Migrate agents to Semantic Kernel agent framework and add kernel approval filter

[devanshjainms]

Motivation

• Move from fragile custom agent loops to the maintained Semantic Kernel agent primitives (ChatCompletionAgent, AgentGroupChat) to improve reliability and routing.
• Standardize agent behavior and state management by using the SDK's event loop and selection/termination strategies.
• Centralize safety checks at the Kernel level to prevent hallucinated or unsafe execution (Ansible/SSH) from reaching runtime.
• Simplify prompts so agents focus on their single responsibility and rely on the AgentGroupChat for routing.

Description

• Replaced the custom base agent with SAPAutomationAgent (subclassing semantic_kernel.agents.ChatCompletionAgent) in src/agents/agents/base.py and exported it via the agents package.
• Reworked orchestrator to use AgentGroupChat with a kernel-based selection function and termination strategy in src/agents/agents/orchestrator.py; removed the manual handle_chat loop and fragile JSON routing extraction.
• Updated concrete agents (EchoAgentSK, SystemContextAgentSK, TestAdvisorAgentSK, ActionPlannerAgentSK, ActionExecutorAgent) to inherit from SAPAutomationAgent, register their plugins via the agent plugins parameter, and drop manual loop/registration boilerplate.
• Introduced a kernel-level approval filter src/agents/filters/approval_filter.py and registered it in src/agents/sk_kernel.py to validate execution.* function calls (e.g., run_readonly_command, run_test_by_id) before invocation; added src/agents/filters/__init__.py.
• Simplified prompts (notably ACTION_EXECUTOR_SYSTEM_PROMPT and removed embedded orchestrator routing instructions) in src/agents/prompts.py so agents only declare their responsibilities.
• Added AgentRegistry.all_agents() helper and updated default registry creation in src/agents/agents/base.py to wire plugins and instantiate agents using the new agent classes.

Testing

• No automated tests were executed as part of this change.
• Recommend running the test suite and integration checks (unit tests, linter, and starting the app with create_kernel() configured) before deployment to validate behavioral and safety changes.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Define logger before use in OrchestratorSK

The constructor calls logger.info(...) but this module no longer defines or imports logger, so initializing OrchestratorSK will raise a NameError in any runtime path that instantiates it. This breaks all chat routing on startup; add the missing get_logger import and logger = get_logger(__name__) (or remove the log call) to restore initialization.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Approval filter may never run for execution tools

The filter returns early unless context.function.plugin_name == "execution", but execution plugins are now registered via ChatCompletionAgent(..., plugins=plugins) without an explicit plugin name. In Semantic Kernel, that typically yields a plugin name derived from the class (e.g., ExecutionPlugin), so the check will skip run_readonly_command/run_test_by_id and the new approval gate won’t apply. If the intent is to enforce approvals on execution calls, either register the plugin under the execution name or relax this check to match the actual plugin name.

Useful? React with 👍 / 👎.