mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
59da578902
* [Py Purview] Purview Python Initial Commit * [Py Purview] Purview Python Minor Fixes * [Py Purview] Purview Python Comment Fixesish * [Py Purview] Purview Python Agent Middleware Done * [Py Purview] Purview Python Agent Middleware Done * [Py Purview] Purview Python Lint Errors * [Py Purview] Purview Python Final Hopefully * [Py Purview] Purview Python Final Hopefully * [Py Purview] Purview Python Fix ReadMe * [Py Purview] Purview Python Fix MyPy * [Py Purview] Purview Python Minor Updates on comments * [Py Purview] Purview Python Fix Build Error --------- Co-authored-by: Dmytro Struk <13853051+dmytrostruk@users.noreply.github.com>
59da578902
·
2025-10-16 21:46:04 +00:00
History
Purview Policy Enforcement Sample (Python)
This getting-started sample shows how to attach Microsoft Purview policy evaluation to an Agent Framework ChatAgent using the middleware approach.
- Configure an Azure OpenAI chat client
- Add Purview policy enforcement middleware (
PurviewPolicyMiddleware) - Run a short conversation and observe prompt / response blocking behavior
1. Setup
Required Environment Variables
| Variable | Required | Purpose |
|---|---|---|
AZURE_OPENAI_ENDPOINT |
Yes | Azure OpenAI endpoint (https://.openai.azure.com) |
AZURE_OPENAI_DEPLOYMENT_NAME |
Optional | Model deployment name (defaults inside SDK if omitted) |
PURVIEW_CLIENT_APP_ID |
Yes* | Client (application) ID used for Purview authentication |
PURVIEW_USE_CERT_AUTH |
Optional (true/false) |
Switch between certificate and interactive auth |
PURVIEW_TENANT_ID |
Yes (when cert auth on) | Tenant ID for certificate authentication |
PURVIEW_CERT_PATH |
Yes (when cert auth on) | Path to your .pfx certificate |
PURVIEW_CERT_PASSWORD |
Optional | Password for encrypted certs |
*A demo default exists in code for illustration only—always set your own value.
2. Auth Modes Supported
A. Interactive Browser Authentication (default)
Opens a browser on first run to sign in.
$env:AZURE_OPENAI_ENDPOINT = "https://your-openai-instance.openai.azure.com"
$env:PURVIEW_CLIENT_APP_ID = "00000000-0000-0000-0000-000000000000"
B. Certificate Authentication
For headless / CI scenarios.
$env:PURVIEW_USE_CERT_AUTH = "true"
$env:PURVIEW_TENANT_ID = "<tenant-guid>"
$env:PURVIEW_CERT_PATH = "C:\path\to\cert.pfx"
$env:PURVIEW_CERT_PASSWORD = "optional-password"
Certificate steps (summary): create / register app, generate certificate, upload public key, export .pfx with private key, grant required Graph / Purview permissions.
3. Run the Sample
From repo root:
cd python/samples/getting_started/purview_agent
python sample_purview_agent.py
If interactive auth is used, a browser window will appear the first time.
4. How It Works
- Builds an Azure OpenAI chat client (using the environment endpoint / deployment)
- Chooses credential mode (certificate vs interactive)
- Creates
PurviewPolicyMiddlewarewithPurviewSettings - Injects middleware into the agent at construction
- Sends two user messages sequentially
- Prints results (or policy block messages)
Prompt blocks set a system-level message: Prompt blocked by policy and terminate the run early. Response blocks rewrite the output to Response blocked by policy.
5. Code Snippet (Middleware Injection)
agent = ChatAgent(
chat_client=chat_client,
instructions="You are good at telling jokes.",
name="Joker",
middleware=[
PurviewPolicyMiddleware(credential, PurviewSettings(app_name="Sample App", default_user_id="<guid>"))
],
)