* [BREAKING] Rename ChatAgent -> Agent, ChatMessage -> Message, ChatClientProtocol -> SupportsChatGetResponse Simplify the public API by removing redundant 'Chat' prefix from core types: - ChatAgent -> Agent - RawChatAgent -> RawAgent - ChatMessage -> Message - ChatClientProtocol -> SupportsChatGetResponse Also renamed internal WorkflowMessage (was Message in _runner_context) to avoid collision. No backward compatibility aliases - this is a clean breaking change. * [BREAKING] Rename Agent chat_client parameter to client * Fix rebase issues: WorkflowMessage references and broken markdown links * Fix formatting and lint issues from code quality checks * Fix import ordering in workflow sample files * fixed rebase * Fix test failures: use WorkflowMessage and A2AMessage after ChatMessage→Message rename - Replace Message(data=..., source_id=...) with WorkflowMessage(...) in workflow tests - Fix isinstance check in A2A agent to use A2AMessage instead of Message - Fix import in test_workflow_observability.py (Message→WorkflowMessage) * Fix lint, fmt, and sample errors after ChatMessage→Message rename - Auto-fix 70+ ruff lint issues across samples (ChatMessage→Message refs) - Fix HostedVectorStoreContent→Content.from_hosted_vector_store in file search sample - Fix _normalize_messages→normalize_messages in custom agent sample - Fix context.terminate→raise MiddlewareTermination in middleware samples - Fix with_update_hook→with_transform_hook in override middleware sample - Add TOptions_co import back to custom_chat_client sample - Add noqa for FastAPI File() default in chatkit sample - Fix B023 loop variable capture in weather agent sample * fix: update Agent constructor calls from chat_client to client in declaration-only tool tests * fix: add register_cleanup to devui lazy-loading proxy and type stub * fixed tests and updated new pieces * fix agui typevar * fix merge errors * fix merge conflicts * fiux merge * Remove unused links --------- Co-authored-by: Evan Mattson <evan.mattson@microsoft.com>
Purview Policy Enforcement Sample (Python)
This getting-started sample shows how to attach Microsoft Purview policy evaluation to an Agent Framework Agent using the middleware approach.
What this sample demonstrates:
- Configure an Azure OpenAI chat client
- Add Purview policy enforcement middleware (
PurviewPolicyMiddleware) - Add Purview policy enforcement at the chat client level (
PurviewChatPolicyMiddleware) - Implement a custom cache provider for advanced caching scenarios
- Run conversations and observe prompt / response blocking behavior
Note: Caching is automatic and enabled by default with sensible defaults (30-minute TTL, 200MB max size).
1. Setup
Required Environment Variables
| Variable | Required | Purpose |
|---|---|---|
AZURE_OPENAI_ENDPOINT |
Yes | Azure OpenAI endpoint (https://.openai.azure.com) |
AZURE_OPENAI_DEPLOYMENT_NAME |
Optional | Model deployment name (defaults inside SDK if omitted) |
PURVIEW_CLIENT_APP_ID |
Yes* | Client (application) ID used for Purview authentication |
PURVIEW_USE_CERT_AUTH |
Optional (true/false) |
Switch between certificate and interactive auth |
PURVIEW_TENANT_ID |
Yes (when cert auth on) | Tenant ID for certificate authentication |
PURVIEW_CERT_PATH |
Yes (when cert auth on) | Path to your .pfx certificate |
PURVIEW_CERT_PASSWORD |
Optional | Password for encrypted certs |
2. Auth Modes Supported
A. Interactive Browser Authentication (default)
Opens a browser on first run to sign in.
$env:AZURE_OPENAI_ENDPOINT = "https://your-openai-instance.openai.azure.com"
$env:PURVIEW_CLIENT_APP_ID = "00000000-0000-0000-0000-000000000000"
B. Certificate Authentication
For headless / CI scenarios.
$env:PURVIEW_USE_CERT_AUTH = "true"
$env:PURVIEW_TENANT_ID = "<tenant-guid>"
$env:PURVIEW_CERT_PATH = "C:\path\to\cert.pfx"
$env:PURVIEW_CERT_PASSWORD = "optional-password"
Certificate steps (summary): create / register entra app, generate certificate, upload public key, export .pfx with private key, grant required Graph / Purview permissions.
3. Run the Sample
From repo root:
cd python/samples/getting_started/purview_agent
python sample_purview_agent.py
If interactive auth is used, a browser window will appear the first time.
4. How It Works
The sample demonstrates three different scenarios:
A. Agent Middleware (run_with_agent_middleware)
- Builds an Azure OpenAI chat client (using the environment endpoint / deployment)
- Chooses credential mode (certificate vs interactive)
- Creates
PurviewPolicyMiddlewarewithPurviewSettings - Injects middleware into the agent at construction
- Sends two user messages sequentially
- Prints results (or policy block messages)
- Uses default caching automatically
B. Chat Client Middleware (run_with_chat_middleware)
- Creates a chat client with
PurviewChatPolicyMiddlewareattached directly - Policy evaluation happens at the chat client level rather than agent level
- Demonstrates an alternative integration point for Purview policies
- Uses default caching automatically
C. Custom Cache Provider (run_with_custom_cache_provider)
- Implements the
CacheProviderprotocol with a custom class (SimpleDictCacheProvider) - Shows how to add custom logging and metrics to cache operations
- The custom provider must implement three async methods:
async def get(self, key: str) -> Any | Noneasync def set(self, key: str, value: Any, ttl_seconds: int | None = None) -> Noneasync def remove(self, key: str) -> None
Policy Behavior:
Prompt blocks set a system-level message: Prompt blocked by policy and terminate the run early. Response blocks rewrite the output to Response blocked by policy.
5. Code Snippets
Agent Middleware Injection
agent = Agent(
client=client,
instructions="You are good at telling jokes.",
name="Joker",
middleware=[
PurviewPolicyMiddleware(credential, PurviewSettings(app_name="Sample App"))
],
)
Custom Cache Provider Implementation
This is only needed if you want to integrate with external caching systems.
class SimpleDictCacheProvider:
"""Custom cache provider that implements the CacheProvider protocol."""
def __init__(self) -> None:
self._cache: dict[str, Any] = {}
async def get(self, key: str) -> Any | None:
"""Get a value from the cache."""
return self._cache.get(key)
async def set(self, key: str, value: Any, ttl_seconds: int | None = None) -> None:
"""Set a value in the cache."""
self._cache[key] = value
async def remove(self, key: str) -> None:
"""Remove a value from the cache."""
self._cache.pop(key, None)
# Use the custom cache provider
custom_cache = SimpleDictCacheProvider()
middleware = PurviewPolicyMiddleware(
credential,
PurviewSettings(app_name="Sample App"),
cache_provider=custom_cache,
)