mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
977c3adfb2
* python: replace pre-commit with prek, add PEP 723 script deps, clean up dev dependencies - Replace pre-commit with prek (Rust-native, faster pre-commit alternative) - Move supported hooks to repo: builtin for zero-clone speed - Add new builtin hooks: trailing-whitespace, check-merge-conflict, detect-private-key, check-added-large-files - Update all hook versions to latest (pre-commit-hooks v6, pyupgrade v3.21.2, bandit 1.9.3, uv-pre-commit 0.10.0) - Add PEP 723 inline script metadata to 34 samples with external deps - Remove autogen-agentchat/autogen-ext from dev deps (now declared per-sample) - Remove unused dev deps: pytest-env, tomli-w - Add agent-framework-core>=1.0.0b260130 lower bound to all 21 packages - Update CI workflow to use j178/prek-action - Update docs: DEV_SETUP.md, AGENTS.md, CODING_STANDARD.md, SAMPLE_GUIDELINES.md * updated lock * python: fix prek config paths for local execution and CI workflow Remove global 'files: ^python/' filter and strip python/ prefix from all path patterns in .pre-commit-config.yaml so prek finds files when run from the python/ directory. Update CI workflow to use --cd python instead of --config path. Include trailing whitespace fixes and dev dependency cleanup. * python: move helper scripts to scripts/ folder and exclude from checks * python: exclude AGENTS.md from prek markdown code lint * python: exclude AGENTS.md and azure_ai_search sample from markdown lint * fix m365 sample * python: ignore CPY rule for samples with PEP 723 headers * fix in dev_setup * python: replace aiofiles with regular open in samples * python: suppress reportUnusedImport in markdown code block checker * python: use samples pyright config for markdown code block checker Write a temp pyrightconfig.json matching pyrightconfig.samples.json rules (typeCheckingMode=off, only reportMissingImports and reportAttributeAccessIssue). Filter output to only fail on these rules since syntax-level errors (top-level await, undefined vars) are expected in README documentation snippets. * python: use markdown-code-lint with fixed globs instead of prek file list The prek-markdown-code-lint task received all changed files including non-README markdown and files with pre-existing broken imports. Replace with the standard markdown-code-lint task which uses the correct glob patterns (README.md, packages/**/README.md, samples/**/*.md). * python: exclude READMEs with pre-existing broken imports from markdown lint * python: fix broken README code snippets instead of excluding them - ag-ui: replace TextContent (removed) with content.type == 'text' - durabletask: fix import path to durabletask.worker.TaskHubGrpcWorker - orchestrations: use constructor params instead of .participants() method - observability: mark deprecated code blocks as plain text, filter reportMissingImports to agent_framework modules only - remove README excludes from markdown-code-lint task * add revision to gaia download * feat(python): parallelize checks across packages Run (package × task) cross-product in parallel using ThreadPoolExecutor and subprocesses. Key changes: - Add scripts/task_runner.py with shared parallel execution engine - Update run_tasks_in_packages_if_exists.py to accept multiple tasks - Update run_tasks_in_changed_packages.py with --files flag and parallel support - Add check-packages poe task (fmt+lint+pyright+mypy in parallel) - Add prek-markdown-code-lint and prek-samples-check with change detection - Split CI code quality workflow into parallel prek and mypy jobs - Update DEV_SETUP.md to document new parallel behavior Core package changes still trigger checks on all packages. * feat(ci): split code quality into 4 parallel jobs Split the single prek job into parallel jobs: - pre-commit-hooks: lightweight hooks (SKIP=poe-check) - package-checks: fmt/lint/pyright/mypy via check-packages - samples-markdown: samples-lint, samples-syntax, markdown-code-lint - mypy: change-detected mypy checks All 4 jobs run concurrently (×2 Python versions = 8 runners). * feat(ci): use only Python 3.10 for code quality checks * refactor(python): add future annotations and remove quoted types Add `from __future__ import annotations` to 93 package files that used quoted string annotations, then run pyupgrade --py310-plus to remove the now-unnecessary quotes. Fixes https://github.com/microsoft/agent-framework/issues/3578
145 lines
4.8 KiB
Python
145 lines
4.8 KiB
Python
# Copyright (c) Microsoft. All rights reserved.
|
|
|
|
"""AG-UI server example with server-side tools."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
import os
|
|
|
|
from agent_framework import ChatAgent, tool
|
|
from agent_framework.ag_ui import add_agent_framework_fastapi_endpoint
|
|
from agent_framework.azure import AzureOpenAIChatClient
|
|
from dotenv import load_dotenv
|
|
from fastapi import Depends, FastAPI, HTTPException, Security
|
|
from fastapi.security import APIKeyHeader
|
|
|
|
load_dotenv()
|
|
|
|
# Enable debug logging
|
|
logging.basicConfig(
|
|
level=logging.DEBUG,
|
|
format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
|
|
)
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
# Read required configuration
|
|
endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")
|
|
deployment_name = os.environ.get("AZURE_OPENAI_CHAT_DEPLOYMENT_NAME")
|
|
|
|
if not endpoint:
|
|
raise ValueError("AZURE_OPENAI_ENDPOINT environment variable is required")
|
|
if not deployment_name:
|
|
raise ValueError("AZURE_OPENAI_CHAT_DEPLOYMENT_NAME environment variable is required")
|
|
|
|
|
|
# ============================================================================
|
|
# AUTHENTICATION EXAMPLE
|
|
# ============================================================================
|
|
# This demonstrates how to secure the AG-UI endpoint with API key authentication.
|
|
# In production, you should use a more robust authentication mechanism such as:
|
|
# - OAuth 2.0 / OpenID Connect
|
|
# - JWT tokens with proper validation
|
|
# - Azure AD / Entra ID integration
|
|
# - Your organization's identity provider
|
|
#
|
|
# The API key should be stored securely (e.g., Azure Key Vault, environment variables)
|
|
# and rotated regularly.
|
|
# ============================================================================
|
|
|
|
# API key header configuration
|
|
API_KEY_HEADER = APIKeyHeader(name="X-API-Key", auto_error=False)
|
|
|
|
# Get the expected API key from environment variable
|
|
# In production, use a secrets manager like Azure Key Vault
|
|
EXPECTED_API_KEY = os.environ.get("AG_UI_API_KEY")
|
|
|
|
|
|
async def verify_api_key(api_key: str | None = Security(API_KEY_HEADER)) -> None:
|
|
"""Verify the API key provided in the request header.
|
|
|
|
Args:
|
|
api_key: The API key from the X-API-Key header
|
|
|
|
Raises:
|
|
HTTPException: If the API key is missing or invalid
|
|
"""
|
|
if not EXPECTED_API_KEY:
|
|
# If no API key is configured, log a warning but allow the request
|
|
# This maintains backward compatibility but warns about the security risk
|
|
logger.warning(
|
|
"AG_UI_API_KEY environment variable not set. "
|
|
"The endpoint is accessible without authentication. "
|
|
"Set AG_UI_API_KEY to enable API key authentication."
|
|
)
|
|
return
|
|
|
|
if not api_key:
|
|
raise HTTPException(
|
|
status_code=401,
|
|
detail="Missing API key. Provide X-API-Key header.",
|
|
)
|
|
|
|
if api_key != EXPECTED_API_KEY:
|
|
raise HTTPException(
|
|
status_code=403,
|
|
detail="Invalid API key.",
|
|
)
|
|
|
|
|
|
# Server-side tool (executes on server)
|
|
@tool(description="Get the time zone for a location.")
|
|
def get_time_zone(location: str) -> str:
|
|
"""Get the time zone for a location.
|
|
|
|
Args:
|
|
location: The city or location name
|
|
"""
|
|
print(f"[SERVER] get_time_zone tool called with location: {location}")
|
|
timezone_data = {
|
|
"seattle": "Pacific Time (UTC-8)",
|
|
"san francisco": "Pacific Time (UTC-8)",
|
|
"new york": "Eastern Time (UTC-5)",
|
|
"london": "Greenwich Mean Time (UTC+0)",
|
|
}
|
|
result = timezone_data.get(location.lower(), f"Time zone data not available for {location}")
|
|
print(f"[SERVER] get_time_zone returning: {result}")
|
|
return result
|
|
|
|
|
|
# Create the AI agent with ONLY server-side tools
|
|
# IMPORTANT: Do NOT include tools that the client provides!
|
|
# In this example:
|
|
# - get_time_zone: SERVER-ONLY tool (only server has this)
|
|
# - get_weather: CLIENT-ONLY tool (client provides this, server should NOT include it)
|
|
# The client will send get_weather tool metadata so the LLM knows about it,
|
|
# and the function invocation mixin on AGUIChatClient will execute it client-side.
|
|
# This matches the .NET AG-UI hybrid execution pattern.
|
|
agent = ChatAgent(
|
|
name="AGUIAssistant",
|
|
instructions="You are a helpful assistant. Use get_weather for weather and get_time_zone for time zones.",
|
|
chat_client=AzureOpenAIChatClient(
|
|
endpoint=endpoint,
|
|
deployment_name=deployment_name,
|
|
),
|
|
tools=[get_time_zone], # ONLY server-side tools
|
|
)
|
|
|
|
# Create FastAPI app
|
|
app = FastAPI(title="AG-UI Server")
|
|
|
|
# Register the AG-UI endpoint with authentication
|
|
# The dependencies parameter accepts FastAPI Depends() objects that run before the handler
|
|
add_agent_framework_fastapi_endpoint(
|
|
app,
|
|
agent,
|
|
"/",
|
|
dependencies=[Depends(verify_api_key)],
|
|
)
|
|
|
|
if __name__ == "__main__":
|
|
import uvicorn
|
|
|
|
uvicorn.run(app, host="127.0.0.1", port=5100, log_level="debug", access_log=True)
|