Commit Graph

921 Commits

  • Python: Fix AG-UI reasoning role and multimodal media parsing to follow specification (#5389)
    * Fix AG-UI reasoning role and multimodal media value field parsing
    
    Fix two spec compliance issues in the AG-UI integration:
    
    1. ReasoningMessageStartEvent now uses role='reasoning' instead of
       role='assistant', matching the AG-UI specification for reasoning
       messages.
    
    2. _parse_multimodal_media_part now reads the 'value' field from source
       dicts (with fallback to 'data' for backward compatibility), matching
       the current AG-UI InputContentSource specification.
    
    Bump ag-ui-protocol dependency from ==0.1.13 to >=0.1.16,<0.2 to pick
    up the SDK fix that accepts role='reasoning' in ReasoningMessageStartEvent.
    
    Fix pre-existing pyright reportMissingImports errors for orjson in sample
    files, and fix import ordering in foundry-hosted-agents sample.
    
    Fixes #5340
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix AG-UI reasoning role and multimodal media parsing to follow specification
    
    Fixes #5340
    
    * Remove unintended .maf-runtime-ready marker file
    
    Address PR review feedback: the .maf-runtime-ready file is not referenced anywhere in the repo and was left over from automation.
    
    Fixes #5340
    
    * Python: Fix duplicate AG-UI multimodal 'value' parsing in snapshot path
    
    The snapshot normalization path used a second copy of the multimodal source
    parsing logic that still read the deprecated 'data' field. When clients sent
    base64 media with source={"type": "base64", "value": ...}, the snapshot event
    emitted by the server dropped the payload, causing AG-UI-compatible clients
    to crash on ingest.
    
    Extract the shared source-field extraction into _extract_multimodal_source_fields
    so both _parse_multimodal_media_part and the snapshot _legacy_binary_part stay
    in sync with the AG-UI spec. Add snapshot-path regression tests covering
    value-only, value-preferred-over-data, and the legacy data-field fallback.
    
    Addresses review feedback on #5389 from @Rickyneer.
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix user agent prefix (#5455)
    * Fix hosting user agent missing
    
    * Fix other providers
    
    * Add more tests
    
    * comments
    
    * Fix tests
  • Python: (foundry): stop emitting [TOOLBOXES] warning for every FoundryChatClient call (#5440)
    * Python: Foundry: make response tool sanitizer internal, drop TOOLBOXES warning
    
    sanitize_foundry_response_tool runs on every tool passed to the Foundry
    Responses API, so its @experimental(TOOLBOXES) decorator was emitting a
    [TOOLBOXES] ExperimentalWarning for any FoundryChatClient call, even when
    no toolbox was involved. The function isn't in __all__ and has no external
    callers. Rename to _sanitize_foundry_response_tool and drop the decorator;
    the actual toolbox-facing public helpers remain gated.
    
    * Python: Foundry: silence pyright on intentional cross-module private import
  • Python: (chore): update changelog (#5438)
    * update changelog
    
    * Update python/CHANGELOG.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/CHANGELOG.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Hyperlight: thread-confine sandbox, skip parsing on host callbacks, schema/tool cleanup (#5424)
    * improved parsing of tool call results and tweaks
    
    * Address PR review: skip_parsing flag, broader registry close, comment fix
    
    - FunctionTool.invoke now takes a boolean skip_parsing flag instead of the
      SKIP_PARSING sentinel; the sentinel is still accepted as result_parser at
      construction time to opt out of parsing for every call. The two paths are
      equivalent.
    - _SandboxRegistry.close now invokes any sandbox close/shutdown hook on the
      entry's own worker thread (PyO3 unsendable), then shuts the worker down,
      then cleans up the per-entry temporary directories.
    - Clarified the _SandboxWorker.shutdown comment to describe the actual
      ThreadPoolExecutor.shutdown(wait=False, cancel_futures=False) semantics.
    - Hyperlight host callback uses skip_parsing=True (the new flag).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Drop redundant 'is not SKIP_PARSING' guard that mypy 1.x flags
    
    After callable(configured_parser) the sentinel is already excluded; the extra
    identity check tripped mypy's non-overlapping identity warning.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fixed sandbox working on copy of tool
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Bump Python package versions for a release. (#5432)
    * Bump Python version for a release.
    
    * Revert lockstep bumps on unchanged connectors
    
    Per PR review: only connectors that changed (or whose published metadata
    changed) should get new versions. Keeps released tier at 1.1.1, a2a/ag-ui
    at 1.0.0b260422, foundry-hosting at 1.0.0a260422; reverts the 19 unchanged
    betas and 2 unchanged alphas to 1.0.0b260421/1.0.0a260421. Reverts all 26
    non-core agent-framework-core floors to >=1.1.0,<2 since no connector
    actually depends on a 1.1.1 API or bug fix.
    
    * Restore lockstep prerelease bumps and raise core floors to >=1.1.1
    
    Reverses the lean-revert: all beta packages stamped 1.0.0b260423 and alpha
    packages stamped 1.0.0a260423 (Asia date, matching release cut time). All
    26 non-core packages raise agent-framework-core lower bound from >=1.1.0,<2
    to >=1.1.1,<2 to signal the validated cohort for this release. CHANGELOG
    date updated to 2026-04-23.
  • Python: Flaky test report (#5342)
    * Add flaky test trend reporting to CI workflows
    
    Parse JUnit XML (pytest.xml) from each integration test job and
    aggregate results into a markdown trend report showing per-test
    pass/fail/skip status across the last 5 runs.
    
    Changes:
    - Add python/scripts/flaky_report/ package (JUnit XML parser + trend
      report generator following the sample_validation pattern)
    - Add upload-artifact steps to all 6 integration test jobs in both
      python-merge-tests.yml and python-integration-tests.yml
    - Add python-flaky-test-report aggregation job with history caching
    - Add --junitxml=pytest.xml to integration-tests.yml jobs (already
      present in merge-tests.yml)
    - Fix Cosmos job --junitxml path (use absolute path since uv run
      --directory changes cwd)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix flaky report: handle missing test results gracefully
    
    - Guard against missing reports directory in load_current_run()
    - Only run report job when at least one integration test job completed
      (skip when all jobs are skipped, e.g. on pull_request events)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: fix provider names and if-expression precedence
    
    - Use explicit provider name mapping in _derive_provider() so OpenAI
      renders correctly instead of 'Openai'
    - Fix operator precedence in workflow if-expressions by wrapping
      success/failure checks in parentheses
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add File column and xfail detection to flaky test report
    
    - Add File column showing module name (e.g., test_openai_chat_client)
      to disambiguate tests with the same function name across files
    - Detect pytest xfail tests in JUnit XML (type=pytest.xfail) and
      show them with a distinct warning emoji instead of skip emoji
    - Update legend to include xfail explanation
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add Foundry embedding env vars to merge-tests workflow
    
    Sync the Foundry integration job in python-merge-tests.yml with
    python-integration-tests.yml by adding FOUNDRY_MODELS_ENDPOINT,
    FOUNDRY_MODELS_API_KEY, FOUNDRY_EMBEDDING_MODEL, and
    FOUNDRY_IMAGE_EMBEDDING_MODEL. Once the repo variables/secrets
    are configured, the embedding integration test will run in CI.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix File column showing class name instead of module name
    
    When a test is inside a class, pytest writes the classname as e.g.
    'pkg.test_file.TestClass'. The previous rsplit logic extracted
    'TestClass' instead of 'test_file'. Now detect uppercase-starting
    segments as class names and use the preceding segment instead.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: UTC timestamps, XML error handling, summary fix, docstring
    
    - Use datetime.now(timezone.utc) for accurate UTC timestamps
    - Catch ET.ParseError per-file so corrupt XML doesn't crash the report
    - Remove separate 'error' key from summary (errors folded into 'failed')
    - Fix _short_name docstring to show actual dotted classname::name format
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Pass client thread_id as session_id when constructing AgentSession in AG-UI (#5384)
    * Pass thread_id as session_id when constructing AgentSession in AG-UI
    
    run_agent_stream() was constructing AgentSession without passing the
    client's thread_id as session_id, causing every request to receive a
    random UUID. This broke session continuity for HistoryProvider
    implementations that rely on session_id matching the client's thread_id.
    
    Pass session_id=thread_id in both the service-session and non-service
    code paths so the session identity is consistent with the AG-UI client.
    
    Fixes #5357
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for service_session with no thread_id edge case (#5357)
    
    When use_service_session=True but no thread_id/threadId is in the payload,
    verify session_id is a generated UUID and service_session_id is None.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Propagate thread_id and forwarded_props through AG-UI to A2A context_id (#5383)
    * Propagate session.service_session_id as A2A context_id
    
    When A2AAgent is used behind the AG-UI protocol, the client thread_id is
    stored in session.service_session_id but was never forwarded as the A2A
    context_id. This broke session continuity across the AG-UI → A2A boundary.
    
    Add an optional context_id keyword argument to _prepare_message_for_a2a()
    and pass session.service_session_id from run(). The explicit
    message.additional_properties["context_id"] still takes precedence.
    
    Fixes #5345
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add integration tests for session context_id wiring in run() (#5345)
    
    - Enhance MockA2AClient.send_message to capture last_message for assertions
    - Add test_run_passes_session_service_session_id_as_context_id: verifies
      run() passes session.service_session_id through to A2A message context_id
    - Add test_run_message_context_id_takes_precedence_over_session: verifies
      explicit message context_id wins over session fallback
    - Update _prepare_message_for_a2a docstring to document context_id param
      and its precedence rules
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5345: Python: [Bug]: Inconvenient passing of context_id / thread_id in A2A/AG-UI implementations
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: fix(foundry): reconcile toolbox hosted-tool payloads with Responses API (#5414)
    * fix(foundry): reconcile toolbox hosted-tool payloads with Responses API
    
    * docs(foundry): update create_sample_toolbox docstring to reflect all tools created
  • Python: Fix OpenAI Responses streaming to propagate created_at from final response.completed event (#5382)
    * Fix streaming response losing created_at from response.completed event (#5347)
    
    The streaming path in _parse_chunk_from_openai did not extract created_at
    from the response.completed event, unlike the non-streaming path in
    _parse_responses_response. This caused durabletask persistence warnings
    when created_at was None.
    
    Extract created_at in the response.completed case and pass it to the
    returned ChatResponseUpdate.
    
    Also fix pre-existing pyright errors for optional orjson import in sample
    files.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix orjson import suppression to use pyright instead of mypy (#5347)
    
    Replace `# type: ignore[import-not-found]` with
    `# pyright: ignore[reportMissingImports]` on optional orjson imports
    in conversation sample files, matching the repo's Pyright strict
    configuration.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: fix: exclude null file_id from input_image payload to prevent 400 sch… (#5125)
    * fix: exclude null file_id from input_image payload to prevent 400 schema error (#5120)
    
    * test: add case for additional_properties present without file_id key
    
    ---------
    
    Co-authored-by: Sergey Borisov <sergey.borisov@dataimpact.io>
  • Python: Fix OpenAIEmbeddingClient to use AsyncOpenAI for /openai/v1 endpoints (#5137)
    * Fix OpenAIEmbeddingClient with /openai/v1 endpoint (#5068)
    
    When base_url ends with /openai/v1/ and a credential is provided,
    load_openai_service_settings was creating an AsyncAzureOpenAI client.
    The Azure SDK rewrites deployment-based endpoints (including /embeddings)
    by inserting /deployments/{model}/ into the URL, producing 404s on the
    OpenAI-compatible /openai/v1 endpoint.
    
    Use AsyncOpenAI instead of AsyncAzureOpenAI when the resolved base_url
    targets /openai/v1, converting the Azure token provider to an async
    api_key callable. The responses_mode path is unaffected because the
    Responses API (/responses) is not in the SDK's rewrite list.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix OpenAIEmbeddingClient to use AsyncOpenAI for /openai/v1 endpoints
    
    Fixes #5068
    
    * Address review feedback: improve test coverage and remove unrelated changes
    
    - Revert unrelated formatting change in test_a2a_agent.py
    - Fix test_init_with_openai_v1_base_url_and_api_key_uses_openai_client to
      exercise the Azure settings path (via AZURE_OPENAI_BASE_URL env var)
      instead of the plain OpenAI path, covering the elif api_key branch
    - Add _ensure_async_token_provider unit tests for both sync and async
      token providers
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5068: Python: [Bug]: `OpenAIEmbeddingClient` does not work with `/openai/v1` endpoint
    
    ---------
    
    Co-authored-by: MAF Dashboard Bot <maf-dashboard-bot@users.noreply.github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: feat(evals): add ground_truth support for similarity evaluator (#5234)
    * feat(evals): add ground_truth support for similarity evaluator
    
    - Include expected_output as ground_truth in Foundry JSONL dataset rows
    - Add ground_truth to item schema and data mapping for similarity evaluator
    - Add expected_output parameter to evaluate_workflow
    - Add similarity Pattern 3 to evaluate_agent and evaluate_workflow samples
    - Add tests for ground_truth in dataset, schema, and evaluate_workflow
    
    * Apply suggestions from code review
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * fix: wrap long line to satisfy ruff E501
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Add second approval-required tool (set_stop_loss) to concurrent_builder_tool_approval sample (#4875)
    * Add set_stop_loss tool to concurrent_builder_tool_approval sample
    
    Add a second approval-gated tool (set_stop_loss) to the concurrent workflow
    tool approval sample to demonstrate handling approval requests for different
    tools in the same concurrent workflow.
    
    Changes:
    - Add set_stop_loss(symbol, stop_price) with approval_mode='always_require'
    - Include new tool in both agents' tool lists
    - Update agent instructions and prompt to encourage stop-loss usage
    - Update docstring to reflect two approval-gated tools
    - Update sample output to show mixed approval requests
    
    Fixes #4874
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Print tool name and arguments in concurrent sample's process_event_stream (#4874)
    
    Align process_event_stream in concurrent_builder_tool_approval.py to print
    the tool name and arguments when collecting approval requests, matching the
    sample output comment and the sequential_builder_tool_approval.py pattern.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add None-guard for function_call access in tool approval sample (#4874)
    
    Add explicit None-checks before accessing function_call.name and
    function_call.arguments in concurrent_builder_tool_approval.py. The
    function_call field is typed Content | None, so direct attribute access
    without a guard could raise AttributeError and required type: ignore
    comments. The None-guard is consistent with the pattern used in
    _agent_run.py and removes the suppression comments.
    
    Also add a regression test verifying that function_call defaults to None
    and that the None-guard pattern is safe.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply same function_call None-guard to sibling tool-approval samples (#4874)
    
    Apply the same fix to sequential_builder_tool_approval.py and
    group_chat_builder_tool_approval.py, which had the identical pattern
    of accessing function_call.name/arguments without a None-guard.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Bump versions for a release. Update CHANGELOG (#5385)
    * Bump versions for a release. Update CHANGELOG
    
    * Bump devui
  • Python: Foundry hosted agent V2 (#5379)
    * Python: Wrapper + Samples 1st (#5177)
    
    * Experiment
    
    * Update dependency and add non streaming
    
    * Add more samples
    
    * Rename samples
    
    * Add invocations
    
    * Comments 1
    
    * Comments 2
    
    * Comments 3
    
    * Improve README
    
    * Add local shell sample
    
    * WIP: Add eval and memory samples
    
    * Update user agent prefix
    
    * Update user agent prefix doc
    
    * Update dependency (#5215)
    
    * Add tests and more content types (#5235)
    
    * Add tests
    
    * fix tests and sample
    
    * Fix formatting
    
    * Remove function approval contents
    
    * Python: Refine samples and upgrade packages (#5261)
    
    * Refine samples and upgrade pacakges
    
    * Upgrade to a new package that fixes a bug
    
    * Update model env var
    
    * Move samples (#5281)
    
    * Python: Upgrade agentserver packages (#5284)
    
    * Upgrade agentserver packages
    
    * Fix new types
    
    * Python: Add special handling for workflows (#5298)
    
    * Add special handling for workflows
    
    * Address comments
    
    * Improve samples (#5372)
    
    * Python: Add more types (#5378)
    
    * Add more type supports
    
    * Upgrade packages
    
    * Remove TODOs in README
    
    * Fix README
    
    * Comments and mypy
    
    * User agent scoped
    
    * Fix README
    
    * Fix pre commit
    
    * Fix pre commit 2
    
    * Fix pre commit 3
    
    * Fix pre commit 4
    
    * Fix pre commit 5
    
    * Fix pre commit 6
    
    * Add azure-monitor-opentelemetry to dev deps
    
    Fixes Samples & Markdown CI failure. The PR's new transitive dep on
    azure-monitor-opentelemetry-exporter (via azure-ai-agentserver-core) makes
    pyright resolve the azure.monitor.opentelemetry namespace, flipping the
    check_md_code_blocks diagnostic for `configure_azure_monitor` from
    reportMissingImports (filtered) to reportAttributeAccessIssue (not filtered).
    Installing the umbrella azure-monitor-opentelemetry package in dev makes
    pyright resolve the symbol correctly, matching the install guidance the
    observability README already gives users.
    
    ---------
    
    Co-authored-by: Evan Mattson <evan.mattson@microsoft.com>
  • Python: Expose forwardedProps to agents and tools via session metadata (#5264)
    * Expose forwarded_props to agents and tools via session metadata (#5239)
    
    Include forwarded_props from AG-UI request input_data in session.metadata
    (agent runner) and function_invocation_kwargs (workflow runner) so that
    agents, tools, and workflow executors can access request-level metadata
    such as invocation source flags from CopilotKit.
    
    - Add forwarded_props to base_metadata in _agent_run.py when present
    - Add 'forwarded_props' to AG_UI_INTERNAL_METADATA_KEYS to filter it
      from LLM-bound client metadata
    - Extract forwarded_props in _workflow_run.py and pass via
      function_invocation_kwargs to workflow.run()
    - Accept both snake_case and camelCase keys (forwarded_props/forwardedProps)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix(ag-ui): pass stream=True as literal to satisfy pyright overload resolution (#5239)
    
    The previous fix passed stream=True via **kwargs dict, which prevented
    pyright from resolving the Workflow.run() overload to the streaming
    variant. Pass stream=True as an explicit keyword argument so pyright
    can correctly infer the ResponseStream return type.
    
    Also remove unused pytest import in test file.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: address PR review feedback for forwarded_props (#5239)
    
    - Use key-presence checks instead of truthiness for forwarded_props so
      empty dict {} is forwarded correctly
    - Gate function_invocation_kwargs on workflow.run() signature inspection
      to avoid TypeError for workflows without **kwargs
    - Change _build_safe_metadata to drop (with warning) keys whose
      serialized values exceed 512 chars instead of truncating into invalid
      JSON
    - Rewrite metadata tests to exercise _build_safe_metadata directly with
      JSON-decodability and truncation assertions
    - Add workflow tests for empty dict forwarded_props, stream=True
      assertion, and signature-gated kwarg dropping
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * test: add stream=True assertions to CapturingWorkflow tests (#5239)
    
    Guard against accidental removal of the explicit stream=True kwarg
    in all forwarded_props CapturingWorkflow test cases.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5239: Python: Expose forwardedProps to agents and tools via session metadata
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add support for Foundry Toolboxes (#5346)
    * Add support for the Foundry Toolbox in MAF
    
    Introduces a Foundry Toolbox integration: FoundryChatClient gains a
    get_toolbox() helper plus select_toolbox_tools(), normalize_tools in
    the core package flattens tool-collection wrappers (ToolboxVersionObject
    and generic iterables, while leaving Pydantic BaseModel instances
    alone), and the new agent_framework.foundry namespace re-exports the
    toolbox helpers. Ships with unit tests, a sample, and a design doc.
    
    azure-ai-projects is pinned to the public >=2.0.0,<3.0 range and the
    lockfile resolves from public PyPI. The toolbox test module skips when
    Toolbox* types are unavailable so CI stays green until the public 2.1.0
    SDK lands. OMC tooling directories (.omc/, .omx/) are gitignored.
    
    * Update to latest azure ai projects package
    
    * Improve sample
    
    * Rename ADR to 0025
    
    * Update ADR
    
    * Apply suggestion from @alliscode
    
    Co-authored-by: Ben Thomas <ben.thomas@microsoft.com>
    
    * Improve samples
    
    * Update test
    
    ---------
    
    Co-authored-by: Ben Thomas <ben.thomas@microsoft.com>
  • Python: Add search tool content for OpenAI responses (#5302)
    * Add OpenAI search tool content parsing
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix typing
    
    * simplified oai image test
    
    * same for azure
    
    * skip az responses api test
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Flatten hyperlight execute_code output (#5333)
    * small fix for hyperlight
    
    * improved sandbox dependency
  • Python: Fix CopilotStudioAgent to reuse conversation ID from existing session (#5299)
    * Fix CopilotStudioAgent to reuse existing conversation on session (#5285)
    
    CopilotStudioAgent unconditionally called _start_new_conversation() in both
    _run_impl and _run_stream_impl, ignoring any existing service_session_id on
    the session. Add a guard to only start a new conversation when there is no
    existing service_session_id, matching the pattern used by other agents.
    
    Also fix pre-existing pyright reportMissingImports errors for orjson in
    file_history_provider samples.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert out-of-scope sample file changes
    
    Remove unrelated orjson type-ignore comment changes from sample files
    that were outside the scope of the conversation-ID reuse fix.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add Hyperlight CodeAct package and docs (#5185)
    * initial work on code_mode
    
    * updated samples
    
    * updates to codeact
    
    * udpated codeact
    
    * Draft CodeAct ADR and sample updates
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * initial implementation and adr and feature
    
    * Python: Limit Hyperlight wasm backend to Python <3.14
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix CI for Hyperlight CodeAct PR
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Run Hyperlight integration when available
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Address Hyperlight review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Simplify Hyperlight file mount inputs
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Accept Path host paths in Hyperlight mounts
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix Hyperlight mount typing for CI
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * temp run integration test
    
    * Python: Strengthen Hyperlight real sandbox tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * added additional tests
    
    * Python: Simplify Hyperlight CodeAct API
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * set tests as non-integration
    
    * Retry Hyperlight allowed-domain registration
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Gate Hyperlight integration tests by runtime support
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Hyperlight skip test on Python 3.14
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Delay Hyperlight runtime probe until test execution
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Relax Hyperlight Windows integration stdout assertion
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Scan Hyperlight output directory for artifacts
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Retry Hyperlight output artifact collection
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Harden Hyperlight integration output assertions
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Retry Hyperlight read-back check in integration test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Simplify Hyperlight integration write assertion
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Avoid pathlib in Hyperlight integration sandbox
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use socket network check in Hyperlight sandbox
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Replace blocked Azure AI Search blog link
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Clarify Hyperlight guest stdlib limits
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use _socket in Hyperlight integration sandbox
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Handle Hyperlight mounted file paths
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Broaden Hyperlight sandbox path fallbacks
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Search Hyperlight guest mounts recursively
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Split Hyperlight mount coverage
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Split Hyperlight live network tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix Hyperlight file-write test on Windows
    
    Enable the sandbox filesystem by providing a workspace_root so
    /output is mounted. Remove os.path.exists assertion (unsupported
    in WASM guest) and fix Content data assertion to use .uri.
    Skip the network integration test on Windows where the WASM
    sandbox lacks the encodings.idna codec.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: ADR intro, manual wiring sample, doc clarifications
    
    - Add CodeAct introduction section to ADR for unfamiliar readers
    - Clarify 'less runtime efficient' con with specific overhead description
    - Add note in Python impl doc clarifying ADR vs impl doc split
    - Explain why before_run hooks must be per-run (CRUD, concurrency, approval)
    - Rename code_interpreter variable to codeact in E2E sample
    - Add manual static wiring sample (codeact_manual_wiring.py)
    - Add 'when to use which pattern' guidance to samples README
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR #5185 review comments and add .NET CodeAct design doc
    
    - Fix async callback: _make_sandbox_callback returns sync wrapper with
      thread + asyncio.run() bridge (was broken with real Wasm FFI)
    - Fix stale output: clear output_dir before each sandbox.run() call
    - Fix blocking event loop: _run_code now async with asyncio.to_thread()
    - Revert _agents.py options['tools'] injection (unnecessary; provider
      uses context.extend_tools())
    - Revert SessionContext.options docstring back to read-only
    - Add real-sandbox test fixtures (shared/restored/fresh)
    - Add 8 new real-sandbox tests for callback round-trip, stale output,
      event loop non-blocking, basic execution, stdout/stderr, errors,
      snapshot/restore, and tool registration
    - Add comprehensive .NET HyperlightCodeActProvider design document
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update hyperlight README with code snippets and remove Public API section
    
    Replace bare export list with Quick Start code examples covering the
    context provider, standalone tool, manual static wiring, and file
    mounts / network access patterns.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Feat: Add finish_reason support to AgentResponse and AgentResponseUpdate (#5211)
    * feat: add finish_reason support to AgentResponse and AgentResponseUpdate
    
    Add finish_reason field to AgentResponse and AgentResponseUpdate classes,
    propagate it through _process_update() and map_chat_to_agent_update(),
    and add comprehensive unit tests.
    
    Fixes #4622
    
    * feat: add finish_reason to AgentResponse and AgentResponseUpdate
    
    * style: add copyright header to test_finish_reason.py
    
    * docs: add finish_reason to AgentResponse and AgentResponseUpdate docstrings
    
    * refactor: move finish_reason tests into test_types.py per review feedback
    
    Move all finish_reason test cases from the separate test_finish_reason.py
    file into test_types.py as requested by eavanvalkenburg. Tests are placed
    in a new '# region finish_reason' section at the end of the file.
    
    * fix: use model instead of model_id in _process_update
    
    Address PR review feedback from @eavanvalkenburg — ChatResponse and
    ChatResponseUpdate both use 'model', not 'model_id'.
    
    * fix: resolve SIM102 lint error in _process_update
    
    Combine nested if statements for AgentResponse finish_reason check
    to satisfy ruff SIM102 rule, with line wrapping to stay under 120 chars.
    
    * fix: resolve pyright reportArgumentType in map_chat_to_agent_update
    
    Add type: ignore[arg-type] for FinishReason NewType widening when
    passing ChatResponseUpdate.finish_reason to AgentResponseUpdate.
    Matches existing patterns in the codebase (40+ similar ignores).
  • Python: Fix Gemini client support for Gemini API and Vertex AI (#5258)
    * Add Gemini and Vertex AI client support
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address Gemini PR review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * removed sample run readme part
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: Handle url_citation annotations in FoundryChatClient streaming responses (#5071)
    * Fix url_citation annotations dropped in streaming (#5029)
    
    Add url_citation branch to the streaming annotation handler in
    _parse_chunk_from_openai, mirroring the existing non-streaming path.
    The handler creates an Annotation with type='citation', title, url,
    and annotated_regions (TextSpanRegion), wrapped in Content.from_text.
    
    Update test_streaming_annotation_added_with_unknown_type to use a
    truly unknown type, and add new tests for url_citation (with and
    without url).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5029: Python: [Bug]: url_citation annotations silently dropped in Foundry streaming (SharePoint grounding citations lost)
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Add AgentExecutorResponse.with_text() to preserve conversation history through custom executors (#5255)
    Fixes #5246
    
    When a custom @executor transforms agent output and sends a plain str,
    the downstream AgentExecutor.from_str handler loses the full conversation
    context. This adds a with_text() helper that creates a new
    AgentExecutorResponse with replaced text while preserving the prior
    conversation chain, so AgentExecutor.from_response is invoked instead.
    
    - Add with_text(text) method to AgentExecutorResponse dataclass
    - Add 3 regression tests in test_full_conversation.py
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: Add OpenAI types to default checkpoint encoding allow list (#5297)
    * Add OpenAI types to default checkpoint encoding allow list
    
    * Address comments
  • Python: Add context_providers and description to workflow.as_agent() (#4651)
    * Add context_providers and description to `workflow.as_agent()`
    
    * Add default workflow name and description
    
    * Positional
    
    * Move import
    
    ---------
    
    Co-authored-by: Tao Chen <taochen@microsoft.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Revert to public MCP server and skip on transient upstream errors (#5296)
    The local MCP server can't be used for hosted tools tests because
    Anthropic's backend needs to reach the MCP URL from their infrastructure
    (not localhost on the CI runner). Revert to learn.microsoft.com/api/mcp
    but catch BadRequestError, InternalServerError, APIConnectionError, and
    APITimeoutError and pytest.skip so upstream outages don't block the
    merge queue.
  • Python: improve misc-integration test robustness (#5295)
    * Python: use local MCP server for hosted tools test and broaden image assertion
    
    The hosted tools integration test was hitting rate limits on the external
    learn.microsoft.com MCP server, causing persistent failures that retries
    couldn't recover from. Switch to the local MCP server already spun up in
    CI via LOCAL_MCP_URL, skipping when the env var isn't set.
    
    Also broaden the image description assertion to accept common synonyms
    (cottage, mansion, villa, etc.) instead of just "house", since the model
    legitimately uses varied vocabulary for the same image.
    
    * Address review feedback: validate LOCAL_MCP_URL scheme and use word boundaries
    
    - Skip hosted tools test when LOCAL_MCP_URL lacks http/https scheme,
      matching the pattern used in test_mcp.py.
    - Use regex word boundaries for image assertion to avoid false matches
      like "villain" matching "villa".
  • Python: add experimental file history provider (#5248)
    * add experimental file history provider
    
    * Improve file history provider writes
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * typo
    
    * cleanup
    
    * cleanup
    
    * fix in readme
    
    * added security messages
    
    * Refine file history provider locking
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * added additional sample
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Bump agent-framework-devui to 1.0.0b260414 for release (#5259)
    Update devui version and changelog for the streaming memory fix release.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix reasoning replay when store=False (#5250)
    * fix reasoning content when store=False
    
    * Remove accidental worktree entries
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * remove local session sample
    
    * removed left over files
    
    * Add attribution override regression test
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add GeminiChatClient (#4847)
    * Add agent-framework-gemini package
    
    * Add AGENTS.md documentation
    
    * Add LICENSE file
    
    * Add README.md for agent-framework-gemini package
    
    * Add Google Gemini API keys to .env.example
    
    * Add Google Gemini chat client implementation
    
    * Add tests for GeminiChatClient
    
    * Add Google Gemini agent examples
    
    * Fix client inheritence order
    
    * Update Gemini agent examples
    
    * Update documentation
    
    * Update AGENTS.md
    
    * Add tests for JSON string handling in GeminiChatClient
    
    * Add final response assembly test in GeminiChatClient
    
    * Add tests for handling empty candidates in GeminiChatClient
    
    * Improve Pydantic response handling in GeminiChatClient
    
    * Add tests for function result resolution and callable tool normalization
    
    * Add test for function result resolution when call_id is generated
    
    * Refactor GeminiChatClient to correct inheritance order
    
    Also updates constructor parameter order for environment file handling
    
    * Enhance documentation and clarify Gemini-specific fields
    
    * Update ThinkingConfig with new attributes and type
    
    * Add tests for GoogleSearch and GoogleMaps configs
    
    * Suppress valid-type mypy error on GeminiChatOptionsT
    
    * Move service_url method near overrides
    
    * Order _prepare_config kwargs by base then Gemini-specific
    
    * Use FunctionCallingConfigMode for clarity and type safety
    
    * Fix code_execution doc
    
    * Add agent-framework-gemini to project dependencies
    
    * Remove package from core dependencies
    
    Initial release will be done without agent-framework-gemini in
    core[all].
    
    * Move integration tests into one file
    
    * Remove __init__.py file from gemini tests directory
    
    * Introduce RawGeminiChatClient as lightweight chat client
    
    Updated GeminiChatClient to inherit from RawGeminiChatClient, maintaining full functionality with added features.
    
    * Updated variable names from `model_id` to `model`
    
    Across the codebase, including environment variables and client initialization. Adjusted related tests and sample scripts to reflect this change, ensuring consistency in the usage of the Gemini model identifier.
    
    * Update AGENTS.md
    
    * Update Gemini package to alpha status
    
    * Fix docstrings in Gemini tests
    
    * Change 'model_id' to 'model' in response handling
    
    * Fix model property change in response handling
    
    * Add built-in tool factory methods to Gemini client
    
    Replaces boolean tool options (code_execution, google_search_grounding,
    google_maps_grounding) with static factory methods that return types.Tool
    objects: get_code_interpreter_tool, get_web_search_tool, get_mcp_tool,
    get_file_search_tool, and get_maps_grounding_tool.
    
    Simplifies _prepare_tools to a single translation boundary between
    FunctionTool (framework) and FunctionDeclaration (Gemini API), with
    types.Tool objects passed through unchanged.
    
    * Surface code execution parts
    
    _parse_parts now maps executable_code and code_execution_result
    parts to text Content objects so callers can see the code run
    and its output. Unknown part types log at debug level rather than
    being silently dropped.
    
    * Update Gemini client documentation
    
    * Unify Gemini model name
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    * Update Agent Framework core version
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    * Add Python 3.14 in classifiers
    
    * Replace kwargs with parameters in tool factories
    
    * Refactor chat options handling in Gemini client
    
    * Add tests for handling unknown and consumed keys
    
    * Update Gemini documentation
    
    Now reflects new options and built-in tool factory methods
    
    * Change build system to flit
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
    
    * Fix build system in pyproject.toml
    
    * Fix type checking for generate_content_stream
    
    ---------
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: Skip get_final_response in OTel _finalize_stream when stream errored (#5232)
    * Python: Skip get_final_response in OTel _finalize_stream when stream errored
    
    When a streaming error occurs, _finalize_stream (a cleanup hook registered by
    AgentTelemetryLayer) was unconditionally calling get_final_response(), which
    triggers all registered result hooks including after_run context providers.
    This caused providers to fire incorrectly on error paths.
    
    Guard against this by checking result_stream._consumed: True only after
    StopAsyncIteration (normal completion), False when an exception was raised.
    The fix applies to both the chat client and agent telemetry layers.
    
    Closes #5231
    
    * Python: Expose consumed/stream_error on ResponseStream and capture error in OTel span
    
    Address Copilot review feedback on #5232:
    
    - Add `_stream_error: Exception | None` to ResponseStream, set in __anext__'s
      except branch so cleanup hooks can inspect the failure.
    - Expose public `consumed` and `stream_error` properties to avoid coupling
      observability.py to private stream internals.
    - Update both _finalize_stream closures (chat and agent layers) to use the
      public properties and call capture_exception() with the stream error before
      returning early, ensuring the OTel span records the failure rather than
      closing silently.
    
    * Python: Address Copilot review feedback on stream error handling
    
    - Use stream_error is not None as the guard in _finalize_stream instead of
      not consumed, so the early-return path is keyed precisely to actual errors
      rather than any non-normal completion state.
    - Clear _stream_error after _run_cleanup_hooks() completes to avoid retaining
      the exception traceback (and any large object graphs it references) on the
      stream instance beyond the cleanup phase.
    
    * Python: Remove consumed/stream_error properties, use private attrs directly
    
    Per review feedback: since observability.py and _types.py are in the same
    package, accessing _stream_error directly is fine and the public properties
    are unnecessary.
    
    * Python: Fix Pyright reportPrivateUsage via inline ignore comments
    
    Keep _stream_error private (consistent with rest of ResponseStream), and
    suppress reportPrivateUsage at the call sites in observability.py with
    inline pyright: ignore comments — access is intentional within the package.
  • Python: Fix DevUI streaming memory growth and add cross-platform regression coverage (#5221)
    * fix for memory leak in devui
    
    * update async sleep
    
    * remove old func
  • Python: Move InMemory history provider injection to the first invocation (#5236)
    * Move InMemory history provider injection to the first invocation
    
    * Add tests
  • Python: AG-UI deterministic state updates from tool results (#5201)
    * AG-UI deterministic state updates from tool results
    
    * fix(ag-ui): address PR #5201 review comments
    
    1. Add missing AGUIEventConverter, AGUIHttpService, __version__ to
       _IMPORTS in core ag_ui lazy-export list to match the .pyi stub.
    
    2. Coalesce predictive and deterministic state snapshots into a single
       StateSnapshotEvent when both mechanisms are active on the same tool
       result, reducing redundant snapshot traffic.
    
    3. Update state_update() docstring to clarify that a predictive snapshot
       may be emitted before the deterministic one when predict_state_config
       is active.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix HandoffBuilder dropping function-level middleware when cloning agents (#5220)
    * Fix HandoffBuilder dropping function-level middleware when cloning agents (#5173)
    
    _clone_chat_agent() was using agent.agent_middleware (agent-level only)
    instead of agent.middleware (all types), which silently dropped any
    function middleware registered on the original agent.
    
    Changed to use agent.middleware to preserve all middleware types
    (agent, function, and chat) during cloning.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix HandoffBuilder dropping function-level middleware when cloning agents
    
    Fixes #5173
    
    * Fix false-positive middleware regression test (#5173)
    
    The test used isinstance(m, FunctionMiddleware) which matched
    _AutoHandoffMiddleware (always appended during build) instead of the
    user's @function_middleware decorator. Assert directly that
    tracking_middleware is present in the cloned agent's middleware list.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #5173: Python: [Bug]: HandoffBuilder drops function-level middleware when cloning agents
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add allowed_checkpoint_types support to CosmosCheckpointStorage for parity with FileCheckpointStorage (#5202)
    * Python: Add allowed_checkpoint_types support to CosmosCheckpointStorage (#5200)
    
    Add allowed_checkpoint_types parameter to CosmosCheckpointStorage for
    parity with FileCheckpointStorage. This ensures both providers use the
    same restricted pickle deserialization by default.
    
    Changes:
    - Accept allowed_checkpoint_types kwarg in __init__, stored as frozenset
    - Convert _document_to_checkpoint from @staticmethod to instance method
    - Forward allowed_types to decode_checkpoint_value on all load paths
    - Update class docstring to describe the new parameter
    - Add tests covering built-in safe types, app type opt-in/blocking,
      and all load paths (load, list_checkpoints, get_latest)
    - Add changelog entry noting the breaking behavior change
    
    BREAKING CHANGE: CosmosCheckpointStorage now uses restricted pickle
    deserialization by default. Checkpoints containing application-defined
    types will require passing those types via allowed_checkpoint_types.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Add `allowed_checkpoint_types` support to `CosmosCheckpointStorage` for parity with `FileCheckpointStorage`
    
    Fixes #5200
    
    * Address PR review: add pickle security warning and fix docstring examples
    
    - Reintroduce explicit security warning about pickle deserialization risks
    - Convert Example:: block to .. code-block:: python with imports for
      consistency with other docstring examples
    - Note: PR title should be updated to include [BREAKING] prefix per
      changelog convention (comment #3, requires GitHub UI change)
    
    Fixes #5200
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: skill name validation improvements (#4530)
    * Initial plan
    
    * Port .NET validation improvements to Python skills: reject consecutive hyphens and enforce directory name match
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Fix E501 lint error: split long error message string in _validate_skill_metadata
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
  • Python: Fix python-feature-lifecycle skill YAML frontmatter (#5226)
    * Fix python-feature-lifecycle skill YAML frontmatter
    
    Remove copyright comment that preceded the YAML frontmatter delimiter,
    which prevented the skill from loading. The --- block must be the very
    first line of SKILL.md.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: update broken eslint-react plugin links in devui README
    
    The upstream eslint-react repo moved plugins from packages/plugins/
    to the top-level plugins/ directory, causing 404 errors detected by
    linkspector CI.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Bump Python version to 1.0.1 for a release (#5196)
    * Bump Python version to 1.1.0 for a release
    
    * Fix changelog
    
    * 1.0.1 instead of 1.1.0
    
    * Update CHANGELOG.md
    
    * update version and changelog
    
    * Bump lower bounds
  • Python: Migrate GitHub Copilot package to SDK 0.2.x (#5107)
    * Python: Migrate GitHub Copilot package to SDK 0.2.x
    
    Replace all imports from the non-existent copilot.types module with
    correct SDK 0.2.x module paths (copilot.session, copilot.client,
    copilot.tools, copilot.generated.session_events). Fix PermissionRequest
    attribute access from dict-style .get() to dataclass attribute access.
    Add OTel telemetry support to Copilot samples via configure_otel_providers
    and document new telemetry environment variables in samples README.
    
    * Python: Fix remaining copilot.types import in sample validation script
    
    * Python: Include model in default_options for telemetry span attributes
    
    * Python: Address review feedback on log_level and session kwargs typing
    
    * Python: Scope PR to SDK 0.2.x migration only, remove net-new OTel features
    
    - Remove RawGitHubCopilotAgent split and AgentTelemetryLayer inheritance
    - Remove TelemetryConfig plumbing and OTLP/file telemetry settings
    - Remove configure_otel_providers() calls from samples
    - Remove telemetry env var rows from samples README
    - Retain only: import path fixes, PermissionRequest attribute access fix,
      log_level default fix, session kwargs typed fix, dependency pin
    
    * Python: Update tests for SDK 0.2.x API changes
    
    - SubprocessConfig replaces CopilotClientOptions dict
    - create_session and resume_session now use keyword args
    - send and send_and_wait take plain string prompt instead of MessageOptions
    - on_permission_request is always required; deny-all fallback replaces omission
    
    * Python: Pin github-copilot-sdk to >=0.2.0,<=0.2.0
    
    Tighten the upper bound from <0.3.0 to <=0.2.0 to avoid pulling in 0.2.1+
    which has breaking API changes relative to 0.2.0. The lower bound stays at
    >=0.2.0 since this migration requires the 0.2.x import paths; 0.1.x would
    fail at import time.
    
    * Python: Pin github-copilot-sdk to >=0.2.1,<=0.2.1
    
    ---------
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Bump mcp[ws] from 1.26.0 to 1.27.0 in /python (#5119)
    Bumps [mcp[ws]](https://github.com/modelcontextprotocol/python-sdk) from 1.26.0 to 1.27.0.
    - [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
    - [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
    - [Commits](https://github.com/modelcontextprotocol/python-sdk/compare/v1.26.0...v1.27.0)
    
    ---
    updated-dependencies:
    - dependency-name: mcp[ws]
      dependency-version: 1.27.0
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump cryptography from 46.0.6 to 46.0.7 in /python (#5176)
    Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.
    - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
    - [Commits](https://github.com/pyca/cryptography/compare/46.0.6...46.0.7)
    
    ---
    updated-dependencies:
    - dependency-name: cryptography
      dependency-version: 46.0.7
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>