Closed
Conversation
* Added CODEOWNERS * Added .gitignore --------- Co-authored-by: Johan Broberg <johanb@microsoft.com>
Co-authored-by: Johan Broberg <johanb@microsoft.com>
Co-authored-by: Johan Broberg <johanb@microsoft.com>
Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
Co-authored-by: Johan Broberg <johanb@microsoft.com>
Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Adding Python Agent Framework Sample * update to latest --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Revise README for Agent 365 Sample Agent Updated the README to improve clarity and correct typos. Added sections on prerequisites, running the sample, and troubleshooting. * Update README to remove external sample reference Removed reference to the semantic-kernel-multiturn sample.
* update agents sdk version for langchain * Accept more recent versions * remove authority field, this is set by default --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Adding Notifications on AF * Update readme * PR comments * small fix * removed observability * update manifest * changes * setup fix
Added comprehensive instructions for GitHub Copilot to follow during code reviews, including rules for checking keywords, copyright headers, and Agent 365 sample validation.
* update with api change * update claude to tool service api name change * name change --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Add Vercel AI SDK sample * fix comments --------- Co-authored-by: Dominik Bezic <dominikbezic@microsoft.com>
* introducing perplexity sample agent * applying changes from code review * updated readme file with features list --------- Co-authored-by: aubreyquinn <aubreyquinn+odspmdb@microsoft.com>
* Add OpenAI Nodejs Sample * fix: model to string * Add copyright headers * Add build script * fix typo * fix typo in doc * take comments * update doc for env name change * update license path in readme * update walkthrough to follow same structure as AF * include agentsplayground in readme --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
…ion (#31) * Initial plan * Rename "Microsoft Agents A365" to "Microsoft Agent 365" Co-authored-by: pontemonti <7850950+pontemonti@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pontemonti <7850950+pontemonti@users.noreply.github.com>
Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* add updated nodejs claude implementation * fix typos * change mcp endpoint to prod * review comments * add auth from agents-hosting * remove lock
* quickstart initial code * rename folder * update docs on quickstart * add links and update docs * include rename change * copilot suggestions --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Introducing playground notification handling in Perplexity agent * Introducing playground Teams messaging notification handling in Perplexity agent * applying changes from code review * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * applying changes from code review * Add missing copyright header to playgroundActivityTypes.ts (#36) * Initial plan * Add Microsoft copyright header to playgroundActivityTypes.ts Co-authored-by: aubreyquinn <80953505+aubreyquinn@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: aubreyquinn <80953505+aubreyquinn@users.noreply.github.com> * Add copyright header to playgroundActivityTypes.ts (#35) * Initial plan * Add Microsoft copyright header to playgroundActivityTypes.ts Co-authored-by: aubreyquinn <80953505+aubreyquinn@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: aubreyquinn <80953505+aubreyquinn@users.noreply.github.com> --------- Co-authored-by: aubreyquinn <aubreyquinn+odspmdb@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
* Cursor IDE prompt usage --------- Co-authored-by: shirahman <shirahman@microsoft.com>
* Update samples to remove environment id from calls and settings * remove env id from newer samples * Update python/agent-framework/sample-agent/.env.template Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix formatting of 'Microsoft Agent365' to 'Microsoft Agent 365' * Update README to reflect Microsoft Agent 365 SDK * Fix typo in Agent365 authentication comment * Fix comment formatting in client.ts Updated comments to improve clarity and consistency. * Fix typo in AGENT-TESTING.md * Fix description formatting in pyproject.toml * Update package description for clarity * Fix formatting of Agent 365 configuration comment * Update README to reference Microsoft Agent 365 SDK * Fix typo in Agent 365 Observability SDK comment * Update package description for clarity * Fix description formatting in pyproject.toml * Fix formatting in .env.template for Agent 365 * Update README.md * Update README.md * Fix naming in README for Agent Framework and SDK Updated README to correct naming conventions for Agent Framework and Microsoft Agent 365 SDK. * Update license link in README.md * Update perplexityClient.ts * Update README to reference Microsoft Agent 365 SDK * Fix typo in LangChain client documentation * Update README to reflect Microsoft Agent 365 SDK
…lity (#81) * Adding points for the users who contributed towards code review & quality * adding leaderboard.json * added permissions to the workflow * resolved comments --------- Co-authored-by: Lavanya Kappagantu <kalavany@microsoft.com>
* Add Agent Framework and Semantic Kernel enhancements Introduced a new .NET Agent Framework Sample Agent with CI/CD setup, OpenTelemetry observability, and tools for weather and date-time retrieval. Added ASP.NET authentication utilities and Teams app manifest. Updated Semantic Kernel Sample Agent with streaming support, enhanced observability, and plugins for terms and conditions handling. Included configuration files, README, and `.gitignore` for better project structure and documentation. * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Refactor async handling in HTTP operations Updated `InvokeObservedHttpOperation` to return `Task` for better async support and added `ConfigureAwait(false)` in `Program.cs` to prevent synchronization context capture. These changes improve performance, reliability, and adherence to async best practices. * Refactor to support async in HTTP operation handling Updated `Program.cs` to use `await` and `ConfigureAwait(false)` for `AgentMetrics.InvokeObservedHttpOperation` to ensure proper asynchronous execution. Modified `AgentMetrics.cs` to change `InvokeObservedHttpOperation` from `void` to `Task` return type, aligning with async programming practices. Updated the method to handle asynchronous operations and return `Task.CompletedTask` for consistency. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* adding authorization back to add tool servers call * remove auth config for agentsplayground connection * fixing claude sample * fix indentation * Add useJwtMiddleware if agent is hosted publicly * change useJwt to isProd * Namechange isProduction boolean --------- Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
* Creating a PR when the leaderboard needs to be updated * addressed comments --------- Co-authored-by: Lavanya Kappagantu <kalavany@microsoft.com>
* Add bug report issue template This file serves as a template for users to report bugs, detailing the necessary sections for a comprehensive bug report. * Add feature request issue template
* Create workflow for Vercel SDK sample agent * Add static authHandlerName to A365Agent class * Update .github/workflows/ci-nodejs-vercelsdk-sampleagent.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Remove npm cache configuration from CI workflow Removed caching configuration for npm in CI workflow. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Jesus Terrazas <jterrazas@microsoft.com>
Co-authored-by: Dominik Bezic <dominikbezic@microsoft.com>
…le README (#108) * Initial plan * Fix broken SECURITY.md and LICENSE.md links in LangChain Node.js README Co-authored-by: pontemonti <7850950+pontemonti@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pontemonti <7850950+pontemonti@users.noreply.github.com>
* Add contributing guidelines to CONTRIBUTING.md Added contributing guidelines to the project, including sections on code of conduct, how to contribute, development process, and licensing. * Update CONTRIBUTING.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Johan Broberg <johan@pontemonti.net> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…n for auto instrument for OpenAi Agent sample. (#96) * fix manual instrument * Configure OpenAI Agents instrumentation * fix PR build error * Update nodejs/openai/sample-agent/src/client.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix invoke scope --------- Co-authored-by: jsl517 <pefan@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Johan Broberg <johanb@microsoft.com>
* Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples * Introduce per application validation for python Samples
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a GitHub Actions workflow that automatically versions Node.js sample projects based on git commit history, following a GitVersion-style approach where the patch version equals the commit count for each sample directory.
Key Changes:
- Adds automated version bumping workflow triggered on pushes to main and user branches
- Implements commit-count-based versioning (major.minor.commitCount)
- Creates pull requests with version updates when Node.js sample code changes
| }); | ||
|
|
||
| // Stage the file | ||
| execSync(`git add ${packageJsonPath}`); |
There was a problem hiding this comment.
Same command injection vulnerability as line 90. The packageJsonPath variable should be properly escaped when used in shell commands:
execSync('git add ' + JSON.stringify(packageJsonPath));
Comment on lines
+93
to
+95
| const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8')); | ||
| const currentVersion = packageJson.version; | ||
| const versionParts = currentVersion.split('.'); |
There was a problem hiding this comment.
Missing error handling for JSON parsing and file operations. If package.json is malformed or cannot be read, this will throw an unhandled error and the workflow will fail without a clear message.
Add try-catch blocks around file operations:
try {
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
const currentVersion = packageJson.version;
if (!currentVersion) {
console.log(` No version field found, skipping`);
continue;
}
// ... rest of logic
} catch (error) {
console.error(` Error processing ${packageJsonPath}: ${error.message}`);
continue; // Skip this package and continue with others
}
Suggested change
| const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8')); | |
| const currentVersion = packageJson.version; | |
| const versionParts = currentVersion.split('.'); | |
| let packageJson, currentVersion, versionParts; | |
| try { | |
| packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8')); | |
| currentVersion = packageJson.version; | |
| if (!currentVersion) { | |
| console.log(` No version field found, skipping`); | |
| continue; | |
| } | |
| versionParts = currentVersion.split('.'); | |
| } catch (error) { | |
| console.error(` Error processing ${packageJsonPath}: ${error.message}`); | |
| continue; | |
| } |
| const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8')); | ||
| const currentVersion = packageJson.version; | ||
| const versionParts = currentVersion.split('.'); | ||
|
|
There was a problem hiding this comment.
The version string splitting assumes a standard semver format (major.minor.patch), but doesn't validate this assumption. If the version in package.json has a different format (e.g., "1.0" or "1.0.0-beta.1"), accessing versionParts[1] could result in undefined values, leading to malformed versions like "1.undefined.5".
Add validation:
const versionParts = currentVersion.split('.');
if (versionParts.length < 2) {
console.log(` Invalid version format: ${currentVersion}, skipping`);
continue;
}
// Generate new version: major.minor.commitCount
const newVersion = `${versionParts[0]}.${versionParts[1]}.${commitCount}`;
Suggested change
| // Validate version format: must have at least major and minor | |
| if (versionParts.length < 2) { | |
| console.log(` Invalid version format: ${currentVersion}, skipping`); | |
| continue; | |
| } | |
| console.log('Sample directories:', sampleDirsArray); | ||
|
|
||
| if (sampleDirsArray.length === 0) { | ||
| console.log('No samples to version'); |
There was a problem hiding this comment.
[nitpick] The return statement on line 80 doesn't propagate correctly due to being inside a uses: actions/github-script@v7 block. The script needs to use return to set the output, but it should return a value that can be used by the conditional in line 127.
The logic is correct as-is, but consider making it more explicit by ensuring the return value structure matches what's expected in line 127. The current implementation looks correct, but add a comment to clarify the return contract:
// Return object with hasChanges boolean and bumped array for downstream steps
return { hasChanges: false, bumped: [] };
Suggested change
| console.log('No samples to version'); | |
| console.log('No samples to version'); | |
| // Return object with hasChanges boolean and bumped array for downstream steps |
| @@ -0,0 +1,173 @@ | |||
| name: Auto-version Node.js Samples | |||
There was a problem hiding this comment.
Missing Microsoft copyright header. GitHub Actions workflow YAML files require a copyright header at the top:
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
name: Auto-version Node.js Samples
Comment on lines
13
to
19
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
|
|
||
| jobs: | ||
| version-bump: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
Permissions should be scoped at the job level rather than the workflow level for better security. Move the permissions block from lines 13-15 to be under the version-bump job (after line 19).
Example:
jobs:
version-bump:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: writeThis follows the principle of least privilege by limiting permissions to only the jobs that need them.
Suggested change
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| version-bump: | |
| runs-on: ubuntu-latest | |
| jobs: | |
| version-bump: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write |
| console.log(` Git commits: ${commitCount}`); | ||
| console.log(` New version: ${newVersion}`); | ||
|
|
||
| if (newVersion !== currentVersion) { |
There was a problem hiding this comment.
The version comparison logic has a bug. When the commit count is small (e.g., "5"), but the current version's patch is a string comparison larger (e.g., "0.1.50"), the new version "0.1.5" will appear different even though it represents fewer commits. This can cause the version to go backwards.
The logic should parse and compare versions numerically or check if newVersion is actually greater than currentVersion:
if (newVersion !== currentVersion && parseInt(commitCount) > parseInt(versionParts[2] || 0)) {
// Update package.json
packageJson.version = newVersion;
// ...
}This prevents the workflow from creating PRs that would downgrade versions.
Suggested change
| if (newVersion !== currentVersion) { | |
| // Only bump version if commitCount (patch) is greater than current patch version | |
| if (parseInt(commitCount, 10) > parseInt(versionParts[2] || "0", 10)) { |
| console.log(`\nProcessing ${packageJsonPath}`); | ||
|
|
||
| // Get git commit count for this directory (auto-incrementing patch version) | ||
| const commitCount = execSync(`git rev-list --count HEAD -- ${dir}`, { encoding: 'utf-8' }).trim(); |
There was a problem hiding this comment.
Potential command injection vulnerability. The dir variable is used directly in shell commands without proper escaping. If a directory name contains special characters or shell metacharacters, this could lead to command injection or errors.
Use proper escaping or pass the variable safely:
const commitCount = execSync('git rev-list --count HEAD -- ' + JSON.stringify(dir), { encoding: 'utf-8' }).trim();Or better yet, use the shell: false option with an array of arguments where supported, or sanitize the directory path.
pontemonti
reviewed
Dec 10, 2025
| push: | ||
| branches: | ||
| - main | ||
| - 'users/**' |
Contributor
There was a problem hiding this comment.
Done for test purposes and should be removed?
Josina20
force-pushed
the
users/radevika/addAutoVer
branch
from
6ad1451 to
1f4223a
Compare
Contributor
|
Outdated - closing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.