    * Fix formatting
    
    * Address PR comments and fix mypy error
    
    * Add web search support to HarnessAgent
    
    * Fix build warning
    
    * Apply suggestions from code review
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    * Address PR comments
    
    * Address PR comments
    
    * Address further PR comments.
    
    * Fix markdown broken link
    
    ---------
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: feat(foundry): add to_prompt_agent / deploy_as_prompt_agent (experimental) (#5959)
    * feat(foundry): add experimental to_prompt_agent converter
    
    Adds `to_prompt_agent(agent)`, an experimental converter
    (`ExperimentalFeature.TO_PROMPT_AGENT`) that turns an Agent Framework
    `Agent` into a Foundry `PromptAgentDefinition` ready to publish via
    `AIProjectClient.agents.create_version(...)`.
    
    Behaviour:
    
    * `agent.client` must be a `FoundryChatClient` (or subclass); otherwise
      `TypeError` is raised. The model deployment name is lifted from the
      bound client so the same Agent definition used for local runs can be
      published as a hosted prompt agent without restating the model.
    * Foundry SDK tool instances (from `FoundryChatClient.get_*_tool()`) are
      passed through unchanged. AF `FunctionTool`s (and `@tool`-decorated
      callables) are emitted as Foundry `FunctionTool` declarations.
    * Local AF MCP tools cannot be expressed in a `PromptAgentDefinition`;
      the converter raises `ValueError` and points at
      `FoundryChatClient.get_mcp_tool()` for hosted MCP servers.
    * The converter walks both `agent.default_options["tools"]` and
      `agent.mcp_tools` because `normalize_tools()` splits local MCP off
      into its own list.
    
    Re-exported through the `agent_framework.foundry` lazy-loading namespace
    (updates both `__init__.py` and the `__init__.pyi` type stub).
    
    Adds a portable-agent sample showing the same `Agent` driven through
    both `agent.run(...)` and `to_prompt_agent(agent)`, and a README section
    covering the new converter.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore(samples): remove snippet tags from portable agent sample
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore(samples): inline FoundryChatClient and enable prompt-agent publish
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * chore(samples): drop async credential context manager
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(foundry): trim README to_prompt_agent example to publish-only flow
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(foundry): note FoundryAgent runs @tool callables for deployed prompt agents
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(foundry): address review comments on to_prompt_agent converter
    
    * Construct `PromptAgentDefinition` `Tool` from a dict via `**tool_item`
      unpacking rather than the positional Mapping constructor \u2014 cleaner and
      matches the typical Pydantic / Azure SDK pattern.
    * Drop the redundant `isinstance(mcp_tool, MCPTool)` guard in
      `_convert_tools`; the parameter is already typed `Iterable[MCPTool]` so
      the second `raise` was unreachable. The remaining single `raise`
      fires for every entry as intended.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(foundry): match Agent.__init__ model resolution in to_prompt_agent
    
    * Read the model from `agent.default_options.get("model")` first,
      falling back to `agent.client.model`. This mirrors the order
      `Agent.__init__` uses (`_agents.py:740`) when assembling
      default_options, so the model the agent runs with is the same model
      the converter publishes \u2014 e.g. when the caller passes
      `default_options={"model": "..."}` to override the bound client.
    * Updated the missing-model error message to point at both the client
      and the default_options paths.
    * Added tests:
      * tool-only agent with no `instructions` produces a definition
        where `instructions` is `None` and is omitted from the dict
        payload (`Agent.__init__` strips None values from default_options
        before storing them).
      * `default_options['model']` wins over the bound client's model.
      * Fallback to client.model when default_options has no model.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * feat(foundry): add deploy_as_prompt_agent helper + samples
    
    Adds `deploy_as_prompt_agent(agent)`, a convenience wrapper around
    `to_prompt_agent` that reuses the bound FoundryChatClient's project
    client to call `project_client.agents.create_version(...)`. Defaults
    `agent_name` / `description` from `agent.name` / `agent.description`
    so the Agent stays the single source of truth.
    
    * Exposed from `agent_framework_foundry` and the lazy-loading
      `agent_framework.foundry` namespace (including the .pyi stub).
    * Marked experimental with the existing
      `ExperimentalFeature.TO_PROMPT_AGENT` tag.
    * Tests cover the happy path, name/description defaulting, explicit
      override, no-name error, metadata + description forwarding, extra
      kwargs passthrough, and the experimental metadata.
    
    Samples:
    * Renamed the existing sample to `creating_prompt_agents.py`, drops
      'portable' wording, presents `deploy_as_prompt_agent` first as the
      recommended path and `to_prompt_agent` + `AIProjectClient` as the
      two-step alternative, and adds a cleanup step that deletes the
      published agent so re-runs stay idempotent.
    * New `using_prompt_agents.py` shows the end-to-end loop: deploy the
      agent, connect to it with `FoundryAgent` passing the same local
      `@tool` callable, run a query against the deployed prompt agent,
      then clean up.
    
    README updated to introduce `deploy_as_prompt_agent` as the
    recommended path and link to both runnable samples.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(foundry): restore missing-model ValueError in to_prompt_agent
    
    The check was accidentally dropped while reworking docstrings in the
    previous commit. Test `test_to_prompt_agent_rejects_missing_model`
    exercises this path and was failing on CI as a result.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor(foundry): rename deploy_as_prompt_agent -> create_prompt_agent
    
    Renames the helper across the foundry package, core lazy-loader stubs,
    tests, README and samples. The new name better matches the action
    performed (a prompt-agent definition is created in Foundry) and is
    consistent with the surrounding ''create_*'' API surface.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor(foundry): drop create_prompt_agent, enrich to_prompt_agent params
    
    Remove the create_prompt_agent helper and consolidate on to_prompt_agent.
    Expose every PromptAgentDefinition parameter that has either an Agent
    Framework equivalent (sourced from default_options) or no equivalent
    (accepted as a keyword argument).
    
    * default_options-sourced (with kwarg overrides):
      temperature, top_p, string tool_choice
    * kwarg-only Foundry knobs:
      reasoning, text, structured_inputs, rai_config, ToolChoiceParam tool_choice
    
    Precedence is always: explicit keyword > default_options entry > unset.
    
    Tests cover every path (defaults, default_options, kwargs, kwarg override).
    Samples and README rewritten around the enriched to_prompt_agent.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor(foundry): single source of truth for prompt-agent options
    
    Stop duplicating the generation-parameter surface between FoundryChatOptions
    and to_prompt_agent. Translate every field with an Agent Framework equivalent
    (temperature, top_p, tool_choice, reasoning, response_format/text/verbosity)
    from agent.default_options via a new RawFoundryChatClient helper
    _prepare_prompt_agent_options. Only Foundry-specific fields with no AF
    equivalent — structured_inputs and rai_config — remain as keyword arguments
    on to_prompt_agent.
    
    - tool_choice is dropped when there are no tools (mirrors _prepare_options
      semantics and avoids polluting tool-less prompt agents with Agent.__init__'s
      'auto' default).
    - response_format Pydantic models route through
      openai.lib._parsing._responses.type_to_text_format_param; dict shapes go
      through the existing _prepare_response_and_text_format helper.
    - default_options is not mutated; text dict is defensively copied.
    
    Tests, README, and creating_prompt_agents.py sample updated to reflect the
    new single-source model.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(foundry): consolidate prompt-agent sample
    
    Drop creating_prompt_agents.py (the publish-only variant) and rename
    using_prompt_agents.py to foundry_prompt_agents.py so the single sample
    covers the full convert -> publish -> connect -> run loop. Update the
    README link list accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(foundry): run local Agent + deployed agent in same sample
    
    Add an agent.run() call against the local Agent before publishing, then run
    the deployed prompt agent on the same query. Expand the docstring with a
    compare-and-contrast covering runtime/latency, configurability, and
    persistence/sharing differences between the two execution paths.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * test(foundry): cover conflicting response_format + text.format in to_prompt_agent
    
    Exercises the ValueError path when a Pydantic response_format would overwrite
    an explicit text.format mapping with a different shape. Lifts _chat_client.py
    coverage from 89% to 90%.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor(foundry): move _prepare_prompt_agent_options into _to_prompt_agent
    
    Lift the translation helper off RawFoundryChatClient and into the
    _to_prompt_agent module as a module-private function that takes the client
    as its first argument. The chat client no longer needs to carry a method
    whose only consumer is the prompt-agent converter, while still serving as
    the source of the request-path helper (_prepare_response_and_text_format)
    that the converter reuses for dict-shaped response_format values.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(python): codify GA terminology + post-run docs review
    
    Add two pieces of guidance to python/AGENTS.md:
    
    * Terminology - reserve 'GA' for hosted services; use 'released' or 'stable'
      for Agent Framework code/features to match the feature-lifecycle stages.
    * Maintaining Documentation - review AGENTS.md and skills at the end of every
      run and update any guidance the conversation made stale; before adding a
      new principle, ask the user to confirm it should be captured.
    
    Also pulls in a docstring fix in foundry_prompt_agents.py that swaps the
    stray 'GA' for 'released', applying the new terminology rule.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address PR review: strict=True default, Tool._deserialize dispatch, sample cleanup safety
    
    - FunctionTool published as strict=True so the server-side schema validation
      matches what the local FoundryAgent(tools=[same_callable]) dispatcher
      enforces. AF FunctionTool has no 'strict' attribute, so the safer default
      is used uniformly instead of silently downgrading to a permissive contract.
    - _validate_mapping_tool now dispatches through ProjectsTool._deserialize so
      dict-shaped tools rehydrate to the concrete subclass (FunctionTool,
      WebSearchTool, ...) via the 'type' discriminator instead of returning a
      generic Tool. Added a test that asserts isinstance(WebSearchTool) and a
      new test for the function-typed dict path.
    - foundry_prompt_agents.py sample now wraps credential + project client in
      async with and the create_version / run flow in try/finally so a failure
      on connect or run still deletes the published prompt agent rather than
      leaving an orphaned, billable resource in the user's Foundry project.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(ci): correct linkspector ignorePattern typo (./pulls -> ./pull)
    
    GitHub PR URLs use the singular segment /pull/N (compare to /issues/N
    for issues). The existing './pulls' ignore pattern never matched
    anything as a result, so legitimately stale PR links (e.g. PRs deleted
    from forks) surface as linkspector failures on unrelated PRs.
    
    This is the same convention the './issues' rule above already follows.
    Fixes the markdown-link-check failure on a dangling link in
    dotnet/src/Microsoft.Agents.AI.DurableTask/CHANGELOG.md.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add a BackgroundAgentsProvider for python (#6069)
    * Add a BackgroundAgentsProvider for python
    
    * Address PR comments and fix linting warnings
    
    * Address PR comment
  • Python: Fix DevUI streaming memory growth regression (#6038)
    * Fix DevUI streaming memory growth regression
    
    Bounds retained streaming/debug state in DevUI and strengthens browser regression coverage for long streamed responses.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address DevUI memory review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix DevUI bundle trailing whitespace
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: fix(openai): guard against null delta in streaming chunks from non-co… (#5734)
    * fix(openai): guard against null delta in streaming chunks from non-compliant providers (#5732)
    
    * chore: resolve nit and align with project style
    
    ---------
    
    Co-authored-by: Sergey Borisov <sergey.borisov@dataimpact.io>
    Co-authored-by: Giles Odigwe <79032838+giles17@users.noreply.github.com>
  • .NET: Updating version for dotnet release 1.7.0 (#6093)
    * Updating version for dotnet release 1.6.3
    
    * Change to minor version bump.
    
    ---------
    
    Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com>
  • Python: Add Python parity sample for invoking Foundry Toolbox tools from declarative workflows (#5933)
    * Add Python parity sample for invoking Foundry Toolbox tools from declarative workflows
    
    * Python: address PR review on declarative toolbox sample
    
    Two security fixes for PR #5933:
    
    1. Add safe_mode flag to WorkflowFactory (default True) mirroring
       AgentFactory. Gates =Env.* exposure inside DeclarativeWorkflowState
       PowerFx symbols via _safe_mode_context, so workflow YAML loaded from
       untrusted sources no longer leaks the host's full os.environ snapshot
       into PowerFx evaluation. The flag is also forwarded to the
       internally-constructed AgentFactory so inline agent definitions
       follow the same policy.
    
    2. Pin the invoke_foundry_toolbox_mcp sample's _client_provider to the
       resolved toolbox endpoint. The bearer-authenticated httpx client is
       now only returned when MCPToolInvocation.server_url matches the
       toolbox URL case-insensitively; any other URL gets None (the default
       unauthenticated path), preventing the Foundry AAD bearer token from
       being attached to a mis-configured or injected server URL. Mirrors
       the .NET sample's httpClientProvider guard.
    
    The sample is updated to opt in to safe_mode=False because its YAML
    intentionally uses =Env.FOUNDRY_TOOLBOX_* to keep configuration in env
    vars under the developer's control.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright issues.
    
    * Addressed PR comments.
    
    * Fix CI pipelines.
    
    * Resolve PR comments
    
    * Revamped sample to address PR comments.
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Align ModeProvider tool names and instructions (#6071)
    * Align ModeProvider tool names and instructions
    
    * Address PR comments
  • .NET: [Breaking] Refactor AgentSkill API to async resource and script lookup (#6030)
    * .NET: Refactor AgentSkill API to async resource and script lookup
    
    Replace property-based AgentSkill.Content, Resources, and Scripts with
    async-by-name lookup methods plus boolean availability flags:
    
    - Content (string getter) -> GetContentAsync(CancellationToken)
    - Resources (full list) -> HasResources + GetResourceAsync(name, ct)
    - Scripts (full list) -> HasScripts + GetScriptAsync(name, ct)
    
    This makes the API friendlier for sources like MCP where enumerating all
    resources up front is expensive or impossible, and allows skill implementations
    to fetch content lazily.
    
    Subclass changes:
    - AgentFileSkill and AgentInlineSkill implement the new async API while
      preserving content caching.
    - AgentClassSkill<TSelf> keeps virtual Resources/Scripts properties for
      reflection-based discovery and seals the new HasResources/HasScripts/
      GetResourceAsync/GetScriptAsync overrides. Its previously non-thread-safe
      lazy initialization is replaced with Lazy<T> (default thread-safety) wired
      up in a new protected constructor, so concurrent first-access from multiple
      threads is safe.
    - AgentSkillsProvider calls the new async API and exposes 
    ead_skill_resource
      / load_skill / 
    un_skill_script tools that await the per-name lookups.
    
    Includes baseline CompatibilitySuppressions.xml entries for the removed
    property getters.
    
    Tests:
    - Direct coverage for HasResources, HasScripts, GetResourceAsync, and
      GetScriptAsync on all three skill implementations (positive, missing-name,
      and no-resources/no-scripts cases).
    - Thread-safety regression test for AgentClassSkill<TSelf> that exercises
      concurrent first-access to Resources, Scripts, and GetContentAsync from
      many tasks and asserts all observers see the same cached instance.
    - Provider-level coverage for the 
    ead_skill_resource tool (invocation +
      error paths) and for the previously untested error paths of load_skill
      and 
    un_skill_script (empty names, skill/resource/script not found).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review comments
    
    - Move GetScriptAsync inside try/catch in RunSkillScriptAsync for error-handling parity
    - Remove dead _reflectedResources branch from AgentSkillTestExtensions
    - Fix XML docs to reference virtual Resources/Scripts properties (not sealed methods)
    - Add Async suffix to async test methods per naming convention
    - Make no-await tests synchronous to eliminate CS1998
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix formatting: add UTF-8 BOM and remove unused using
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix XML cref: Resources/Scripts are on AgentClassSkill<TSelf>
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove HasResources and HasScripts properties from AgentSkill
    
    Drop the virtual HasResources and HasScripts properties from AgentSkill
    and all concrete subclasses (AgentFileSkill, AgentInlineSkill,
    AgentClassSkill). AgentSkillsProvider now always includes all three
    tools (load_skill, read_skill_resource, run_skill_script) and both
    instruction blocks, since the tools already handle missing
    resources/scripts gracefully.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add blank line for readability in file-based skills sample
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix HostedAgentSkillsPatternTests for always-included tools
    
    Update assertions to expect read_skill_resource and run_skill_script
    tools are always present, matching the new behavior.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add Hosted-AgentSkills sample with Foundry Skills integration (#6013)
    * .NET: Add Hosted-AgentSkills sample for Foundry Skills integration
    
    Add a new hosted agent sample that demonstrates how to load behavioral
    guidelines from Foundry Skills at startup using AgentSkillsProvider and
    the progressive disclosure pattern (advertise -> load on demand).
    
    The sample:
    - Downloads SKILL.md files from Foundry via ProjectAgentSkills SDK
    - Extracts ZIP archives with zip-slip protection
    - Wires skills into AgentSkillsProvider as an AIContextProvider
    - Hosts the agent via the Responses protocol
    
    Ships two Contoso Outdoors skills matching the Python sample (PR #5822):
    - support-style: tone, formatting, signature guidelines
    - escalation-policy: when and how to escalate tickets
    
    Includes convenience provisioning gated behind PROVISION_SAMPLE_SKILLS
    env var, clearly documented as NOT a production pattern.
    
    Closes #5776
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add unit tests and integration test for Hosted-AgentSkills
    
    Unit tests (14 tests, all passing):
    - ZIP extraction with zip-slip guard (valid archive, traversal attack,
      sibling-prefix attack, directory entries)
    - Skill name validation (rejects dots, separators, traversal patterns)
    - AgentSkillsProvider with downloaded skills (advertises both skills,
      load_skill returns canary tokens, unknown skill returns error)
    
    Container integration test:
    - New 'agent-skills' scenario in the test container that creates
      Contoso Outdoors skills on disk and wires AgentSkillsProvider
    - AgentSkillsHostedAgentFixture + 4 integration tests verifying:
      - Routine questions load support-style skill (STYLE-CANARY-3318)
      - Escalation triggers load escalation-policy (ESC-CANARY-7742)
      - Skills are advertised in system prompt
      - load_skill tool is invoked via FunctionCallContent
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Add smoke test, bootstrap, and docs for agent-skills integration
    
    - Add scripts/smoke.ps1 for local Docker smoke testing: builds the
      contributor image, runs the container, verifies both skills are loaded
      via canary tokens (STYLE-CANARY-3318, ESC-CANARY-7742)
    - Add 'agent-skills' to the bootstrap script scenario list
    - Add agent-skills row to the integration test README scenarios table
    - Exclude HostedAgentSkillsPatternTests from net472 (uses net8.0+ APIs)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Update commented-out package versions to latest across all hosted samples
    
    Update the end-user PackageReference versions (in the commented-out
    sections) from 1.0.0 to the current latest NuGet versions:
    
    - Microsoft.Agents.AI: 1.6.1
    - Microsoft.Agents.AI.Foundry: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.Foundry.Hosting: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.Hosting: 1.6.1-preview.260514.1
    - Microsoft.Agents.AI.OpenAI: 1.6.1
    - Microsoft.Agents.AI.Workflows: 1.6.1
    
    Also adds explicit versions to Hosted-Workflow-Handoff which had bare
    PackageReference entries without Version attributes.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Fix broken markdown links in Hosted-AgentSkills README
    
    Remove references to non-existent ../../README.md. Replace with
    inline instructions matching other hosted samples that don't have
    a parent README.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * .NET: Use OS-appropriate string comparison in zip-slip guard
    
    Use Ordinal on Unix (case-sensitive FS) and OrdinalIgnoreCase on
    Windows to prevent case-based path bypass on Linux containers.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: fix parallel tool call rendering in AGUI translation layer (#6009)
    Fix three interlocked bugs that prevent parallel tool calls from rendering
    correctly in AG-UI protocol clients:
    
    Bug #1: Scope synthetic MessageId fallback to text events only. The shared
    streamingMessageId was leaking into ToolCallStartEvent.ParentMessageId,
    causing all parallel tool calls to collapse into one FE card.
    
    Bug #2: Make ToolCallResultEvent.MessageId deterministically unique using
    result-{CallId} format. MEAI's FunctionInvokingChatClient batches all
    results with a shared MessageId, collapsing them in FE reconciliation.
    
    Bug #3: Coalesce consecutive assistant-tool-call messages in AsChatMessages.
    Once Bug #1 is fixed, the FE produces separate AGUIAssistantMessage per
    tool call. On multi-turn replay these become consecutive assistant messages
    without intervening tool results, triggering HTTP 400 from Azure OpenAI.
    
    Remove the now-dead ContainsToolResult helper introduced by PR #5800.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: HarnessConsole: Improve rendering perf / reduce flickering (#6014)
    * HarnessConsole: Improve rendering perf / reduce flickering
    
    * Address PR comments
  • .NET: Add MCP long-running task support for MCP client tools (#5994)
    * Add MCP long-running task support for MCP client tools
    
    * Fixed project file formatting issue.
    
    * Removed experimentation tag from MCP alpha project.
    
    * Addressed PR comments