Commit Graph

1982 Commits

  • Python: Remove bad dependency (#4696)
    * Remove bad dependency in requirements
    
    * Remove bad dependency in requirements.txt
  • Python: normalize empty MCP tool output to null (#4683)
    * Python: normalize empty MCP tool output to null
    
    * Python: hardcode null for empty MCP output
  • .NET: [Durable Agents] Filter empty AIContent from durable agent state responses (#4670)
    * Filter empty AIContent from durable agent state responses
    
    Prevent opaque AIContent objects (e.g., with only RawRepresentation set)
    from being stored in durable entity state, where they serialize to empty
    JSON payloads. Base AIContent instances are kept only if they have
    Annotations or AdditionalProperties.
    
    Fixes https://github.com/microsoft/agent-framework/issues/4481
    
    * Update CHANGELOG.md and fix linter violation
  • Python: chore(python): improve dependency range automation (#4343)
    * chore(python): improve dependency range automation
    
    - tighten dependency bounds and coding standards guidance\n- add dependency range validation workflow, reporting, and issue automation\n- update related tests and dependency pins for compatibility
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated text and pyarrow
    
    * new lock
    
    * fixed workflow
    
    * updated deps
    
    * fix tiktoken
    
    * chore(python): refine dependency validation workflows
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * docs(python): add high-level dependency validation comments
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * WIP
    
    * added additional comments and excludes
    
    * added dev dependency handling and workflow and updates to package ranges
    
    * added readme and simplified commands
    
    * fix markers
    
    * chore(python): address dependency review feedback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Tighten dependency bounds, remove stale overrides, restore Python 3.10 support
    
    - Apply dependency bound policy across all packages: stable >=1.0 deps use
      >=floor,<next_major; pre-1.0/prerelease deps use validated hard-bounded ranges
    - Remove stale root tool.uv.override-dependencies (uvicorn, websockets, grpcio)
    - Lower github_copilot requires-python to >=3.10 with github-copilot-sdk gated
      behind python_version >= 3.11 marker; import raises ImportError on 3.10
    - Skip github_copilot pyright/mypy/test tasks on Python <3.11
    - Use version-conditional pyrightconfig for samples on Python 3.10
    - Add compatibility fix in core responses client for older openai typed dicts
    - Normalize uv.lock prerelease mode and refresh dev dependencies
    - Update CODING_STANDARD.md, DEV_SETUP.md, and package management skill docs
    
    Closes #902
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * small tweaks
    
    * add note in workflow
    
    * fix workflows and several versions
    
    * fix duplicate
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix hosted agent samples Docker build failures due to experimental API warnings (#4641)
    Add #pragma warning disable directives to suppress experimental API
    diagnostics that cause build errors in Docker isolation (where repo-level
    Directory.Build.props is not inherited):
    
    - AgentWithHostedMCP: suppress MEAI001 (HostedMcpServerTool) and OPENAI001
      (GetResponsesClient)
    - FoundrySingleAgent: suppress CA2252 (AIProjectClient preview features)
    - FoundryMultiAgent: suppress CA2252 (AIProjectClient preview features)
    
    Fixes #4365
  • [BREAKING] Python: clean up kwargs across agents, chat clients, tools, and sessions (#4581)
    * Python: clean up kwargs across agents, chat clients, tools, and sessions (#3642)
    
    Audit and refactor public **kwargs usage across core agents, chat clients,
    tools, sessions, and provider packages per the migration strategy codified
    in CODING_STANDARD.md.
    
    Key changes:
    - Add explicit runtime buckets: function_invocation_kwargs and client_kwargs
      on RawAgent.run() and chat client get_response() layers.
    - Refactor FunctionTool to prefer explicit ctx: FunctionInvocationContext
      injection; legacy **kwargs tools still work via _forward_runtime_kwargs.
    - Refactor Agent.as_tool() to use direct JSON schema, always-streaming
      wrapper, approval_mode parameter, and UserInputRequiredException
      propagation (integrates PR #4568 behavior).
    - Remove implicit session bleeding into FunctionInvocationContext; tools
      that need a session must receive it via function_invocation_kwargs.
    - Lower chat-client layers after FunctionInvocationLayer accept only
      compatibility **kwargs (client_kwargs flattened, function_invocation_kwargs
      ignored).
    - Add layered docstring composition from Raw... implementations via
      _docstrings.py helper.
    - Clean up provider constructors to use explicit additional_properties.
    - Deprecation warnings on legacy direct kwargs paths.
    - Update samples, tests, and typing across all 23 packages.
    
    Resolves #3642
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * clarified docstring
    
    * feedback fixes
    
    * Add unit tests for _docstrings.py build/apply helpers
    
    Tests cover: no docstring source, no extra kwargs, appending to existing
    Keyword Args section, inserting after Args, inserting in plain docstrings,
    multiline descriptions, ordering, and apply_layered_docstring.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for propagate_session TypeError on non-AgentSession values
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for multi-content and empty UserInputRequiredException propagation
    
    Cover the branching logic in _try_execute_function_calls for:
    - Multiple user_input_request items in a single exception (extra_user_input_contents path)
    - Empty contents list (fallback function_result path)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add tests for DurableAIAgent.get_session forwarding service_session_id
    
    Verifies get_session correctly forwards service_session_id and session_id
    to the executor's get_new_session, replacing the removed kwargs test.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Simplify ag-ui test stub to read session from client_kwargs only
    
    Remove dual-mode detection (client_kwargs vs raw kwargs fallback) from
    the test mock. Session is now read exclusively from client_kwargs,
    matching the settled public calling convention.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated create and get sessions in durable
    
    * fixed docstrings
    
    * fix test
    
    * updated session handling
    
    * updated from main
    
    * updated tests
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix type hint for Case and Default (#3985)
    * Fix type hint for `Case` and `Default`
    
    * Add test
    
    ---------
    
    Co-authored-by: Evan Mattson <35585003+moonbox3@users.noreply.github.com>
  • Python: A2AAgent defaults name/description from AgentCard (#4661)
    * Python: A2AAgent defaults name/description from AgentCard
    
    When an AgentCard is provided but name/description are not explicitly
    set, A2AAgent now falls back to agent_card.name and agent_card.description.
    This avoids redundant duplication when constructing A2AAgent instances,
    especially in GroupChat orchestrations where name and description are
    essential for routing decisions.
    
    Explicit values still take precedence over card values.
    
    Fixes #4630
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use 'is None' checks instead of truthiness for name/description fallback
    
    Ensures explicitly provided empty strings are not overridden by
    agent_card values. Adds test for the empty string edge case.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Unify tool results as Content items with rich content support (#4331)
    * feat(python): allow @tool functions to return rich content (images, audio)
    
    Add support for tool functions to return Content objects that the model can perceive natively. Closes #4272
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Anthropic logging + mypy fix
    
    * Address PR review: fix MCP ordering, fold helper into from_function_result, fix Chat client
    
    - Preserve original content order in MCP tool results instead of text-first
    - Move _build_function_result logic into Content.from_function_result()
    - Chat Completions: inject user message for rich items (API only supports string tool content)
    - Update tests for ordering and new from_function_result behavior
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Use native Responses API multi-part output, warn+omit for Chat client
    
    - Responses client: put rich items directly in function_call_output's
      output field as list (native API support) instead of user message injection
    - Chat client: warn and omit rich items (API doesn't support multi-part
      tool results), matching Ollama/Bedrock pattern
    - Unify test image: use sample_image.jpg across all integration tests
    - Add Azure OpenAI Responses integration test
    - Assert model describes house image to verify perception
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove print statement, wrap long line
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback: bug fixes, single-pass MCP, unit tests
    
    - Add isinstance guard in from_function_result for non-Content lists
    - Fix Anthropic empty tool_content fallback to string result
    - Fix Content(type='text', text=None) edge case in parse_result
    - Rewrite MCP _parse_tool_result_from_mcp as single-pass (no index counters)
    - Add Anthropic unit tests: data image, uri image, unsupported media, all-unsupported
    - Add OpenAI Chat unit test: rich items warning and omission
    - Add OpenAI Responses unit tests: function_result with/without items
    - Add test_types tests: only-rich-items list, non-Content list fallback
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix pyright errors: add type ignore comments for Any list iteration
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix mypy/pyright: ensure ToolExecutionException receives str
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix lint: remove duplicate test_prepare_options_excludes_conversation_id
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refactor: unify all tool results into Content items
    
    * addressed copilot comments
    
    * pyright fix
    
    * small fix
    
    * comments
    
    * fix: address Copilot review - warnings, blob safety, dedup
    
    - Add warning logs when rich content is dropped in Claude agent and
      MCP server handlers (matching Chat/Bedrock/Ollama pattern)
    - Defensive blob URI construction: wrap plain base64 in data: prefix
    - Simplify Chat client _prepare_content_for_openai to use content.result
    - Simplify Responses client text-only path, remove redundant nesting
    - Add test for plain base64 blob without data: prefix
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix token double-counting in compaction and address review comments
    
    - Exclude items from _serialize_content() to prevent double-counting
      tokens when items mirrors result in function_result content
    - Add rich content warning in GitHub Copilot agent tool handler
    - Replace raw Content debug log with concise item count/type summary
    - Update stale test comments about FunctionTool.invoke return type
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • fix: omit toolConfig when tool_choice="none" in BedrockChatClient (#4535)
    Bedrock's Converse API only accepts "auto", "any", or "tool" as valid
    toolChoice keys. The previous code mapped tool_choice="none" to
    {"none": {}}, which causes a botocore.exceptions.ParamValidationError.
    
    When tool_choice="none" (set by FunctionInvocationLayer after exhausting
    max iterations), the fix now omits toolConfig entirely so the model
    won't attempt tool calls.
    
    Added tests for tool_choice="none", "auto", and "required" modes.
    
    Fixes #4529
    
    Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
  • Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities (#4518)
    * Use deepcopy for state snapshot to detect nested mutations (#4500)
    
    Replace dict() shallow copy with copy.deepcopy() when snapshotting
    workflow state before activity execution. The shallow copy shared
    references to nested objects (dicts, lists), so in-place mutations by
    executors were reflected in both the snapshot and live state, producing
    an empty diff and preventing state updates from propagating to
    downstream activities.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: Fix state snapshot to use deepcopy so nested mutations are detected in durable workflow activities
    
    Fixes #4500
    
    * Address PR review: remove report, extract testable helpers (#4500)
    
    - Delete REPRODUCTION_REPORT.md (debugging artifact with local paths
      and raw LLM output)
    - Extract _create_state_snapshot() and _compute_state_updates() as
      module-level helpers in _app.py so tests exercise the production
      code path
    - Update TestStateSnapshotDiff to import and use production helpers
      instead of reimplementing snapshot/diff logic locally
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Add regression tests proving shallow copy bug and deep copy isolation (#4500)
    
    Add two additional tests to TestStateSnapshotDiff:
    - test_shallow_copy_would_miss_nested_mutations: reproduces the original
      bug by demonstrating that dict() (shallow copy) misses nested mutations
    - test_create_state_snapshot_isolates_nested_objects: verifies the
      production _create_state_snapshot helper creates a true deep copy
    
    These tests ensure a regression back to shallow copy would be caught.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add integration test exercising full activity code path (#4500)
    
    Address PR review comment: add test_executor_activity_detects_nested_state_mutations
    that captures the actual executor_activity function from _setup_executor_activity
    and verifies it detects in-place nested mutations. This test would fail if
    _app.py line 314 regressed from _create_state_snapshot() back to dict().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address review feedback for #4518: review comment fixes
    
    * Address PR review feedback for state snapshot diff
    
    - Inline _compute_state_updates logic at call site to reuse precomputed
      original_keys/current_keys sets, avoiding redundant set allocations
    - Fix test docstring to describe behavioral regression instead of
      hard-coding a specific line number
    - Use SOURCE_ORCHESTRATOR constant in integration test instead of
      literal string
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * fix: remove unused _compute_state_updates from _app.py (#4518)
    
    The function was inlined per review comment, making the module-level
    helper unused and triggering a pyright reportUnusedFunction error.
    Move the helper into the test file where it is still needed for unit
    testing the diffing logic.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Fix to emit WorkflowStartedEvent during workflow execution (#4514)
    * Fix bug to emit WorkflowStartedEvent during workflow execution
    
    * Updated based on PR comments
  • .NET: Update A2A, MCP, and system package dependencies (#4647)
    * .NET: Update A2A, MCP, and system package dependencies
    
    Update dependency versions:
    - A2A/A2A.AspNetCore: 0.3.3-preview → 0.3.4-preview
    - ModelContextProtocol: 0.8.0-preview.1 → 1.1.0
    - Microsoft.Bcl.AsyncInterfaces: 10.0.3 → 10.0.4
    - System.Linq.AsyncEnumerable: 10.0.0 → 10.0.4
    - Add Microsoft.Bcl.Memory 10.0.4
    
    Remove internal polyfill extensions now provided by A2A SDK 0.3.4:
    - A2AMetadataExtensions (source + tests)
    - AdditionalPropertiesDictionaryExtensions (source + tests)
    
    Update DefaultMcpToolHandler to match MCP SDK 1.1.0 API changes where
    ImageContentBlock.Data and AudioContentBlock.Data changed from string
    to ReadOnlyMemory<byte>.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * address pr review comments
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Include ReasoningEncryptedContent by default when stored output disabled with Responses (#4623)
    * Include ReasoningEncryptedContent by default when stored output disabled
    
    * Fix formatting
    
    * Fix formatter
  • Bump rollup from 4.47.1 to 4.59.0 in /python/packages/devui/frontend (#4338)
    Bumps [rollup](https://github.com/rollup/rollup) from 4.47.1 to 4.59.0.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rollup/rollup/compare/v4.47.1...v4.59.0)
    
    ---
    updated-dependencies:
    - dependency-name: rollup
      dependency-version: 4.59.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Bump minimatch from 3.1.2 to 3.1.5 in /python/packages/devui/frontend (#4337)
    Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
    - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
    - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)
    
    ---
    updated-dependencies:
    - dependency-name: minimatch
      dependency-version: 3.1.5
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Fix CWE-863: Validate function approval responses in DevUI executor (#4598)
    The DevUI /v1/responses endpoint accepts function_approval_response content
    without verifying that the request_id corresponds to a real pending approval
    request issued by the server. This allows forged approval responses to
    execute arbitrary tools with attacker-controlled arguments, bypassing
    approval_mode='always_require'.
    
    Changes:
    - Track outgoing approval requests in a server-side registry
      (_pending_approvals) keyed by request_id
    - Validate incoming approval responses against this registry; reject
      any response whose request_id was not issued by the server
    - Use server-stored function_call data (tool name, arguments, call_id)
      instead of client-supplied data when constructing the approval response
    - Consume request_ids on use (pop from registry) to prevent replay attacks
    
    Tests:
    - 8 new tests covering forged rejection, server-data enforcement,
      anti-replay, multiple independent approvals, and edge cases
    
    Co-authored-by: REDMOND\tusharmudi <tusharmudi@microsoft.com>
  • Python: Validate approval responses against server-side pending request registry (#4548)
    * Validate approval responses against server-side pending request registry
    
    * improvements
    
    * pin GHCP sdk version to non-breaking for now
    
    * Pin CHCP sdk to LKG.
    
    * really fix GHCP sdk pkg version
    
    * Fix HITL approval validation security gaps and memory leak
    
    - Validate rejected approval responses against pending_approvals registry,
      not just approved ones. Fabricated rejections without a prior request are
      now stripped from messages before reaching the LLM.
    - Bound _pending_approvals with OrderedDict + LRU eviction (max 10k) to
      prevent unbounded memory growth from abandoned approval requests.
    - Skip registration when function_call.name is None/empty; log warning
      when content.id or function_call is missing at registration time.
    - Document pending_approvals parameter in run_agent_stream docstring.
    - Add test for fabricated rejection attack scenario.
    - Assert pending approval entry is preserved after function name mismatch.
    - Pre-populate pending_approvals in rejection test for correct validation.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix function_approval_response extraction in AG-UI workflow path (#4550)
    * Extract function_approval_response from workflow messages (#4546)
    
    _extract_responses_from_messages now handles function_approval_response
    content in addition to function_result content. Previously, approval
    responses sent via the messages field were silently dropped because the
    function only checked for content.type == "function_result".
    
    The approval response is keyed by content.id and includes the approved
    status, id, and serialized function_call — consistent with how
    _coerce_content identifies approval response payloads.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Fix #4546: Update docstring and add integration tests for message-based approvals
    
    - Update _extract_responses_from_messages docstring to reflect that it
      now handles function_approval_response content in addition to
      function_result content.
    - Add integration tests for run_workflow_stream across two turns with
      approval responses provided via messages (function_approvals) rather
      than resume.interrupts, covering both approved and denied scenarios.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review feedback for #4546
    
    - Use safer 'not .get("interrupt")' assertion instead of 'not in'
      to handle Pydantic v2 model_dump() including keys with None values
    - Add unit test for mixed function_result and function_approval_response
      in the same message to TestExtractResponsesFromMessages
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix missing status input for OpenAI responses API (#4626)
    * Fix missing status input for OpenAI responses API
    
    * Fix mypy
    
    * Address comments
    
    * Remove raw_rep restore
    
    * Do not set status if it's None
  • Python: Implement annotation-based context compaction (#4469)
    * Implement annotation-based context compaction
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Handle missing compaction attributes in BaseChatClient
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix CI typing and bandit issues
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Optimize incremental compaction annotation pass
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement
    
    * Python: add ToolResultCompactionStrategy and CompactionProvider
    
    Add ToolResultCompactionStrategy that collapses older tool-call groups
    into short summary messages (e.g. [Tool calls: get_weather]) while
    keeping the most recent groups verbatim. This mirrors the .NET
    ToolResultCompactionStrategy from PR #4533.
    
    Add CompactionProvider as a context-provider that auto-applies compaction
    before each agent turn and stores compacted history in session state
    after each turn.
    
    Includes tests and samples for both features.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * refinement and alignment with dotnet PR
    
    * updated tool result compaction
    
    * updated tool result compaction
    
    * Python: add ToolResultCompactionStrategy, CompactionProvider, and skip_excluded
    
    - ToolResultCompactionStrategy collapses older tool-call groups into
      [Tool results: func_name: result] summaries with bidirectional tracing
      (same pattern as SummarizationStrategy).
    - CompactionProvider as BaseContextProvider with separate before_strategy
      and after_strategy parameters. before_strategy compacts loaded context;
      after_strategy compacts stored history via history_source_id.
    - InMemoryHistoryProvider gains skip_excluded flag to filter out messages
      marked as excluded by compaction strategies.
    - Tests, samples, and exports updated.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fixed checks
    
    * fix mypy
    
    * Fix: ensure summary messages from both strategies get full compaction annotations
    
    SummarizationStrategy was not calling annotate_message_groups after
    inserting its summary message, so the summary lacked core group
    annotations (id, kind, index, has_reasoning, _excluded). Added the
    missing call. ToolResultCompactionStrategy already had it.
    
    Added tests verifying both strategies produce fully annotated summaries.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * updated propagation
    
    * fix mypy
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Support skill scripts execution (#4558)
    * support skill scripts execution
    
    * fix mixed line endings
    
    * address comments and fix syntax issues
    
    * use few try/except instead of one
    
    * change samples
    
    * validate either script path or script resource is set not both
    
    * fix: separate LLM args from runtime kwargs in skill script execution
    
    * address pr review comments
    
    * address PR review comments
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update python/packages/core/agent_framework/_skills.py
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * 1. Fixing the caching bug where parameters_schema would re-inspect on every call when the result was None
       2. Updating the arguments tool description to be more generic (not CLI-specific)
    
    * fix failing tests
    
    * address pr review comments
    
    * address pr review comments
    
    * allow resource function returning any instead of sting
    
    * address PR review comments
    
    ---------
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • .NET: Add FinishReason to AgentResponses (#4617)
    * Add FinishReason to AgentResponses
    
    * Address PR comments
  • .NET: SDK Patch Bump (10.0.200) - Address false positive trigger of IL2026/IL3050 diagnostics in hosting projects (#4586)
    * Suppress IL2026/IL3050 with targeted pragmas on affected methods
    
    Add #pragma warning disable/restore for IL2026 and IL3050 only around
    the specific methods where dotnet format incorrectly adds
    [RequiresUnreferencedCode] and [RequiresDynamicCode] attributes despite
    proper interceptors configuration in the csproj.
    
    See https://github.com/dotnet/sdk/issues/51136
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Upgrade to .NET SDK 10.0.200 and remove IL2026/IL3050 workarounds
    
    Bump global.json to SDK 10.0.200 which fixes the dotnet format bug
    that incorrectly added [RequiresUnreferencedCode] and
    [RequiresDynamicCode] attributes (https://github.com/dotnet/sdk/issues/51136).
    
    Remove all #pragma warning disable IL2026/IL3050 workarounds from
    source files and the --exclude-diagnostics flag from the CI format
    workflow.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET Compaction - Introducing compaction strategies and pipeline (#4533)
    * Checkpoint
    
    * Checkpoint
    
    * Stable
    
    * Strategies
    
    * Updated
    
    * Encoding
    
    * Formatting
    
    * Cleanup
    
    * Formatting
    
    * Tests
    
    * Tuning
    
    * Update tests
    
    * Test update
    
    * Remove working solution
    
    * Add sample to solution
    
    * Sample readyme
    
    * Experimental
    
    * Format
    
    * Formatting
    
    * Encoding
    
    * Support IChatReducer
    
    * Sample output formatting
    
    * Initial plan
    
    * Replace CompactingChatClient with MessageCompactionContextProvider
    
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
    
    * Boundary condition
    
    * Fix encoding
    
    * Fix cast
    
    * Test coverage
    
    * Namespace
    
    * Improvements
    
    * Efficiency
    
    * Cleanup
    
    * Detect service managed conversation
    
    * Fix namespace
    
    * Fix merge
    
    * Fix test expectation
    
    * Update dotnet/src/Microsoft.Agents.AI.Abstractions/InMemoryChatHistoryProvider.cs
    
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    
    * Address PR comments (x1)
    
    * Update comment
    
    * Update comments
    
    * Clean-up
    
    * Format output
    
    * Sync sample comment
    
    * Fix condition
    
    * Adjust data-flow
    
    * Address comments (x2)
    
    * Direct compaction
    
    * Fix summarization content
    
    * Argument check / fix count calculation
    
    * Minor follow-up
    
    * Diagnostics
    
    * Minor updates
    
    * Fix state test
    
    * Fix sliding window perf
    
    * Stable state keys
    
    * Increase size computation
    
    * Formatting
    
    * Add README.md for Agent_Step18_CompactionPipeline sample (#4574)
    
    * Sample comments
    
    * Updated
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/MessageIndex.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/tests/Microsoft.Agents.AI.UnitTests/Compaction/CompactionProviderTests.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/MessageIndex.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Address copilot comments
    
    * Fix namespace
    
    * Comments / convensions
    
    * Prefix `MessageGroup` and `MessageIndex`
    
    * Fix sliding window
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/src/Microsoft.Agents.AI.Abstractions/InMemoryChatHistoryProvider.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Python alignment
    
    * Fix merge
    
    * Fix equality, readme, and sample
    
    * Readme update and ToolResult fix
    
    * Update dotnet/src/Microsoft.Agents.AI/Compaction/SummarizationCompactionStrategy.cs
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Update dotnet/samples/02-agents/Agents/Agent_Step18_CompactionPipeline/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Simplify readme
    
    * Update dotnet/samples/02-agents/Agents/Agent_Step18_CompactionPipeline/README.md
    
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
    
    * Remove example
    
    * Remove unused
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: westey <164392973+westey-m@users.noreply.github.com>
    Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
  • Python: Fix broken link in purview README (504 on Microsoft 365 Dev Program URL) (#4610)
    * Initial plan
    
    * Fix broken link in purview README: replace 504-returning dev-program URL with stable learn.microsoft.com URL
    
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>
  • Python: Fix executor_completed event with non-copyable raw_representation in mixed workflows (#4493)
    * Python: Fix `executor_completed` event with non-copyable raw_representation in mixed workflows
    
    Fixes #4455
    
    * fix(#4455): use class-level sets for deepcopy field exclusion
    
    - SerializationMixin.__deepcopy__: check type(self).DEFAULT_EXCLUDE
      instead of hardcoding 'raw_representation'
    - Content.__deepcopy__: add _SHALLOW_COPY_FIELDS class variable and
      check against it instead of hardcoding
    - Fix tautological assertion in test (was always True)
    - Add second excluded field to test to verify DEFAULT_EXCLUDE is
      respected generically
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Decouple __deepcopy__ from DEFAULT_EXCLUDE in SerializationMixin (#4455)
    
    Introduce _SHALLOW_COPY_FIELDS class variable in SerializationMixin to
    separate deep-copy semantics from serialization semantics. Previously,
    __deepcopy__ used DEFAULT_EXCLUDE to decide which fields to shallow-copy,
    conflating 'not serialized' with 'not safe to deep-copy'. A field added
    to DEFAULT_EXCLUDE purely for serialization (e.g. additional_properties)
    would be silently shared between original and copy.
    
    - Add _SHALLOW_COPY_FIELDS (default {'raw_representation'}) to
      SerializationMixin, matching the pattern already used by Content
    - Update __deepcopy__ to read from _SHALLOW_COPY_FIELDS instead of
      DEFAULT_EXCLUDE
    - Add test verifying DEFAULT_EXCLUDE fields are deep-copied unless
      also in _SHALLOW_COPY_FIELDS
    - Add test for Content._SHALLOW_COPY_FIELDS identity preservation
    - Add test for ChatResponse deep-copying additional_properties
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add test for _SHALLOW_COPY_FIELDS and DEFAULT_EXCLUDE independence
    
    Add test_deepcopy_shallow_copy_fields_override_default_exclude to verify
    that a field in both DEFAULT_EXCLUDE and _SHALLOW_COPY_FIELDS is
    shallow-copied (controlled by _SHALLOW_COPY_FIELDS), while a field in
    DEFAULT_EXCLUDE only is still deep-copied. This addresses review comment
    #11 ensuring the two class variables control independent concerns.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary local variable in __deepcopy__
    
    Inline cls._SHALLOW_COPY_FIELDS directly in the loop check instead of
    assigning to a local variable first, per review feedback.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Added support for polymorphic type as workflow output (#4485)
    * Added support for polymorphic type as workflow output
    
    * Update Linq expression to avoid unnecessary allocations.
    
    * Added caching as per PR comment
  • Python: Prevent pickle deserialization of untrusted HITL HTTP input (#4566)
    * fix: prevent pickle deserialization of untrusted HITL input
    
    Add strip_pickle_markers() to sanitize HTTP input before it reaches
    pickle.loads() via the checkpoint decoding path. Applied as a 3-layer
    defence-in-depth:
    
    1. _app.py: sanitize req.get_json() at the HTTP boundary
    2. _workflow.py: sanitize in _deserialize_hitl_response() before decode
    3. _serialization.py: sanitize in reconstruct_to_type() as final guard
    
    Any dict containing __pickled__ or __type__ markers from untrusted
    sources is replaced with None, blocking arbitrary code execution via
    crafted payloads to POST /workflow/respond/{instanceId}/{requestId}.
    
    Includes 12 new unit tests covering the sanitizer and end-to-end
    attack prevention.
    
    * refactor: address review concerns for pickle fix
    
    1. Remove deserialize_value() fallback in _deserialize_hitl_response
       untrusted HITL data now returns as-is when no type hint is available,
       never flowing into pickle.loads().
    
    2. Move strip_pickle_markers() out of reconstruct_to_type()  the function
       is general-purpose again; untrusted-data callers are responsible for
       sanitizing first (documented with NOTE comment).
    
    3. Define _PICKLE_MARKER/_TYPE_MARKER as local constants with import-time
       assertions against core's values  decouples from private names while
       failing loudly if core ever changes them.
    
    4. Update tests to reflect new responsibility boundaries.
    
    * fix: simplify warning message and fix ruff RUF001 lint
    
    * fix: suppress pyright reportPrivateUsage on core marker imports
    
    * Lower marker-strip log from warning to debug to avoid log flooding
    
    * Replace assert with RuntimeError for marker sync checks (ruff S101)
    
    * Fix pyright and ruff CI errors in security fix
    
    - Use cast() for dict/list comprehensions in strip_pickle_markers (pyright)
    - type: ignore for narrowed dict return in _workflow.py (pyright)
    - Simplify marker imports: use core constants directly, remove local copies
    - Remove duplicate pyright ignore comment
    
    * Remove duplicate end-to-end test in TestStripPickleMarkers
    
    * Suppress mypy redundant-cast on list cast needed by pyright
  • Python: Fix store=False not overriding client default (#4569)
    * Fix store=False not overriding client default
    
    * Address comments
    
    * Fix unit tests
    
    * Fix integration tests
    
    * Fix tests
  • Fix Strands Agents documentation links in ADR (#4584)
    * Initial plan
    
    * Fix broken Strands Agents documentation links in ADR 0001
    
    Replace 5 broken strandsagents.com URLs (returning 404) with stable
    GitHub source code links in docs/decisions/0001-agent-run-response.md.
    
    The Strands Agents docs site restructured from /api-reference/python/
    to /api/python/, breaking the old links.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Update Strands Agents links to use official documentation site
    
    Replace GitHub source links with official strandsagents.com/docs/api/python/
    documentation URLs in docs/decisions/0001-agent-run-response.md.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Update Strands Agents links to use specific documentation URLs
    
    - Streaming: strandsagents.com/docs/user-guide/concepts/streaming/
    - Structured output: strandsagents.com/docs/user-guide/concepts/agents/structured-output/
    - AgentResult/stop_reason: strandsagents.com/docs/api/python/strands.agent.agent_result/#agentresult
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    * Deduplicate Strands AgentResult link in stop-reason row
    
    Replaced the duplicate hyperlink on `stop_reason` with inline code,
    keeping a single AgentResult link to the same URL.
    
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: SergeyMenshykh <68852919+SergeyMenshykh@users.noreply.github.com>
  • .NET: Enable Microsoft.Agents.AI.FoundryMemory for NuGet release (#4559)
    * Enable Microsoft.Agents.AI.FoundryMemory for NuGet release
    
    - Remove IsPackable=false override from .csproj to inherit IsPackable=true from nuget-package.props
    - Add project to agent-framework-release.slnf for inclusion in build/sign/publish pipeline
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update FoundryMemoryProvider and MemorySearch sample
    
    - StoreAIContextAsync fires UpdateMemoriesAsync immediately (non-accumulation)
    - WhenUpdatesCompletedAsync polls last updateId via GetUpdateResultAsync
    - Updated FoundryAgents_Step22_MemorySearch sample to create/destroy memory store
      (matching features/foundry-agent-client pattern)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Update FoundryAgents_Step22_MemorySearch sample
    
    - Sample now creates/destroys memory store (self-contained lifecycle)
    - Uses WaitForMemoriesUpdateAsync for seeding memories
    - Cleanup in finally block deletes both agent and memory store
    - Matches features/foundry-agent-client pattern
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Skip Azure Persistent (V1) flaky CodeInterpreter integration tests (#4583)
    * Skip flaky CodeInterpreter integration tests in CI
    
    The CreateAgent_CreatesAgentWithCodeInterpreter tests fail intermittently
    because the Azure AI Code Interpreter service sometimes fails to read/execute
    uploaded Python files. This causes all 4 integration test jobs to fail
    consistently across both platforms (ubuntu/windows) and TFMs (net10.0/net472).
    
    Mark both test variants with Skip to match the convention used by other
    flaky tests in the suite (e.g., AzureAIAgentsPersistentStructuredOutputRunTests).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Skip flaky CodeInterpreter integration tests in CI
    
    The CreateAgent_CreatesAgentWithCodeInterpreter tests fail intermittently
    because the Azure AI Code Interpreter service sometimes fails to read/execute
    uploaded Python files. This causes all 4 integration test jobs to fail
    consistently across both platforms (ubuntu/windows) and TFMs (net10.0/net472).
    
    Mark both test variants with Skip to match the convention used by other
    flaky tests in the suite (e.g., AzureAIAgentsPersistentStructuredOutputRunTests).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Add A2A server sample (#4528)
    * Python: Add A2A server sample and fix client streaming bug
    
    Add a pure Python A2A server sample so testing the A2A client no longer
    requires running the .NET server. The server uses the a2a-sdk's
    A2AStarletteApplication with uvicorn and supports three agent types
    (invoice, policy, logistics) backed by AzureOpenAIResponsesClient.
    
    New files:
    - a2a_server.py: Main server entry point with CLI args
    - agent_executor.py: Bridges a2a-sdk AgentExecutor to Agent Framework
    - agent_definitions.py: Agent and AgentCard factory definitions
    - invoice_data.py: Mock invoice data and query tool functions
    - a2a_server.http: REST Client requests for testing
    
    Also fixes a streaming bug in agent_with_a2a.py where async with was
    used on ResponseStream which does not support the async context manager
    protocol. Changed to async for to match all other samples.
    
    Closes #4045
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR review: handle CancelledError and fix end_date filtering
    
    - Re-raise asyncio.CancelledError before the broad exception handler
      so cooperative cancellation is not swallowed.
    - Make end_date filter inclusive of the full day by comparing with
      < end + timedelta(days=1) instead of <= midnight.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Fix chat_response_cancellation sample to use Message objects (#4532)
    The sample was passing raw strings in a list to get_response(), which
    expects Message objects. This caused an AttributeError since strings
    don't have a 'role' attribute.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Auto-finalize ResponseStream on iteration completion (#4478)
    * Add multi-turn streaming sample and rename multi-turn samples
    
    - Rename 03_multi_turn.py to 03a_multi_turn.py
    - Add 03b_multi_turn_streaming.py showing streaming with session history
    - The new sample demonstrates calling get_final_response() after
      iterating the stream to persist conversation history
    - Update READMEs to reflect the new file names
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Auto-finalize ResponseStream on iteration completion
    
    When a ResponseStream is fully consumed via async iteration,
    automatically trigger finalization (finalizer + result hooks).
    This ensures session history is persisted in streaming multi-turn
    conversations without requiring an explicit get_final_response() call.
    
    - Add auto-finalize call in __anext__ on StopAsyncIteration
    - Guard inner stream finalization to prevent double-execution
    - Re-check _finalized after iteration in get_final_response()
    - Add tests for auto-finalization and streaming session history
    - Revert sample file renames from previous commit
    
    Closes #4447
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * README fix
    
    * Fix SIM102 lint: combine nested if statements
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Exclude conversation_id from chat completions API options (#4517)
    * Python: Exclude conversation_id from chat completions options (#4315)
    
    When a session with service_session_id is passed to an agent using the
    Chat Completions client, conversation_id leaked through _prepare_options()
    into AsyncCompletions.create(), causing an 'unexpected keyword argument'
    error. The Responses client already excluded conversation_id but the Chat
    Completions client did not.
    
    Added conversation_id to the exclusion set in _prepare_options().
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Apply pre-commit auto-fixes
    
    * Remove reproduction report artifact
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: Fix conversation-id propagation when chat_options is a dict (#4340)
    * Fix #4305: Handle dict chat_options in _update_conversation_id
    
    _update_conversation_id assumed chat_options had attribute access, but
    ChatOptions is a TypedDict (dict). When a dict was passed, setting
    .conversation_id raised AttributeError. Now checks isinstance(dict) and
    uses key access for dicts, falling back to attribute access for objects.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Address PR feedback: use Mapping ABC and add missing tests (#4305)
    
    - Use collections.abc.Mapping instead of dict for isinstance check in
      _update_conversation_id, making it more robust for non-dict mapping types.
    - Add test for object-style chat_options with optional options dict parameter.
    - Add test verifying existing conversation_id gets overwritten (idempotent).
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Remove unnecessary Mapping check in _update_conversation_id (#4305)
    
    chat_options is always a dict, so the isinstance(chat_opts, Mapping)
    check and the else branch for attribute-style access are dead code.
    Simplify to direct dict key assignment and remove object-style tests.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • Python: [Breaking] Upgrade to azure-ai-projects 2.0+ (#4536)
    * Prepare azure-ai-projects 2.0 GA compatibility
    
    Add allow_preview support for internal AIProjectClient creation, keep backward compatibility for renamed SDK model classes, and align Azure AI/core paths and tests for GA validation workflows.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * upgrade to ai-project==2.0.0
    
    * Python: remove azure-ai-projects keyword-guard paths
    
    Assume azure-ai-projects 2.0+ in Azure AI client/provider/responses code paths by removing _supports_keyword_argument gating and related fallback branching.
    
    Also fix pyright typing in FoundryMemoryProvider memory store calls by using ResponseInputItemParam-typed items.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * check fixes
    
    * Python: remove unsupported foundry_features option
    
    Drop foundry_features from Azure AI client and provider surfaces because azure-ai-projects 2.0.0 does not expose that create_version parameter.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Python: add allow_preview to Foundry memory provider
    
    Propagate allow_preview when FoundryMemoryProvider constructs an AIProjectClient and update tests accordingly.
    
    Also finish wiring allow_preview through AzureAIClient-facing surfaces and related docs.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * aligning docstrings
    
    * udpated lock
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • [BREAKING] Python: Update github-copilot-sdk integration to use ToolInvocation/ToolResult types (#4551)
    * Update github_copilot package for github-copilot-sdk>=0.1.32 (#4549)
    
    - Update requires-python from >=3.10 to >=3.11
    - Remove Python 3.10 classifier
    - Update mypy python_version to 3.11
    - Update dependency to github-copilot-sdk>=0.1.32
    - Fix ToolResult API: use snake_case kwargs (text_result_for_llm,
      result_type) instead of camelCase (textResultForLlm, resultType)
    - Update test assertions to use attribute access on ToolResult
    - Add ToolResult type assertions to tool handler tests
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix tests to use ToolInvocation dataclass instead of plain dict (#4549)
    
    Update test_github_copilot_agent.py to pass ToolInvocation objects to tool
    handlers instead of plain dicts, matching the github-copilot-sdk>=0.1.32 API
    where ToolInvocation is a dataclass with an .arguments attribute.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Add regression tests for ToolInvocation contract (#4549)
    
    Add tests to lock in the new ToolInvocation-based calling convention:
    - test_tool_handler_rejects_raw_dict_invocation: verifies passing a raw
      dict (old calling convention) raises TypeError/AttributeError
    - test_tool_handler_with_empty_arguments: verifies ToolInvocation with
      empty arguments works correctly for no-arg tools
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Revert requires-python to >=3.10 to avoid breaking CI (#4549)
    
    The repo CI runs with Python 3.10 (uv sync --all-packages) and all other
    packages require >=3.10. Raising this package to >=3.11 would break the
    shared install flow. The SDK dependency version constraint (>=0.1.32) will
    enforce any Python version requirement from the SDK itself.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Fix min Python version for github_copilot package to >=3.11
    
    github-copilot-sdk>=0.1.32 requires Python>=3.11, which conflicts
    with the package's declared >=3.10 minimum, breaking uv sync.
    
    * Bump py version for GH workflows to 3.11, exclude GHCP sdk from 3.10 items
    
    * Fix uv command
    
    * Fixes
    
    * Update samples
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
  • .NET: Add security warnings to xml comments for core components (#4527)
    * Add security warnings to xml comments for core components
    
    * Address build errors.
    
    * Fix formatting issue
    
    * Fix formatting issue
    
    * Supress formatting warning
    
    * Supress format issue in ChatHistoryMemoryProvider
    
    * Fix remarks paragraphs
  • .NET: Update Anthropic to 12.8.0 and Anthropic.Foundry to 0.4.2 (#4475)
    * Initial plan
    
    * Update Anthropic to 12.8.0 and Anthropic.Foundry to 0.4.2
    
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
    Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
  • .NET: Create a sample to show bounded chat history with overflow into chat history memory (#4136)
    * Create a sample to show bounded chat history with overflow into chat history memory
    
    * Address PR comments.
    
    * Address PR comment and fix bug