Commit Graph

908 Commits

  • Python: Reduce Azure chat client import overhead (#4744)
    * Reduce Azure chat client import overhead
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Azure chat client type annotations and add _parse_text_from_openai tests
    
    - Move Choice and ChunkChoice imports under TYPE_CHECKING to avoid
      runtime import cost (from __future__ annotations is already present)
    - Restore proper typed signature (Choice | ChunkChoice) instead of Any
    - Add direct unit tests for _parse_text_from_openai covering:
      - Choice with message content
      - ChunkChoice with delta content
      - Refusal branch for both Choice and ChunkChoice
      - No content/no refusal returning None
      - None delta (async content filtering) returning None
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Copilot <copilot@github.com>
  • Python: Fix RUN_FINISHED.interrupt to accumulate all interrupts when multiple tools need approval (#4717)
    * Fix flow.interrupts overwrite when multiple tools need approval (#4590)
    
    Change flow.interrupts assignment to append so that all interrupt entries
    accumulate when multiple tools require approval in a single turn.
    
    Both _run_common.py and _agent_run.py used assignment (=) which caused
    each new interrupt to overwrite the previous one. Switching to append()
    ensures RUN_FINISHED.interrupt contains all pending approvals.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for streaming path with multiple confirm_changes interrupts (#4590)
    
    Add integration test exercising run_agent_stream with multiple predictive
    tool calls requiring confirmation. Verifies that flow.interrupts.append()
    correctly accumulates all interrupt entries and they appear in the
    RUN_FINISHED event.
    
    Also confirms FlowState already declares interrupts field with
    default_factory=list, addressing the AttributeError concern from review.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: fix thread serialization for multi-turn tool calls (#4684)
    * Python: strip fc_id from loaded history
    
    * Move fc_id replay handling into Responses client
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary pytest asyncio marker
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add Responses integration test for fc_id replay
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * removed old arg
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: preserve A2A message context_id (#4686)
    * Python: forward A2A context_id
    
    * Avoid duplicating A2A context ids
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix _deduplicate_messages catch-all branch dropping valid repeated messages (#4716)
    * Fix _deduplicate_messages catch-all branch dropping valid repeated messages (#4682)
    
    Remove the catch-all dedup branch that used (role, hash(content_str)) as a
    dedup key. This incorrectly treated any two messages with the same role and
    identical content as duplicates, dropping valid repeated messages (e.g., a
    user saying 'yes' to confirm two separate things).
    
    The tool-specific dedup branches (tool results by call_id, assistant tool
    calls by call_id tuple) remain unchanged as they correctly identify true
    protocol-level duplicates.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review: consecutive-duplicate detection for non-tool messages (#4682)
    
    - Replace blanket dedup removal with consecutive-duplicate detection:
      only skip a message if the immediately preceding message has the same
      role and content, preserving protection against upstream replays while
      allowing identical messages at different conversation points.
    - Strengthen test assertions to verify message identity and order, not
      just list length.
    - Add tests for consecutive duplicate skipping, non-consecutive
      preservation, and messages with contents=None.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Use message_id for deduplication instead of content hashing
    
    Deduplicate general messages by message_id when available, replacing
    the consecutive-duplicate content check. Two messages with the same id
    are definitively the same message (upstream replay), while identical
    content with distinct ids (e.g. repeated "yes" confirmations) is
    preserved. Messages without a message_id are always kept.
    
    * Fix message_id dedup: truthy check, content-hash fallback, log safety
    
    - Use truthy check (`if msg.message_id`) instead of `is not None` so
      empty-string IDs fall through to content-hash dedup rather than
      collapsing unrelated messages.
    - Add content-hash fallback for messages without message_id, preventing
      false negatives from integrations that don't set IDs.
    - Remove raw message_id from log format string (addresses log-injection
      surface with control characters).
    - Add tests for empty-string message_id edge cases.
    - Update existing tests to reflect content-hash dedup behavior.
    
    Fixes #4682
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: keep MCP cleanup on the owner task (#4687)
    * Python: keep MCP cleanup on owner task
    
    * Avoid MCP owner task deadlocks
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix MCP owner-task timeout tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: normalize empty MCP tool output to null (#4683)
    * Python: normalize empty MCP tool output to null
    
    * Python: hardcode null for empty MCP output
  • Python: chore(python): improve dependency range automation (#4343)
    * chore(python): improve dependency range automation
    
    - tighten dependency bounds and coding standards guidance\n- add dependency range validation workflow, reporting, and issue automation\n- update related tests and dependency pins for compatibility
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated text and pyarrow
    
    * new lock
    
    * fixed workflow
    
    * updated deps
    
    * fix tiktoken
    
    * chore(python): refine dependency validation workflows
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(python): add high-level dependency validation comments
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * WIP
    
    * added additional comments and excludes
    
    * added dev dependency handling and workflow and updates to package ranges
    
    * added readme and simplified commands
    
    * fix markers
    
    * chore(python): address dependency review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Tighten dependency bounds, remove stale overrides, restore Python 3.10 support
    
    - Apply dependency bound policy across all packages: stable >=1.0 deps use
      >=floor,<next_major; pre-1.0/prerelease deps use validated hard-bounded ranges
    - Remove stale root tool.uv.override-dependencies (uvicorn, websockets, grpcio)
    - Lower github_copilot requires-python to >=3.10 with github-copilot-sdk gated
      behind python_version >= 3.11 marker; import raises ImportError on 3.10
    - Skip github_copilot pyright/mypy/test tasks on Python <3.11
    - Use version-conditional pyrightconfig for samples on Python 3.10
    - Add compatibility fix in core responses client for older openai typed dicts
    - Normalize uv.lock prerelease mode and refresh dev dependencies
    - Update CODING_STANDARD.md, DEV_SETUP.md, and package management skill docs
    
    Closes #902
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * small tweaks
    
    * add note in workflow
    
    * fix workflows and several versions
    
    * fix duplicate
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • [BREAKING] Python: clean up kwargs across agents, chat clients, tools, and sessions (#4581)
    * Python: clean up kwargs across agents, chat clients, tools, and sessions (#3642)
    
    Audit and refactor public **kwargs usage across core agents, chat clients,
    tools, sessions, and provider packages per the migration strategy codified
    in CODING_STANDARD.md.
    
    Key changes:
    - Add explicit runtime buckets: function_invocation_kwargs and client_kwargs
      on RawAgent.run() and chat client get_response() layers.
    - Refactor FunctionTool to prefer explicit ctx: FunctionInvocationContext
      injection; legacy **kwargs tools still work via _forward_runtime_kwargs.
    - Refactor Agent.as_tool() to use direct JSON schema, always-streaming
      wrapper, approval_mode parameter, and UserInputRequiredException
      propagation (integrates PR #4568 behavior).
    - Remove implicit session bleeding into FunctionInvocationContext; tools
      that need a session must receive it via function_invocation_kwargs.
    - Lower chat-client layers after FunctionInvocationLayer accept only
      compatibility **kwargs (client_kwargs flattened, function_invocation_kwargs
      ignored).
    - Add layered docstring composition from Raw... implementations via
      _docstrings.py helper.
    - Clean up provider constructors to use explicit additional_properties.
    - Deprecation warnings on legacy direct kwargs paths.
    - Update samples, tests, and typing across all 23 packages.
    
    Resolves #3642
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * clarified docstring
    
    * feedback fixes
    
    * Add unit tests for _docstrings.py build/apply helpers
    
    Tests cover: no docstring source, no extra kwargs, appending to existing
    Keyword Args section, inserting after Args, inserting in plain docstrings,
    multiline descriptions, ordering, and apply_layered_docstring.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for propagate_session TypeError on non-AgentSession values
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for multi-content and empty UserInputRequiredException propagation
    
    Cover the branching logic in _try_execute_function_calls for:
    - Multiple user_input_request items in a single exception (extra_user_input_contents path)
    - Empty contents list (fallback function_result path)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for DurableAIAgent.get_session forwarding service_session_id
    
    Verifies get_session correctly forwards service_session_id and session_id
    to the executor's get_new_session, replacing the removed kwargs test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Simplify ag-ui test stub to read session from client_kwargs only
    
    Remove dual-mode detection (client_kwargs vs raw kwargs fallback) from
    the test mock. Session is now read exclusively from client_kwargs,
    matching the settled public calling convention.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated create and get sessions in durable
    
    * fixed docstrings
    
    * fix test
    
    * updated session handling
    
    * updated from main
    
    * updated tests
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix type hint for Case and Default (#3985)
    * Fix type hint for `Case` and `Default`
    
    * Add test
    
    ---------
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: A2AAgent defaults name/description from AgentCard (#4661)
    * Python: A2AAgent defaults name/description from AgentCard
    
    When an AgentCard is provided but name/description are not explicitly
    set, A2AAgent now falls back to agent_card.name and agent_card.description.
    This avoids redundant duplication when constructing A2AAgent instances,
    especially in GroupChat orchestrations where name and description are
    essential for routing decisions.
    
    Explicit values still take precedence over card values.
    
    Fixes #4630
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use 'is None' checks instead of truthiness for name/description fallback
    
    Ensures explicitly provided empty strings are not overridden by
    agent_card values. Adds test for the empty string edge case.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Unify tool results as Content items with rich content support (#4331)
    * feat(python): allow @tool functions to return rich content (images, audio)
    
    Add support for tool functions to return Content objects that the model can perceive natively. Closes #4272
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Anthropic logging + mypy fix
    
    * Address PR review: fix MCP ordering, fold helper into from_function_result, fix Chat client
    
    - Preserve original content order in MCP tool results instead of text-first
    - Move _build_function_result logic into Content.from_function_result()
    - Chat Completions: inject user message for rich items (API only supports string tool content)
    - Update tests for ordering and new from_function_result behavior
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use native Responses API multi-part output, warn+omit for Chat client
    
    - Responses client: put rich items directly in function_call_output's
      output field as list (native API support) instead of user message injection
    - Chat client: warn and omit rich items (API doesn't support multi-part
      tool results), matching Ollama/Bedrock pattern
    - Unify test image: use sample_image.jpg across all integration tests
    - Add Azure OpenAI Responses integration test
    - Assert model describes house image to verify perception
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove print statement, wrap long line
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback: bug fixes, single-pass MCP, unit tests
    
    - Add isinstance guard in from_function_result for non-Content lists
    - Fix Anthropic empty tool_content fallback to string result
    - Fix Content(type='text', text=None) edge case in parse_result
    - Rewrite MCP _parse_tool_result_from_mcp as single-pass (no index counters)
    - Add Anthropic unit tests: data image, uri image, unsupported media, all-unsupported
    - Add OpenAI Chat unit test: rich items warning and omission
    - Add OpenAI Responses unit tests: function_result with/without items
    - Add test_types tests: only-rich-items list, non-Content list fallback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright errors: add type ignore comments for Any list iteration
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix mypy/pyright: ensure ToolExecutionException receives str
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove duplicate test_prepare_options_excludes_conversation_id
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: unify all tool results into Content items
    
    * addressed copilot comments
    
    * pyright fix
    
    * small fix
    
    * comments
    
    * fix: address Copilot review - warnings, blob safety, dedup
    
    - Add warning logs when rich content is dropped in Claude agent and
      MCP server handlers (matching Chat/Bedrock/Ollama pattern)
    - Defensive blob URI construction: wrap plain base64 in data: prefix
    - Simplify Chat client _prepare_content_for_openai to use content.result
    - Simplify Responses client text-only path, remove redundant nesting
    - Add test for plain base64 blob without data: prefix
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix token double-counting in compaction and address review comments
    
    - Exclude items from _serialize_content() to prevent double-counting
      tokens when items mirrors result in function_result content
    - Add rich content warning in GitHub Copilot agent tool handler
    - Replace raw Content debug log with concise item count/type summary
    - Update stale test comments about FunctionTool.invoke return type
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • fix: omit toolConfig when tool_choice="none" in BedrockChatClient (#4535)
    Bedrock's Converse API only accepts "auto", "any", or "tool" as valid
    toolChoice keys. The previous code mapped tool_choice="none" to
    {"none": {}}, which causes a botocore.exceptions.ParamValidationError.
    
    When tool_choice="none" (set by FunctionInvocationLayer after exhausting
    max iterations), the fix now omits toolConfig entirely so the model
    won't attempt tool calls.
    
    Added tests for tool_choice="none", "auto", and "required" modes.
    
    Fixes #4529
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities (#4518)
    * Use deepcopy for state snapshot to detect nested mutations (#4500)
    
    Replace dict() shallow copy with copy.deepcopy() when snapshotting
    workflow state before activity execution. The shallow copy shared
    references to nested objects (dicts, lists), so in-place mutations by
    executors were reflected in both the snapshot and live state, producing
    an empty diff and preventing state updates from propagating to
    downstream activities.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities
    
    Fixes #4500
    
    * Address PR review: remove report, extract testable helpers (#4500)
    
    - Delete REPRODUCTION_REPORT.md (debugging artifact with local paths
      and raw LLM output)
    - Extract _create_state_snapshot() and _compute_state_updates() as
      module-level helpers in _app.py so tests exercise the production
      code path
    - Update TestStateSnapshotDiff to import and use production helpers
      instead of reimplementing snapshot/diff logic locally
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Add regression tests proving shallow copy bug and deep copy isolation (#4500)
    
    Add two additional tests to TestStateSnapshotDiff:
    - test_shallow_copy_would_miss_nested_mutations: reproduces the original
      bug by demonstrating that dict() (shallow copy) misses nested mutations
    - test_create_state_snapshot_isolates_nested_objects: verifies the
      production _create_state_snapshot helper creates a true deep copy
    
    These tests ensure a regression back to shallow copy would be caught.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add integration test exercising full activity code path (#4500)
    
    Address PR review comment: add test_executor_activity_detects_nested_state_mutations
    that captures the actual executor_activity function from _setup_executor_activity
    and verifies it detects in-place nested mutations. This test would fail if
    _app.py line 314 regressed from _create_state_snapshot() back to dict().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #4518: review comment fixes
    
    * Address PR review feedback for state snapshot diff
    
    - Inline _compute_state_updates logic at call site to reuse precomputed
      original_keys/current_keys sets, avoiding redundant set allocations
    - Fix test docstring to describe behavioral regression instead of
      hard-coding a specific line number
    - Use SOURCE_ORCHESTRATOR constant in integration test instead of
      literal string
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * fix: remove unused _compute_state_updates from _app.py (#4518)
    
    The function was inlined per review comment, making the module-level
    helper unused and triggering a pyright reportUnusedFunction error.
    Move the helper into the test file where it is still needed for unit
    testing the diffing logic.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Bump rollup from 4.47.1 to 4.59.0 in /python/packages/devui/frontend (#4338)
    Bumps [rollup](https://github.com/rollup/rollup) from 4.47.1 to 4.59.0.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rollup/rollup/compare/v4.47.1...v4.59.0)
    
    ---
    updated-dependencies:
    - dependency-name: rollup
      dependency-version: 4.59.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump minimatch from 3.1.2 to 3.1.5 in /python/packages/devui/frontend (#4337)
    Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
    - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
    - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)
    
    ---
    updated-dependencies:
    - dependency-name: minimatch
      dependency-version: 3.1.5
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Fix CWE-863: Validate function approval responses in DevUI executor (#4598)
    The DevUI /v1/responses endpoint accepts function_approval_response content
    without verifying that the request_id corresponds to a real pending approval
    request issued by the server. This allows forged approval responses to
    execute arbitrary tools with attacker-controlled arguments, bypassing
    approval_mode='always_require'.
    
    Changes:
    - Track outgoing approval requests in a server-side registry
      (_pending_approvals) keyed by request_id
    - Validate incoming approval responses against this registry; reject
      any response whose request_id was not issued by the server
    - Use server-stored function_call data (tool name, arguments, call_id)
      instead of client-supplied data when constructing the approval response
    - Consume request_ids on use (pop from registry) to prevent replay attacks
    
    Tests:
    - 8 new tests covering forged rejection, server-data enforcement,
      anti-replay, multiple independent approvals, and edge cases
    
    Co-authored-by: REDMOND\tusharmudi <tusharmudi@microsoft.com>
  • Python: Validate approval responses against server-side pending request registry (#4548)
    * Validate approval responses against server-side pending request registry
    
    * improvements
    
    * pin GHCP sdk version to non-breaking for now
    
    * Pin CHCP sdk to LKG.
    
    * really fix GHCP sdk pkg version
    
    * Fix HITL approval validation security gaps and memory leak
    
    - Validate rejected approval responses against pending_approvals registry,
      not just approved ones. Fabricated rejections without a prior request are
      now stripped from messages before reaching the LLM.
    - Bound _pending_approvals with OrderedDict + LRU eviction (max 10k) to
      prevent unbounded memory growth from abandoned approval requests.
    - Skip registration when function_call.name is None/empty; log warning
      when content.id or function_call is missing at registration time.
    - Document pending_approvals parameter in run_agent_stream docstring.
    - Add test for fabricated rejection attack scenario.
    - Assert pending approval entry is preserved after function name mismatch.
    - Pre-populate pending_approvals in rejection test for correct validation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix function_approval_response extraction in AG-UI workflow path (#4550)
    * Extract function_approval_response from workflow messages (#4546)
    
    _extract_responses_from_messages now handles function_approval_response
    content in addition to function_result content. Previously, approval
    responses sent via the messages field were silently dropped because the
    function only checked for content.type == "function_result".
    
    The approval response is keyed by content.id and includes the approved
    status, id, and serialized function_call — consistent with how
    _coerce_content identifies approval response payloads.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Fix #4546: Update docstring and add integration tests for message-based approvals
    
    - Update _extract_responses_from_messages docstring to reflect that it
      now handles function_approval_response content in addition to
      function_result content.
    - Add integration tests for run_workflow_stream across two turns with
      approval responses provided via messages (function_approvals) rather
      than resume.interrupts, covering both approved and denied scenarios.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review feedback for #4546
    
    - Use safer 'not .get("interrupt")' assertion instead of 'not in'
      to handle Pydantic v2 model_dump() including keys with None values
    - Add unit test for mixed function_result and function_approval_response
      in the same message to TestExtractResponsesFromMessages
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix missing status input for OpenAI responses API (#4626)
    * Fix missing status input for OpenAI responses API
    
    * Fix mypy
    
    * Address comments
    
    * Remove raw_rep restore
    
    * Do not set status if it's None
  • Python: Implement annotation-based context compaction (#4469)
    * Implement annotation-based context compaction
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Handle missing compaction attributes in BaseChatClient
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI typing and bandit issues
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Optimize incremental compaction annotation pass
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement
    
    * Python: add ToolResultCompactionStrategy and CompactionProvider
    
    Add ToolResultCompactionStrategy that collapses older tool-call groups
    into short summary messages (e.g. [Tool calls: get_weather]) while
    keeping the most recent groups verbatim. This mirrors the .NET
    ToolResultCompactionStrategy from PR #4533.
    
    Add CompactionProvider as a context-provider that auto-applies compaction
    before each agent turn and stores compacted history in session state
    after each turn.
    
    Includes tests and samples for both features.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement and alignment with dotnet PR
    
    * updated tool result compaction
    
    * updated tool result compaction
    
    * Python: add ToolResultCompactionStrategy, CompactionProvider, and skip_excluded
    
    - ToolResultCompactionStrategy collapses older tool-call groups into
      [Tool results: func_name: result] summaries with bidirectional tracing
      (same pattern as SummarizationStrategy).
    - CompactionProvider as BaseContextProvider with separate before_strategy
      and after_strategy parameters. before_strategy compacts loaded context;
      after_strategy compacts stored history via history_source_id.
    - InMemoryHistoryProvider gains skip_excluded flag to filter out messages
      marked as excluded by compaction strategies.
    - Tests, samples, and exports updated.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fixed checks
    
    * fix mypy
    
    * Fix: ensure summary messages from both strategies get full compaction annotations
    
    SummarizationStrategy was not calling annotate_message_groups after
    inserting its summary message, so the summary lacked core group
    annotations (id, kind, index, has_reasoning, _excluded). Added the
    missing call. ToolResultCompactionStrategy already had it.
    
    Added tests verifying both strategies produce fully annotated summaries.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated propagation
    
    * fix mypy
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Support skill scripts execution (#4558)
    * support skill scripts execution
    
    * fix mixed line endings
    
    * address comments and fix syntax issues
    
    * use few try/except instead of one
    
    * change samples
    
    * validate either script path or script resource is set not both
    
    * fix: separate LLM args from runtime kwargs in skill script execution
    
    * address pr review comments
    
    * address PR review comments
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * 1. Fixing the caching bug where parameters_schema would re-inspect on every call when the result was None
       2. Updating the arguments tool description to be more generic (not CLI-specific)
    
    * fix failing tests
    
    * address pr review comments
    
    * address pr review comments
    
    * allow resource function returning any instead of sting
    
    * address PR review comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Fix broken link in purview README (504 on Microsoft 365 Dev Program URL) (#4610)
    * Initial plan
    
    * Fix broken link in purview README: replace 504-returning dev-program URL with stable learn.microsoft.com URL
    
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
  • Python: Fix executor_completed event with non-copyable raw_representation in mixed workflows (#4493)
    * Python: Fix `executor_completed` event with non-copyable raw_representation in mixed workflows
    
    Fixes #4455
    
    * fix(#4455): use class-level sets for deepcopy field exclusion
    
    - SerializationMixin.__deepcopy__: check type(self).DEFAULT_EXCLUDE
      instead of hardcoding 'raw_representation'
    - Content.__deepcopy__: add _SHALLOW_COPY_FIELDS class variable and
      check against it instead of hardcoding
    - Fix tautological assertion in test (was always True)
    - Add second excluded field to test to verify DEFAULT_EXCLUDE is
      respected generically
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Decouple __deepcopy__ from DEFAULT_EXCLUDE in SerializationMixin (#4455)
    
    Introduce _SHALLOW_COPY_FIELDS class variable in SerializationMixin to
    separate deep-copy semantics from serialization semantics. Previously,
    __deepcopy__ used DEFAULT_EXCLUDE to decide which fields to shallow-copy,
    conflating 'not serialized' with 'not safe to deep-copy'. A field added
    to DEFAULT_EXCLUDE purely for serialization (e.g. additional_properties)
    would be silently shared between original and copy.
    
    - Add _SHALLOW_COPY_FIELDS (default {'raw_representation'}) to
      SerializationMixin, matching the pattern already used by Content
    - Update __deepcopy__ to read from _SHALLOW_COPY_FIELDS instead of
      DEFAULT_EXCLUDE
    - Add test verifying DEFAULT_EXCLUDE fields are deep-copied unless
      also in _SHALLOW_COPY_FIELDS
    - Add test for Content._SHALLOW_COPY_FIELDS identity preservation
    - Add test for ChatResponse deep-copying additional_properties
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for _SHALLOW_COPY_FIELDS and DEFAULT_EXCLUDE independence
    
    Add test_deepcopy_shallow_copy_fields_override_default_exclude to verify
    that a field in both DEFAULT_EXCLUDE and _SHALLOW_COPY_FIELDS is
    shallow-copied (controlled by _SHALLOW_COPY_FIELDS), while a field in
    DEFAULT_EXCLUDE only is still deep-copied. This addresses review comment
    #11 ensuring the two class variables control independent concerns.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary local variable in __deepcopy__
    
    Inline cls._SHALLOW_COPY_FIELDS directly in the loop check instead of
    assigning to a local variable first, per review feedback.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Prevent pickle deserialization of untrusted HITL HTTP input (#4566)
    * fix: prevent pickle deserialization of untrusted HITL input
    
    Add strip_pickle_markers() to sanitize HTTP input before it reaches
    pickle.loads() via the checkpoint decoding path. Applied as a 3-layer
    defence-in-depth:
    
    1. _app.py: sanitize req.get_json() at the HTTP boundary
    2. _workflow.py: sanitize in _deserialize_hitl_response() before decode
    3. _serialization.py: sanitize in reconstruct_to_type() as final guard
    
    Any dict containing __pickled__ or __type__ markers from untrusted
    sources is replaced with None, blocking arbitrary code execution via
    crafted payloads to POST /workflow/respond/{instanceId}/{requestId}.
    
    Includes 12 new unit tests covering the sanitizer and end-to-end
    attack prevention.
    
    * refactor: address review concerns for pickle fix
    
    1. Remove deserialize_value() fallback in _deserialize_hitl_response
       untrusted HITL data now returns as-is when no type hint is available,
       never flowing into pickle.loads().
    
    2. Move strip_pickle_markers() out of reconstruct_to_type()  the function
       is general-purpose again; untrusted-data callers are responsible for
       sanitizing first (documented with NOTE comment).
    
    3. Define _PICKLE_MARKER/_TYPE_MARKER as local constants with import-time
       assertions against core's values  decouples from private names while
       failing loudly if core ever changes them.
    
    4. Update tests to reflect new responsibility boundaries.
    
    * fix: simplify warning message and fix ruff RUF001 lint
    
    * fix: suppress pyright reportPrivateUsage on core marker imports
    
    * Lower marker-strip log from warning to debug to avoid log flooding
    
    * Replace assert with RuntimeError for marker sync checks (ruff S101)
    
    * Fix pyright and ruff CI errors in security fix
    
    - Use cast() for dict/list comprehensions in strip_pickle_markers (pyright)
    - type: ignore for narrowed dict return in _workflow.py (pyright)
    - Simplify marker imports: use core constants directly, remove local copies
    - Remove duplicate pyright ignore comment
    
    * Remove duplicate end-to-end test in TestStripPickleMarkers
    
    * Suppress mypy redundant-cast on list cast needed by pyright
  • Python: Fix store=False not overriding client default (#4569)
    * Fix store=False not overriding client default
    
    * Address comments
    
    * Fix unit tests
    
    * Fix integration tests
    
    * Fix tests
  • Auto-finalize ResponseStream on iteration completion (#4478)
    * Add multi-turn streaming sample and rename multi-turn samples
    
    - Rename 03_multi_turn.py to 03a_multi_turn.py
    - Add 03b_multi_turn_streaming.py showing streaming with session history
    - The new sample demonstrates calling get_final_response() after
      iterating the stream to persist conversation history
    - Update READMEs to reflect the new file names
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Auto-finalize ResponseStream on iteration completion
    
    When a ResponseStream is fully consumed via async iteration,
    automatically trigger finalization (finalizer + result hooks).
    This ensures session history is persisted in streaming multi-turn
    conversations without requiring an explicit get_final_response() call.
    
    - Add auto-finalize call in __anext__ on StopAsyncIteration
    - Guard inner stream finalization to prevent double-execution
    - Re-check _finalized after iteration in get_final_response()
    - Add tests for auto-finalization and streaming session history
    - Revert sample file renames from previous commit
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * README fix
    
    * Fix SIM102 lint: combine nested if statements
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Exclude conversation_id from chat completions API options (#4517)
    * Python: Exclude conversation_id from chat completions options (#4315)
    
    When a session with service_session_id is passed to an agent using the
    Chat Completions client, conversation_id leaked through _prepare_options()
    into AsyncCompletions.create(), causing an 'unexpected keyword argument'
    error. The Responses client already excluded conversation_id but the Chat
    Completions client did not.
    
    Added conversation_id to the exclusion set in _prepare_options().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Remove reproduction report artifact
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix conversation-id propagation when chat_options is a dict (#4340)
    * Fix #4305: Handle dict chat_options in _update_conversation_id
    
    _update_conversation_id assumed chat_options had attribute access, but
    ChatOptions is a TypedDict (dict). When a dict was passed, setting
    .conversation_id raised AttributeError. Now checks isinstance(dict) and
    uses key access for dicts, falling back to attribute access for objects.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: use Mapping ABC and add missing tests (#4305)
    
    - Use collections.abc.Mapping instead of dict for isinstance check in
      _update_conversation_id, making it more robust for non-dict mapping types.
    - Add test for object-style chat_options with optional options dict parameter.
    - Add test verifying existing conversation_id gets overwritten (idempotent).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary Mapping check in _update_conversation_id (#4305)
    
    chat_options is always a dict, so the isinstance(chat_opts, Mapping)
    check and the else branch for attribute-style access are dead code.
    Simplify to direct dict key assignment and remove object-style tests.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: [Breaking] Upgrade to azure-ai-projects 2.0+ (#4536)
    * Prepare azure-ai-projects 2.0 GA compatibility
    
    Add allow_preview support for internal AIProjectClient creation, keep backward compatibility for renamed SDK model classes, and align Azure AI/core paths and tests for GA validation workflows.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * upgrade to ai-project==2.0.0
    
    * Python: remove azure-ai-projects keyword-guard paths
    
    Assume azure-ai-projects 2.0+ in Azure AI client/provider/responses code paths by removing _supports_keyword_argument gating and related fallback branching.
    
    Also fix pyright typing in FoundryMemoryProvider memory store calls by using ResponseInputItemParam-typed items.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * check fixes
    
    * Python: remove unsupported foundry_features option
    
    Drop foundry_features from Azure AI client and provider surfaces because azure-ai-projects 2.0.0 does not expose that create_version parameter.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: add allow_preview to Foundry memory provider
    
    Propagate allow_preview when FoundryMemoryProvider constructs an AIProjectClient and update tests accordingly.
    
    Also finish wiring allow_preview through AzureAIClient-facing surfaces and related docs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * aligning docstrings
    
    * udpated lock
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • [BREAKING] Python: Update github-copilot-sdk integration to use ToolInvocation/ToolResult types (#4551)
    * Update github_copilot package for github-copilot-sdk>=0.1.32 (#4549)
    
    - Update requires-python from >=3.10 to >=3.11
    - Remove Python 3.10 classifier
    - Update mypy python_version to 3.11
    - Update dependency to github-copilot-sdk>=0.1.32
    - Fix ToolResult API: use snake_case kwargs (text_result_for_llm,
      result_type) instead of camelCase (textResultForLlm, resultType)
    - Update test assertions to use attribute access on ToolResult
    - Add ToolResult type assertions to tool handler tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix tests to use ToolInvocation dataclass instead of plain dict (#4549)
    
    Update test_github_copilot_agent.py to pass ToolInvocation objects to tool
    handlers instead of plain dicts, matching the github-copilot-sdk>=0.1.32 API
    where ToolInvocation is a dataclass with an .arguments attribute.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add regression tests for ToolInvocation contract (#4549)
    
    Add tests to lock in the new ToolInvocation-based calling convention:
    - test_tool_handler_rejects_raw_dict_invocation: verifies passing a raw
      dict (old calling convention) raises TypeError/AttributeError
    - test_tool_handler_with_empty_arguments: verifies ToolInvocation with
      empty arguments works correctly for no-arg tools
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert requires-python to >=3.10 to avoid breaking CI (#4549)
    
    The repo CI runs with Python 3.10 (uv sync --all-packages) and all other
    packages require >=3.10. Raising this package to >=3.11 would break the
    shared install flow. The SDK dependency version constraint (>=0.1.32) will
    enforce any Python version requirement from the SDK itself.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix min Python version for github_copilot package to >=3.11
    
    github-copilot-sdk>=0.1.32 requires Python>=3.11, which conflicts
    with the package's declared >=3.10 minimum, breaking uv sync.
    
    * Bump py version for GH workflows to 3.11, exclude GHCP sdk from 3.10 items
    
    * Fix uv command
    
    * Fixes
    
    * Update samples
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Improve ag-ui tests and coverage (#4442)
    * Improve ag-ui tests and coverage
    
    * fix tests paths
    
    * Fixes
    
    * Improve AG-UI test robustness and correctness
    
    - Map toolName → tool_call_name in SSE helpers for TOOL_CALL_START events
    - Fail loudly on malformed SSE JSON in parse_sse_response() instead of silently dropping
    - Detect duplicate TOOL_CALL_START/TOOL_CALL_END in assert_tool_calls_balanced()
    - Remove fragile source line reference from test docstring
    - Add found guard in test_client_tool_sets_additional_properties to prevent vacuous pass
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix RedisContextProvider for redisvl 0.14.0 by using AggregateHybridQuery (#3954)
    * Initial plan
    
    * Fix: Replace alpha with linear_alpha in HybridQuery for redisvl 0.14.0 compatibility
    
    Co-authored-by: markwallace-microsoft <127216156+markwallace-microsoft@users.noreply.github.com>
    
    * Address code review: Improve test readability and add explanatory comment
    
    Co-authored-by: markwallace-microsoft <127216156+markwallace-microsoft@users.noreply.github.com>
    
    * Add CHANGELOG entry for redisvl 0.14.0 compatibility fix
    
    Co-authored-by: eavanvalkenburg <13749212+eavanvalkenburg@users.noreply.github.com>
    
    * Use AggregateHybridQuery instead of HybridQuery for backward compatibility
    
    Replace HybridQuery with AggregateHybridQuery to preserve existing functionality that works with older Redis versions. The new HybridQuery in redisvl 0.14.0 requires Redis 8.4.0+ and uses a different API, while AggregateHybridQuery maintains compatibility with the original implementation.
    
    Co-authored-by: TaoChenOSU <12570346+TaoChenOSU@users.noreply.github.com>
    
    * Fix test to use linear_alpha parameter matching _redis_search implementation
    
    The test was passing alpha as a keyword argument to _redis_search(), but the
    method uses linear_alpha to match the redisvl 0.14.0 AggregateHybridQuery API.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright error: use alpha parameter matching AggregateHybridQuery API
    
    AggregateHybridQuery expects 'alpha', not 'linear_alpha'. Updated the
    _redis_search method parameter and the test accordingly.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: markwallace-microsoft <127216156+markwallace-microsoft@users.noreply.github.com>
    Co-authored-by: eavanvalkenburg <13749212+eavanvalkenburg@users.noreply.github.com>
    Co-authored-by: TaoChenOSU <12570346+TaoChenOSU@users.noreply.github.com>
    Co-authored-by: Ben Thomas <ben.thomas@microsoft.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Propagated MCP isError flag through function middleware pipeline (#4511)
    * Propagated MCP isError flag through function middleware pipeline
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Small update
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix as_agent() not defaulting name/description from client properties (#4484)
    * Fix as_agent() not defaulting name/description from client properties
    
    AzureAIClient.as_agent() and AzureAIAgentClient.as_agent() now fall back
    to self.agent_name and self.agent_description when name/description are
    not explicitly passed. This ensures Agent.name is populated for
    telemetry spans without requiring callers to repeat the name.
    
    Fixes #4471
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review: use is None checks instead of truthiness
    
    Switch from name or self.agent_name to explicit is None checks so
    that callers can intentionally pass empty strings without them being
    replaced by client defaults. Added edge-case tests for empty strings.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update docstrings to document name/description defaulting behavior
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Forward runtime kwargs to skill resource functions (#4417)
    * support code skills
    
    * address pr review comments
    
    * address package and syntax checks
    
    * address pr review comments
    
    * address pr review comment
    
    * address failed check
    
    * rename agentskill and agetnskillprovider
    
    * move agent skills related assets to _skills.py
    
    * address pr review comments
    
    * address review comments
    
    * support kwargs
    
    * address pr review feedback
  • Python: Fix Python pyright package scoping and typing remediation (#4426)
    * Fix Python pyright package scoping and typing remediation
    
    Implements issue #4407 by removing the root pyright include, adding package-level pyright includes, and resolving pyright/mypy typing issues across Python packages. Also cleans unnecessary casts and applies line-level, rule-specific ignores where external libraries are too dynamic.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Reduce pyright cost in handoff cloning
    
    Simplify cloned_options construction in HandoffAgentExecutor to avoid expensive TypedDict narrowing/inference in _handoff.py, which was causing pyright to spend a long time in orchestrations.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix types
    
    * Fix lint and type-check regressions
    
    Resolve current Python package check failures across lint, pyright, and mypy after recent code changes, including purview/declarative pyright issues and multiple ruff simplification findings.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fixed hooks
    
    * Stabilize package tests and test tasks
    
    Resolve cross-package non-integration test failures, simplify streaming type flow, harden locale/culture handling, and standardize package test poe tasks to exclude integration tests where applicable.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * lots of small fixes
    
    * Fix current Python test regressions
    
    Address current failing unit tests in azure-ai, bedrock, and azure-cosmos while keeping Bedrock parsing logic inline (no new static helper methods).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * small fixes
    
    * small fixes
    
    * removed pydantic from json
    
    * final updates
    
    * fix core
    
    * fix tests
    
    * fix obser
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add propagate_session to as_tool() for session sharing in agent-as-tool scenarios (#4439)
    * Python: Add propagate_session parameter to as_tool() for session sharing
    
    Add opt-in session propagation in agent-as-tool scenarios. When
    propagate_session=True, the parent agent's AgentSession is forwarded
    to the sub-agent's run() call, allowing both agents to share session
    state (history, metadata, session_id).
    
    - Add propagate_session parameter to BaseAgent.as_tool() (default False)
    - Include session in additional_function_arguments so it flows to tools
    - Add 3 tests for propagation on/off and shared state verification
    - Add sample showing session propagation with observability middleware
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Clarify propagate_session docstring per review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: [BREAKING] Support code-defined agent skills (#4387)
    * support code skills
    
    * address pr review comments
    
    * address package and syntax checks
    
    * address pr review comments
    
    * address pr review comment
    
    * address failed check
    
    * rename agentskill and agetnskillprovider
    
    * move agent skills related assets to _skills.py
    
    * address pr review comments
    
    * address review comments
  • Python: feat(claude): add plugins, setting_sources, thinking, and effort options to ClaudeAgentOptions (#4425)
    * feat(claude): add plugins, setting_sources, thinking, and effort options
    
    Add four Claude Agent SDK options to ClaudeAgentOptions that are clean
    passthroughs with no abstraction conflicts:
    
    - plugins: load Claude Code plugins programmatically via SdkPluginConfig
    - setting_sources: control which .claude settings files are loaded
    - thinking: modern extended thinking config (adaptive/enabled/disabled)
    - effort: control thinking depth (low/medium/high/max)
    
    * feat(claude): remove max_thinking_tokens, add plugins/setting_sources/thinking/effort
    
    Remove the deprecated max_thinking_tokens field from ClaudeAgentOptions
    in favor of the new thinking field (ThinkingConfig).
    
    Add four Claude Agent SDK options as clean passthroughs:
    - plugins: load Claude Code plugins via SdkPluginConfig
    - setting_sources: control which .claude settings files are loaded
    - thinking: extended thinking config (adaptive/enabled/disabled)
    - effort: thinking depth control (low/medium/high/max)
  • Python: Fix PowerFx eval crash on non-English system locales by setting CurrentUICulture to en-US (#4408)
    * Fix #4321: Set CurrentUICulture to en-US in PowerFx eval()
    
    On non-English systems, CultureInfo.CurrentUICulture causes PowerFx to
    emit localized error messages. The existing ValueError guard only matches
    English strings ("isn't recognized", "Name isn't valid"), so undefined
    variable errors crash instead of returning None gracefully.
    
    Fix: save and restore CurrentUICulture alongside CurrentCulture before
    calling engine.eval(), ensuring error messages are always in English.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Reuse single CultureInfo instance to avoid redundant allocations
    
    Cache CultureInfo("en-US") in a local variable instead of instantiating
    it twice per eval() call, as suggested in PR review.
    
    Fixes #4321
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add assertion for CurrentUICulture restoration after eval
    
    Assert that the production code's finally-block correctly restores
    CurrentUICulture to it-IT after eval returns, covering future
    regressions where the culture could leak.
    
    The CultureInfo caching suggestion (comment #2) was already
    implemented in the production code.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix MCP tools duplicated on second turn when runtime tools are present (#4432)
    * Fix MCP tools duplicated on second turn when runtime tools are present
    
    When AG-UI's collect_server_tools pre-expands MCP functions on turn 2
    (after the MCP server is connected), _prepare_run_context unconditionally
    appends them again from self.mcp_tools, duplicating every MCP tool.
    
    Skip MCP functions whose names already exist in the final tool list,
    following the same name-based dedup pattern used in _merge_options.
    
    Fixes #4381
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * mypy fix
    
    * Remove issue-specific references from test docstring
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Upgraded azure-ai-projects to 2.0.0b4 (#4438)
    * Upgraded azure-ai-projects to 2.0.0b4
    
    * Fixed tests
  • Python: Fix: Parse oauth_consent_request events in Azure AI client (#4197)
    * Fix: Parse oauth_consent_request events in Azure AI client (#3950)
    
    When Azure AI Agent Service returns an oauth_consent_request output item
    for OAuth-protected MCP tools, the base OpenAI responses parser drops it
    (hits case _ default branch). This causes agent runs to complete silently
    with zero content.
    
    Changes:
    - Add oauth_consent_request ContentType and Content.from_oauth_consent_request()
      factory with consent_link field and user_input_request=True
    - Override _parse_response_from_openai and _parse_chunk_from_openai in
      RawAzureAIClient to intercept Azure-specific oauth_consent_request items
    - Add _emit_oauth_consent helper in AG-UI to emit CustomEvent for frontends
    - Add tests proving base parser drops the event and Azure AI override catches it
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * addressed comment
    
    * addressed comments
    
    * addressed comments
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add file_ids and data_sources support to get_code_interpreter_tool() (#4201)
    * Python: Add file_ids and data_sources support to AzureAIAgentClient.get_code_interpreter_tool()
    
    Update the factory method to accept file_ids and data_sources keyword
    arguments, matching the underlying azure.ai.agents SDK CodeInterpreterTool
    constructor. This enables users to attach uploaded files for code
    interpreter analysis.
    
    Fixes #4050
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * addressed comments
    
    * addressed comments
    
    * Add per-message file attachment support for AzureAIAgentClient
    
    Add hosted_file handling in _prepare_messages() to convert
    Content.from_hosted_file() into MessageAttachment on ThreadMessageOptions.
    This enables per-message file scoping for code interpreter, matching the
    underlying Azure AI Agents SDK MessageAttachment pattern.
    
    - Add hosted_file case in _prepare_messages() match statement
    - Import MessageAttachment from azure.ai.agents.models
    - Add sample for per-message CSV file attachment with code interpreter
    - Add employees.csv test data file
    - Add 3 unit tests for hosted_file attachment conversion
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: validation, fix assertions, remove MessageAttachment
    
    - Add empty string validation in resolve_file_ids()
    - Add test for Content with file_id=None
    - Add test for empty string file_ids
    - Revert MessageAttachment/hosted_file handling from _prepare_messages()
      (moved to separate issue #4352 for proper design)
    - Remove per-message file upload sample and employees.csv
    - Keep data_sources assertion as-is (dict keyed by asset_identifier)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>