Files
agent-framework/python/samples/getting_started/purview_agent
T
Eduard van Valkenburg 838a7fd61d Python: [BREAKING] Types API Review improvements (#3647)
* Replace Role and FinishReason classes with NewType + Literal

- Remove EnumLike metaclass from _types.py
- Replace Role class with NewType('Role', str) + RoleLiteral
- Replace FinishReason class with NewType('FinishReason', str) + FinishReasonLiteral
- Update all usages across codebase to use string literals
- Remove .value access patterns (direct string comparison now works)
- Add backward compatibility for legacy dict serialization format
- Update tests to reflect new string-based types

Addresses #3591, #3615

* Simplify ChatResponse and AgentResponse type hints (#3592)

- Remove overloads from ChatResponse.__init__
- Remove text parameter from ChatResponse.__init__
- Remove | dict[str, Any] from finish_reason and usage_details params
- Remove **kwargs from AgentResponse.__init__
- Both now accept ChatMessage | Sequence[ChatMessage] | None for messages
- Update docstrings and examples to reflect changes
- Fix tests that were using removed kwargs
- Fix Role type hint usage in ag-ui utils

* Remove text parameter from ChatResponseUpdate and AgentResponseUpdate (#3597)

- Remove text parameter from ChatResponseUpdate.__init__
- Remove text parameter from AgentResponseUpdate.__init__
- Remove **kwargs from both update classes
- Simplify contents parameter type to Sequence[Content] | None
- Update all usages to use contents=[Content.from_text(...)] pattern
- Fix imports in test files
- Update docstrings and examples

* Rename from_chat_response_updates to from_updates (#3593)

- ChatResponse.from_chat_response_updates โ†’ ChatResponse.from_updates
- ChatResponse.from_chat_response_generator โ†’ ChatResponse.from_update_generator
- AgentResponse.from_agent_run_response_updates โ†’ AgentResponse.from_updates

* Remove try_parse_value method from ChatResponse and AgentResponse (#3595)

- Remove try_parse_value method from ChatResponse
- Remove try_parse_value method from AgentResponse
- Remove try_parse_value calls from from_updates and from_update_generator methods
- Update samples to use try/except with response.value instead
- Update tests to use response.value pattern
- Users should now use response.value with try/except for safe parsing

* Add agent_id to AgentResponse and clarify author_name documentation (#3596)

- Add agent_id parameter to AgentResponse class
- Document that author_name is on ChatMessage objects, not responses
- Update ChatResponse docstring with author_name note
- Update AgentResponse docstring with author_name note

* Simplify ChatMessage.__init__ signature (#3618)

- Make contents a positional argument accepting Sequence[Content | str]
- Auto-convert strings in contents to TextContent
- Remove overloads, keep text kwarg for backward compatibility with serialization
- Update _parse_content_list to handle string items
- Update all usages across codebase to use new format: ChatMessage("role", ["text"])

* Allow Content as input on run and get_response

- Update prepare_messages and normalize_messages to accept Content
- Update type signatures in _agents.py and _clients.py
- Add tests for Content input handling

* Fix ChatMessage usage across packages and samples

Update all remaining ChatMessage(role=..., text=...) to use new
ChatMessage('role', ['text']) signature.

* Fix Role string usage and response format parsing

- Fix redis provider: remove .value access on string literals
- Fix durabletask ensure_response_format: set _response_format before accessing .value

* Fix ollama .value and ai_model_id issues, handle None in content list

- Fix ollama _chat_client: remove .value on string literals
- Fix ollama _chat_client: rename ai_model_id to model_id
- Fix _parse_content_list: skip None values gracefully

* Fix A2AAgent type signature to include Content

* Fix Role/FinishReason NewType dict annotations and improve test coverage to 95%

* Fix mypy errors for Role/FinishReason NewType usage

* Fix Role.TOOL and Role.ASSISTANT usage in _orchestrator_helpers.py

* Fix Role NewType usage in durabletask _models.py
838a7fd61d ยท 2026-02-04 10:13:23 +00:00
History
..

Purview Policy Enforcement Sample (Python)

This getting-started sample shows how to attach Microsoft Purview policy evaluation to an Agent Framework ChatAgent using the middleware approach.

What this sample demonstrates:

  1. Configure an Azure OpenAI chat client
  2. Add Purview policy enforcement middleware (PurviewPolicyMiddleware)
  3. Add Purview policy enforcement at the chat client level (PurviewChatPolicyMiddleware)
  4. Implement a custom cache provider for advanced caching scenarios
  5. Run conversations and observe prompt / response blocking behavior

Note: Caching is automatic and enabled by default with sensible defaults (30-minute TTL, 200MB max size).


1. Setup

Required Environment Variables

Variable Required Purpose
AZURE_OPENAI_ENDPOINT Yes Azure OpenAI endpoint (https://.openai.azure.com)
AZURE_OPENAI_DEPLOYMENT_NAME Optional Model deployment name (defaults inside SDK if omitted)
PURVIEW_CLIENT_APP_ID Yes* Client (application) ID used for Purview authentication
PURVIEW_USE_CERT_AUTH Optional (true/false) Switch between certificate and interactive auth
PURVIEW_TENANT_ID Yes (when cert auth on) Tenant ID for certificate authentication
PURVIEW_CERT_PATH Yes (when cert auth on) Path to your .pfx certificate
PURVIEW_CERT_PASSWORD Optional Password for encrypted certs

2. Auth Modes Supported

A. Interactive Browser Authentication (default)

Opens a browser on first run to sign in.

$env:AZURE_OPENAI_ENDPOINT = "https://your-openai-instance.openai.azure.com"
$env:PURVIEW_CLIENT_APP_ID = "00000000-0000-0000-0000-000000000000"

B. Certificate Authentication

For headless / CI scenarios.

$env:PURVIEW_USE_CERT_AUTH = "true"
$env:PURVIEW_TENANT_ID = "<tenant-guid>"
$env:PURVIEW_CERT_PATH = "C:\path\to\cert.pfx"
$env:PURVIEW_CERT_PASSWORD = "optional-password"

Certificate steps (summary): create / register entra app, generate certificate, upload public key, export .pfx with private key, grant required Graph / Purview permissions.


3. Run the Sample

From repo root:

cd python/samples/getting_started/purview_agent
python sample_purview_agent.py

If interactive auth is used, a browser window will appear the first time.


4. How It Works

The sample demonstrates three different scenarios:

A. Agent Middleware (run_with_agent_middleware)

  1. Builds an Azure OpenAI chat client (using the environment endpoint / deployment)
  2. Chooses credential mode (certificate vs interactive)
  3. Creates PurviewPolicyMiddleware with PurviewSettings
  4. Injects middleware into the agent at construction
  5. Sends two user messages sequentially
  6. Prints results (or policy block messages)
  7. Uses default caching automatically

B. Chat Client Middleware (run_with_chat_middleware)

  1. Creates a chat client with PurviewChatPolicyMiddleware attached directly
  2. Policy evaluation happens at the chat client level rather than agent level
  3. Demonstrates an alternative integration point for Purview policies
  4. Uses default caching automatically

C. Custom Cache Provider (run_with_custom_cache_provider)

  1. Implements the CacheProvider protocol with a custom class (SimpleDictCacheProvider)
  2. Shows how to add custom logging and metrics to cache operations
  3. The custom provider must implement three async methods:
    • async def get(self, key: str) -> Any | None
    • async def set(self, key: str, value: Any, ttl_seconds: int | None = None) -> None
    • async def remove(self, key: str) -> None

Policy Behavior: Prompt blocks set a system-level message: Prompt blocked by policy and terminate the run early. Response blocks rewrite the output to Response blocked by policy.


5. Code Snippets

Agent Middleware Injection

agent = ChatAgent(
	chat_client=chat_client,
	instructions="You are good at telling jokes.",
	name="Joker",
	middleware=[
		PurviewPolicyMiddleware(credential, PurviewSettings(app_name="Sample App"))
	],
)

Custom Cache Provider Implementation

This is only needed if you want to integrate with external caching systems.

class SimpleDictCacheProvider:
    """Custom cache provider that implements the CacheProvider protocol."""

    def __init__(self) -> None:
        self._cache: dict[str, Any] = {}

    async def get(self, key: str) -> Any | None:
        """Get a value from the cache."""
        return self._cache.get(key)

    async def set(self, key: str, value: Any, ttl_seconds: int | None = None) -> None:
        """Set a value in the cache."""
        self._cache[key] = value

    async def remove(self, key: str) -> None:
        """Remove a value from the cache."""
        self._cache.pop(key, None)

# Use the custom cache provider
custom_cache = SimpleDictCacheProvider()
middleware = PurviewPolicyMiddleware(
    credential,
    PurviewSettings(app_name="Sample App"),
    cache_provider=custom_cache,
)