mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
peibekwe/declarative-bugfix-python
456 Commits
-
.NET: Hosted Agent Sample - Toolbox with various Auth (#5777) (#6018)
* .NET: Add Hosted-Toolbox-AuthPaths sample and auto-map /readiness with toolbox health gating (#5777) Add a new hosted agent sample demonstrating five MCP tool authentication paths (API key, agent MI, project MI, custom OAuth, literal token) via a Foundry Toolbox. Package changes (Microsoft.Agents.AI.Foundry.Hosting): - MapFoundryResponses now auto-maps GET /readiness via MapHealthChecks, idempotent across Tier 1/2 (AgentHost, already mapped) and Tier 3 (WebApplication, gap filled). - AddFoundryResponses registers AddHealthChecks() so the pipeline is available. - AddFoundryToolboxes registers FoundryToolboxHealthCheck on the /readiness aggregate, gating readiness on pre-registered toolbox startup outcome (per spec section 3.1). - FoundryToolboxService now exposes StartupStatus and FailedToolboxNames properties. New types: - FoundryToolboxStartupStatus (public enum): Pending, Healthy, Failed, NoEndpoint. - FoundryToolboxHealthCheck (internal IHealthCheck): adapts startup status to the AspNetCore HealthChecks pipeline with failed toolbox names in result data. Tests: - 3 new tests for /readiness auto-mapping (Tier 3 default, pre-mapped skip, idempotent). - 4 new tests for FoundryToolboxHealthCheck (Pending, NoEndpoint, Failed, Healthy). - 3 enhanced FoundryToolboxServiceTests with StartupStatus assertions. * .NET: Align FoundryToolboxService with tools-integration-spec (#5777 Part A) Bring Microsoft.Agents.AI.Foundry.Hosting's toolbox path into compliance with tools-integration-spec.md sections 2-4, 6.3, and 9. Empirically validated against tao-foundry-prj: the previous code (reading FOUNDRY_AGENT_TOOLSET_ENDPOINT, which the platform never injects) silently registered zero tools in production. Package changes (Microsoft.Agents.AI.Foundry.Hosting): - FoundryToolboxService.StartAsync now derives the toolbox proxy base URL from the platform-injected FOUNDRY_PROJECT_ENDPOINT and constructs the per-toolbox URL as {FOUNDRY_PROJECT_ENDPOINT}/toolboxes/{name}/mcp?api-version={ApiVersion} per spec sections 2-3. The legacy FOUNDRY_AGENT_TOOLSET_ENDPOINT env var is removed outright (preview package, no production consumers). - FoundryToolboxOptions.ApiVersion default flipped to 'v1' to match spec example. - FoundryToolboxBearerTokenHandler always sends the mandatory Foundry-Features: Toolboxes=V1Preview header per spec section 2, merging any additional flags supplied via the FOUNDRY_AGENT_TOOLSET_FEATURES env var. - FoundryToolboxBearerTokenHandler token scope changed from https://cognitiveservices.azure.com/.default to https://ai.azure.com/.default per spec section 4. - FoundryToolboxBearerTokenHandler propagates W3C trace context (traceparent, tracestate, baggage) from Activity.Current per spec section 6.3. Sample changes: - Hosted-Toolbox-AuthPaths and Hosted-Toolbox Program.cs, README.md, and .env.example corrected to describe the actual env-var contract (FOUNDRY_PROJECT_ENDPOINT auto-injected; AZURE_AI_PROJECT_ENDPOINT as the local-dev fallback). Removes the misleading 'auto-injected by Foundry runtime' claims for FOUNDRY_AGENT_TOOLSET_ENDPOINT. - Hosted-Toolbox-AuthPaths/agent.manifest.yaml declares the toolbox and model dependencies under resources[] per the AgentManifest schema so azd ai agent init users get them provisioned automatically. Tests: - 4 new FoundryToolboxServiceTests covering env-var derivation, EndpointOverride precedence, trailing-slash normalization, and the existing NoEndpoint behavior under the new env var name. - 4 new FoundryToolboxBearerTokenHandlerTests covering token scope, mandatory feature header always present, header merging with override, no duplicate mandatory flag, trace context propagation from Activity.Current, and no override of caller-set traceparent. - New FoundryProjectEndpointEnvFixture xUnit collection definition serializes env-var-mutating tests across FoundryToolboxServiceTests and FoundryToolboxHealthCheckTests, preventing parallel-execution races. - FoundryToolboxHealthCheckTests adjusted for the new env var name. * .NET: Drop ACA prereq from Hosted-Toolbox-AuthPaths README (#5777 Part B) Empirically verified that any Azure Cognitive Services MCP endpoint already in the Foundry project (e.g., a Language service MCP) accepts Entra tokens and can serve Paths 2 and 3 without deploying a separate Azure MCP Server to ACA. README updates: - Step 0 rewritten: 'Identify an Entra-authenticated MCP target in your project' instead of 'Deploy Azure MCP Server to Azure Container Apps' (the original azmcp-foundry-aca-mi setup is now optional, not required). - Auth-paths matrix updated to describe AAD-based connections targeting a Cognitive Services MCP URL (e.g., Language service) instead of an ACA URL. - Step 2 connections table updated: the Entra ID category is now a single 'AAD' authType. The original 'Agent Identity' vs 'Project Managed Identity' as selectable connection sub-types is NOT exposed via the ARM control plane today; the platform selects the calling principal contextually. Both connections in the walkthrough share the same shape and target. - Added an explicit RBAC note: the agent identity AND project MI must hold the required role (typically Cognitive Services User) on the target resource; without it the MCP server returns HTTP 401 even though the connection wiring is correct. - Toolbox tool entries renamed lang_entra_agent / lang_entra_project to match the new connection names. Empirical validation supporting these changes is captured in the session plan.md (Part B addendum). * .NET: Document correct connection shape for Hosted-Toolbox-AuthPaths Paths 2/3 (#5777) Updates the sample README with the verified connection shape and RBAC procedure for Microsoft Entra agent-identity and project-managed-identity MCP authentication: - Connection authType values: AgenticIdentityToken (agent identity) and ProjectManagedIdentity (project MI), both with category=RemoteTool. - Top-level audience property required; for Cognitive Services targets the value is https://cognitiveservices.azure.com. - Connections created via ARM REST (the Foundry portal wizard does not yet expose these authTypes). - RBAC grants target the project's shared agent identity blueprint principal (project.properties.agentIdentity.agentIdentityId) for Path 2 and the project's system-assigned MI (project.identity.principalId) for Path 3. - Troubleshooting table updated with the audience-mismatch symptom and the startup-cache behavior of FoundryToolboxService. * .NET: Drop Path 3 (project MI) and align with new agent model in Hosted-Toolbox-AuthPaths (#5777) Updates the sample to use only the new Foundry agent object model and removes the project managed identity path: - Auth-path matrix reduced to four paths: key, Entra agent identity, custom OAuth, inline authorization. Project managed identity is moved into a note describing when it applies (multiple agents sharing access) rather than as a documented sample path. - RBAC instructions reference the agent's own instance_identity.principal_id from the agent ARM resource (new agent object model) instead of the project's shared agent identity blueprint (legacy model). - Step 2 (connections) creates only the AgenticIdentityToken connection. - Step 3 (toolbox tools) lists four tool entries instead of five. - Sample prompts and troubleshooting table updated to match. * .NET: Restore Path 3 (project MI) to Hosted-Toolbox-AuthPaths matrix (#5777) The sample's purpose is to enumerate every authentication path a Foundry toolbox can drive, not to pick one. Path 3 belongs alongside the other four with explicit guidance for when each path is the right choice. - Path 3 (project managed identity, authType=ProjectManagedIdentity) restored to the matrix with a 'When to pick this' column. - Step 2 (connections) provisions both lang-mcp-agent-id and lang-mcp-project-mi via ARM REST. - Step 3 (toolbox) lists five tool entries (one per path). - RBAC instructions cover both the agent's instance identity (Path 2) and the project's system-assigned MI (Path 3). - Sample prompts include all five paths. - Troubleshooting table updated accordingly. * .NET: Fix duplicate line in Hosted-Toolbox-AuthPaths README (#5777) * .NET: Fix broken markdown link to ToolCallingApprovalHostedAgentFixture (#5777) * .NET: Fix relative path depth in markdown link (#5777) * .NET: Address Copilot review feedback for #5777 - FoundryToolboxHealthCheck description: rename FOUNDRY_AGENT_TOOLSET_ENDPOINT → FOUNDRY_PROJECT_ENDPOINT (stale reference; operator-facing in /readiness body). - FoundryToolboxStartupStatus.NoEndpoint XML doc: same rename. - ServiceCollectionExtensions XML docs: same rename + URL shape update. - Foundry.Hosting.IntegrationTests.TestContainer: remove explicit app.MapGet('/readiness') — now redundant + would conflict with the auto-mapped readiness route from MapFoundryResponses. - Hosted-Toolbox-AuthPaths agent.manifest.yaml: parameterize TOOLBOX_NAME via {{TOOLBOX_NAME}} template substitution and declare it under parameters with a default of 'auth-paths-toolbox' so the README's 'use any name' guidance actually works for hosted deployments. * .NET: Address Copilot review round 2 — fallback env + dedup + naming (#5777) - FoundryToolboxService.StartAsync: fall back to AZURE_AI_PROJECT_ENDPOINT when FOUNDRY_PROJECT_ENDPOINT is absent. Matches the local-dev convention used by the samples and resolves the doc/code mismatch flagged in review. - FoundryToolboxHealthCheck description updated for the fallback. - AddFoundryToolboxes: guard against duplicate health-check registration via an explicit name-uniqueness check on HealthCheckServiceOptions.Registrations. AddCheck<T>(name, ...) does not dedupe by name, so repeated AddFoundryToolboxes calls would have registered multiple instances. - FoundryToolboxOptions.EndpointOverride doc: clarify URL becomes {EndpointOverride}/toolboxes/{name}/mcp (was missing /toolboxes/ segment). - Hosted-Toolbox sample (Program.cs + README): switch FOUNDRY_TOOLBOX_NAME to TOOLBOX_NAME (the FOUNDRY_* prefix is reserved by the platform), default changed from 'my-toolset' to 'my-toolbox', terminology updated from 'Toolset' to 'Toolbox'. - FoundryToolboxServiceTests: 2 test renames to reflect what they actually assert (StartupStatus + FailedToolboxNames, not URL shape directly). - Tests adjusted to clear both env vars in NoEndpoint scenarios. * .NET: Fix stale NoEndpoint XML doc and misleading test comment (#5777) Update FoundryToolboxStartupStatus.NoEndpoint XML doc to mention both FOUNDRY_PROJECT_ENDPOINT and AZURE_AI_PROJECT_ENDPOINT (the service checks both since the fallback was added). Fix test comment that claimed URL derivation validation when the test only asserts on StartupStatus and FailedToolboxNames. * Remove OAuth consent path from AuthPaths sample, keep four working auth paths The interactive OAuth identity passthrough path needs a protocol gap closed in the hosting package (the proprietary oauth_consent_request item is not representable through the OpenAI/MEAI abstractions), so it is deferred to a separate spike branch. This strips the OAuth path from the AuthPaths sample, the companion REPL client, the agent manifest, and the docs, then renumbers the inline Authorization path so the sample teaches four contiguous paths: API key via connection, Entra agent identity, Entra project managed identity, and inline Authorization (anti-pattern). Package code is unchanged; the consent infrastructure already present in main stays as baseline. Both samples build with --warnaserror and all 246 hosting unit tests pass. * .NET: Drop project MI auth path and dedicated client from Hosted-Toolbox-AuthPaths (#5777) Live validation against tao-foundry-prj showed the ProjectManagedIdentity path failing with an unresolved token audience 401, so the sample now ships three working auth paths instead of four: connection key, agent managed identity, and inline Authorization. Changes: - Remove the project managed identity path from the AuthPaths sample matrix, prerequisites, connections, toolbox table, prompts, Program.cs instructions and agent.manifest.yaml. - Delete the near duplicate Hosted-Toolbox-AuthPaths-Client project and remove it from the solution. The README now drives the agent with the shared SimpleAgent REPL via AsAIAgent(agentEndpoint). - Correct the troubleshooting note: the Foundry toolbox tools/list is all or nothing, so one bad source returns -32007, fails startup, and returns 424 for every path. Add the allowed_tools caveat that names must match the upstream server. - Mark the toolbox startup status and health check experimental under AgentsAIExperiments (MAAI001) instead of AIOpenAIResponses, and update the package NoWarn set accordingly. * .NET: Address PR review nits for Hosted-Toolbox-AuthPaths (#5777) - Remove duplicated NU1903 comment in Foundry.Hosting csproj. - Fix stale 'four-tool' cross-links in Hosted-Toolbox and Hosted-McpTools READMEs to describe the three-path toolbox driven by the shared SimpleAgent REPL. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Address toolbox startup-status review feedback (#5777) - Rename FoundryToolboxStartupStatus.Failed to Unhealthy so it is the proper opposite of Healthy, and clarify the doc comment covers the partial-failure case. - Raise the missing-endpoint toolbox log from Information to Warning, since enabling toolboxes is an explicit opt-in and a silently disabled toolbox warrants a higher-severity signal. - Update unit tests and the AuthPaths README troubleshooting row accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Reword toolbox-wiring comment to avoid hosting-layer internals (#5777) Address PR review feedback: explain how a Foundry Toolbox is attached using the public API (AddFoundryToolboxes vs the CreateHostedMcpToolbox marker) and observable behavior, instead of naming the internal AgentFrameworkResponseHandler type and FoundryToolboxService.Tools property. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Roger Barreto ·
2026-06-10 16:49:48 +00:00 -
.NET: Bump Microsoft.Extensions.AI packages to 10.6.0, align transitive dependency floor, and update Merge Gatekeeper ignores (#6148)
* Bump Microsoft.Extensions.AI packages to 10.6.0 * Align transitive package versions for Microsoft.Extensions.AI 10.6.0 * Ignore external review check in Merge Gatekeeper --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
Copilot ·
2026-06-10 10:02:22 +00:00 -
.NET: Add Foundry Deployment docs to HA sample READMEs (#6365)
* Add 'Deploying to Foundry (azd spec)' sections to all Foundry hosted agent samples This commit adds comprehensive deployment documentation to all 13 .NET Foundry hosted agent samples that were missing it. Each sample now includes: - Instructions to initialize an azd project from the sample's agent.manifest.yaml - Steps to deploy using 'azd deploy' - Example environment variable overrides for customization - Link to the official Foundry deployment guide Samples updated: - Hosted-LocalTools - Hosted-Files - Hosted-FoundryAgent - Hosted-McpTools - Hosted-Observability - Hosted-MemoryAgent - Hosted-TextRag - Hosted-ToolboxMcpSkills - Hosted-AzureSearchRag - Hosted-AgentSkills - Hosted-Workflow-Handoff - Hosted-Workflow-Simple - Hosted-Invocations-EchoAgent Each section includes the correct agent name from the sample's manifest and points to the correct GitHub URL for initializing the azd project. Fixes: https://github.com/microsoft/agent-framework/issues/6308 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * docs(samples): fix Foundry hosted README consistency Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(samples): address PR 6365 README review comments Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-06-09 19:40:36 +00:00 -
.NET: Remove required token params from HarnessAgent, make compaction opt-in (#6409)
* Move token params from HarnessAgent constructor to options Remove the required maxContextWindowTokens and maxOutputTokens constructor parameters from HarnessAgent and AsHarnessAgent, replacing them with optional MaxContextWindowTokens and MaxOutputTokens properties on HarnessAgentOptions. When both values are provided, compaction is enabled as before (in-loop CompactionProvider and chat reducer on the default InMemoryChatHistory Provider). When either is null, compaction is disabled entirely, making it opt-in. New constructor: HarnessAgent(IChatClient, HarnessAgentOptions?, ILoggerFactory?, IServiceProvider?) Closes #6333 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Improving comments. * feat: Add custom CompactionStrategy and DisableCompaction to HarnessAgentOptions Allow users to provide their own CompactionStrategy via options, with a clear priority system: 1. DisableCompaction=true: no compaction regardless of other settings 2. Custom CompactionStrategy provided: use it (token params ignored) 3. Both MaxContextWindowTokens and MaxOutputTokens set: default strategy 4. Otherwise: no compaction Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Address PR review comments on compaction opt-in - Update chatClient param XML doc to reflect compaction is opt-in - Strengthen compaction tests to assert ChatReducer is null/not-null rather than just asserting construction succeeds Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
westey ·
2026-06-09 13:06:00 +00:00 -
.NET: [BREAKING] Migrate .NET GitHub Copilot SDK to v1.0.0 (#6381)
* Migrate .NET GitHub Copilot SDK from 1.0.0-beta.2 to 1.0.0 - Update namespace from GitHub.Copilot.SDK to GitHub.Copilot - Replace PermissionRequestResult/PermissionRequestResultKind with PermissionDecision - Remove ConnectionState check (StartAsync is now idempotent) - Rename ConfigDir to ConfigDirectory - Use SessionConfig.Clone() for CopySessionConfig - Update Tools type from List<AIFunction> to List<AIFunctionDeclaration> - Rename UserMessageAttachmentFile to AttachmentFile - Update usage data types (CacheWriteTokens: long, Duration: TimeSpan) - Add GHCP001 NoWarn for experimental SDK APIs (matches framework convention) - Specify type argument on CopilotSession.On<SessionEvent>() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix formatting: remove unused using directive Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Skip AzureFunctions SamplesValidation tests pending func tools fix Azure Functions Core Tools v4 can no longer auto-detect the worker runtime in CI (local.settings.json is gitignored). All 7 active SamplesValidation tests fail with 'Worker runtime cannot be None'. Tracked by: https://github.com/microsoft/agent-framework/issues/6402 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Skip additional failing integration tests in CI WorkflowSamplesValidation (5 tests): same func tools issue as #6402. WorkflowConsoleAppSamplesValidation (4 tests): KeyNotFoundException during workflow execution, tracked by #6404. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Giles Odigwe ·
2026-06-08 22:34:05 +00:00 -
.NET: Bump ModelContextProtocol from 1.1.0 to 1.2.0 (#3956) (#6239)
Co-authored-by: Neeraj Karamchandani <neerajkaramchandani@mac.mynetworksettings.com>
neerajkaram ·
2026-06-04 21:51:15 +01:00 -
Peter Ibekwe ·
2026-06-03 23:52:50 +00:00 -
.NET: Bug fixes for AGUI hosting and workflows (#6311)
* Add mcp tool execution fix * Apply IsolationKeyScopedAgentSessionStore to MapAGUI by default if not yet set and improve comments in samples * Address PR comments * Fix formatting
westey ·
2026-06-03 17:45:58 +00:00 -
.NET: Add Hosted-ToolboxMcpSkills sample (#6175)
* .NET: Add Hosted-ToolboxMcpSkills sample Adds a hosted Foundry Responses sample that discovers MCP-based skills from a Foundry Toolbox and makes them available to the agent via AgentSkillsProvider. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Align README and Program.cs default model to gpt-5 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Clarify MCP skills provider log to avoid implying eager discovery Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Drop redundant skills provider configured log Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add Foundry Toolbox Skills tag to manifest Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Simplify BearerTokenHandler by deriving from HttpClientHandler Removes the need for an explicit InnerHandler. Enables CheckCertificateRevocationList to satisfy CA5399. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
semenshi-m ·
2026-06-02 08:41:21 +00:00 -
.NET: Update hosted agents (#6243)
* Updating to latest Foundry hosting packages. * Re-applying .gitignore. * Adding empty line at end of .gitignore --------- Co-authored-by: Ben Thomas <25218250+alliscode@users.noreply.github.com>
Ben Thomas ·
2026-06-01 21:27:29 +00:00 -
Bump Azure.AI.AgentServer.* packages and align Azure.Core/System.ClientModel (#6178)
* Bump Azure.AI.AgentServer.* package versions * Align Azure.Core/System.ClientModel to AgentServer transitive deps Bump Azure.Core 1.55->1.56 and System.ClientModel 1.11->1.12 to match Azure.AI.AgentServer.* requirements, and add explicit references in transitive-pinning-off Foundry consumers to avoid CS1705/MSB3277 version conflicts.
Roger Barreto ·
2026-05-29 19:42:07 +00:00 -
.NET: Support ClaimsIdentity-based scoping of agent sessions (#5696)
* feat: Add DelegatingAgentSessionStore Add helper for decorator pattern for AgentSessionStore * feat: Add UserIdentityScopedSessionStore Add support for using the ASP.Net Core ambient `ClaimsIdentity` User, along with a user-specified claim type to scope the session store based on authenticated identity. * fix: Harden scope mapping * fix: Add UserIdentityScopeSessionStoreOptions to avoid future breaking changes * Split UserIdentityScopedSessionStore into a separate IsolationKeyProvider and IsolationKeyScopedSessionStore * Add GetService<>() capabilities to interrogate AgentSessionStore delegation chain * Harden default for A2A hosting by using an IsolationKeyScopedAgentSessionStore when no store is available. * Pipe isolation through Hosting helper extension methods * Add comment to samples about adding SessionIsolationKeyProvider * Fix isolation key provider nullability semantics * fix A2A defaults * fixup * remove unneeded keyProvider requirement test * Add trust-model XML docs to AgentSessionStore, InMemoryAgentSessionStore, MapAGUI, A2A entry points Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/e466c53a-faad-40a8-8b5f-83cf0dce0b1d Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * fix: Switch ClaimsBasedIsolationKeyProvider to be Singleton * matches HttpContextAccessor and related MAF services * release: Ensure new project is in the release filter * fixup: Integraitaon tests --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com>
Jacob Alber ·
2026-05-28 17:43:18 +00:00 -
.NET: Fix render dupe and text input clear bugs, and improve guardrail error messaging (#6136)
* Fix render dupe and text input clear bugs * Fix another text rendering issue and improve guardrails messaging * Address PR comments * Improve guardrail rendering and json error handling * Another tweak for input box render issue * Address PR comments
westey ·
2026-05-28 16:38:04 +01:00 -
.NET: Add Foundry Toolbox MCP skills discovery sample (#6134)
* feat: add Agent_Step26_FoundryToolboxMcpSkills sample Add a new sample demonstrating MCP-based skills discovery from a Foundry Toolbox endpoint using AgentSkillsProviderBuilder and AIContextProviders. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review comments for Step26 sample - Add Foundry-Features: Toolboxes=V1Preview header to MCP transport options, matching the Step25 pattern - Document skill://index.json prerequisite in README Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update dotnet/samples/02-agents/AgentsWithFoundry/Agent_Step26_FoundryToolboxMcpSkills/Program.cs Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Roger Barreto <19890735+rogerbarreto@users.noreply.github.com>
semenshi-m ·
2026-05-28 12:41:33 +00:00 -
Python: Align c# and python TodoProvider tool names (#6107)
* Align c# and python TodoProvider tool names * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Address PR review: remove __slots__ and add typed schemas for tool params - Remove __slots__ from TodoItem, TodoInput, and TodoCompleteInput classes (not needed for low-instance-count objects and hinders dev scenarios) - Add _TodoAddItemSchema and _TodoCompleteItemSchema TypedDicts to provide proper JSON schema for todos_add and todos_complete tool parameters - Use typing_extensions for Python 3.10 compatibility Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
westey ·
2026-05-28 08:40:13 +00:00 -
.NET: [BREAKING] Remove Support for Code-Gen in Declarative Workflows (#6095)
* Removed * Remove sample * Remove orphaned code-gen related code path * Remove remaining references to code gen. --------- Co-authored-by: Chris Rickman <crickman@microsoft.com> Co-authored-by: Chris <66376200+crickman@users.noreply.github.com>
Peter Ibekwe ·
2026-05-27 20:14:38 +00:00 -
.NET: Add MCP-based skills support (skill-md type) (#6108)
* Add MCP-based skills support - Add AgentMcpSkill, AgentMcpSkillResource, AgentMcpSkillsSource, and McpSkillIndex to Microsoft.Agents.AI.Mcp - Add AgentSkillsProviderBuilderMcpExtensions for DI integration - Add Agent_Step06_McpBasedSkills sample project - Add unit tests for AgentMcpSkillsSource - Update solution file and project references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unnecessary [Experimental] attributes from MCP package The package is already alpha, so the [Experimental] attribute is redundant. Removed from both AgentSkillsProviderBuilderMcpExtensions and AgentMcpSkillsSource classes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Make Agent_Step06_McpBasedSkills self-contained and add to verify-samples Embed an internal MCP server (launched via --server flag as a child process) that serves skill://index.json and skill://unit-converter/SKILL.md resources, replacing the external MCP_SKILLS_ENDPOINT dependency. The sample now uses StdioClientTransport and a fixed prompt instead of an interactive loop. Added SampleDefinition to AgentsSamples.cs for automated verification. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Sort usings --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
semenshi-m ·
2026-05-27 18:38:57 +00:00 -
Python: Align ModeProvider tool names and instructions (#6071)
* Align ModeProvider tool names and instructions * Address PR comments
westey ·
2026-05-26 14:37:34 +00:00 -
.NET: [Breaking] Refactor AgentSkill API to async resource and script lookup (#6030)
* .NET: Refactor AgentSkill API to async resource and script lookup Replace property-based AgentSkill.Content, Resources, and Scripts with async-by-name lookup methods plus boolean availability flags: - Content (string getter) -> GetContentAsync(CancellationToken) - Resources (full list) -> HasResources + GetResourceAsync(name, ct) - Scripts (full list) -> HasScripts + GetScriptAsync(name, ct) This makes the API friendlier for sources like MCP where enumerating all resources up front is expensive or impossible, and allows skill implementations to fetch content lazily. Subclass changes: - AgentFileSkill and AgentInlineSkill implement the new async API while preserving content caching. - AgentClassSkill<TSelf> keeps virtual Resources/Scripts properties for reflection-based discovery and seals the new HasResources/HasScripts/ GetResourceAsync/GetScriptAsync overrides. Its previously non-thread-safe lazy initialization is replaced with Lazy<T> (default thread-safety) wired up in a new protected constructor, so concurrent first-access from multiple threads is safe. - AgentSkillsProvider calls the new async API and exposes ead_skill_resource / load_skill / un_skill_script tools that await the per-name lookups. Includes baseline CompatibilitySuppressions.xml entries for the removed property getters. Tests: - Direct coverage for HasResources, HasScripts, GetResourceAsync, and GetScriptAsync on all three skill implementations (positive, missing-name, and no-resources/no-scripts cases). - Thread-safety regression test for AgentClassSkill<TSelf> that exercises concurrent first-access to Resources, Scripts, and GetContentAsync from many tasks and asserts all observers see the same cached instance. - Provider-level coverage for the ead_skill_resource tool (invocation + error paths) and for the previously untested error paths of load_skill and un_skill_script (empty names, skill/resource/script not found). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review comments - Move GetScriptAsync inside try/catch in RunSkillScriptAsync for error-handling parity - Remove dead _reflectedResources branch from AgentSkillTestExtensions - Fix XML docs to reference virtual Resources/Scripts properties (not sealed methods) - Add Async suffix to async test methods per naming convention - Make no-await tests synchronous to eliminate CS1998 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix formatting: add UTF-8 BOM and remove unused using Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix XML cref: Resources/Scripts are on AgentClassSkill<TSelf> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove HasResources and HasScripts properties from AgentSkill Drop the virtual HasResources and HasScripts properties from AgentSkill and all concrete subclasses (AgentFileSkill, AgentInlineSkill, AgentClassSkill). AgentSkillsProvider now always includes all three tools (load_skill, read_skill_resource, run_skill_script) and both instruction blocks, since the tools already handle missing resources/scripts gracefully. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add blank line for readability in file-based skills sample Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix HostedAgentSkillsPatternTests for always-included tools Update assertions to expect read_skill_resource and run_skill_script tools are always present, matching the new behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SergeyMenshykh ·
2026-05-25 17:16:03 +00:00 -
.NET: Add Hosted-AgentSkills sample with Foundry Skills integration (#6013)
* .NET: Add Hosted-AgentSkills sample for Foundry Skills integration Add a new hosted agent sample that demonstrates how to load behavioral guidelines from Foundry Skills at startup using AgentSkillsProvider and the progressive disclosure pattern (advertise -> load on demand). The sample: - Downloads SKILL.md files from Foundry via ProjectAgentSkills SDK - Extracts ZIP archives with zip-slip protection - Wires skills into AgentSkillsProvider as an AIContextProvider - Hosts the agent via the Responses protocol Ships two Contoso Outdoors skills matching the Python sample (PR #5822): - support-style: tone, formatting, signature guidelines - escalation-policy: when and how to escalate tickets Includes convenience provisioning gated behind PROVISION_SAMPLE_SKILLS env var, clearly documented as NOT a production pattern. Closes #5776 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Add unit tests and integration test for Hosted-AgentSkills Unit tests (14 tests, all passing): - ZIP extraction with zip-slip guard (valid archive, traversal attack, sibling-prefix attack, directory entries) - Skill name validation (rejects dots, separators, traversal patterns) - AgentSkillsProvider with downloaded skills (advertises both skills, load_skill returns canary tokens, unknown skill returns error) Container integration test: - New 'agent-skills' scenario in the test container that creates Contoso Outdoors skills on disk and wires AgentSkillsProvider - AgentSkillsHostedAgentFixture + 4 integration tests verifying: - Routine questions load support-style skill (STYLE-CANARY-3318) - Escalation triggers load escalation-policy (ESC-CANARY-7742) - Skills are advertised in system prompt - load_skill tool is invoked via FunctionCallContent Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Add smoke test, bootstrap, and docs for agent-skills integration - Add scripts/smoke.ps1 for local Docker smoke testing: builds the contributor image, runs the container, verifies both skills are loaded via canary tokens (STYLE-CANARY-3318, ESC-CANARY-7742) - Add 'agent-skills' to the bootstrap script scenario list - Add agent-skills row to the integration test README scenarios table - Exclude HostedAgentSkillsPatternTests from net472 (uses net8.0+ APIs) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Update commented-out package versions to latest across all hosted samples Update the end-user PackageReference versions (in the commented-out sections) from 1.0.0 to the current latest NuGet versions: - Microsoft.Agents.AI: 1.6.1 - Microsoft.Agents.AI.Foundry: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.Foundry.Hosting: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.Hosting: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.OpenAI: 1.6.1 - Microsoft.Agents.AI.Workflows: 1.6.1 Also adds explicit versions to Hosted-Workflow-Handoff which had bare PackageReference entries without Version attributes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Fix broken markdown links in Hosted-AgentSkills README Remove references to non-existent ../../README.md. Replace with inline instructions matching other hosted samples that don't have a parent README. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Use OS-appropriate string comparison in zip-slip guard Use Ordinal on Unix (case-sensitive FS) and OrdinalIgnoreCase on Windows to prevent case-based path bypass on Linux containers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Roger Barreto ·
2026-05-25 09:32:04 +00:00 -
.NET: HarnessConsole: Improve rendering perf / reduce flickering (#6014)
* HarnessConsole: Improve rendering perf / reduce flickering * Address PR comments
westey ·
2026-05-25 09:25:58 +00:00 -
.NET: Add MCP long-running task support for MCP client tools (#5994)
* Add MCP long-running task support for MCP client tools * Fixed project file formatting issue. * Removed experimentation tag from MCP alpha project. * Addressed PR comments
Peter Ibekwe ·
2026-05-22 19:09:54 +00:00 -
.NET: Add Magentic Orchestration Sample (#5823)
* Add Magentic orchestration sample scaffold Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/8799740a-74d8-4100-b6f6-76dcd0418c87 Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * Validate Magentic orchestration sample Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/8799740a-74d8-4100-b6f6-76dcd0418c87 Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * Document follow-up changes for the Magentic .NET sample Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/caa3488f-d6f5-494d-a928-a45d6a98b3c3 Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * Remove CHANGES.md from Magentic sample Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/ffab38e2-37f9-4643-a782-20680573965a Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * Fix PauseIfInteractive to also skip when stdout is redirected Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/07ddf735-29cc-4775-b588-fd71ca76fa58 Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> * fix: Update for PR Review Feedback * fix: Update Sample README for PR Feedback --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lokitoth <6936551+lokitoth@users.noreply.github.com> Co-authored-by: Jacob Alber <jaalber@microsoft.com>
Copilot ·
2026-05-22 19:09:18 +00:00 -
.NET: Add additional openai specific error observers and move them to openai project (#6004)
* Add additional openai specific error observers and move them to openai project * Address PR comments
westey ·
2026-05-21 13:54:47 +00:00 -
.NET: Add background agents support to HarnessAgent (#5977)
* Add background agents support to HarnessAgent * Add unit tests * Address PR comments
westey ·
2026-05-21 10:57:06 +00:00 -
.NET: Reduce re-rendering in harness console (#5953)
* Reduce re-rendering in harness console * Address PR comments * Fix broken merge
westey ·
2026-05-19 19:10:57 +00:00 -
.NET: Harness code act skill sample (#5930)
* Add sample that shows code execution and skills together * Use nuget for python module path * Update readme. * Fix formatting. * Reduce flashing in rendering. * Improve screen clearing for Powershell * Add a couple of small UX fixes
westey ·
2026-05-19 15:49:03 +00:00 -
westey ·
2026-05-19 15:32:14 +00:00 -
.NET: Bump Azure.AI.Projects to 2.1.0-beta.2 and add agent-endpoint AsAIAgent path (#5899)
* .NET: Bump Azure.AI.Projects to 2.1.0-beta.2 and add agent-endpoint AsAIAgent path Bumps Azure.AI.Projects to 2.1.0-beta.2 with the matching transitive pins (Azure.Core 1.55.0, System.ClientModel 1.11.0). Foundry agent endpoint plumbing: * FoundryAgent now routes the agent-endpoint constructor through the new GetProjectResponsesClientForAgentEndpoint helper. * Adds an internal FoundryAgent ctor that takes an existing AIProjectClient plus a parsed agent endpoint so the public extension does not need to construct a second project client. * Adds public AIProjectClient.AsAIAgent(Uri agentEndpoint, ...) extension. This is the path consumer samples are expected to use for hosted agents because version selection happens server-side. * Trims the dangling "If you want to construct a FoundryAgent against a project endpoint..." sentence from ParseAgentEndpoint. Unit tests: * Four new tests in AzureAIProjectChatClientExtensionsTests cover the AIProjectClient.AsAIAgent(Uri agentEndpoint, ...) overload. 263/263 pass. Consumer samples (Using-Samples): * SimpleAgent and SessionFilesClient now read AZURE_AI_PROJECT_ENDPOINT and AZURE_AI_AGENT_NAME (both required, throw on missing), derive the agent endpoint with new Uri($"{projectEndpoint}/agents/{agentName}/endpoint/protocols/openai"), then call aiProjectClient.AsAIAgent(agentEndpoint, ...). * SessionFilesClient README updated. Contributor samples (responses/*): * New HostedContributorRouteExtensions.MapDevTemporaryLocalAgentEndpoint() wildcard route extension so localhost contributor servers accept the per-agent OpenAI endpoint shape the production Hosted runtime exposes. * All 11 contributor Program.cs files call MapDevTemporaryLocalAgentEndpoint() with a contributor-only warning comment. * Hosted-Files and Hosted-AzureSearchRag were importing Hosted_Shared_Contributor_Setup but never calling AddDevTemporaryLocalContributorSetup(). Both now call it so HostedSessionIsolationKeyProvider resolves correctly in dev. * Hosted-AzureSearchRag, Hosted-Files, Hosted-MemoryAgent csprojs drop stale VersionOverride="2.1.0-beta.1" pins. * Hosted-AzureSearchRag and Hosted-Files csprojs add ProjectReference to Hosted_Shared_Contributor_Setup. * Hosted-Observability/.dockerignore removed the out/ exclusion that was blocking COPY out/ . in Dockerfile.contributor. Verified: * Full solution-scoped build of changed projects: green. * Scoped CI-parity dotnet format via WSL2 + Docker (mcr.microsoft.com/dotnet/sdk:10.0) over every changed csproj: clean. * Foundry unit tests: 263/263. * Contributor docker smoke for 8 hosted samples (publish + docker build + docker run + curl POST to the wildcard route): HTTP 200 / 500 with route matched. * End-to-end smoke against the real Azure Foundry project with a fresh bearer token: Hosted-Files contributor container served HTTP 200, the agent invoked ListBundledFiles, and returned the expected file name. * Address PR review: forward pipeline settings; add UTs - CreateProjectClientOptions also carries RetryPolicy, NetworkTimeout, ClientLoggingOptions, MessageLoggingPolicy (was Transport+UserAgentApplicationId only). - Make CreateProjectClientOptions internal so tests can verify the copy directly. - Add AsAIAgent(Uri) UTs covering tools forwarding to inner ChatOptions and null tools handling. - Add CreateProjectClientOptions UTs covering null caller and full pipeline-settings copy.Roger Barreto ·
2026-05-18 20:20:56 +00:00 -
.NET: Add ability to export/import sessions in harness console (#5920)
* Add ability to export/import sessions in harness console * Address PR comments
westey ·
2026-05-18 18:44:50 +00:00 -
.NET: Add otel file logging and switch samples to projects client with store=true (#5924)
* Add otel file logging and switch samples to projects client with store=true * Fix formatting and remove rogue file
westey ·
2026-05-18 17:39:29 +00:00 -
.NET: Require TODO finish reason and rename SubAgents to BackgroundAgents (#5902)
* Require TODO finish reason and rename SubAgents to BackgroundAgents * Address PR comments
westey ·
2026-05-18 15:37:25 +00:00 -
.NET: Adding default providers and tools to HarnessAgent (#5896)
* Adding default providers and tools to HarnessAgent * Address PR comments * Add further comments to clarify certain setings. * Apply suggestion from @SergeyMenshykh Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com> --------- Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
westey ·
2026-05-18 10:07:16 +00:00 -
.NET: Add observer for OpenAIWebSearch (#5894)
* Add observer for OpenAIWebSearch * Update reference in comment * Use types where possible.
westey ·
2026-05-15 17:30:01 +00:00 -
.NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692) (#5702)
* .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692) Adds HostedSessionContext + HostedSessionIsolationKeyProvider in Microsoft.Agents.AI.Foundry.Hosting so AIContextProviders (notably FoundryMemoryProvider) can scope per user via the platform's x-agent-user-isolation-key / x-agent-chat-isolation-key headers. - New types: HostedSessionContext (sealed), HostedSessionContextExtensions (public Get, internal Set), abstract HostedSessionIsolationKeyProvider (async), internal PlatformHostedSessionIsolationKeyProvider mapping ResponseContext.Isolation. - AgentFrameworkResponseHandler now resolves the provider, tags fresh sessions, and validates resumed sessions against the live request (strict 403 'Hosted session identity context mismatch' on any mismatch; 500 on null keys). - New shared sample project Hosted_Shared_Contributor_Setup hosts DevTemporaryTokenCredential and DevTemporaryLocalSessionIsolationKeyProvider plus AddDevTemporaryLocalContributorSetup. All 9 existing responses samples migrated to consume it so local runs keep working under the strict isolation contract. - New Hosted-MemoryAgent sample: travel assistant wired through FoundryMemoryProvider with stateInitializer reading session.GetHostedContext().UserId. Includes Dockerfile, smoke.ps1, agent.yaml/manifest. - New IT scenario 'memory' in Foundry.Hosting.IntegrationTests + MemoryHostedAgentFixture + MemoryHostedAgentTests. Verified end to end against the tao Foundry project. - ADR 0026 captures the design tree. * Address PR review feedback - Dockerfile: add header noting it targets NuGet builds; contributors must use Dockerfile.contributor for ProjectReference source builds. - PlatformHostedSessionIsolationKeyProvider: doc said 'returns context with empty values'; corrected to 'returns null' which the handler treats as 500. - FakeHostedSessionIsolationKeyProvider: doc clarifies that null configurations are allowed for testing the handler error path. - HostedSessionContextExtensions.SetHostedContext: enforce write-once with InvalidOperationException; doc + xml exception updated. - AgentFrameworkResponseHandler: cache PlatformHostedSessionIsolationKeyProvider as static readonly to avoid per-request allocation. - MemoryHostedAgentTests: tighten waits from 20s to 5s (FoundryMemoryProvider defaults UpdateDelay=0; ingestion ~3s). - Sample Program.cs imports reordered to satisfy IDE0005. * Add HostedFoundryMemoryProviderScopes built-in helpers (#5692) Addresses review feedback from @lokitoth on Hosted-MemoryAgent/Program.cs:54. - New HostedFoundryMemoryProviderScopes static class with PerUser, PerChat, PerUserAndChat factories returning Func<AgentSession?, FoundryMemoryProvider.State>. - All helpers throw InvalidOperationException when GetHostedContext() is null, with a message pointing at writing a custom stateInitializer for non-hosted scenarios. - New HostedFoundryMemoryScope enum and AddHostedFoundryMemoryProvider DI extension (two overloads: explicit AIProjectClient and DI-resolved). Singleton lifetime. Default scope = PerUser. - Hosted-MemoryAgent sample and the memory IT scenario container both swap their inline lambdas for HostedFoundryMemoryProviderScopes.PerUser(). - 14 new unit tests (241/241 hosting unit tests pass). * Replace HostedFoundryMemoryScope enum with Func<...> parameter (#5692) Address PR review feedback from @westey-m: enums are a breaking-change hazard when extended, and the enum was redundant with the existing HostedFoundryMemoryProviderScopes static class. - Delete HostedFoundryMemoryScope.cs. - AddHostedFoundryMemoryProvider DI extensions now take Func<AgentSession?, FoundryMemoryProvider.State>? stateInitializer = null. When null, default to HostedFoundryMemoryProviderScopes.PerUser(). - Callers pick a built-in helper (PerUser/PerChat/PerUserAndChat) or pass a custom delegate. New built-ins are a single static method addition with zero impact on existing callers. - Tests updated; 244/244 hosting unit tests pass. * Fix isolation context resume for externally-created conversations (#5692) Branch on the session's existing hosted-context (not on conversation_id presence) so a conversation provisioned externally (e.g. via conversations.CreateProjectConversationAsync) is treated as fresh on first hosted-agent request and stamped, rather than rejected with 403 hosted_session_identity_mismatch. Strict equality is preserved on real resume of an already-stamped session. Also tighten dotnet/global.json to version 10.0.204 + rollForward latestPatch so local builds match the CI Docker image SDK and avoid 10.0.300 dotnet format stripping required usings. * Revert global.json SDK pin to upstream (#5692) The 10.0.204 + latestPatch pin from the previous commit broke the dotnet-format CI job (hostfxr_resolve_sdk2 could not find a compatible SDK in the mcr.microsoft.com/dotnet/sdk:10.0 image). Restore upstream 10.0.200 + minor; local Release builds with SDK 10.0.300 should set GITHUB_ACTIONS=true to bypass the auto-format-on-build target.
Roger Barreto ·
2026-05-15 05:42:12 +00:00 -
.NET: Add sample for invoking Foundry Toolbox tools from declarative workflows (#5829)
* Add sample for invoking Foundry Toolbox tools from declarative workflows * Addressed initial PR comments.
Peter Ibekwe ·
2026-05-14 15:30:48 +00:00 -
.NET: Harness console refactoring (#5811)
* Restructure harness console so that reactive app is the entry point * Further refactoring to split tool formatters, improve UX, make console configurable and fix bugs * Address PR comments. * UX tweak * Fix streaming text bug * Address PR comments.
westey ·
2026-05-14 15:22:11 +00:00 -
.NET: feat(evals): add ground_truth/expected_output support for workflow evaluation (#5755)
* .NET: feat(evals): add ground_truth/expected_output support for workflow eval Brings .NET to parity with Python PR #5234 for issue #5135: - Add expectedOutput parameter to Run.EvaluateAsync (workflow) and stamp on the overall EvalItem.ExpectedOutput. - Map EvalItem.ExpectedOutput -> ground_truth in the Foundry JSONL payload, item_schema, and data_mapping for similarity. - Add GroundTruthEvaluators set (currently builtin.similarity) and a FindMissingGroundTruthEvaluators helper. - Fail fast with InvalidOperationException when a ground-truth evaluator is selected but no item provides an ExpectedOutput, instead of surfacing a remote provider error. - Add tests in FoundryEvalConverterTests and WorkflowEvaluationTests. - Add Evaluation_WorkflowExpectedOutputs sample (workflow + Foundry similarity). Fixes microsoft/agent-framework#5135 (.NET side). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: relax BuildOverallItem events to IReadOnlyList<WorkflowEvent> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Sample: disable per-agent breakdown when using reference-based evaluator Per-agent EvalItems are intentionally left without ExpectedOutput, so the new fail-fast validation in FoundryEvals would throw when Similarity is invoked for per-agent items. Pass includePerAgent: false in the workflow + similarity sample, and document this gotcha in the EvaluateAsync XML doc. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix BuildOverallItem: fall back to last ExecutorCompletedEvent AgentResponseEvent is only emitted when AIAgentHostOptions.EmitAgentResponseEvents is enabled, which is not the default for WorkflowBuilder(agent).AddEdge(...). When it is absent, fall back to the last non-internal ExecutorCompletedEvent whose Data is an AgentResponse / ChatMessage / string so the overall EvalItem (and any expectedOutput) is produced. Without this, samples wired up the standard way returned 0 evaluation items. Update test to cover the fallback path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Sample: enable EmitAgentResponseEvents; eval throws clear error when no overall response found Root cause of '0 results': AIAgentHostExecutor only emits AgentResponseEvent when AIAgentHostOptions.EmitAgentResponseEvents is true (default false). For ordinary AIAgent executors the runtime's ExecutorCompletedEvent.Data is null, so the prior fallback couldn't find a final response either. Sample now builds executors with EmitAgentResponseEvents=true via BindAsExecutor(hostOptions). EvaluateAsync now throws InvalidOperationException with a remediation hint when the user supplies expectedOutput but no overall final response can be located, instead of silently returning 0/0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Guard against null sample/error/usage/datasource_item in ParseDetailedItem Foundry eval responses can have these properties present with JSON null or non-object values, which caused JsonElement.TryGetProperty to throw 'requires Object, has Null'. Check ValueKind == Object before drilling in. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: reorder expectedOutput, tighten ground-truth check, add fail-fast test * WorkflowEvaluationExtensions.EvaluateAsync: move 'expectedOutput' to after 'splitter' so the original positional contract of (splitter, cancellationToken) is preserved for existing callers. * FoundryEvals: require ALL items to carry ExpectedOutput when a ground-truth evaluator is selected (e.g. similarity), not just any. Reference-based evaluators score per-item, so a single missing GT would still surface as a provider-side validation error. Updated fail-fast message accordingly. * WorkflowEvaluationTests: add EvaluateAsync_WithExpectedOutputButNoFinalResponse_ThrowsAsync to verify the InvalidOperationException is thrown (and that the message mentions EmitAgentResponseEvents). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fail-fast on missing overall item regardless of expectedOutput; harden BuildOverallItem default * EvaluateAsync now throws InvalidOperationException whenever 'includeOverall' is requested but BuildOverallItem cannot produce an item, instead of only when 'expectedOutput' is supplied. Same misconfiguration (agents not bound with EmitAgentResponseEvents) used to silently return empty results — now it surfaces a clear, actionable error in both cases. * BuildOverallItem switch default now throws instead of returning null. The preceding for-loop already constrains Data to AgentResponse/ChatMessage/ string, so reaching default would indicate a contract drift; throw to make the bug visible. * Test renamed and broadened to verify the throw fires without expectedOutput. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <25218250+alliscode@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-05-13 19:03:27 +00:00 -
Fixing FoundryToolboxMcp sample to use created toolbox. (#5786)
Co-authored-by: alliscode <bentho@microsoft.com>
Ben Thomas ·
2026-05-13 16:53:16 +00:00 -
.NET: Add harness agent package (#5782)
* Add harness agent package * Fix formatting. * Fix formatting. * Update release filter * Address PR comments.
westey ·
2026-05-13 10:58:05 +00:00 -
.NET: Fix OpenAIResponsesAgentClient to include agentName in endpoint path (#5748)
* Fix OpenAIResponsesAgentClient endpoint to include agentName in path (#5324) The sample OpenAIResponsesAgentClient used '/v1/' as the endpoint, which routes to the multi-agent endpoint requiring agent.name in the request body. However, AsIChatClient(agentName) maps agentName to the model field, not agent.name, causing HTTP 400 errors on OpenAI-compatible endpoints. Changed the endpoint to '/{agentName}/v1/' to match the pattern used by OpenAIChatCompletionsAgentClient, routing to the single-agent endpoint where no agent.name body field is needed. Added regression test verifying that the model field alone is insufficient for agent resolution on the multi-agent endpoint. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback for #5324 - URL-escape agentName in OpenAIResponsesAgentClient endpoint path to handle reserved characters safely - Add per-agent MapOpenAIResponses() calls in AgentHost so the sample host serves the /{agentName}/v1/responses routes the client now targets - Replace brittle Assert.Contains("agent.name") assertions with stable machine-readable error code assertion ("missing_required_parameter") Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address additional review feedback for #5324 - Apply Uri.EscapeDataString to OpenAIChatCompletionsAgentClient endpoint for consistency with OpenAIResponsesAgentClient - Map OpenAI Responses and ChatCompletions endpoints for all builder-based agents (chemist, mathematician, literator, science workflows) so every discoverable agent is reachable via the single-agent endpoint path Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Giles Odigwe ·
2026-05-12 17:16:47 +00:00 -
.NET: Feat/dotnet shell tool (#5604)
* feat(dotnet): add Microsoft.Agents.AI.Tools.Shell with LocalShellTool Ports Python LocalShellTool to .NET as a new package (net8/9/10). - Microsoft.Agents.AI.Tools.Shell: LocalShellTool, ShellPolicy (deny-list guardrail), ShellResolver (cross-OS pwsh/powershell/cmd vs bash/sh), ShellResult with head+tail truncation, timeout + process-tree kill, AsAIFunction with required-by-default human approval gate. - Persistent mode via ShellSession (sentinel protocol over pwsh/bash). - acknowledgeUnsafe parity gate matches the Python implementation. - Auto-injected platform context in the AIFunction description so the LLM sees the active OS and shell at tool-discovery time. - 17 xunit.v3 tests cover policy allow/deny, echo roundtrip, exit codes, timeout/kill, AsAIFunction shape + approval wrapping, persistent cwd/env carry-over, head+tail truncation, sentinel race. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(shell): close Python parity gaps for LocalShellTool Closes the .NET vs Python parity gaps identified in the competitive eval: - Default mode flipped to ShellMode.Persistent (matches Python). Every call now reuses a long-lived shell so cd/exports/functions persist; pass mode: ShellMode.Stateless to opt out. - New IShellExecutor interface — pluggable backend so future DockerShellTool / Hyperlight / SSH executors don't fork the framework. LocalShellTool implements it. - Workdir confinement: confineWorkingDirectory (default true) re-anchors every persistent-mode command back to workingDirectory so a wandering cd in one call doesn't leak to the next. Mirrors Python _maybe_reanchor. - Graceful interrupt on timeout: ShellSession sends SIGINT (POSIX) or Ctrl+C-on-stdin (Windows) before falling back to a hard close+respawn. Successfully-interrupted commands return exit 124 + TimedOut=true while preserving session state for the next call. - cleanEnvironment opt-in: when true, only PATH/HOME/USER/USERNAME/ USERPROFILE/SystemRoot/TEMP/TMP plus user-supplied vars are visible. - shellArgv: IReadOnlyList<string> override accepted alongside the string shell binary param (mutually exclusive). Lets advanced callers inject flags like --rcfile or --login. - Typed exceptions ShellTimeoutException and ShellExecutionException replace InvalidOperationException for launch / liveness failures. Tests: 17 -> 23. New cases cover persistent-default ctor, mutually- exclusive shell/shellArgv, confined re-anchor, confine-disabled leak, clean-env strip, and IShellExecutor implementation. All green on net10.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(shell): add DockerShellTool sandboxed shell tier Ports the Python DockerShellTool to .NET. Mirrors the public surface of LocalShellTool but executes commands inside an isolated container, where the container is the security boundary. Stateless and persistent modes both supported; persistent mode reuses ShellSession by launching 'docker exec -i <ctr> bash --noprofile --norc' as the long-lived REPL, so the sentinel protocol works unchanged. Defaults chosen for safety: - --network none, --user 65534:65534 (nobody), --read-only root - --cap-drop=ALL, --security-opt=no-new-privileges - 512m memory cap, pids-limit 256, --tmpfs /tmp - Optional host workdir mount, ro by default Public surface: - DockerShellTool ctor with image/container_name/mode/host_workdir/ workdir/network/memory/pids_limit/user/read_only_root/extra_run_args/ environment/policy/timeout/max_output_bytes/on_command/docker_binary - StartAsync, CloseAsync, RunAsync, AsAIFunction, IShellExecutor impl - IsAvailableAsync(binary) probe - Static argv builders (BuildRunArgv, BuildExecArgv) — pure, side- effect free, so unit tests don't need a Docker daemon AsAIFunction defaults to requireApproval: false (the container IS the boundary). LocalShellTool keeps the opposite default. Tests: 23 -> 35. 12 new tests cover argv builders, env/extra-args/host- workdir flags, exec interactive vs stateless, container name uniqueness, IShellExecutor implementation, AsAIFunction approval defaults, and IsAvailableAsync false-path. None require Docker. Multi-TFM build (net8/9/10) green. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test(shell): add DockerShellTool integration tests Adds 9 end-to-end tests that exercise DockerShellTool against a live Docker (or Podman) daemon. Tests are tagged [Trait("Category", "Integration")] and auto-skip via Assert.Skip when no daemon is available, so they are CI-safe. Coverage: - IsAvailableAsync probe - Persistent mode basic command + state preservation across calls - --network none blocks outbound DNS - --read-only root prevents writes outside /tmp; /tmp tmpfs is writable - --user 65534:65534 (nobody) is in effect - Stateless mode: env vars do not leak across calls - HostWorkdir bind-mount + read-only enforcement - Environment variables passed via -e Tests use debian:stable-slim (alpine ships only busybox sh, which ShellSession persistent bash REPL cannot drive). Run locally: dotnet test --filter "Category=Integration" or filter by class on the test exe directly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style(shell): apply dotnet format pass - Whitespace and code-style fixes from `dotnet format` across both projects - Convert all new files to UTF-8 with BOM and LF line endings (repo convention) - Rename ShellSession statics to s_ prefix (IDE1006) - Add Async suffix to async test methods (IDE1006) No behavioral changes. All 44 tests still pass on net10.0; multi-TFM build (net8/net9/net10) green. `dotnet format --verify-no-changes` now reports clean for both projects. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(shell): add DockerShellTool walkthrough with sequence diagrams Explains the mental model (we shell out to the docker CLI; we never speak the engine API), the hardened docker run argv, persistent vs stateless lifecycles with mermaid sequence diagrams, the full agent-to-bash call ladder, and the failure modes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fixes (group a): libc DllImport, namespace cleanup, policy-msg dedup Three quick-win review comments on PR #5604: 1. ShellSession: the libc `killpg` P/Invoke was annotated with `DllImportSearchPath.System32`, a Windows-only loader hint that does nothing for libc.so on POSIX. Switched to `SafeDirectories` (CA5392 /CA5393 clean) and added a comment noting the call site is gated to non-Windows. 2. DockerShellToolTests: replaced the fully-qualified `Extensions.AI.ApprovalRequiredAIFunction` with a `using Microsoft.Extensions.AI;` import and the bare type name, matching `LocalShellToolTests`. 3. LocalShellTool / DockerShellTool: `AsAIFunction`'s catch block was producing a doubled "Command blocked by policy: Command rejected by policy: ..." prefix because the `ShellPolicyException` message already starts with "Command rejected by policy". Now we return `ex.Message` directly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group b): add ShellKind.Sh for /bin/sh fallback Review comment (#3): when /bin/bash is missing the resolver fell back to /bin/sh but tagged it as ShellKind.Bash, so the launcher passed bash-only flags --noprofile --norc to dash/ash/busybox, which interpret them as positional script names. Fix: * Added ShellKind.Sh for minimal POSIX shells (sh, dash, ash, busybox). * /bin/sh fallback is now tagged Sh. * ClassifyKind maps "SH" / "DASH" / "ASH" / "BUSYBOX" binary names to Sh. * StatelessArgvForCommand emits just `-c <command>` for Sh (no bash-only flags); PersistentArgv emits no flags at all. * LocalShellTool's system-prompt builder describes Sh distinctly and warns the model away from bash-only constructs. Tests: ShellResolverTests covers Sh/Bash classification through the observable argv output (14 new theory cases). Total: 58/58. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group d): honor timeout=null, add DefaultTimeout Review comment (#5): both LocalShellTool and DockerShellTool documented `timeout: null` as "disables timeouts" but the constructor coerced null to 30 seconds, making the documented disable mechanism unreachable through the public API. Fix: * Drop the `?? TimeSpan.FromSeconds(30)` coercion in both ctors. `_timeout` now faithfully reflects what the caller passed (null = disabled). The downstream CTS-construction sites already short-circuit on null, so no other code changes are required. * Add `public static readonly TimeSpan DefaultTimeout` (30 s) on both tools so callers who want a bounded timeout can opt in explicitly. Tests: * New `RunAsync_NullTimeout_DoesNotTimeOutAsync` confirms a quick command runs to completion when the caller passes `timeout: null`. * New `DefaultTimeout_IsThirtySeconds` documents the constant. Behavioral note: this is a deliberate change-of-default. Callers that previously omitted `timeout` and relied on the implicit 30 s now get "no timeout". They should pass `LocalShellTool.DefaultTimeout` or `DockerShellTool.DefaultTimeout` explicitly to preserve the prior behavior. Tests: 60/60 (44 baseline + 14 resolver + 2 new timeout tests). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group e): smart requireApproval default for DockerShellTool Review comment (#6, design): requireApproval: false baked in a safety decision the type cannot prove on its own. Callers can weaken any isolation knob (network, user, readOnlyRoot, mount, extraRunArgs) and still get an unapproved tool by default. Fix: * New public IsHardenedConfiguration property returns true iff the effective config matches the safe defaults: network=="none", non-root user, read-only root, host mount (if any) read-only, no extra run args. * AsAIFunction's requireApproval parameter is now bool? defaulting to null. When null, approval is enabled iff IsHardenedConfiguration is false. Pass false explicitly to opt out, or true to force. * docker-shell-tool.md updated with the new approval matrix. Tests: 4 new theory cases + 2 facts cover hardened-default, relaxed-network, root-user, writable-root, extraRunArgs, and explicit-opt-out branches. Total: 66/66. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * PR 5604 review fix (group c): wrap POSIX shell in setsid for correct killpg Review comment (#1): killpg(proc.Id, SIGINT) only behaves like a process-group signal when proc.Id IS a process group id. Since the .NET launcher does not call setsid() / setpgid() itself, the spawned shell inherits the agent host's process group — so killpg targeted the wrong group and the cancel signal could leak to the agent. Fix: * On non-Windows, EnsureStartedAsync probes for setsid (well-known paths first, then PATH). When found it wraps the shell launch as `setsid <shell> <args...>` so the spawned shell becomes a session leader (PID == PGID). * A new _isSessionLeader flag tracks whether the wrap succeeded. * InterruptCurrentCommandAsync only calls killpg when _isSessionLeader is true. Without setsid, killpg on an unsuited PID could signal the agent itself, so we skip the fast path and let the caller's hard close-and-respawn handle the timeout. * Windows behaviour is unchanged (Ctrl+C-via-stdin to pwsh). No public-API changes; existing tests cover the interrupt path and all 66/66 still pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .Net: DockerShellTool design + caller-cancel container leak fixes (PR #5604) Addresses three Copilot review findings on PR #5604. Design (group f): * StartAsync: change inner ResolvedShell from ShellKind.Bash to ShellKind.Sh. BuildExecArgv() already includes `--noprofile --norc` in ExtraArgv; Bash's PersistentArgv() was appending those flags a second time, yielding `bash --noprofile --norc --noprofile --norc`. Sh's PersistentArgv() returns Array.Empty so ExtraArgv is forwarded unchanged. * BuildExecArgv: remove the dead `interactive: false` branch and the `interactive` parameter. The `false` path produced an unusable argv ending in `-c` with no command and was never invoked internally (stateless mode uses BuildRunArgvStateless). Updated tests and docs/docker-shell-tool.md sequence diagram. Reliability (group g): * RunStatelessAsync: add a second `catch (OperationCanceledException)` guarded on `cancellationToken.IsCancellationRequested` that issues `docker kill --signal KILL <perCallName>` before rethrowing. Previously, caller-driven cancellation bypassed the timeout-only catch and propagated without killing the container; because `--rm` only fires when PID 1 exits, the container ran indefinitely. Extracted the kill-by-name logic into a `BestEffortKillContainerAsync` helper shared by both the timeout and caller-cancel paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .Net: Fill PR #5604 test coverage gaps for Shell tools Addresses the test-coverage findings in the latest Copilot review. * ShellResultTests (new): direct branch coverage for ShellResult.FormatForModel() — empty stdout, non-empty stderr, truncated, timed-out, success, and the truncated-with-empty-stdout edge where the marker is intentionally suppressed. This method's string is what the language model sees, so it benefits from explicit unit-level coverage independent of integration tests. * ShellSessionTests (new): direct unit tests for the internal TruncateHeadTail head-tail truncation utility — under-cap (no truncation), exactly at cap (no truncation), over-cap (truncated with marker, both head and tail preserved), and empty-string. Reachable via InternalsVisibleTo. * LocalShellToolTests: Theory test exercising 8 representative patterns from ShellPolicy.DefaultDenyList (rm -rf /, mkfs.ext4, curl|sh, wget|sh, Remove-Item /, shutdown, reboot, Format-Volume) to catch deny-list regex regressions; previously only 1/16 was tested. * LocalShellToolTests: explicit stderr-capture assertion (echo to stderr → result.Stderr contains the message). Stderr capture was not directly asserted anywhere in the suite. * DockerShellToolTests: RunAsync_RejectedCommand throws ShellCommandRejectedException. The Docker-side policy check is a pure-logic path that runs before any docker invocation, so this test covers the rejection branch without needing a Docker daemon. Total: 66 -> 85 tests, all passing on net10.0. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(dotnet/shell): add ShellEnvironmentProvider for OS-aware shell instructions Pairs LocalShellTool/DockerShellTool with an AIContextProvider that probes the live shell once per session (OS, family, version, CWD, configurable CLI versions) and injects authoritative instructions so the agent uses platform-native idioms (PowerShell vs POSIX). Fixes the class of bugs where the model emits 'VAR=value' / '/tmp' / '$VAR' on a Windows PowerShell session. - ShellEnvironmentProvider/Snapshot/Options public surface in the existing Microsoft.Agents.AI.Tools.Shell package (one new project reference to Microsoft.Agents.AI.Abstractions). - Probes go through the same IShellExecutor that runs agent commands, so they respect the configured policy and (for DockerShellTool) the container boundary. - 8 unit tests covering snapshot capture, default formatter idioms, missing-tool handling, custom formatter override, and refresh. - Agent_Step21_ShellWithEnvironment sample replays the DEMO_TOKEN cross-call scenario using a persistent local shell. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet/shell): address PR review feedback round 3 - ShellEnvironmentProvider.cs split into one-type-per-file (ShellFamily, ShellEnvironmentSnapshot, ShellEnvironmentProviderOptions, plus the provider class) to match FoundryMemoryProvider/AgentSkillsProvider layout. - csproj: drop IsPackable=false (package will publish on merge), add IsReleased=true and disable package validation baseline (first release), use TargetFrameworksCore, add InjectSharedDiagnosticIds and InjectExperimentalAttributeOnLegacy to align with shipping packages. - Sample: refactor to demonstrate stateless mode first (independent read-only commands), then persistent mode (state carried across calls, e.g. DEMO_TOKEN). Strip narrative/historical comments. - Move docker-shell-tool.md out of the package — that doc lives in the docs repo (semantic-kernel-pr/agent-framework, branch feat/dotnet-shell-tool). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 4 review feedback - Sample (Agent_Step21_ShellWithEnvironment): add prominent WARNING block noting LocalShellTool runs real commands on the host. Restructure sample to demonstrate stateless mode first (cd does not carry across calls) then persistent mode (cd and env vars persist), motivating when to pick each. - DockerShellTool class XML doc: reframe as a best-effort baseline rather than a security guarantee; list mitigations users should still apply. - DockerShellTool ShellKind.Sh comment: rephrase as forward-looking design rationale (avoid duplicate --noprofile/--norc if Bash is reintroduced) instead of bug-history narrative. - DockerShellTool.IsHardenedConfiguration / AsAIFunction XML docs: clarify these are configuration-shape checks and convenience defaults, not security guarantees. - Drop IDisposable from LocalShellTool and DockerShellTool. The previous sync Dispose() blocked on DisposeAsync().GetAwaiter().GetResult() with a VSTHRD002 suppression, which is fragile under sync contexts. Both tools now expose IAsyncDisposable only; tests updated to await using. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add Async suffix to async test methods to satisfy IDE1006 Fixes check-format CI failure on PR #5604. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix CPU busy-spin in WaitForSentinelAsync When new bytes arrived in the stdout read loop, the producer called TrySetResult on _stdoutSignal but did not replace it with a fresh TCS. A consumer looping inside WaitForSentinelAsync would then re-read the same already-completed TCS, causing WaitAsync(100ms) to return synchronously every iteration — a tight busy-spin that pinned a core until the sentinel arrived or the timeout fired. Swap the signal before completing the old one so the next consumer iteration observes a fresh (uncompleted) TCS, matching the pattern already used in ReadExitCodeAsync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove unused onCommand audit hook from shell tools The Action<string> onCommand callback was a redundant audit-logging seam: no production callers, no Python parity, and the framework already provides function-invocation middleware for cross-cutting concerns at the AIFunction layer. Removing the parameter from LocalShellTool and DockerShellTool keeps the public surface lean. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Align Shell csproj with Foundry.Hosting preview-package conventions - Add RootNamespace - Move Title/Description into the primary PropertyGroup with TargetFrameworks/VersionSuffix to match the Foundry.Hosting layout - Drop IsReleased (preview packages do not set it) - Drop UTF-8 BOM Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Document why ShellEnvironmentProvider uses Instructions, not Messages Expand the class XML doc to record the design rationale: the shell environment is stable runtime metadata, not per-turn retrieval, so it belongs in AIContext.Instructions (matching AgentSkillsProvider). Messages is reserved for retrieval payloads (TextSearchProvider, ChatHistoryMemoryProvider). System-role placement also has higher steering weight and benefits from prompt caching in major providers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Clarify which probe failures ShellEnvironmentProvider swallows Name the four exception types explicitly (timeout, policy rejection, spawn failure, cancellation) and note that all other exceptions propagate normally. Avoids the misleading impression that the provider is a blanket try/catch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Strip cross-language and bug-history narrative from shell tool comments Remove "hard-won" framing and explicit "Mirrors the Python ..." cross references from class XML docs and inline comments in ShellSession, DockerShellTool, and ShellResolver. Comments now describe current behavior without commentary on prior implementations or development history. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 5 review feedback - ShellResolver: classify only `bash` as ShellKind.Bash; sh/zsh/dash/ash/ksh/busybox now route through ShellKind.Sh so bash-only --noprofile/--norc flags are not emitted to shells that reject them. Update enum doc and tests. - ShellEnvironmentProvider.ProbeToolVersionAsync: validate the tool name against ^[A-Za-z0-9._-]+$ before interpolating into a shell command (prevents injection if ProbeTools is sourced from untrusted config). Fall back to stderr when stdout is empty so CLIs like java/older gcc still report a version. Drop misleading 'quoted' comment. - ShellSession.TruncateHeadTail: truncate by UTF-8 byte count on rune boundaries, honouring the documented maxOutputBytes contract for non-ASCII output. - ShellEnvironmentProviderTests: drop reflection on private _options; assert against the options instance the test already owns. Rename misnamed RefreshAsync test to reflect re-probing semantics. Add coverage for invalid tool names and stderr-only version output. - ShellSessionTests: add multi-byte UTF-8 truncation tests (byte-budget honoured, no rune split, no U+FFFD). - Move DockerShellToolIntegrationTests.cs from the unit test project into a new Microsoft.Agents.AI.Tools.Shell.IntegrationTests project so 'dotnet test' on the unit suite no longer requires a Docker daemon. Wire the new project into agent-framework-dotnet.slnx. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 6 review feedback - ShellSession.MaybeReanchor: switch from double-quoted to single-quoted literal-quoting per shell. Double quotes still expand $VAR, ``, and backticks in both PowerShell and POSIX, so a working directory containing shell metacharacters could trigger command substitution. Add QuotePowerShell (escape ' as '') and QuotePosix (close-and-reopen around ') helpers and route MaybeReanchor through them. Add tests covering ``, $VAR, backticks, and embedded single quotes. - ShellEnvironmentProvider.RunProbeAsync: narrow the OperationCanceledException filter to `when (!cancellationToken.IsCancellationRequested)` so caller-driven cancellation propagates instead of being silently converted to a null snapshot. Update the class XML doc to call out the distinction. Add tests for both paths (caller cancellation throws, probe-timeout returns null fields). - DockerShellTool.RunStatelessAsync / RunDockerCommandAsync: replace unbounded StringBuilder accumulators with a shared HeadTailBuffer (extracted from LocalShellTool into its own internal type). Caps memory at roughly maxOutputBytes regardless of how much output a command emits; drops the now-redundant trailing TruncateHeadTail call. RunDockerCommandAsync caps helper-command output at 1 MiB (defends against chatty docker pull progress streams). Add HeadTailBufferTests covering bounded behaviour over 10 MiB of streamed input. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 7 review feedback - HeadTailBuffer: switch to UTF-8 byte-aware truncation. The class previously capped on UTF-16 char count while callers pass _maxOutputBytes, so multi-byte output could exceed the budget and head/tail boundaries could split surrogate pairs into orphaned halves. Now tracks UTF-8 byte counts and treats each rune as an indivisible unit (encode -> bytes -> head/tail), guaranteeing the final string round-trips through UTF-8 and never contains an unpaired surrogate. The truncation marker now reads `bytes` instead of `chars` to match. - ShellEnvironmentProvider: clear cached _snapshotTask on failure. Previously a faulted/cancelled first probe permanently poisoned the provider — every later ProvideAIContextAsync await replayed the same exception. Now the failed task is cleared via a CompareExchange so the next caller starts a fresh probe. Tests: added rune-boundary coverage for HeadTailBuffer, plus two regression tests for poison-recovery (executor-throw and caller-cancellation paths). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 8 review feedback - HeadTailBuffer odd-cap data loss: previously _halfCap = cap / 2 was used as both the head fill bound and the tail eviction threshold, so an odd cap (e.g. cap=5 -> halfCap=2) would silently drop a byte while ToFinalString still reported truncated == false. Split into _headCap = cap / 2 and _tailCap = cap - _headCap so head + tail budgets always sum to exactly cap; any input whose UTF-8 size is <= cap now round-trips losslessly. - ShellSession.TakePrefixByBytes unpaired-high-surrogate: the prefix walker advanced 2 chars whenever it saw a high surrogate, without verifying that the next char was actually a low surrogate. Mirrored the pair check from TakeSuffixByBytes so unpaired surrogates are treated as a single (invalid) BMP char and the encoder substitutes U+FFFD as it would anywhere else. - Centralize clean-environment preserved-vars list. The {PATH, HOME, USER, USERNAME, USERPROFILE, SystemRoot, TEMP, TMP} allowlist was duplicated in LocalShellTool (stateless launch) and ShellSession (persistent startup), so adding a new variable required touching both. Extracted into CleanEnvironmentHelper.PreservedVariables / ApplyPreserved; both call sites collapse to a single line. Tests: HeadTailBuffer round-trip-at-odd-cap regression, ShellSession unpaired- surrogate test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 9 review feedback - ShellSession.TruncateHeadTail odd-cap budget: same fix applied to HeadTailBuffer last round but missed here. Use headCap = cap/2 + tailCap = cap - headCap so the head/tail budgets sum to exactly cap. - Replace TakePrefixByBytes / TakeSuffixByBytes Encoder.Convert loops with rune iteration. The old code ignored Encoder.charsUsed and trusted the caller's hand-rolled surrogate-pair detection, which made the byte count fragile around unpaired surrogates. EnumerateRunes + Utf8SequenceLength is stateless and self-evidently correct. - ShellEnvironmentProvider.ProbeAsync now skips case-insensitive duplicates in the user-supplied ProbeTools list. Previously {\"git\",\"GIT\"} would probe twice and rely on insertion order to determine the kept value. - DockerShellToolTests.AsAIFunction_RelaxedConfig_DefaultsToApprovalGated: removed unused trailing ool _ parameter and matching InlineData column. Tests: added duplicate-ProbeTools regression test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #5604 round 10 review feedback * ShellSession.ReadLoopAsync: replace per-byte buf.Add(chunk[i]) loop with a single buf.AddRange(new ArraySegment<byte>(chunk, 0, n)) bulk copy on the read hot path. * ShellPolicy: compile allow-list patterns with RegexOptions.IgnoreCase, matching the deny-list and avoiding case-mismatch surprises. * LocalShellToolTests.RunAsync_NonZeroExit: drop the redundant ternary that selected between two identical 'exit 7' literals. * DockerShellToolIntegrationTests.NetworkNone: fix the comment to reference 'getent' (matching the actual command) instead of the stale 'wget' phrasing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet): address PR #5604 round-3 review feedback - Rename LocalShellTool/DockerShellTool -> LocalShellExecutor/DockerShellExecutor - Rename IShellExecutor.StartAsync/CloseAsync -> InitializeAsync/ShutdownAsync - Rename ShellDecision -> ShellPolicyOutcome - Rename CleanEnvironmentHelper.ApplyPreserved -> EnvironmentSanitizer.RemoveNonPreserved - Convert ShellRequest/ShellPolicyOutcome from record struct to plain readonly struct (with IEquatable<T>) - Split ShellMode, ShellTimeoutException, ShellExecutionException into their own files - Add DockerNetworkMode static class with None/Bridge/Host constants - Convert DockerShellExecutor memory parameter from string to long? memoryBytes - Use Throw.IfNull(image) in DockerShellExecutor ctor - Make ShellResolver.EnvVarName public const - Inline-comment each DefaultDenyList regex; document allow-precedence-over-deny on ShellPolicy.Evaluate Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(dotnet): address PR #5604 round-3 follow-up nits - DockerShellExecutor / LocalShellExecutor: drop redundant IAsyncDisposable from class declarations (IShellExecutor : IAsyncDisposable already covers it) - DockerShellExecutor: scope DefaultImage / DefaultContainerUser / DefaultNetwork / DefaultMemoryBytes / DefaultPidsLimit / DefaultContainerWorkdir to internal (only used as parameter defaults; tests have InternalsVisibleTo) - DockerShellExecutor.RunAsync: blank line after the null-guard block (style consistency) - csproj: move <Title>/<Description> below the nuget-package.props import so they are not overwritten by the shared defaults; refresh wording to match new executor names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor shell tool: abstract ShellExecutor, options classes, ContainerUser record Round-3 review responses for PR #5604: * Replace IShellExecutor interface with abstract ShellExecutor base class so the surface can be extended without breaking implementers (review feedback from @westey-m). * Drop ShutdownAsync from the executor surface; DisposeAsync is the canonical teardown (review feedback from @SergeyMenshykh). * Replace the long parameter lists on Local/DockerShellExecutor constructors with LocalShellExecutorOptions and DockerShellExecutorOptions classes so adding new knobs is no longer a breaking change (review feedback from @SergeyMenshykh). * Introduce ContainerUser(Uid, Gid) record in place of a 'uid:gid' string for the Docker user, with Default and Root statics (review feedback from @lokitoth). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove IsHardenedConfiguration; AsAIFunction defaults to approval-gated Addresses PR #5604 review thread AZpMj. The IsHardenedConfiguration property was a configuration-shape check, not a security guarantee, and using it to auto-disable approval gating gave false confidence. - Delete IsHardenedConfiguration property. - AsAIFunction(requireApproval: null) now always wraps in ApprovalRequiredAIFunction; callers must explicitly pass false to opt out. - Update class- and method-level XML docs to drop hardened-attestation language and call out approval gating as the primary safety control. - Drop two hardening-assertion tests and the relaxed-config theory; add one test asserting null requireApproval is approval-gated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Replace ShellExecutionException/ShellTimeoutException with standard exceptions Addresses PR #5604 review threads AaqVP and Aasod. The custom exception types added no behavior beyond the base type — only a different name — so callers gain nothing from them. - Delete ShellExecutionException.cs and ShellTimeoutException.cs. - Process spawn failures (LocalShellExecutor, DockerShellExecutor) and broken-pipe to a long-lived shell (ShellSession) now throw IOException, which is the natural .NET shape for these failures. - ShellTimeoutException was declared but never thrown; the only in-process timeout path uses the OperationCanceledException raised by the linked CancellationTokenSource. The catch-and-swallow in ShellEnvironmentProvider now matches IOException + TimeoutException. - Update XML doc comments accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove ShellPolicy.DefaultDenyList; default policy is empty Addresses PR #5604 review thread AY7Ba. A regex deny-list is bypassed in seconds by hex escapes ($(echo -e "\x72\x6D")), command substitution ($(base64 -d <<<...)), and envvar splicing ($(A=r B=m; echo $A$B)). No major agent framework uses regex matching as a primary control; AutoGen explicitly removed theirs in v2. The real defenses are approval gating (default) and the Docker sandbox tier. - Delete DefaultDenyList property from ShellPolicy. - ShellPolicy(denyList: null) now means an empty deny-list. - Rewrite ShellPolicy class XML docs to frame as a UX pre-filter for operator-supplied patterns, not as a security control. - Update LocalShellExecutorOptions/DockerShellExecutorOptions Policy docs to match. - Tests that exercise the deny-list mechanism now supply patterns explicitly, mirroring real operator usage. - Add Policy_DefaultConstruction_AllowsAnyNonEmptyCommand test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Document single-session ownership for persistent shell mode Several PR #5604 review threads (notably AaQh2) raised that the persistent shell experience has no concurrency story. The framework's actual design is "one executor per conversation" — there is no per-caller isolation — but that contract was only stated briefly on ShellExecutor and not at all on the types and properties developers reach for first. Strengthen the docs in the places a user is most likely to land: - ShellMode.Persistent: explicit single-session-ownership paragraph (state visible across calls, single pipe, no isolation, one per session). - ShellExecutor: rewrite the Concurrency paragraph to enumerate what leaks (cwd, env, history, background jobs) and call out DI scoping. - LocalShellExecutor: new Single-session-ownership paragraph mirroring the executor-level contract and pointing at Stateless mode as the escape hatch. - DockerShellExecutor: same, framed around the container + bash REPL the persistent-mode executor owns end-to-end. - ShellSession: add a Single-owner paragraph on the type docs and a comment on _runLock clarifying that it serializes the owner's calls, not multiple tenants. - LocalShellExecutorOptions.Mode / DockerShellExecutorOptions.Mode: per-property note pointing at the executor remarks. Docs-only; src builds clean with zero warnings, zero errors. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-05-12 16:17:49 +00:00 -
.NET: Refactor harness console rendering (#5751)
* Refactor harness console rendering * Fix formatting issues * Address PR comments
westey ·
2026-05-12 15:13:53 +00:00 -
.NET: Remove Foundry Toolbox server-side tools support (#5753)
* .NET: Remove Foundry Toolbox server-side tools support Mirrors the Python cleanup in microsoft/agent-framework#5671. Passing toolbox tools as server-side Responses tools is not the experience we want to support; the hosted-agent MCP toolbox path (HostedMcpToolboxAITool + FoundryToolboxService) remains the supported way to consume Foundry Toolboxes. Removed: - FoundryToolbox static class (GetToolboxVersionAsync / GetToolsAsync / ToAITools / SanitizeAndConvert) - AIProjectClient.GetToolboxToolsAsync extension - Agent_Step25_ToolboxServerSideTools sample (+ slnx entry) - FoundryToolboxTests, TestDataUtil, HttpHandlerAssert, and the toolbox JSON fixtures only those tests referenced - ToolboxHostedAgentTests and ToolboxHostedAgentFixture; the "toolbox" switch arm + CreateToolboxAgent helper in TestContainer; matching README scenario row and bootstrap script entry Kept (MCP path, unchanged): - HostedMcpToolboxAITool, FoundryAITool.CreateHostedMcpToolbox, FoundryAIToolExtensions.CreateHostedMcpToolbox(ToolboxRecord/Version) - FoundryToolboxService, AddFoundryToolboxes, marker injection in AgentFrameworkResponseHandler, InputConverter.ReadMcpToolboxMarkers - Hosted-Toolbox sample, McpToolbox* tests, FoundryToolboxServiceTests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Add Foundry Toolbox MCP sample (Agent_Step25_FoundryToolboxMcp) Adds a non-hosted-agent equivalent of the Python foundry_chat_client_with_toolbox.py sample. The agent connects to a Foundry Toolbox's MCP endpoint via Streamable HTTP, injects a fresh Azure AI bearer token on every request, and discovers the toolbox's tools at runtime via McpClient.ListToolsAsync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * .NET: Tighten Agent_Step25_FoundryToolboxMcp README/Program comments Drop 'non-hosted agent' framing from README (this sample isn't related to hosted agents) and remove narrative comparison to server-side tools from the Program.cs header comment. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Drop python sample reference from Agent_Step25 README Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Drop incorrect .NET 10 prereq from Agent_Step25 README Toolboxes don't require .NET 10 (Microsoft.Agents.AI.Foundry targets net8.0+); the parent AgentsWithFoundry README already lists the sample SDK prereq. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix Toolsets api-version in Agent_Step25 example endpoint Use 2025-05-01-preview to match FoundryToolboxOptions.ApiVersion. The placeholder 'v1' is not accepted by the Toolsets endpoint. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: alliscode <bentho@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ben Thomas ·
2026-05-11 22:05:14 +00:00 -
.NET: Hosted Agents - RAG Sample with Azure AI Search (#5693) (#5701)
* .NET: Hosted Agents - RAG Sample with Azure AI Search (#5693) Adds a Hosted-AzureSearchRag sample plus a live Foundry.Hosting integration test scenario backed by a real Azure AI Search index. Sample (Hosted-AzureSearchRag): keyword-only Azure AI Search via SearchClient adapter into TextSearchProvider, scope-aware DevTemporaryTokenCredential consuming AZURE_BEARER_TOKEN_FOUNDRY + AZURE_BEARER_TOKEN_SEARCH for local Docker, Dockerfile + contributor Dockerfile mirroring Hosted-TextRag. Integration test: AzureSearchRagHostedAgentFixture extends the PR #5598 HostedAgentFixture with the new azure-search-rag scenario branch in the shared test container; AzureSearchRagHostedAgentTests asserts the model returns canary tokens (TR-CANARY-7821, SHIP-CANARY-4493) that exist only in the seeded documents - real proof the agent grounded its answer in retrieved content rather than training data. * Address PR 5701 Copilot review feedback - Sample README: drop stale 'bootstraps the index on first run' line; index is pre-provisioned out of band - Sample + TestContainer search adapters: propagate CancellationToken to await foreach via .WithCancellation()
Roger Barreto ·
2026-05-11 13:59:42 +00:00 -
.NET: Hosted-Files sample + AgentSessionFiles SDK companion + integration test (#5698)
* .NET: Add Hosted-Files sample + alpha AgentSessionFiles SDK companion + integration test Closes #5691 - Hosted-Files server sample (mirrors python 06_files): 3 local tools reading the per-session \C:\Users\rbarreto sandbox volume. - SessionFilesClient REPL companion: code-first equivalent of zd ai agent files upload using the alpha Azure.AI.Projects.AgentSessionFiles SDK (upload/ls/download/rm + session lifecycle with isolation key). - session-files scenario added to the Foundry.Hosting.IntegrationTests multi-scenario harness (PR #5598): SessionFilesHostedAgentFixture + SessionFilesHostedAgentTests.UploadAndAgentReadsFileAsync, end-to-end validating upload then agent-reads-file (agent_session_id pinned via CreateResponseOptions.Patch). Bundled testdata is linked from the sample so there is a single source of truth. * .NET: Hosted-Files: REPL companion now demonstrates file-as-knowledge end-to-end Adds an 'ask <prompt>' command to SessionFilesClient that pins agent_session_id (via CreateResponseOptions.Patch) so the agent invoked from the REPL reads files this REPL just uploaded. Surfaces the file content as agent knowledge in the same in-process loop instead of telling the user to shell out to azd ai agent invoke. * .NET: Reshape Hosted-Files sample - bake files into image, SessionFilesClient becomes thin chat REPL The previous SessionFilesClient leaned on the alpha AgentSessionFiles SDK to upload files at runtime, which made it diverge from the canonical Using-Samples shape (SimpleAgent / SimpleInvocationsAgent: tiny chat REPLs). This change: - Bakes the sample resources/ directory into the published output via a Content Include in HostedFiles.csproj. Inside the container the files live at /app/resources/. Two local function tools (ListFiles, ReadFile) surface them to the model. - Reshapes SessionFilesClient as a thin FoundryAgent chat REPL, identical shape to SimpleAgent. AGENT_ENDPOINT + AGENT_NAME, that is it. - Demo flow: user asks 'Give me the total revenue in the contoso file' and the agent answers with the figure read from its bundled file. Validated end-to-end locally against Hosted-Files on http://localhost:60419. - Bypasses SampleEnvironment alias on optional env vars to avoid stdin prompts when running unattended. The Foundry.Hosting.IntegrationTests session-files scenario continues to validate the alpha AgentSessionFiles SDK end-to-end (upload + agent reads from session HOME) and is unchanged. * .NET: Foundry.Hosting.IntegrationTests TestContainer - constrain session-files tools to $HOME Addresses the path-traversal review comment on the session-files scenario: ResolveSessionPath in TestContainer used to allow absolute paths and .. traversals, which (when chained with indirect prompt injection in an uploaded file) would let the model read or list arbitrary container files via the ReadFile / ListFiles tools. Mirrors the canonicalize + StartsWith(home) pattern from the framework's own FileSystemAgentFileStore.ResolveSafePath: rejects rooted paths, calls Path.GetFullPath, and verifies the result stays under $HOME, throwing ArgumentException otherwise. The Hosted-Files sample is already safe (uses Path.GetFileName which strips any directory component) so no change there. The integration test continues to upload and read 'contoso_q1_2026_report.txt', a single relative filename which passes the new validation unchanged. * .NET: SessionFilesHostedAgentTests - shrink to alpha SDK round-trip The previous test attempted to pin agent_session_id into the /responses payload via JsonPatch so the agent would read the file uploaded through AgentSessionFiles. The Foundry alpha service now consistently rejects the explicit-session-id pin with HTTP 400 conflict on /responses, regardless of whether the session was pre-created via AgentAdministrationClient or left to be auto-provisioned, so the agent leg of the test is no longer reachable from the SDK surface. Reshape the test to exercise what the alpha SDK actually guarantees: create session, upload, list (assert presence + size), download (assert deterministic token), delete (assert removed), cleanup. Everything stays inside Azure.AI.Projects.Agents.AgentSessionFiles. Verified live against tao-foundry-prj: UploadListDownloadAndDeleteAsync passed in 30s. Full Foundry.Hosting.IntegrationTests run: 25 total, 6 passed, 19 skipped (existing placeholders), 0 failed. * .NET: SessionFilesHostedAgentTests - rewrite as upload-then-FoundryAgent.RunAsync e2e Per review feedback the integration test must validate the hosted agent itself: client uploads a file via the alpha AgentSessionFiles SDK, then FoundryAgent.RunAsync invokes the deployed agent and the agent's container-side ReadFile tool surfaces the uploaded file content into the response. Test flow: 1. agent.RunAsync(warmup) - platform provisions a per-session container. 2. AgentAdministrationClient.GetSessionsAsync(latest) - resolve the just-provisioned agent_session_id. 3. AgentSessionFiles.UploadSessionFileAsync - upload contoso file to that session, asserts BytesWritten + GetSessionFiles listing. 4. agent.RunAsync(real prompt, options=PreviousResponseId chain) - chained to warmup so the platform routes back to the same container. 5. Assert response contains '1,482.6' (deterministic token from file). 6. Best-effort cleanup. The test is annotated with [Fact(Skip=...)] right now: the Foundry alpha service consistently returns HTTP 400 conflict on /responses requests that link to a prior session via previous_response_id, conversation_id, or agent_session_id pinning - verified across multiple retries with multiple chaining strategies. Without that link we cannot route the second invocation to the same container the file was uploaded to. When the platform regression is resolved, removing the Skip will exercise the full flow. Full Foundry.Hosting.IntegrationTests run with this change: 25 total, 5 passed, 20 skipped (existing placeholders + this one), 0 failed. * .NET: SessionFilesHostedAgentTests - end-to-end upload-then-FoundryAgent.RunAsync now passes The blocker was a routing problem combined with a platform race: 1. Routing two /responses calls to the same per-session container. - agent_session_id pin in body -> 400 (platform treats it as create) - conversation_id created at project root -> 404 at agent endpoint - previous_response_id chain -> different session The working answer is to create the conversation on a per-agent ProjectOpenAIClient (AgentName option, URL becomes /agents/{name}/endpoint/protocols/openai/conversations) and pass that conversation_id on both calls. Both then resolve to the SAME x-agent-session-id (verified by capturing the response header). 2. Race after AgentSessionFiles upload. The upload mutates session/ conversation revision; a /responses call issued immediately after 400-conflicts with 'modified concurrently. Please retry.' Bounded exponential retry handles it (5 attempts, 2*attempt seconds). Test flow: 1. Create per-agent OpenAI client + ProjectConversationsClient + ProjectResponsesClient. 2. CreateProjectConversationAsync on the per-agent client. 3. Warm-up agent.RunAsync(prompt, ChatOptions { ConversationId = ... }) - captures x-agent-session-id from the response header via a custom pipeline policy. 4. AgentSessionFiles.UploadSessionFileAsync to that session id. 5. ProjectResponsesClient.CreateResponseAsync (raw, retry-on-conflict) with the same conversation_id -> routes back to the same container. 6. Assert response contains '1,482.6' (deterministic token from file). 7. Cleanup: delete file, leave session for TTL. Verified live against tao-foundry-prj: UploadedFile_IsReadByHostedAgentAsync passed in 24.9s. Full Foundry.Hosting.IntegrationTests run: 25 total, 6 passed, 19 skipped (existing placeholders), 0 failed. * .NET: address Copilot PR review findings - agent.manifest.yaml: description + tags now reflect bundled-files agent (image-baked /app/resources), not the obsolete session-sandbox tools the prior shape claimed. - SessionFilesHostedAgentTests: wrap test body in try/finally to call DeleteConversationAsync on the conversation we created (matches HappyPathHostedAgentTests pattern; prevents conversation leakage across runs). - ResponseHeaderCapturePolicy: drop unused LastRequestBody capture left over from diagnosis. Test still passes live (40s). * .NET: Hosted-Files: split into bundled vs session-file tool pairs The previous Hosted-Files agent only exposed bundled (image-baked) file knowledge. The platform also surfaces session-uploaded files at \C:\Users\rbarreto inside the per-session container per container-image-spec.md line 172 (verified live by SessionFilesHostedAgentTests). The sample now teaches both patterns. Two distinct tool pairs, each scoped to its own root: Bundled (image-baked): ListBundledFiles, ReadBundledFile -> /app/resources/ (BUNDLED_FILES_DIR override) Session-uploaded (\C:\Users\rbarreto): ListSessionFiles, ReadSessionFile -> \C:\Users\rbarreto (default /home/session per container spec) Security model -- distinct tools, distinct sandboxes: - Tool input is a fileName, not a path. Schema-level: model cannot request directories or traversals. - Path.GetFileName(input) strips any directory components. - Path.GetFullPath + StartsWith(root) check rejects anything outside the tool's root, mirroring FileSystemAgentFileStore.ResolveSafePath. - Read-only, non-recursive listing. No glob, no '..'. - Failures non-revealing: 'File <name> not found in <scope>.' The two roots are physically isolated (image-baked vs platform-mounted per-session volume). A bundled-root tool can never reach a session file and vice-versa, even if the implementation has a bug. README updated to document both flows, the security pattern, and cite the container-image-spec.md line 172 contract for \C:\Users\rbarreto. Live IT SessionFilesHostedAgentTests.UploadedFile_IsReadByHostedAgentAsync re-passed in 42s after the change (TestContainer is unchanged; the sample-agent split does not affect the IT). * .NET: Hosted-Files README - fix broken relative link to IT (4..5 dots)
Roger Barreto ·
2026-05-11 11:56:58 +00:00 -
.NET: Add IChatMessageInjector for message injection during function loop (#5679)
* Adding the ability to inject messages during the function call loop * Split message injection functionality * Remove interface, since it is not required not that we split the chat client. * Address conversation id propogation * Fix formatting issue
westey ·
2026-05-08 17:16:03 +00:00 -
.NET: Update FoundryAgent to address HostedAgents strict URL routing (#5677)
* .NET: Foundry agent-endpoint constructor uses ProjectOpenAIClient directly to fix hosted-agent URL routing Fixes the experimental FoundryAgent(Uri agentEndpoint, AuthenticationTokenProvider, ...) constructor so it actually works against Foundry hosted agents. The previous implementation routed through AzureAIProjectChatClient, which internally called aiProjectClient.GetProjectOpenAIClient().GetProjectResponsesClientForAgent(...). For an agent-endpoint URL of the canonical shape https://<host>/api/projects/<project>/agents/<agentName>/endpoint/protocols/openai the chain produced POST https://<host>/api/projects/<project>/openai/v1/responses (project-level path, no /agents/ segment). The Foundry service rejects this with HTTP 400 "Hosted agents can only be called through the agent endpoint: .../agents/<agentName>/endpoint/protocols/openai/responses". The constructor also extracted the agent name via agentEndpoint.Segments[^1].TrimEnd('/'), which returns "openai" (the last segment), not the agent name. What changed - Public ctor signature: clientOptions parameter type changed from AIProjectClientOptions? to ProjectOpenAIClientOptions?. The constructor is fundamentally building a ProjectOpenAIClient; accepting AIProjectClientOptions was a leaky abstraction whose translation silently dropped any pipeline policies the caller added via AddPolicy(...). With the direct type, caller policies pass through to the per-agent traffic verbatim. - Per-agent client construction: `new ProjectOpenAIClient(BearerTokenPolicy, ProjectOpenAIClientOptions)` with Endpoint and AgentName set, then `GetProjectResponsesClient().AsIChatClient()`. The SDK auto-appends ?api-version=v1 when AgentName is set. - New private static ParseAgentEndpoint helper: single source of truth for both agent-name extraction and project-root derivation. Tolerates trailing slash, case variants on /agents/ and the suffix segment, strips query/fragment, and throws ArgumentException with paramName=nameof(agentEndpoint) for malformed input. - Project-level client (used by CreateConversationSessionAsync) is built fresh from the derived project root with primitive properties copied (RetryPolicy/NetworkTimeout/Transport/UserAgentApplicationId) plus MEAI UA. - New GetService<ProjectOpenAIClient>() entry alongside the existing GetService<AIProjectClient>() (the latter returns null in agent-endpoint mode since no AIProjectClient is constructed on that path). - Endpoint and AgentName on caller-supplied ProjectOpenAIClientOptions are overridden by values derived from agentEndpoint. Compatibility - FoundryAgent is [Experimental(OPENAI001)]. No GA surface touched. The Foundry project does not maintain PublicAPI.*.txt baselines so there is no shipped baseline to update. - The Microsoft.Agents.AI.Foundry csproj pins Azure.AI.Projects to VersionOverride 2.1.0-beta.1 (matching what the IT and hosting projects already use); the central pin in Directory.Packages.props stays at 2.0.0. - WireClientHeaders from PR #5652 is invoked on the agent-endpoint path so per-call x-client-* headers behave identically across both ctors. Tests - 23 new unit tests in FoundryAgentTests.cs: - 12 for the agent-endpoint constructor (URL routing for non-streaming and streaming, conversations URL shape, MEAI UA stamping, caller-policy passthrough on the per-agent pipeline, Endpoint/AgentName override semantics, GetService matrix, ProjectOpenAIClient propagation, UserAgentApplicationId propagation, null-arg validation, ID/Name slug) - 9 for ParseAgentEndpoint (standard shape, trailing slash, casing, sovereign-cloud host without /api/projects/ literal prefix, special chars in agent name, query/fragment stripping, three negative cases) - 2 null-arg tests for the public ctor - All 250 Microsoft.Agents.AI.Foundry.UnitTests pass (was 221 baseline plus 29 from PR #5652 plus 23 new in this PR equals 273; pre-existing tests collapsed by the rebase merge keep the total at 250). - All 225 Microsoft.Agents.AI.Foundry.Hosting.UnitTests pass; no behavioral change to the hosting layer. - dotnet build clean across net8/9/10/netstandard2.0/net472 with TreatWarningsAsErrors=true. - dotnet format --verify-no-changes clean for the touched src and test projects. * .NET: Bump central Azure.AI.Projects pin to 2.1.0-beta.1 and flip Microsoft.Agents.AI.Foundry to preview Required to fix the NU1109 downgrade chain that broke CI on the agent-endpoint constructor rewire (#5677). Microsoft.Agents.AI.Foundry now depends on ProjectOpenAIClientOptions.AgentName and the (AuthenticationPolicy, options) constructor that only exist in Azure.AI.Projects 2.1.0-beta.1. Changes: * Directory.Packages.props: Azure.AI.Projects 2.0.0 -> 2.1.0-beta.1. * Microsoft.Agents.AI.Foundry.csproj: drop IsReleased=true so the package ships as preview (matches the beta SDK we now depend on). Add a comment noting the flip is temporary and should revert once Azure.AI.Projects ships a stable 2.1.0. * Drop redundant VersionOverride="2.1.0-beta.1" from the 10 csprojs that had it as a workaround; the central pin now suffices. Verified: * dotnet build agent-framework-dotnet.slnx --warnaserror clean across all TFMs. * Microsoft.Agents.AI.Foundry.UnitTests 250/250 pass. * Microsoft.Agents.AI.Foundry.Hosting.UnitTests 211/211 pass. * dotnet format --verify-no-changes clean for the touched src and test projects.Roger Barreto ·
2026-05-08 14:46:52 +00:00 -
Fix typo:sesionEleme -> sessionElement (#5674)
Co-authored-by: Jacob Alber <jaalber@microsoft.com>
Hao-Xiong ·
2026-05-07 21:05:41 +00:00 -
.NET: feat: Update Github Copilot SDK to 1.0.0-beta.2 (#5699)
* feat: Update Github Copilot SDK to 1.0.0-beta.2 * Fix formatting Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: Update for breaking changes in Github.Copilot.SDK * fix sample project * fix: whitespace formatting --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Jacob Alber ·
2026-05-07 19:15:10 +01:00