* Python: DevUI: tighten default access controls and CORS posture
Adjusts the default configuration of the DevUI server so the out-of-the-box
posture matches what most callers expect when running locally. Adds explicit
opt-outs for callers who need the previous behavior.
- DevServer gains auth_enabled and auth_token constructor params; auth is on by
default. Auto-generates and logs a token when none provided.
- CORS default is an empty allowlist on every host. Callers wanting cross-origin
pass cors_origins explicitly.
- Streaming /v1/responses no longer sets Access-Control-Allow-Origin directly;
CORSMiddleware owns all CORS decisions.
- Loopback binds enforce a Host-header allowlist.
- /meta moved out of the auth bypass list (was alongside /health and /).
- serve() default flipped to auth_enabled=True; passes auth args through to
DevServer instead of using env-var indirection.
- CLI: --auth opt-in replaced with --no-auth opt-out; --auth-token preserved.
- Tests cover the eight behaviors above in test_server.py.
* Python: DevUI: address PR review comments
- /meta now derives auth_required from self.auth_enabled instead of
reading DEVUI_AUTH_TOKEN, so the auto-generated and explicit
auth_token paths report correctly.
- Reorder middleware so the loopback Host-header allowlist is registered
last; Starlette wraps later-added middleware around earlier-added ones,
so the host check now runs outermost (before CORS/auth) as intended.
- Rework comments to describe the behavior rather than threat scenarios.
- Streaming-headers and CORS tests now construct the server with an
explicit auth_token and send a Bearer header, so the assertions
actually exercise the streaming/CORS path instead of short-circuiting
in the auth middleware.
* fix(devui): add created_at to custom output item events for correct workflow timings (#5545)
CustomResponseOutputItemAddedEvent and CustomResponseOutputItemDoneEvent lacked a
created_at field, causing the frontend to synthesize timestamps using integer-second
precision with a forced +1s minimum gap between events. This made instant workflows
appear to take 3+ seconds in the DevUI timeline.
Fix:
- Add optional created_at: float | None field to both custom event models
- Populate created_at=float(time.time()) in the mapper for executor_invoked,
executor_completed, and executor_failed events
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(devui): use event created_at for accurate workflow timeline timings
workflow-view.tsx synthesized _uiTimestamp using Math.max(baseTimestamp,
lastTimestamp + 1) with integer-second precision, forcing a minimum 1-second
gap between every sequential event. This made instant workflows appear to take
several seconds in the DevUI timeline.
The fix prefers event.created_at (a float Unix timestamp populated by the
backend mapper for all executor events) and only falls back to the synthetic
timestamp when created_at is absent. This matches the pattern already used in
devuiStore.ts:addDebugEvent.
Added a regression test in test_mapper.py verifying that the mapper attaches
created_at to all executor lifecycle events (invoked, completed, failed).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(devui): address review feedback for issue #5545
- Read data.timestamp (ISO string) and response.created_at in addition
to top-level created_at when deriving _uiTimestamp, so
response.workflow_event.completed events get a real server timestamp
instead of a synthesized one
- Change uniqueTimestamp tiebreaker: when a real server timestamp is
available use Math.max(eventTimestamp, lastTimestamp) rather than
lastTimestamp + 1, eliminating artificial 1-second gaps while still
preserving monotonic ordering
- Apply the same fix in the HIL streaming path (second setOpenAIEvents
call in workflow-view.tsx)
- Add assert event.created_at > 0 to regression test to guard against
zero or negative timestamps
- Add test_custom_output_item_event_models_have_created_at_field model-
level test so removing the field produces a clear named failure rather
than a downstream ValidationError
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(#5545): guard NaN timestamps, fix fallback ID uniqueness, add regression tests
- workflow-view.tsx (×2): Wrap data.timestamp ISO→number conversion in a
Number.isFinite() guard. Python's datetime.now().isoformat() emits
microseconds without a trailing 'Z' (e.g. '2024-01-15T12:34:56.123456'),
which some JS engines cannot parse, returning NaN. NaN !== undefined is
true so the eventTimestamp !== undefined guard did not catch it, poisoning
_uiTimestamp and resetting the monotonic ordering seed (NaN || 0 → 0).
- execution-timeline.tsx: Replace uiTimestamp in the fallback syntheticItemId
with the per-executor runNumber counter. Two runs of the same executor
within the same second previously received identical _uiTimestamp values
and therefore identical syntheticItemIds, causing their output buckets,
state, and run entries to collide (execution-timeline.tsx:360–408).
- Add missing test_workflow_timings_bug.py source file (only a stale .pyc
existed). Three regression tests:
· test_custom_event_models_lack_created_at_field – model field guard
· test_workflow_executor_events_lack_created_at – mapper populates created_at
· test_rapid_workflow_events_have_no_top_level_timestamps – confirms
data.timestamp format that requires the frontend NaN guard
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback for #5545: Python: [Bug]: Workflow timings in DevUI are incorrect
* devui: move timing regression tests into test_mapper.py, remove dedicated bug file
- Delete test_workflow_timings_bug.py; tests belong in existing module files
- The two tests already present in test_mapper.py (test_executor_events_carry_created_at_timestamp
and test_custom_output_item_event_models_have_created_at_field) cover the same ground as the
first two tests in the deleted file
- Add test_executor_completed_maps_to_output_item_done_event to test_mapper.py, replacing the
third test from the deleted file with a generic, issue-agnostic name and docstring
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback for #5545: review comment fixes
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Python: bump package versions for 1.2.2 release
PATCH bump (1.2.1 -> 1.2.2) for the released cohort. Five PRs land in this
window:
- agent-framework-openai: fix file_search citations breaking the assistant-
message history roundtrip (#5557) — drives the released-tier PATCH
- agent-framework-orchestrations: [BREAKING] standardize orchestration
terminal outputs as AgentResponse (#5301)
- agent-framework-core, agent-framework-declarative: preserve Workflow.run()
shared state across calls, accept list[Message] in declarative start
executor, and coerce Enum values when serializing PowerFx symbols (#5531)
- agent-framework-foundry-hosting: add hosted Durable Workflow support
(#5531)
- agent-framework-azure-contentunderstanding: new alpha package — Azure AI
Content Understanding context provider (#4829)
- dependencies: workspace package dependency refresh (#5555)
Per lockstep convention, all 21 beta packages stamp 1.0.0b260429 and all 4
alpha packages (now including the new contentunderstanding) stamp
1.0.0a260429. Date stamp reflects 2026-04-29 Pacific. Every non-core package
floor on agent-framework-core is raised to >=1.2.2; the new
contentunderstanding package's stale >=1.0.0 floor is brought into line.
Two follow-on fixes bundled to keep validate-dependency-bounds-test green
at lowest-direct resolution:
- Bump agent-framework-azure-contentunderstanding's azure-ai-content
understanding lower bound from >=1.0.0 to >=1.0.1 (1.0.0 ships without
proper typing — pyright reports 65 unknown-type errors)
- Add pyright ignore comments to core/foundry/__init__.pyi for the new
alpha package's type-stub imports, since alpha packages are not in
core's [all] extra and therefore aren't installed at lowest-direct
* Python: add #5552 to 1.2.2 CHANGELOG
Add the streaming-span observability fix to the Fixed section. PR is on
upstream/main but not yet pulled into origin/main; the code itself will
land via the PR merge.
* Python: address PR #5561 review feedback on dependency bounds
Two packaging fixes flagged in review:
1. agent-framework-azure-contentunderstanding: add agent-framework-foundry
as a runtime dependency. The package's README directs users to
`pip install agent-framework-azure-contentunderstanding --pre` and the
basic example imports `FoundryChatClient` from `agent_framework.foundry`,
so the documented install path was failing with ImportError. Pulling
agent-framework-foundry into deps makes the advertised entry path
self-contained.
2. agent-framework-foundry: bump agent-framework-openai lower bound from
>=1.1.0 to >=1.2.2,<2. Foundry imports private modules from
agent_framework_openai (`_chat_client.py:22`, `_agent.py:34`), so
resolvers were free to pair foundry==1.2.2 with older OpenAI versions
that lack this release's coordinated Responses/history fix. Lockstep the
floor with the released cohort to prevent mismatched installs.
Both changes pass `validate-dependency-bounds-test` lower + upper at
their respective packages.
* Python: bump package versions for 1.2.1 release
PATCH bump (1.2.0 -> 1.2.1) for the released cohort. The release window
covers two PRs, no new public APIs:
- agent-framework-core: prevent inner_exception from being lost in
AgentFrameworkException (#5167)
- samples: add requirements.txt and .env.example to the a2a/ hosting
sample for pip-based setup (#5510)
Per lockstep convention, all 21 beta packages stamp 1.0.0b260428 and all
3 alpha packages stamp 1.0.0a260428, regardless of per-package code
churn. Every non-core package floor on agent-framework-core is raised to
>=1.2.1 to keep cohort signaling consistent. Date stamp reflects the
local (Asia) cut date 2026-04-28.
* Python: silence pyright unknown-type warnings in hosted-env detection
`azure.ai.agentserver.core` is probed at runtime via `importlib.util.find_spec`
and is not a declared dependency. The existing `# pyright: ignore[reportMissingImports]`
suppresses the missing-import warning, but at `lowest-direct` resolution pyright
still reports the imported symbol (`AgentConfig`) and its members (`from_env`,
`is_hosted`) as unknown, breaking `validate-dependency-bounds-test` for
`packages/core`.
Extend the existing ignore to cover `reportUnknownVariableType` on the import
and `reportUnknownMemberType` on the call site so the bounds check returns to
green. Behavior is unchanged.
Latent since #5455 (shipped in 1.2.0).
* Python: raise agent-framework-gemini lower bound to google-genai>=1.65.0
The Gemini chat client references several `google.genai.types` symbols
(`FileSearch`, `ThinkingLevel`, `SearchTypes`, `McpServer`,
`StreamableHttpTransport`, plus call-site keyword args `mcp_servers` and
`search_types`) that are not present at the lower bound of `google-genai>=1.0.0`.
At `lowest-direct` resolution this caused `validate-dependency-bounds-test` to
fail for `packages/gemini` with eleven `reportAttributeAccessIssue` /
`reportUnknownVariableType` errors.
Walking the upstream `google.genai.types` API:
- `GoogleMaps`, `AuthConfig`: present from 1.40.0
- `FileSearch`: introduced in 1.49.0
- `ThinkingLevel`: introduced in 1.55.0
- `SearchTypes`, `McpServer`, `StreamableHttpTransport`: introduced in 1.65.0
Bump the lower bound to 1.65.0 — the minimum version that exposes every symbol
the package actually uses. Keep the `<2.0.0` upper cap unchanged. With this
bump `validate-dependency-bounds-test` passes for both lower and upper
resolution scenarios across all 27 workspace packages.
Latent since #4847 (Gemini package introduction in 1.1.0); aggravated by
subsequent feature additions that pulled in newer `types.*` symbols.
* Python: add dependabot bumps to 1.2.1 CHANGELOG
Catalog the 15 dependabot dependency updates that merged on `upstream/main`
between python-1.2.0 and the 1.2.1 cut window under a new Changed section:
- Workspace dev/runtime deps: `rich`, `prek`, `python-multipart`, `pyasn1`,
`pytest` (ag-ui, devui, lab), `uv` (lab)
- Frontend deps: `vite` (devui, chatkit), `postcss` (devui, chatkit, handoff),
`picomatch` (devui, handoff)
CHANGELOG-only — no source or pyproject.toml changes. PRs themselves merged
upstream independently of this release branch and will be brought in via the
PR merge.
* Bump Python package versions for 1.2.0 release
Released tier bumps 1.1.1 -> 1.2.0 (core, openai, foundry, root) to
reflect additive public APIs landed since 1.1.0: functional workflow API
(#4238) and FunctionTool SKIP_PARSING sentinel (#5424). All beta packages
stamped 1.0.0b260424, alpha packages 1.0.0a260424. All 26 non-core
agent-framework-core floors raised to >=1.2.0,<2. CHANGELOG consolidates
the never-tagged 1.1.1 entries with the post-merge additions into [1.2.0].
* Update CHANGELOG footer links for 1.2.0
Advance [Unreleased] comparison base from python-1.1.0 to python-1.2.0
and add a [1.2.0] reference link comparing python-1.1.0...python-1.2.0
so the heading links resolve correctly.
* Fix CHANGELOG: restore [1.1.1] section and add proper [1.2.0]
Previous commit incorrectly renamed the [1.1.1] header to [1.2.0], which
wiped the historical 1.1.1 entries and wrongly attributed them to 1.2.0.
This restores [1.1.1] to its origin/main content and adds a new [1.2.0]
section above containing only the commits in python-1.1.1..HEAD:
- #4238 functional workflow API
- #5142 GitHub Copilot OpenTelemetry
- #2403 A2A bridge support
- #5070 oauth_consent_request events in Foundry clients
- #5447 FoundryAgent hosted agent sessions
- #5459 hosting server dependency upgrade + types
- #5389 AG-UI reasoning/multimodal parsing fix
- #5440 stop [TOOLBOXES] warning spam
- #5455 user agent prefix fix
Also corrects the [1.2.0] compare base to python-1.1.1 (not 1.1.0) and
adds the missing [1.1.1] reference link.
* fixes to FoundryAgent to connect to new hosted agents
Co-authored-by: Copilot <copilot@github.com>
* fix mypy
Co-authored-by: Copilot <copilot@github.com>
* Python: remove Foundry service session helpers
Remove the public hosted-agent service session CRUD helpers from FoundryAgent and drop the related feature-stage inventory entry.
Update the hosted-agent sample to create and delete service sessions directly through the preview AIProjectClient APIs, and tighten a few test harnesses surfaced by full workspace validation.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix from merge
* fix hosted env detection
Co-authored-by: Copilot <copilot@github.com>
* reverted sample update
* fix tests and code
Co-authored-by: Copilot <copilot@github.com>
* remove aenter
* skipping some tests
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-04-24 09:25:03 +00:00
* Bump Python version for a release.
* Revert lockstep bumps on unchanged connectors
Per PR review: only connectors that changed (or whose published metadata
changed) should get new versions. Keeps released tier at 1.1.1, a2a/ag-ui
at 1.0.0b260422, foundry-hosting at 1.0.0a260422; reverts the 19 unchanged
betas and 2 unchanged alphas to 1.0.0b260421/1.0.0a260421. Reverts all 26
non-core agent-framework-core floors to >=1.1.0,<2 since no connector
actually depends on a 1.1.1 API or bug fix.
* Restore lockstep prerelease bumps and raise core floors to >=1.1.1
Reverses the lean-revert: all beta packages stamped 1.0.0b260423 and alpha
packages stamped 1.0.0a260423 (Asia date, matching release cut time). All
26 non-core packages raise agent-framework-core lower bound from >=1.1.0,<2
to >=1.1.1,<2 to signal the validated cohort for this release. CHANGELOG
date updated to 2026-04-23.
* Fix python-feature-lifecycle skill YAML frontmatter
Remove copyright comment that preceded the YAML frontmatter delimiter,
which prevented the skill from loading. The --- block must be the very
first line of SKILL.md.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: update broken eslint-react plugin links in devui README
The upstream eslint-react repo moved plugins from packages/plugins/
to the top-level plugins/ directory, causing 404 errors detected by
linkspector CI.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump Python version to 1.1.0 for a release
* Fix changelog
* 1.0.1 instead of 1.1.0
* Update CHANGELOG.md
* update version and changelog
* Bump lower bounds
* Refactor Anthropic model option and provider clients
Rename the Anthropic client model option from model_id to model, add provider-specific Anthropic wrappers for Foundry, Bedrock, and Vertex, and expose them through the Anthropic, Foundry, Amazon, and Google namespaces. Update core option handling, docs, samples, and tests accordingly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix Anthropic skills sample typing
Cast the Anthropic beta client to Any in the skills sample so the pre-commit sample pyright check no longer fails on beta skills and files endpoints that are not exposed by the current SDK stubs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* undo sample mypy
* Retry CI after transient external failures
Retrigger PR validation after an unrelated Copilot review workflow SAML failure and a transient external tau2 git fetch failure in the Windows Python test setup.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback on model option merging
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address Anthropic compatibility review feedback
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* moved all to `model`
* fixes for azure ai search
* Python: standardize remaining sample env var names
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Python: fix foundry-local pyright compatibility
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updated env vars in cicd
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-04-01 19:00:18 +00:00
* updated automation tasks and commands, with alias for the time being
* Restore aggregate test exclusions
Preserve the legacy all-tests scope for test --all by excluding lab and devui from the default aggregate sweep, while still allowing explicit package selection. Also ignore hidden/generated test directories such as .mypy_cache during aggregate discovery.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updated versions in pre-commit
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-03-18 18:39:11 +00:00
The DevUI /v1/responses endpoint accepts function_approval_response content
without verifying that the request_id corresponds to a real pending approval
request issued by the server. This allows forged approval responses to
execute arbitrary tools with attacker-controlled arguments, bypassing
approval_mode='always_require'.
Changes:
- Track outgoing approval requests in a server-side registry
(_pending_approvals) keyed by request_id
- Validate incoming approval responses against this registry; reject
any response whose request_id was not issued by the server
- Use server-stored function_call data (tool name, arguments, call_id)
instead of client-supplied data when constructing the approval response
- Consume request_ids on use (pop from registry) to prevent replay attacks
Tests:
- 8 new tests covering forged rejection, server-data enforcement,
anti-replay, multiple independent approvals, and edge cases
Co-authored-by: REDMOND\tusharmudi <tusharmudi@microsoft.com>
* Prepare azure-ai-projects 2.0 GA compatibility
Add allow_preview support for internal AIProjectClient creation, keep backward compatibility for renamed SDK model classes, and align Azure AI/core paths and tests for GA validation workflows.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* upgrade to ai-project==2.0.0
* Python: remove azure-ai-projects keyword-guard paths
Assume azure-ai-projects 2.0+ in Azure AI client/provider/responses code paths by removing _supports_keyword_argument gating and related fallback branching.
Also fix pyright typing in FoundryMemoryProvider memory store calls by using ResponseInputItemParam-typed items.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* check fixes
* Python: remove unsupported foundry_features option
Drop foundry_features from Azure AI client and provider surfaces because azure-ai-projects 2.0.0 does not expose that create_version parameter.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Python: add allow_preview to Foundry memory provider
Propagate allow_preview when FoundryMemoryProvider constructs an AIProjectClient and update tests accordingly.
Also finish wiring allow_preview through AzureAIClient-facing surfaces and related docs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* aligning docstrings
* udpated lock
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-03-09 10:12:47 +00:00
* Fix Python pyright package scoping and typing remediation
Implements issue #4407 by removing the root pyright include, adding package-level pyright includes, and resolving pyright/mypy typing issues across Python packages. Also cleans unnecessary casts and applies line-level, rule-specific ignores where external libraries are too dynamic.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Reduce pyright cost in handoff cloning
Simplify cloned_options construction in HandoffAgentExecutor to avoid expensive TypedDict narrowing/inference in _handoff.py, which was causing pyright to spend a long time in orchestrations.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix types
* Fix lint and type-check regressions
Resolve current Python package check failures across lint, pyright, and mypy after recent code changes, including purview/declarative pyright issues and multiple ruff simplification findings.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fixed hooks
* Stabilize package tests and test tasks
Resolve cross-package non-integration test failures, simplify streaming type flow, harden locale/culture handling, and standardize package test poe tasks to exclude integration tests where applicable.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* lots of small fixes
* Fix current Python test regressions
Address current failing unit tests in azure-ai, bedrock, and azure-cosmos while keeping Bedrock parsing logic inline (no new static helper methods).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* small fixes
* small fixes
* removed pydantic from json
* final updates
* fix core
* fix tests
* fix obser
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-03-05 15:32:24 +00:00
* Fix .NET conversation memory in DevUI (#3484)
* formatting fixes
* fix memory regression in python devui , fix for #4123
* Fix for #3983: Added _get_event_type() helper that safely accesses event type on both objects (.type) and dicts (.get("type")). Replaced all 4 bare event.type accesses in _executor.py (lines 267, 477, 499, 523).
Root cause: PR #3690 changed event.__class__.__name__ == "RequestInfoEvent" (safe) to event.type == "request_info" (crashes on dicts), but _execute_workflow still yields raw dicts on error paths.
Test: test_workflow_error_yields_dict_event_without_crash — mocks a workflow that raises, verifies execute_entity consumes the dict error events without crashing.
* format fixes
* lint fixes
* Phase 2: Embedding clients for Ollama, Bedrock, and Azure AI Inference
Add embedding client implementations to existing provider packages:
- OllamaEmbeddingClient: Text embeddings via Ollama's embed API
- BedrockEmbeddingClient: Text embeddings via Amazon Titan on Bedrock
- AzureAIInferenceEmbeddingClient: Text and image embeddings via Azure AI
Inference, supporting Content | str input with separate model IDs for
text (AZURE_AI_INFERENCE_EMBEDDING_MODEL_ID) and image
(AZURE_AI_INFERENCE_IMAGE_EMBEDDING_MODEL_ID) endpoints
Additional changes:
- Rename EmbeddingCoT -> EmbeddingT, EmbeddingOptionsCoT -> EmbeddingOptionsT
- Add otel_provider_name passthrough to all embedding clients
- Register integration pytest marker in all packages
- Add lazy-loading namespace exports for Ollama and Bedrock embeddings
- Add image embedding sample using Cohere-embed-v3-english
- Add azure-ai-inference dependency to azure-ai package
Part of #1188
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix mypy duplicate name and ruff lint issues
- Rename second 'vector' variable to 'img_vector' in image embedding loop
- Combine nested with statements in tests
- Remove unused result assignments in tests
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updates from feedback
* Fix CI failures in embedding usage handling
- Fix Azure AI embedding mypy issues by normalizing vectors to list[float],
safely accumulating optional usage token fields, and filtering None entries
before constructing GeneratedEmbeddings
- Avoid Bandit false positive by initializing usage details as an empty dict
- Update OpenAI embedding tests to assert canonical usage keys
(input_token_count/total_token_count)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Eduard van Valkenburg
·
2026-02-25 17:45:08 +00:00