Python: New Foundry Hosted Agents samples: RAG, Skills, and Memory#5822
Conversation
github-actions
Bot
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Automated Code Review
Reviewers: 4 | Confidence: 62%
✓ Correctness
No actionable issues found in this dimension.
✓ Security Reliability
No actionable issues found in this dimension.
✓ Test Coverage
No actionable issues found in this dimension.
✗ Design Approach
Two design issues stand out. The Azure Search RAG sample is built and documented as if
sourceName/sourceLinkare injected into model context for citations, but the actualAzureAISearchContextProvideronly emits document text plusdoc_id, so those schema fields never influence responses. Separately, the Foundry Skills sample downloads remote ZIPs and unpacks them withextractall()without any path containment check, which bypasses the repo’s own path-traversal safeguards for file-based skills and allows a crafted archive to write outsidedownloaded_skills/<name>. That does not advance the sample feature itself, but it does create broad lockfile churn and merge-conflict risk in a repo that explicitly prefers targeted lock updates.
Flagged Issues
- The RAG sample's citation design relies on
sourceName/sourceLinkfields that the provider never reads:AzureAISearchContextProvider._extract_document_text()only pulls from content-like fields plusdoc_id(see_context_provider.py:980-995and tests attest_aisearch_context_provider.py:884-914). Either the sample needs a custom provider that formats those fields into context, or the docs/schema should be reduced to what the provider actually consumes.
Automated review by TaoChenOSU's agents
There was a problem hiding this comment.
Pull request overview
This PR adds Python Foundry-hosted Responses samples demonstrating Azure AI Search RAG and Foundry Skills, plus updates the hosted sample index to include them.
Changes:
- Adds an Azure AI Search RAG hosted-agent sample with provisioning guidance, runtime code, Docker packaging, and deployment manifests.
- Adds a Foundry Skills hosted-agent sample with sample skills, skill provisioning, startup download/bootstrap, Docker packaging, and deployment manifests.
- Updates the Foundry hosted-agent README sample list.
Reviewed changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
python/samples/04-hosting/foundry-hosted-agents/README.md |
Adds RAG and Skills samples to the Responses sample table. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/.dockerignore |
Excludes local/dev files from the RAG image build. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/.env.example |
Documents required RAG environment variables. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/Dockerfile |
Packages the RAG sample as a Python container. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/README.md |
Documents setup, provisioning, running, and deployment for RAG. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/agent.manifest.yaml |
Adds Foundry deployment manifest for the RAG sample. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/agent.yaml |
Adds hosted-agent runtime config for RAG. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/main.py |
Implements the RAG hosted agent using Azure AI Search context. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/provision_index.py |
Adds a helper to create/seed the Azure AI Search index. |
python/samples/04-hosting/foundry-hosted-agents/responses/08_azure_search_rag/requirements.txt |
Lists RAG sample dependencies. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/.dockerignore |
Excludes provisioning/source/runtime artifacts from the Skills image. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/.env.example |
Documents required Skills sample environment variables. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/Dockerfile |
Packages the Skills sample as a Python container. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/README.md |
Documents Foundry Skills authoring, provisioning, runtime loading, and deployment. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/agent.manifest.yaml |
Adds Foundry deployment manifest for the Skills sample. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/agent.yaml |
Adds hosted-agent runtime config for Skills. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/main.py |
Implements startup skill download and hosted agent wiring. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/provision_skills.py |
Adds a helper to upload local SKILL.md packages to Foundry Skills. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/requirements.txt |
Lists Skills sample dependencies. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/skills/escalation-policy/SKILL.md |
Adds escalation-policy skill content. |
python/samples/04-hosting/foundry-hosted-agents/responses/09_foundry_skills/skills/support-style/SKILL.md |
Adds support-style skill content. |
There was a problem hiding this comment.
Automated Code Review
Reviewers: 4 | Confidence: 61%
✓ Correctness
Three new Foundry Hosted Agents samples (RAG, Skills, Memory) are well-structured and mostly correct. API usage matches framework signatures, the zip-slip guard is properly implemented, and previous review comments appear addressed. One correctness concern: the memory sample creates an async DefaultAzureCredential without closing it, unlike the skills sample (which uses
async with) and existing samples (which use the sync credential).
✓ Security Reliability
The new samples are well-structured with good security practices (zip-slip guard in the skills sample, proper async-with credential management in provisioning scripts). The one remaining issue is the Foundry Memory sample (10_foundry_memory/main.py) where an async DefaultAzureCredential is created inline and never closed—the same pattern that was previously flagged and fixed in the other two samples in this PR.
✓ Test Coverage
No actionable issues found in this dimension.
✗ Design Approach
The new Foundry Memory sample has one design-level issue: it documents per-user cross-session memory isolation, but the implementation passes a literal
{{$userId}}scope string intoFoundryMemoryProviderand nothing in the hosting path shown here substitutes that placeholder. That means all callers would share the same memory scope instead of being isolated by user.
Flagged Issues
-
python/samples/04-hosting/foundry-hosted-agents/responses/10_foundry_memory/main.py:46usesscope="{{$userId}}", butFoundryMemoryProviderforwardsself.scopeverbatim to the memory store (_memory_provider.py:170-173,198-203,259-264) and the Responses host only passes message history intoagent.run(_responses.py:296-305). As written, this collapses all users into one shared memory scope rather than isolating memories per user.
Automated review by TaoChenOSU's agents
lokitoth
left a comment
lokitoth
left a comment
There was a problem hiding this comment.
Were the uv.lock file changes intended?
No, reverted. |
…icrosoft#6013) * .NET: Add Hosted-AgentSkills sample for Foundry Skills integration Add a new hosted agent sample that demonstrates how to load behavioral guidelines from Foundry Skills at startup using AgentSkillsProvider and the progressive disclosure pattern (advertise -> load on demand). The sample: - Downloads SKILL.md files from Foundry via ProjectAgentSkills SDK - Extracts ZIP archives with zip-slip protection - Wires skills into AgentSkillsProvider as an AIContextProvider - Hosts the agent via the Responses protocol Ships two Contoso Outdoors skills matching the Python sample (PR microsoft#5822): - support-style: tone, formatting, signature guidelines - escalation-policy: when and how to escalate tickets Includes convenience provisioning gated behind PROVISION_SAMPLE_SKILLS env var, clearly documented as NOT a production pattern. Closes microsoft#5776 Co-authored-by: Copilot <[email protected]> * .NET: Add unit tests and integration test for Hosted-AgentSkills Unit tests (14 tests, all passing): - ZIP extraction with zip-slip guard (valid archive, traversal attack, sibling-prefix attack, directory entries) - Skill name validation (rejects dots, separators, traversal patterns) - AgentSkillsProvider with downloaded skills (advertises both skills, load_skill returns canary tokens, unknown skill returns error) Container integration test: - New 'agent-skills' scenario in the test container that creates Contoso Outdoors skills on disk and wires AgentSkillsProvider - AgentSkillsHostedAgentFixture + 4 integration tests verifying: - Routine questions load support-style skill (STYLE-CANARY-3318) - Escalation triggers load escalation-policy (ESC-CANARY-7742) - Skills are advertised in system prompt - load_skill tool is invoked via FunctionCallContent Co-authored-by: Copilot <[email protected]> * .NET: Add smoke test, bootstrap, and docs for agent-skills integration - Add scripts/smoke.ps1 for local Docker smoke testing: builds the contributor image, runs the container, verifies both skills are loaded via canary tokens (STYLE-CANARY-3318, ESC-CANARY-7742) - Add 'agent-skills' to the bootstrap script scenario list - Add agent-skills row to the integration test README scenarios table - Exclude HostedAgentSkillsPatternTests from net472 (uses net8.0+ APIs) Co-authored-by: Copilot <[email protected]> * .NET: Update commented-out package versions to latest across all hosted samples Update the end-user PackageReference versions (in the commented-out sections) from 1.0.0 to the current latest NuGet versions: - Microsoft.Agents.AI: 1.6.1 - Microsoft.Agents.AI.Foundry: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.Foundry.Hosting: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.Hosting: 1.6.1-preview.260514.1 - Microsoft.Agents.AI.OpenAI: 1.6.1 - Microsoft.Agents.AI.Workflows: 1.6.1 Also adds explicit versions to Hosted-Workflow-Handoff which had bare PackageReference entries without Version attributes. Co-authored-by: Copilot <[email protected]> * .NET: Fix broken markdown links in Hosted-AgentSkills README Remove references to non-existent ../../README.md. Replace with inline instructions matching other hosted samples that don't have a parent README. Co-authored-by: Copilot <[email protected]> * .NET: Use OS-appropriate string comparison in zip-slip guard Use Ordinal on Unix (case-sensitive FS) and OrdinalIgnoreCase on Windows to prevent case-based path bypass on Linux containers. Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]>
Motivation and Context
We need more samples for MAF with Foundry Hosted Agents.
Description
This PR adds three:
Contribution Checklist