* Python: bump package versions for 1.6.0 release - Released cohort (agent-framework, core, openai, foundry): 1.5.0 -> 1.6.0 - Beta packages (21 packages): 1.0.0b260519 -> 1.0.0b260521 - Alpha packages (azure-contentunderstanding, foundry-hosting, gemini, monty): 1.0.0a260518/19 -> 1.0.0a260521 - ag-ui stays at 1.0.0rc2, orchestrations at 1.0.0rc1 (dependency bounds updated) - Inter-package dependency lower bounds updated (>=1.5.0,<2 -> >=1.6.0,<2) - Update CHANGELOG compare links - uv.lock refreshed Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: bump RC packages, add shell tool to changelog - ag-ui: 1.0.0rc2 -> 1.0.0rc3 - orchestrations: 1.0.0rc1 -> 1.0.0rc2 - Add shell tool (#5664) to CHANGELOG - uv.lock refreshed Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
agent-framework-monty
Monty-backed CodeAct integrations for Microsoft Agent Framework.
Warning
This package is in alpha. APIs may change without notice. It is not part of
agent-framework[all]yet; install it explicitly with--pre.
Installation
pip install agent-framework-monty --pre
The package depends on pydantic-monty, a
Rust-based Python interpreter, so it runs on Linux, macOS, and Windows wherever
Monty wheels are published — no hypervisor or WASM backend required.
Quick start
Context provider (recommended)
Use MontyCodeActProvider to automatically inject the execute_code tool and
CodeAct instructions into every agent run. Tools registered on the provider are
available inside the Monty interpreter as typed async functions (e.g.
await compute(operation="add", a=1, b=2)), and as a fallback through
call_tool(...).
from agent_framework import Agent, tool
from agent_framework_monty import MontyCodeActProvider
@tool
def compute(operation: str, a: float, b: float) -> float:
"""Perform a math operation."""
ops = {"add": a + b, "subtract": a - b, "multiply": a * b, "divide": a / b}
return ops[operation]
codeact = MontyCodeActProvider(
tools=[compute],
approval_mode="never_require",
)
agent = Agent(
client=client,
name="CodeActAgent",
instructions="You are a helpful assistant.",
context_providers=[codeact],
)
result = await agent.run("Multiply 6 by 7 using execute_code.")
Standalone tool
Use MontyExecuteCodeTool directly when you want full control over how the
tool is added to the agent (e.g. when mixing sandbox tools with direct-only
tools on the same agent).
from agent_framework import Agent, tool
from agent_framework_monty import MontyExecuteCodeTool
@tool
def send_email(to: str, subject: str, body: str) -> str:
"""Send an email (direct-only, not available inside the sandbox)."""
return f"Email sent to {to}"
execute_code = MontyExecuteCodeTool(
tools=[compute],
approval_mode="never_require",
)
agent = Agent(
client=client,
name="MixedToolsAgent",
instructions="You are a helpful assistant.",
tools=[send_email, execute_code],
)
Manual static wiring
For fixed configurations where provider lifecycle overhead is unnecessary, build the CodeAct instructions once and pass them to the agent at construction time:
execute_code = MontyExecuteCodeTool(
tools=[compute],
approval_mode="never_require",
)
codeact_instructions = execute_code.build_instructions(tools_visible_to_model=False)
agent = Agent(
client=client,
name="StaticWiringAgent",
instructions=f"You are a helpful assistant.\n\n{codeact_instructions}",
tools=[execute_code],
)
File mounts and resource limits
Mount host directories into the sandbox and cap execution resources:
from agent_framework_monty import FileMount, MontyCodeActProvider
codeact = MontyCodeActProvider(
tools=[compute],
workspace_root="/host/workspace", # auto-mounted at /input (read-write)
file_mounts=[
"/host/data", # shorthand: same path on both sides
("/host/models", "/sandbox/models"), # explicit (host, mount_path)
FileMount( # full control
host_path="/host/cache",
mount_path="/sandbox/cache",
mode="overlay", # "read-only" | "read-write" | "overlay"
write_bytes_limit=10 * 1024 * 1024,
),
],
resource_limits={ # Monty ResourceLimits TypedDict
"max_duration_secs": 5.0,
"max_memory": 64 * 1024 * 1024,
},
)
workspace_rootmirrors the Hyperlight default: the directory is mounted at/inputinread-writemode.file_mountsaccepts a string shorthand, a(host_path, mount_path)tuple, or aFileMountnamed tuple (with optionalmodeandwrite_bytes_limit).- Files written by the sandbox to any
read-writemount are scanned after eachexecute_codecall and returned asContent.from_data(...)attachments (with apathannotation inadditional_properties), mirroring Hyperlight's/outputflow. overlaymounts buffer writes in memory (nothing leaks to the host and nothing is captured).read-onlymounts reject writes.resource_limitsis forwarded straight to Monty'sResourceLimitsTypedDict (max_allocations,max_duration_secs,max_memory,gc_interval,max_recursion_depth).
DSL inside execute_code
The model generates Python code that runs inside Monty's Rust-based interpreter. Available primitives:
| Primitive | Behavior |
|---|---|
await tool_name(**kwargs) |
Direct typed call to a registered host tool. Argument types are checked before execution. |
await call_tool("name", **kwargs) |
Generic fallback that dispatches by tool name. Not type-checked. |
asyncio.gather(...) |
Fans out concurrent tool calls. |
print(...) |
Captured and surfaced as text in the tool result. |
Notes
MontyCodeActProviderandMontyExecuteCodeToolmirror the API surface of theagent-framework-hyperlightcounterparts where the underlying runtime supports it.- Monty interprets a subset of Python (a Rust-based interpreter). Most
control flow, common stdlib modules (
sys,os,typing,asyncio,re,datetime,json), and async functions are supported, but exotic features may not be available. OS-level access (filesystem, network, subprocess) is rejected withPermissionErrorby default; mount host directories withworkspace_root/file_mountsto grant scoped filesystem access. - Code is type-checked against tool signatures via ty before execution, so wrong argument types surface as a clear error before any host tool runs.
- The alpha package is not part of
agent-framework[all]yet, so it must be installed explicitly. Once promoted to beta it will be reachable via the lazy-loading namespaceagent_framework.monty.