Skip to content

Automated sync from private repo (2026-06-17)#778

Merged
foundry-samples-repo-sync[bot] merged 7 commits into
mainfrom
sync/private-to-public-20260617-063122
Jun 17, 2026
Merged

Automated sync from private repo (2026-06-17)#778
foundry-samples-repo-sync[bot] merged 7 commits into
mainfrom
sync/private-to-public-20260617-063122

Conversation

@foundry-samples-repo-sync

Copy link
Copy Markdown
Contributor

Automated sync from private repo.

Synced commits: 7
Authors: Ankit Singhal,Linda Li Meera Kurup,Mohit Pavan Kumar Gadamsetty Rayan Khoury,Shruti Iyer zyying

Validation gate: mode=none; tracked=47; blocked=46.

Rollback point: da95de54094879157e487cadf20bed78c4f055f8 — to revert, force-push this SHA to main and clear the sync-marks cache.

Triggered by: workflow_dispatch
Run: https://github.com/microsoft-foundry/foundry-samples-pr/actions/runs/27670344822

mohitpavan and others added 7 commits June 16, 2026 21:40
* Adding csharp sample usingg MAF single session.

* using skills provider.

* some fix.

* Changes for csharp sample regarding comments and loggiing fixes.

* changes.

* fixes for 503's and liveviews.

* making proper prompting.

* revertiing toools.py to check the issues in ci.

* addiing missing uusings.

* Fix C# browser-automation manifest parameters shape for code-deploy init

azd ai agent init --deploy-mode code could not resolve the secret
PLAYWRIGHT_SERVICE_ACCESS_TOKEN parameter because the manifest declared
parameters as a list under parameters.properties. azd's param resolver
expects parameters as a flat map (name -> {secret, description}), as used
by the working python browser-automation sample. Convert to the map form
so the secret binds to the env var and no-prompt init succeeds.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Move C# browser-automation source to sample root for code-deploy

azd ai agent init --deploy-mode code (and the CI matrix's csproj
discovery via 'find -maxdepth 1') expect the .csproj at the sample
root, matching every other csharp/hosted-agents/agent-framework
sample. The browser-automation source was nested under src/, so the
code arm failed with 'could not locate a dotnet project file'.

Move browser-automation.csproj, Program.cs, BrowserSession.cs and
Tools.cs to the sample root; update the csproj prompts/skills Content
includes (../ -> ./), the Dockerfile build COPY (src/ -> .), and README
path references accordingly. Verified 'dotnet build' succeeds and
prompts/ + skills/ land in the publish output.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* temp: enable uv native-tls for browser-automation code-deploy build

TEMP/experimental: testing whether the python code-arm deploy failure
(Foundry managed builder: [CodeError] '--system-certs' command-line flag
| Exit code: 1 | Please review your uv.lock) is a uv TLS trust issue.

uv uses its own bundled webpki roots by default and ignores the build
environment's system/proxy CA; pip-based samples don't hit this. Set
[tool.uv] native-tls = true so the managed builder's uv uses the OS
trust store. native-tls is a fetch option (not a resolution option), so
uv.lock stays consistent. Revert if it doesn't resolve the build.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* restructure the folders to match the structure oof repository.

* changes.

* Fixes.

* merge conflict.

* revbert python changes.

* csharp sample fixes.

* updatiing agent.manifest.yaml

* update.

* retrigger pipeline.

* adding ttest-payload for csharp.

* PR commentts.

* deleting un-0necessary file.

* updating python for non-streaming response.

* Uupdate.

* Some fix.

* adding flag for live-view.

* Updating manifest tto add the env.

* sending heart beat for BYO.

* Some changes.

---------

Co-authored-by: Antriksh Jain <antrikshjain@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Updates to READMEs of all major networking templates (bicep mainly, also some TF)

Updates to READMEs of all major networking templates(bicep mainly, also some TF)

* Automatic fixes

* More managed network updates

more managed network updates

* Automatic fixes

* small updates to cli.md file

* Add CLI version to update to

* Update 18-managed-network and added new connection sample

Update 18-managed-network and added new connection sample

* Remove gpt-5.3-codex from staticModels array

Removed gpt-5.3-codex from the list of static models.

* Fix paths for architecture diagram and post-deploy script

Updated the path for the architecture diagram and clarified the location of the post-deploy.sh script in the README.

* Remove output suppression in post-deploy.sh

Removed unnecessary output suppression for outbound PE rule submission.

* Update setup-jumpbox-access.sh

---------

Co-authored-by: foundry-samples automation <foundry-samples@noreply.github.com>
Co-authored-by: Bala P V <33712765+balapv@users.noreply.github.com>
* [fix] optimization agents responses sample

* fix more

---------

Co-authored-by: zyysurely <yingyingzhao@microsoft.com>
* Add byom-cross-region extension under template 16

Adds extensions/byom-cross-region/ as a deployable extension to the
16-private-network-standard-agent-apim-setup template. The extension
provisions a backend Foundry account in a second region behind a private
endpoint, fronts it with the existing APIM gateway (managed-identity auth
to backend), and wires the cross-region connection back to the agent
project.

Includes:
- main.bicep / azuredeploy.json (compiled) / main.bicepparam
- 6 modules: backend-ai-account, backend-private-endpoint,
  vnet-with-backend-subnet, apim-service, apim-inference-api,
  apim-backend-role-assignment
- README.md with full architecture diagram
- samples/parameters-cross-region.json
- metadata.json

Subscription-policy guardrails applied:
- defaultOutboundAccess: false on apim-outbound and backend-pe subnets
- disableLocalAuth: true on backend AI account (Entra-only via APIM)

Also corrects a stale template reference in
01-connections/apim/samples/parameters-managed-identity-static-models.json.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Refresh CODEOWNERS review requirements

* Retrigger checks after CODEOWNERS update

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Brandon Miller <brandom@microsoft.com>
- Set disableLocalAuth=true in templates 16, 17, 18, and 19 AI account modules.\n- Add privatelink.azurecr.io defaults to 16/17/19 parameter files so default ACR paths are fully configured.

Co-authored-by: Shruti Iyer <you@example.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ate (18) (#548)

* Add AMPLS for Application Insights telemetry in template 18

Add Azure Monitor Private Link Scope (AMPLS) to enable hosted agents
to export traces and telemetry to Application Insights via private
network when using AllowOnlyApprovedOutbound isolation mode.

Changes:
- New module: azure-monitor-private-link.bicep
  - Creates Log Analytics Workspace and Application Insights
  - Creates AMPLS with scoped resources
  - Creates private DNS zones (monitor, oms, ods, agentsvc)
  - Creates private endpoint with DNS zone group
- Updated managed-network.bicep: Added AMPLS outbound PE rule
- Updated main.bicep: Integrated AMPLS module
- Updated README.md: Documented AMPLS resources and DNS zones

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Automatic fixes

* Link Application Insights to Foundry project via connection

Add ApplicationInsights connection to the project so the hosted agent
knows where to send telemetry. Without this connection, the AMPLS
networking is in place but the project has no reference to App Insights.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Automatic fixes

* Update Deploy to Azure button to point to PR branch

The deploy button now points to the anksing/add-ampls-to-template-18 branch
on microsoft-foundry/foundry-samples-pr so users can test the AMPLS changes
before they are merged to main.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix App Insights connection schema for Foundry project

- Change category from 'ApplicationInsights' to 'AppInsights'
- Change authType from 'AAD' to 'ApiKey'
- Set target to resource ID instead of connection string
- Add credentials with connection string key
- Add appInsightsResourceId output from AMPLS module
- Pass appInsightsResourceId to project module

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Automatic fixes

* Add AMPLS to Terraform template 18 for App Insights telemetry

Mirrors the Bicep AMPLS changes:
- Add monitor.tf with Log Analytics, App Insights, AMPLS, DNS zones, PE
- Add AMPLS managed network outbound rule
- Add App Insights connection to Foundry project
- Add AMPLS to outbound rules wait dependency

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Revert Deploy to Azure button to point to main branch

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: foundry-samples automation <foundry-samples@noreply.github.com>
@foundry-samples-repo-sync foundry-samples-repo-sync Bot merged commit 5ec7504 into main Jun 17, 2026
7 checks passed
@foundry-samples-repo-sync foundry-samples-repo-sync Bot deleted the sync/private-to-public-20260617-063122 branch June 17, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants