Commit Graph

1779 Commits

  • Python: chore(python): improve dependency range automation (#4343)
    * chore(python): improve dependency range automation
    
    - tighten dependency bounds and coding standards guidance\n- add dependency range validation workflow, reporting, and issue automation\n- update related tests and dependency pins for compatibility
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated text and pyarrow
    
    * new lock
    
    * fixed workflow
    
    * updated deps
    
    * fix tiktoken
    
    * chore(python): refine dependency validation workflows
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(python): add high-level dependency validation comments
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * WIP
    
    * added additional comments and excludes
    
    * added dev dependency handling and workflow and updates to package ranges
    
    * added readme and simplified commands
    
    * fix markers
    
    * chore(python): address dependency review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Tighten dependency bounds, remove stale overrides, restore Python 3.10 support
    
    - Apply dependency bound policy across all packages: stable >=1.0 deps use
      >=floor,<next_major; pre-1.0/prerelease deps use validated hard-bounded ranges
    - Remove stale root tool.uv.override-dependencies (uvicorn, websockets, grpcio)
    - Lower github_copilot requires-python to >=3.10 with github-copilot-sdk gated
      behind python_version >= 3.11 marker; import raises ImportError on 3.10
    - Skip github_copilot pyright/mypy/test tasks on Python <3.11
    - Use version-conditional pyrightconfig for samples on Python 3.10
    - Add compatibility fix in core responses client for older openai typed dicts
    - Normalize uv.lock prerelease mode and refresh dev dependencies
    - Update CODING_STANDARD.md, DEV_SETUP.md, and package management skill docs
    
    Closes #902
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * small tweaks
    
    * add note in workflow
    
    * fix workflows and several versions
    
    * fix duplicate
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix hosted agent samples Docker build failures due to experimental API warnings (#4641)
    Add #pragma warning disable directives to suppress experimental API
    diagnostics that cause build errors in Docker isolation (where repo-level
    Directory.Build.props is not inherited):
    
    - AgentWithHostedMCP: suppress MEAI001 (HostedMcpServerTool) and OPENAI001
      (GetResponsesClient)
    - FoundrySingleAgent: suppress CA2252 (AIProjectClient preview features)
    - FoundryMultiAgent: suppress CA2252 (AIProjectClient preview features)
    
    Fixes #4365
  • [BREAKING] Python: clean up kwargs across agents, chat clients, tools, and sessions (#4581)
    * Python: clean up kwargs across agents, chat clients, tools, and sessions (#3642)
    
    Audit and refactor public **kwargs usage across core agents, chat clients,
    tools, sessions, and provider packages per the migration strategy codified
    in CODING_STANDARD.md.
    
    Key changes:
    - Add explicit runtime buckets: function_invocation_kwargs and client_kwargs
      on RawAgent.run() and chat client get_response() layers.
    - Refactor FunctionTool to prefer explicit ctx: FunctionInvocationContext
      injection; legacy **kwargs tools still work via _forward_runtime_kwargs.
    - Refactor Agent.as_tool() to use direct JSON schema, always-streaming
      wrapper, approval_mode parameter, and UserInputRequiredException
      propagation (integrates PR #4568 behavior).
    - Remove implicit session bleeding into FunctionInvocationContext; tools
      that need a session must receive it via function_invocation_kwargs.
    - Lower chat-client layers after FunctionInvocationLayer accept only
      compatibility **kwargs (client_kwargs flattened, function_invocation_kwargs
      ignored).
    - Add layered docstring composition from Raw... implementations via
      _docstrings.py helper.
    - Clean up provider constructors to use explicit additional_properties.
    - Deprecation warnings on legacy direct kwargs paths.
    - Update samples, tests, and typing across all 23 packages.
    
    Resolves #3642
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * clarified docstring
    
    * feedback fixes
    
    * Add unit tests for _docstrings.py build/apply helpers
    
    Tests cover: no docstring source, no extra kwargs, appending to existing
    Keyword Args section, inserting after Args, inserting in plain docstrings,
    multiline descriptions, ordering, and apply_layered_docstring.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for propagate_session TypeError on non-AgentSession values
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for multi-content and empty UserInputRequiredException propagation
    
    Cover the branching logic in _try_execute_function_calls for:
    - Multiple user_input_request items in a single exception (extra_user_input_contents path)
    - Empty contents list (fallback function_result path)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for DurableAIAgent.get_session forwarding service_session_id
    
    Verifies get_session correctly forwards service_session_id and session_id
    to the executor's get_new_session, replacing the removed kwargs test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Simplify ag-ui test stub to read session from client_kwargs only
    
    Remove dual-mode detection (client_kwargs vs raw kwargs fallback) from
    the test mock. Session is now read exclusively from client_kwargs,
    matching the settled public calling convention.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated create and get sessions in durable
    
    * fixed docstrings
    
    * fix test
    
    * updated session handling
    
    * updated from main
    
    * updated tests
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix type hint for Case and Default (#3985)
    * Fix type hint for `Case` and `Default`
    
    * Add test
    
    ---------
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: A2AAgent defaults name/description from AgentCard (#4661)
    * Python: A2AAgent defaults name/description from AgentCard
    
    When an AgentCard is provided but name/description are not explicitly
    set, A2AAgent now falls back to agent_card.name and agent_card.description.
    This avoids redundant duplication when constructing A2AAgent instances,
    especially in GroupChat orchestrations where name and description are
    essential for routing decisions.
    
    Explicit values still take precedence over card values.
    
    Fixes #4630
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use 'is None' checks instead of truthiness for name/description fallback
    
    Ensures explicitly provided empty strings are not overridden by
    agent_card values. Adds test for the empty string edge case.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Unify tool results as Content items with rich content support (#4331)
    * feat(python): allow @tool functions to return rich content (images, audio)
    
    Add support for tool functions to return Content objects that the model can perceive natively. Closes #4272
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Anthropic logging + mypy fix
    
    * Address PR review: fix MCP ordering, fold helper into from_function_result, fix Chat client
    
    - Preserve original content order in MCP tool results instead of text-first
    - Move _build_function_result logic into Content.from_function_result()
    - Chat Completions: inject user message for rich items (API only supports string tool content)
    - Update tests for ordering and new from_function_result behavior
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use native Responses API multi-part output, warn+omit for Chat client
    
    - Responses client: put rich items directly in function_call_output's
      output field as list (native API support) instead of user message injection
    - Chat client: warn and omit rich items (API doesn't support multi-part
      tool results), matching Ollama/Bedrock pattern
    - Unify test image: use sample_image.jpg across all integration tests
    - Add Azure OpenAI Responses integration test
    - Assert model describes house image to verify perception
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove print statement, wrap long line
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback: bug fixes, single-pass MCP, unit tests
    
    - Add isinstance guard in from_function_result for non-Content lists
    - Fix Anthropic empty tool_content fallback to string result
    - Fix Content(type='text', text=None) edge case in parse_result
    - Rewrite MCP _parse_tool_result_from_mcp as single-pass (no index counters)
    - Add Anthropic unit tests: data image, uri image, unsupported media, all-unsupported
    - Add OpenAI Chat unit test: rich items warning and omission
    - Add OpenAI Responses unit tests: function_result with/without items
    - Add test_types tests: only-rich-items list, non-Content list fallback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright errors: add type ignore comments for Any list iteration
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix mypy/pyright: ensure ToolExecutionException receives str
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove duplicate test_prepare_options_excludes_conversation_id
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: unify all tool results into Content items
    
    * addressed copilot comments
    
    * pyright fix
    
    * small fix
    
    * comments
    
    * fix: address Copilot review - warnings, blob safety, dedup
    
    - Add warning logs when rich content is dropped in Claude agent and
      MCP server handlers (matching Chat/Bedrock/Ollama pattern)
    - Defensive blob URI construction: wrap plain base64 in data: prefix
    - Simplify Chat client _prepare_content_for_openai to use content.result
    - Simplify Responses client text-only path, remove redundant nesting
    - Add test for plain base64 blob without data: prefix
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix token double-counting in compaction and address review comments
    
    - Exclude items from _serialize_content() to prevent double-counting
      tokens when items mirrors result in function_result content
    - Add rich content warning in GitHub Copilot agent tool handler
    - Replace raw Content debug log with concise item count/type summary
    - Update stale test comments about FunctionTool.invoke return type
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • fix: omit toolConfig when tool_choice="none" in BedrockChatClient (#4535)
    Bedrock's Converse API only accepts "auto", "any", or "tool" as valid
    toolChoice keys. The previous code mapped tool_choice="none" to
    {"none": {}}, which causes a botocore.exceptions.ParamValidationError.
    
    When tool_choice="none" (set by FunctionInvocationLayer after exhausting
    max iterations), the fix now omits toolConfig entirely so the model
    won't attempt tool calls.
    
    Added tests for tool_choice="none", "auto", and "required" modes.
    
    Fixes #4529
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities (#4518)
    * Use deepcopy for state snapshot to detect nested mutations (#4500)
    
    Replace dict() shallow copy with copy.deepcopy() when snapshotting
    workflow state before activity execution. The shallow copy shared
    references to nested objects (dicts, lists), so in-place mutations by
    executors were reflected in both the snapshot and live state, producing
    an empty diff and preventing state updates from propagating to
    downstream activities.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities
    
    Fixes #4500
    
    * Address PR review: remove report, extract testable helpers (#4500)
    
    - Delete REPRODUCTION_REPORT.md (debugging artifact with local paths
      and raw LLM output)
    - Extract _create_state_snapshot() and _compute_state_updates() as
      module-level helpers in _app.py so tests exercise the production
      code path
    - Update TestStateSnapshotDiff to import and use production helpers
      instead of reimplementing snapshot/diff logic locally
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Add regression tests proving shallow copy bug and deep copy isolation (#4500)
    
    Add two additional tests to TestStateSnapshotDiff:
    - test_shallow_copy_would_miss_nested_mutations: reproduces the original
      bug by demonstrating that dict() (shallow copy) misses nested mutations
    - test_create_state_snapshot_isolates_nested_objects: verifies the
      production _create_state_snapshot helper creates a true deep copy
    
    These tests ensure a regression back to shallow copy would be caught.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add integration test exercising full activity code path (#4500)
    
    Address PR review comment: add test_executor_activity_detects_nested_state_mutations
    that captures the actual executor_activity function from _setup_executor_activity
    and verifies it detects in-place nested mutations. This test would fail if
    _app.py line 314 regressed from _create_state_snapshot() back to dict().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #4518: review comment fixes
    
    * Address PR review feedback for state snapshot diff
    
    - Inline _compute_state_updates logic at call site to reuse precomputed
      original_keys/current_keys sets, avoiding redundant set allocations
    - Fix test docstring to describe behavioral regression instead of
      hard-coding a specific line number
    - Use SOURCE_ORCHESTRATOR constant in integration test instead of
      literal string
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * fix: remove unused _compute_state_updates from _app.py (#4518)
    
    The function was inlined per review comment, making the module-level
    helper unused and triggering a pyright reportUnusedFunction error.
    Move the helper into the test file where it is still needed for unit
    testing the diffing logic.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix to emit WorkflowStartedEvent during workflow execution (#4514)
    * Fix bug to emit WorkflowStartedEvent during workflow execution
    
    * Updated based on PR comments
  • .NET: Update A2A, MCP, and system package dependencies (#4647)
    * .NET: Update A2A, MCP, and system package dependencies
    
    Update dependency versions:
    - A2A/A2A.AspNetCore: 0.3.3-preview → 0.3.4-preview
    - ModelContextProtocol: 0.8.0-preview.1 → 1.1.0
    - Microsoft.Bcl.AsyncInterfaces: 10.0.3 → 10.0.4
    - System.Linq.AsyncEnumerable: 10.0.0 → 10.0.4
    - Add Microsoft.Bcl.Memory 10.0.4
    
    Remove internal polyfill extensions now provided by A2A SDK 0.3.4:
    - A2AMetadataExtensions (source + tests)
    - AdditionalPropertiesDictionaryExtensions (source + tests)
    
    Update DefaultMcpToolHandler to match MCP SDK 1.1.0 API changes where
    ImageContentBlock.Data and AudioContentBlock.Data changed from string
    to ReadOnlyMemory<byte>.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address pr review comments
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Include ReasoningEncryptedContent by default when stored output disabled with Responses (#4623)
    * Include ReasoningEncryptedContent by default when stored output disabled
    
    * Fix formatting
    
    * Fix formatter
  • Bump rollup from 4.47.1 to 4.59.0 in /python/packages/devui/frontend (#4338)
    Bumps [rollup](https://github.com/rollup/rollup) from 4.47.1 to 4.59.0.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rollup/rollup/compare/v4.47.1...v4.59.0)
    
    ---
    updated-dependencies:
    - dependency-name: rollup
      dependency-version: 4.59.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump minimatch from 3.1.2 to 3.1.5 in /python/packages/devui/frontend (#4337)
    Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
    - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
    - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)
    
    ---
    updated-dependencies:
    - dependency-name: minimatch
      dependency-version: 3.1.5
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Fix CWE-863: Validate function approval responses in DevUI executor (#4598)
    The DevUI /v1/responses endpoint accepts function_approval_response content
    without verifying that the request_id corresponds to a real pending approval
    request issued by the server. This allows forged approval responses to
    execute arbitrary tools with attacker-controlled arguments, bypassing
    approval_mode='always_require'.
    
    Changes:
    - Track outgoing approval requests in a server-side registry
      (_pending_approvals) keyed by request_id
    - Validate incoming approval responses against this registry; reject
      any response whose request_id was not issued by the server
    - Use server-stored function_call data (tool name, arguments, call_id)
      instead of client-supplied data when constructing the approval response
    - Consume request_ids on use (pop from registry) to prevent replay attacks
    
    Tests:
    - 8 new tests covering forged rejection, server-data enforcement,
      anti-replay, multiple independent approvals, and edge cases
    
    Co-authored-by: REDMOND\tusharmudi <tusharmudi@microsoft.com>
  • Python: Validate approval responses against server-side pending request registry (#4548)
    * Validate approval responses against server-side pending request registry
    
    * improvements
    
    * pin GHCP sdk version to non-breaking for now
    
    * Pin CHCP sdk to LKG.
    
    * really fix GHCP sdk pkg version
    
    * Fix HITL approval validation security gaps and memory leak
    
    - Validate rejected approval responses against pending_approvals registry,
      not just approved ones. Fabricated rejections without a prior request are
      now stripped from messages before reaching the LLM.
    - Bound _pending_approvals with OrderedDict + LRU eviction (max 10k) to
      prevent unbounded memory growth from abandoned approval requests.
    - Skip registration when function_call.name is None/empty; log warning
      when content.id or function_call is missing at registration time.
    - Document pending_approvals parameter in run_agent_stream docstring.
    - Add test for fabricated rejection attack scenario.
    - Assert pending approval entry is preserved after function name mismatch.
    - Pre-populate pending_approvals in rejection test for correct validation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix function_approval_response extraction in AG-UI workflow path (#4550)
    * Extract function_approval_response from workflow messages (#4546)
    
    _extract_responses_from_messages now handles function_approval_response
    content in addition to function_result content. Previously, approval
    responses sent via the messages field were silently dropped because the
    function only checked for content.type == "function_result".
    
    The approval response is keyed by content.id and includes the approved
    status, id, and serialized function_call — consistent with how
    _coerce_content identifies approval response payloads.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Fix #4546: Update docstring and add integration tests for message-based approvals
    
    - Update _extract_responses_from_messages docstring to reflect that it
      now handles function_approval_response content in addition to
      function_result content.
    - Add integration tests for run_workflow_stream across two turns with
      approval responses provided via messages (function_approvals) rather
      than resume.interrupts, covering both approved and denied scenarios.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review feedback for #4546
    
    - Use safer 'not .get("interrupt")' assertion instead of 'not in'
      to handle Pydantic v2 model_dump() including keys with None values
    - Add unit test for mixed function_result and function_approval_response
      in the same message to TestExtractResponsesFromMessages
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix missing status input for OpenAI responses API (#4626)
    * Fix missing status input for OpenAI responses API
    
    * Fix mypy
    
    * Address comments
    
    * Remove raw_rep restore
    
    * Do not set status if it's None
  • Python: Implement annotation-based context compaction (#4469)
    * Implement annotation-based context compaction
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Handle missing compaction attributes in BaseChatClient
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI typing and bandit issues
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Optimize incremental compaction annotation pass
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement
    
    * Python: add ToolResultCompactionStrategy and CompactionProvider
    
    Add ToolResultCompactionStrategy that collapses older tool-call groups
    into short summary messages (e.g. [Tool calls: get_weather]) while
    keeping the most recent groups verbatim. This mirrors the .NET
    ToolResultCompactionStrategy from PR #4533.
    
    Add CompactionProvider as a context-provider that auto-applies compaction
    before each agent turn and stores compacted history in session state
    after each turn.
    
    Includes tests and samples for both features.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement and alignment with dotnet PR
    
    * updated tool result compaction
    
    * updated tool result compaction
    
    * Python: add ToolResultCompactionStrategy, CompactionProvider, and skip_excluded
    
    - ToolResultCompactionStrategy collapses older tool-call groups into
      [Tool results: func_name: result] summaries with bidirectional tracing
      (same pattern as SummarizationStrategy).
    - CompactionProvider as BaseContextProvider with separate before_strategy
      and after_strategy parameters. before_strategy compacts loaded context;
      after_strategy compacts stored history via history_source_id.
    - InMemoryHistoryProvider gains skip_excluded flag to filter out messages
      marked as excluded by compaction strategies.
    - Tests, samples, and exports updated.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fixed checks
    
    * fix mypy
    
    * Fix: ensure summary messages from both strategies get full compaction annotations
    
    SummarizationStrategy was not calling annotate_message_groups after
    inserting its summary message, so the summary lacked core group
    annotations (id, kind, index, has_reasoning, _excluded). Added the
    missing call. ToolResultCompactionStrategy already had it.
    
    Added tests verifying both strategies produce fully annotated summaries.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated propagation
    
    * fix mypy
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Support skill scripts execution (#4558)
    * support skill scripts execution
    
    * fix mixed line endings
    
    * address comments and fix syntax issues
    
    * use few try/except instead of one
    
    * change samples
    
    * validate either script path or script resource is set not both
    
    * fix: separate LLM args from runtime kwargs in skill script execution
    
    * address pr review comments
    
    * address PR review comments
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * 1. Fixing the caching bug where parameters_schema would re-inspect on every call when the result was None
       2. Updating the arguments tool description to be more generic (not CLI-specific)
    
    * fix failing tests
    
    * address pr review comments
    
    * address pr review comments
    
    * allow resource function returning any instead of sting
    
    * address PR review comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • .NET: Add FinishReason to AgentResponses (#4617)
    * Add FinishReason to AgentResponses
    
    * Address PR comments
  • .NET: SDK Patch Bump (10.0.200) - Address false positive trigger of IL2026/IL3050 diagnostics in hosting projects (#4586)
    * Suppress IL2026/IL3050 with targeted pragmas on affected methods
    
    Add #pragma warning disable/restore for IL2026 and IL3050 only around
    the specific methods where dotnet format incorrectly adds
    [RequiresUnreferencedCode] and [RequiresDynamicCode] attributes despite
    proper interceptors configuration in the csproj.
    
    See https://github.com/dotnet/sdk/issues/51136
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Upgrade to .NET SDK 10.0.200 and remove IL2026/IL3050 workarounds
    
    Bump global.json to SDK 10.0.200 which fixes the dotnet format bug
    that incorrectly added [RequiresUnreferencedCode] and
    [RequiresDynamicCode] attributes (https://github.com/dotnet/sdk/issues/51136).
    
    Remove all #pragma warning disable IL2026/IL3050 workarounds from
    source files and the --exclude-diagnostics flag from the CI format
    workflow.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET Compaction - Introducing compaction strategies and pipeline (#4533)
    * Checkpoint
    
    * Checkpoint
    
    * Stable
    
    * Strategies
    
    * Updated
    
    * Encoding
    
    * Formatting
    
    * Cleanup
    
    * Formatting
    
    * Tests
    
    * Tuning
    
    * Update tests
    
    * Test update
    
    * Remove working solution
    
    * Add sample to solution
    
    * Sample readyme
    
    * Experimental
    
    * Format
    
    * Formatting
    
    * Encoding
    
    * Support IChatReducer
    
    * Sample output formatting
    
    * Initial plan
    
    * Replace CompactingChatClient with MessageCompactionContextProvider
    
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
    
    * Boundary condition
    
    * Fix encoding
    
    * Fix cast
    
    * Test coverage
    
    * Namespace
    
    * Improvements
    
    * Efficiency
    
    * Cleanup
    
    * Detect service managed conversation
    
    * Fix namespace
    
    * Fix merge
    
    * Fix test expectation
    
    * Update dotnet/src/Microsoft.Agents.AI.Abstractions/InMemoryChatHistoryProvider.cs
    
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    
    * Address PR comments (x1)
    
    * Update comment
    
    * Update comments
    
    * Clean-up
    
    * Format output
    
    * Sync sample comment
    
    * Fix condition
    
    * Adjust data-flow
    
    * Address comments (x2)
    
    * Direct compaction
    
    * Fix summarization content
    
    * Argument check / fix count calculation
    
    * Minor follow-up
    
    * Diagnostics
    
    * Minor updates
    
    * Fix state test
    
    * Fix sliding window perf
    
    * Stable state keys
    
    * Increase size computation
    
    * Formatting
    
    * Add README.md for Agent_Step18_CompactionPipeline sample (#4574)
    
    * Sample comments
    
    * Updated
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/MessageIndex.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/tests/Microsoft.Agents.AI.UnitTests/Compaction/CompactionProviderTests.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/MessageIndex.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Address copilot comments
    
    * Fix namespace
    
    * Comments / convensions
    
    * Prefix `MessageGroup` and `MessageIndex`
    
    * Fix sliding window
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Abstractions/InMemoryChatHistoryProvider.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Python alignment
    
    * Fix merge
    
    * Fix equality, readme, and sample
    
    * Readme update and ToolResult fix
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/samples/02-agents/Agents/Agent_Step18_CompactionPipeline/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Simplify readme
    
    * Update dotnet/samples/02-agents/Agents/Agent_Step18_CompactionPipeline/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Remove example
    
    * Remove unused
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Fix broken link in purview README (504 on Microsoft 365 Dev Program URL) (#4610)
    * Initial plan
    
    * Fix broken link in purview README: replace 504-returning dev-program URL with stable learn.microsoft.com URL
    
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
  • Python: Fix executor_completed event with non-copyable raw_representation in mixed workflows (#4493)
    * Python: Fix `executor_completed` event with non-copyable raw_representation in mixed workflows
    
    Fixes #4455
    
    * fix(#4455): use class-level sets for deepcopy field exclusion
    
    - SerializationMixin.__deepcopy__: check type(self).DEFAULT_EXCLUDE
      instead of hardcoding 'raw_representation'
    - Content.__deepcopy__: add _SHALLOW_COPY_FIELDS class variable and
      check against it instead of hardcoding
    - Fix tautological assertion in test (was always True)
    - Add second excluded field to test to verify DEFAULT_EXCLUDE is
      respected generically
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Decouple __deepcopy__ from DEFAULT_EXCLUDE in SerializationMixin (#4455)
    
    Introduce _SHALLOW_COPY_FIELDS class variable in SerializationMixin to
    separate deep-copy semantics from serialization semantics. Previously,
    __deepcopy__ used DEFAULT_EXCLUDE to decide which fields to shallow-copy,
    conflating 'not serialized' with 'not safe to deep-copy'. A field added
    to DEFAULT_EXCLUDE purely for serialization (e.g. additional_properties)
    would be silently shared between original and copy.
    
    - Add _SHALLOW_COPY_FIELDS (default {'raw_representation'}) to
      SerializationMixin, matching the pattern already used by Content
    - Update __deepcopy__ to read from _SHALLOW_COPY_FIELDS instead of
      DEFAULT_EXCLUDE
    - Add test verifying DEFAULT_EXCLUDE fields are deep-copied unless
      also in _SHALLOW_COPY_FIELDS
    - Add test for Content._SHALLOW_COPY_FIELDS identity preservation
    - Add test for ChatResponse deep-copying additional_properties
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for _SHALLOW_COPY_FIELDS and DEFAULT_EXCLUDE independence
    
    Add test_deepcopy_shallow_copy_fields_override_default_exclude to verify
    that a field in both DEFAULT_EXCLUDE and _SHALLOW_COPY_FIELDS is
    shallow-copied (controlled by _SHALLOW_COPY_FIELDS), while a field in
    DEFAULT_EXCLUDE only is still deep-copied. This addresses review comment
    #11 ensuring the two class variables control independent concerns.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary local variable in __deepcopy__
    
    Inline cls._SHALLOW_COPY_FIELDS directly in the loop check instead of
    assigning to a local variable first, per review feedback.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Added support for polymorphic type as workflow output (#4485)
    * Added support for polymorphic type as workflow output
    
    * Update Linq expression to avoid unnecessary allocations.
    
    * Added caching as per PR comment
  • Python: Prevent pickle deserialization of untrusted HITL HTTP input (#4566)
    * fix: prevent pickle deserialization of untrusted HITL input
    
    Add strip_pickle_markers() to sanitize HTTP input before it reaches
    pickle.loads() via the checkpoint decoding path. Applied as a 3-layer
    defence-in-depth:
    
    1. _app.py: sanitize req.get_json() at the HTTP boundary
    2. _workflow.py: sanitize in _deserialize_hitl_response() before decode
    3. _serialization.py: sanitize in reconstruct_to_type() as final guard
    
    Any dict containing __pickled__ or __type__ markers from untrusted
    sources is replaced with None, blocking arbitrary code execution via
    crafted payloads to POST /workflow/respond/{instanceId}/{requestId}.
    
    Includes 12 new unit tests covering the sanitizer and end-to-end
    attack prevention.
    
    * refactor: address review concerns for pickle fix
    
    1. Remove deserialize_value() fallback in _deserialize_hitl_response
       untrusted HITL data now returns as-is when no type hint is available,
       never flowing into pickle.loads().
    
    2. Move strip_pickle_markers() out of reconstruct_to_type()  the function
       is general-purpose again; untrusted-data callers are responsible for
       sanitizing first (documented with NOTE comment).
    
    3. Define _PICKLE_MARKER/_TYPE_MARKER as local constants with import-time
       assertions against core's values  decouples from private names while
       failing loudly if core ever changes them.
    
    4. Update tests to reflect new responsibility boundaries.
    
    * fix: simplify warning message and fix ruff RUF001 lint
    
    * fix: suppress pyright reportPrivateUsage on core marker imports
    
    * Lower marker-strip log from warning to debug to avoid log flooding
    
    * Replace assert with RuntimeError for marker sync checks (ruff S101)
    
    * Fix pyright and ruff CI errors in security fix
    
    - Use cast() for dict/list comprehensions in strip_pickle_markers (pyright)
    - type: ignore for narrowed dict return in _workflow.py (pyright)
    - Simplify marker imports: use core constants directly, remove local copies
    - Remove duplicate pyright ignore comment
    
    * Remove duplicate end-to-end test in TestStripPickleMarkers
    
    * Suppress mypy redundant-cast on list cast needed by pyright
  • Python: Fix store=False not overriding client default (#4569)
    * Fix store=False not overriding client default
    
    * Address comments
    
    * Fix unit tests
    
    * Fix integration tests
    
    * Fix tests
  • Fix Strands Agents documentation links in ADR (#4584)
    * Initial plan
    
    * Fix broken Strands Agents documentation links in ADR 0001
    
    Replace 5 broken strandsagents.com URLs (returning 404) with stable
    GitHub source code links in docs/decisions/0001-agent-run-response.md.
    
    The Strands Agents docs site restructured from /api-reference/python/
    to /api/python/, breaking the old links.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Update Strands Agents links to use official documentation site
    
    Replace GitHub source links with official strandsagents.com/docs/api/python/
    documentation URLs in docs/decisions/0001-agent-run-response.md.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Update Strands Agents links to use specific documentation URLs
    
    - Streaming: strandsagents.com/docs/user-guide/concepts/streaming/
    - Structured output: strandsagents.com/docs/user-guide/concepts/agents/structured-output/
    - AgentResult/stop_reason: strandsagents.com/docs/api/python/strands.agent.agent_result/#agentresult
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Deduplicate Strands AgentResult link in stop-reason row
    
    Replaced the duplicate hyperlink on `stop_reason` with inline code,
    keeping a single AgentResult link to the same URL.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
  • .NET: Enable Microsoft.Agents.AI.FoundryMemory for NuGet release (#4559)
    * Enable Microsoft.Agents.AI.FoundryMemory for NuGet release
    
    - Remove IsPackable=false override from .csproj to inherit IsPackable=true from nuget-package.props
    - Add project to agent-framework-release.slnf for inclusion in build/sign/publish pipeline
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update FoundryMemoryProvider and MemorySearch sample
    
    - StoreAIContextAsync fires UpdateMemoriesAsync immediately (non-accumulation)
    - WhenUpdatesCompletedAsync polls last updateId via GetUpdateResultAsync
    - Updated FoundryAgents_Step22_MemorySearch sample to create/destroy memory store
      (matching features/foundry-agent-client pattern)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update FoundryAgents_Step22_MemorySearch sample
    
    - Sample now creates/destroys memory store (self-contained lifecycle)
    - Uses WaitForMemoriesUpdateAsync for seeding memories
    - Cleanup in finally block deletes both agent and memory store
    - Matches features/foundry-agent-client pattern
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Skip Azure Persistent (V1) flaky CodeInterpreter integration tests (#4583)
    * Skip flaky CodeInterpreter integration tests in CI
    
    The CreateAgent_CreatesAgentWithCodeInterpreter tests fail intermittently
    because the Azure AI Code Interpreter service sometimes fails to read/execute
    uploaded Python files. This causes all 4 integration test jobs to fail
    consistently across both platforms (ubuntu/windows) and TFMs (net10.0/net472).
    
    Mark both test variants with Skip to match the convention used by other
    flaky tests in the suite (e.g., AzureAIAgentsPersistentStructuredOutputRunTests).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Skip flaky CodeInterpreter integration tests in CI
    
    The CreateAgent_CreatesAgentWithCodeInterpreter tests fail intermittently
    because the Azure AI Code Interpreter service sometimes fails to read/execute
    uploaded Python files. This causes all 4 integration test jobs to fail
    consistently across both platforms (ubuntu/windows) and TFMs (net10.0/net472).
    
    Mark both test variants with Skip to match the convention used by other
    flaky tests in the suite (e.g., AzureAIAgentsPersistentStructuredOutputRunTests).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add A2A server sample (#4528)
    * Python: Add A2A server sample and fix client streaming bug
    
    Add a pure Python A2A server sample so testing the A2A client no longer
    requires running the .NET server. The server uses the a2a-sdk's
    A2AStarletteApplication with uvicorn and supports three agent types
    (invoice, policy, logistics) backed by AzureOpenAIResponsesClient.
    
    New files:
    - a2a_server.py: Main server entry point with CLI args
    - agent_executor.py: Bridges a2a-sdk AgentExecutor to Agent Framework
    - agent_definitions.py: Agent and AgentCard factory definitions
    - invoice_data.py: Mock invoice data and query tool functions
    - a2a_server.http: REST Client requests for testing
    
    Also fixes a streaming bug in agent_with_a2a.py where async with was
    used on ResponseStream which does not support the async context manager
    protocol. Changed to async for to match all other samples.
    
    Closes #4045
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: handle CancelledError and fix end_date filtering
    
    - Re-raise asyncio.CancelledError before the broad exception handler
      so cooperative cancellation is not swallowed.
    - Make end_date filter inclusive of the full day by comparing with
      < end + timedelta(days=1) instead of <= midnight.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix chat_response_cancellation sample to use Message objects (#4532)
    The sample was passing raw strings in a list to get_response(), which
    expects Message objects. This caused an AttributeError since strings
    don't have a 'role' attribute.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Auto-finalize ResponseStream on iteration completion (#4478)
    * Add multi-turn streaming sample and rename multi-turn samples
    
    - Rename 03_multi_turn.py to 03a_multi_turn.py
    - Add 03b_multi_turn_streaming.py showing streaming with session history
    - The new sample demonstrates calling get_final_response() after
      iterating the stream to persist conversation history
    - Update READMEs to reflect the new file names
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Auto-finalize ResponseStream on iteration completion
    
    When a ResponseStream is fully consumed via async iteration,
    automatically trigger finalization (finalizer + result hooks).
    This ensures session history is persisted in streaming multi-turn
    conversations without requiring an explicit get_final_response() call.
    
    - Add auto-finalize call in __anext__ on StopAsyncIteration
    - Guard inner stream finalization to prevent double-execution
    - Re-check _finalized after iteration in get_final_response()
    - Add tests for auto-finalization and streaming session history
    - Revert sample file renames from previous commit
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * README fix
    
    * Fix SIM102 lint: combine nested if statements
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Exclude conversation_id from chat completions API options (#4517)
    * Python: Exclude conversation_id from chat completions options (#4315)
    
    When a session with service_session_id is passed to an agent using the
    Chat Completions client, conversation_id leaked through _prepare_options()
    into AsyncCompletions.create(), causing an 'unexpected keyword argument'
    error. The Responses client already excluded conversation_id but the Chat
    Completions client did not.
    
    Added conversation_id to the exclusion set in _prepare_options().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Remove reproduction report artifact
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix conversation-id propagation when chat_options is a dict (#4340)
    * Fix #4305: Handle dict chat_options in _update_conversation_id
    
    _update_conversation_id assumed chat_options had attribute access, but
    ChatOptions is a TypedDict (dict). When a dict was passed, setting
    .conversation_id raised AttributeError. Now checks isinstance(dict) and
    uses key access for dicts, falling back to attribute access for objects.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: use Mapping ABC and add missing tests (#4305)
    
    - Use collections.abc.Mapping instead of dict for isinstance check in
      _update_conversation_id, making it more robust for non-dict mapping types.
    - Add test for object-style chat_options with optional options dict parameter.
    - Add test verifying existing conversation_id gets overwritten (idempotent).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary Mapping check in _update_conversation_id (#4305)
    
    chat_options is always a dict, so the isinstance(chat_opts, Mapping)
    check and the else branch for attribute-style access are dead code.
    Simplify to direct dict key assignment and remove object-style tests.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: [Breaking] Upgrade to azure-ai-projects 2.0+ (#4536)
    * Prepare azure-ai-projects 2.0 GA compatibility
    
    Add allow_preview support for internal AIProjectClient creation, keep backward compatibility for renamed SDK model classes, and align Azure AI/core paths and tests for GA validation workflows.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * upgrade to ai-project==2.0.0
    
    * Python: remove azure-ai-projects keyword-guard paths
    
    Assume azure-ai-projects 2.0+ in Azure AI client/provider/responses code paths by removing _supports_keyword_argument gating and related fallback branching.
    
    Also fix pyright typing in FoundryMemoryProvider memory store calls by using ResponseInputItemParam-typed items.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * check fixes
    
    * Python: remove unsupported foundry_features option
    
    Drop foundry_features from Azure AI client and provider surfaces because azure-ai-projects 2.0.0 does not expose that create_version parameter.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: add allow_preview to Foundry memory provider
    
    Propagate allow_preview when FoundryMemoryProvider constructs an AIProjectClient and update tests accordingly.
    
    Also finish wiring allow_preview through AzureAIClient-facing surfaces and related docs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * aligning docstrings
    
    * udpated lock
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • [BREAKING] Python: Update github-copilot-sdk integration to use ToolInvocation/ToolResult types (#4551)
    * Update github_copilot package for github-copilot-sdk>=0.1.32 (#4549)
    
    - Update requires-python from >=3.10 to >=3.11
    - Remove Python 3.10 classifier
    - Update mypy python_version to 3.11
    - Update dependency to github-copilot-sdk>=0.1.32
    - Fix ToolResult API: use snake_case kwargs (text_result_for_llm,
      result_type) instead of camelCase (textResultForLlm, resultType)
    - Update test assertions to use attribute access on ToolResult
    - Add ToolResult type assertions to tool handler tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix tests to use ToolInvocation dataclass instead of plain dict (#4549)
    
    Update test_github_copilot_agent.py to pass ToolInvocation objects to tool
    handlers instead of plain dicts, matching the github-copilot-sdk>=0.1.32 API
    where ToolInvocation is a dataclass with an .arguments attribute.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add regression tests for ToolInvocation contract (#4549)
    
    Add tests to lock in the new ToolInvocation-based calling convention:
    - test_tool_handler_rejects_raw_dict_invocation: verifies passing a raw
      dict (old calling convention) raises TypeError/AttributeError
    - test_tool_handler_with_empty_arguments: verifies ToolInvocation with
      empty arguments works correctly for no-arg tools
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert requires-python to >=3.10 to avoid breaking CI (#4549)
    
    The repo CI runs with Python 3.10 (uv sync --all-packages) and all other
    packages require >=3.10. Raising this package to >=3.11 would break the
    shared install flow. The SDK dependency version constraint (>=0.1.32) will
    enforce any Python version requirement from the SDK itself.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix min Python version for github_copilot package to >=3.11
    
    github-copilot-sdk>=0.1.32 requires Python>=3.11, which conflicts
    with the package's declared >=3.10 minimum, breaking uv sync.
    
    * Bump py version for GH workflows to 3.11, exclude GHCP sdk from 3.10 items
    
    * Fix uv command
    
    * Fixes
    
    * Update samples
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add security warnings to xml comments for core components (#4527)
    * Add security warnings to xml comments for core components
    
    * Address build errors.
    
    * Fix formatting issue
    
    * Fix formatting issue
    
    * Supress formatting warning
    
    * Supress format issue in ChatHistoryMemoryProvider
    
    * Fix remarks paragraphs
  • .NET: Update Anthropic to 12.8.0 and Anthropic.Foundry to 0.4.2 (#4475)
    * Initial plan
    
    * Update Anthropic to 12.8.0 and Anthropic.Foundry to 0.4.2
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
  • .NET: Create a sample to show bounded chat history with overflow into chat history memory (#4136)
    * Create a sample to show bounded chat history with overflow into chat history memory
    
    * Address PR comments.
    
    * Address PR comment and fix bug
  • .NET: Update HostedAgents samples to Azure.AI.AgentServer.AgentFramework 1.0.0-beta.9 and MEAI 10.3.0 (#4477)
    * Initial plan
    
    * Update HostedAgents samples to Azure.AI.AgentServer.AgentFramework 1.0.0-beta.9 and MEAI 10.3.0
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    * Fix HostedAgents samples for Microsoft.Agents.AI 1.0.0-rc2 API changes
    
    - Rename CreateAIAgent -> AsAIAgent (AgentThreadAndHITL, AgentWithHostedMCP, AgentWithTextSearchRag)
    - Rename AsAgent -> AsAIAgent (AgentsInWorkflows)
    - Replace AIContextProviderFactory with AIContextProviders and simplified TextSearchProvider ctor (AgentWithTextSearchRag)
    - Update Microsoft.Agents.AI.OpenAI to 1.0.0-rc2 (AgentThreadAndHITL, AgentWithTextSearchRag, AgentWithTools)
    - Update Microsoft.Agents.AI.Workflows to 1.0.0-rc2 (AgentsInWorkflows)
    - Add Microsoft.Agents.AI 1.0.0-rc2 reference (AgentWithHostedMCP)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update HostedAgents samples for beta.9 API changes and add missing projects to slnx
    
    - Use DefaultAzureCredential consistently across all samples
    - Add AgentThreadAndHITL, AgentWithLocalTools, AgentWithTools to slnx
    - Apply dotnet format
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary Microsoft.Agents.AI.* package references (transitive from AgentFramework)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add DefaultAzureCredential production warning comments to all HostedAgents samples
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update HostedAgents READMEs to reflect DefaultAzureCredential usage
    
    Replace AzureCliCredential references with DefaultAzureCredential in all
    HostedAgents README files to match the actual sample code.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Replace Microsoft.Extensions.AI.OpenAI with Microsoft.Agents.AI.OpenAI and remove AsIChatClient()
    
    Swap package references from Microsoft.Extensions.AI.OpenAI to
    Microsoft.Agents.AI.OpenAI across all 6 HostedAgents samples. This enables
    using the AsAIAgent() extension directly on ChatClient/ResponsesClient
    (from OpenAI.Chat/OpenAI.Responses namespaces), removing the intermediate
    AsIChatClient() call in 3 samples where it was unnecessary.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use explicit types and AsAIAgent() extensions across all HostedAgents samples
    
    Replace var with explicit types for clarity in all 6 samples. Replace
    new ChatClientAgent() constructor calls with chatClient.AsAIAgent()
    extension method in AgentWithLocalTools and AgentsInWorkflows.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix filter combine logic for ChatHistoryMemoryProvider (#4501)
    * Fix filter combine logic for ChatHistoryMemoryProvider
    
    * Replace var with explicit types in filter building code and test
    
    Address PR review nit: use explicit types instead of var for better
    readability in the filter-building logic and the new combined filter
    compilation test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix style issues
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>