Commit Graph

4 Commits

  • [BREAKING] Python: Add context mode to AgentExecutor (#4668)
    * Add context mode to AgentExecutor
    
    * Fix unit tests
    
    * Address comments
    
    * Address comments
    
    * REvise context mode and add tests
    
    * Add chain config to sequential builder
    
    * Add sample
    
    * Fix pipeline
    
    * Address comments
    
    * Address comments
  • Python: Prevent pickle deserialization of untrusted HITL HTTP input (#4566)
    * fix: prevent pickle deserialization of untrusted HITL input
    
    Add strip_pickle_markers() to sanitize HTTP input before it reaches
    pickle.loads() via the checkpoint decoding path. Applied as a 3-layer
    defence-in-depth:
    
    1. _app.py: sanitize req.get_json() at the HTTP boundary
    2. _workflow.py: sanitize in _deserialize_hitl_response() before decode
    3. _serialization.py: sanitize in reconstruct_to_type() as final guard
    
    Any dict containing __pickled__ or __type__ markers from untrusted
    sources is replaced with None, blocking arbitrary code execution via
    crafted payloads to POST /workflow/respond/{instanceId}/{requestId}.
    
    Includes 12 new unit tests covering the sanitizer and end-to-end
    attack prevention.
    
    * refactor: address review concerns for pickle fix
    
    1. Remove deserialize_value() fallback in _deserialize_hitl_response
       untrusted HITL data now returns as-is when no type hint is available,
       never flowing into pickle.loads().
    
    2. Move strip_pickle_markers() out of reconstruct_to_type()  the function
       is general-purpose again; untrusted-data callers are responsible for
       sanitizing first (documented with NOTE comment).
    
    3. Define _PICKLE_MARKER/_TYPE_MARKER as local constants with import-time
       assertions against core's values  decouples from private names while
       failing loudly if core ever changes them.
    
    4. Update tests to reflect new responsibility boundaries.
    
    * fix: simplify warning message and fix ruff RUF001 lint
    
    * fix: suppress pyright reportPrivateUsage on core marker imports
    
    * Lower marker-strip log from warning to debug to avoid log flooding
    
    * Replace assert with RuntimeError for marker sync checks (ruff S101)
    
    * Fix pyright and ruff CI errors in security fix
    
    - Use cast() for dict/list comprehensions in strip_pickle_markers (pyright)
    - type: ignore for narrowed dict return in _workflow.py (pyright)
    - Simplify marker imports: use core constants directly, remove local copies
    - Remove duplicate pyright ignore comment
    
    * Remove duplicate end-to-end test in TestStripPickleMarkers
    
    * Suppress mypy redundant-cast on list cast needed by pyright
  • Python: [BREAKING] Redesign Python exception hierarchy (#4082)
    * [BREAKING] Redesign Python exception hierarchy
    
    Replace the flat ServiceException family with domain-scoped branches:
    - AgentException (with InvalidAuth, InvalidRequest, InvalidResponse, ContentFilter)
    - ChatClientException (same consistent suberrors)
    - IntegrationException (same + InitializationError)
    - WorkflowException (Runner, Convergence, Checkpoint, Validation, Action, Declarative)
    - ContentError (AdditionItemMismatch)
    - ToolException / ToolExecutionException (unchanged)
    - MiddlewareException / MiddlewareTermination (unchanged)
    
    Key changes:
    - All Service* exceptions removed (ServiceException, ServiceInitializationError, etc.)
    - AgentExecutionException split into AgentInvalidRequest/ResponseException
    - AgentInvocationError removed, split into AgentInvalidRequest/ResponseException
    - Workflow exceptions moved from _workflows/_exceptions.py into main exceptions.py
    - _workflows/__init__.py emptied; main __init__.py imports directly from submodules
    - Purview exceptions re-parented under IntegrationException hierarchy
    - Init validation errors use built-in ValueError/TypeError instead of custom exceptions
    - CODING_STANDARD.md updated with hierarchy design and rationale
    
    Fixes microsoft/agent-framework#3410
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Clarify ToolException vs ToolExecutionException docstrings
    
    ToolException: base class for all tool-related exceptions (preconditions,
    connection/init failures).
    ToolExecutionException: runtime call failures (tool call failed, reconnect
    failed, MCP errors).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix remaining stale imports from agent_framework._workflows
    
    - azurefunctions: _context.py, _app.py, _serialization.py, test_func_utils.py
      used 'from agent_framework._workflows import X' which broke after
      emptying _workflows/__init__.py; changed to direct submodule imports
    - azure-ai-search: test still referenced ServiceInitializationError;
      updated to ValueError to match production code
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix Eval samples (#4033)
    * fix red team sample
    
    * Updated self-reflection
    
    * fix for workflow eval sample
    
    * fix test