microsoft · biswapm · Apr 3, 2026 · Apr 3, 2026 · Apr 9, 2026 · Apr 10, 2026
@@ -112,3 +112,12 @@ publish/
 # OS-specific files
 .DS_Store
 Thumbs.db
+
+# Agent 365 generated config and deployment artifacts
+a365.config.json
+a365.generated.config.json
+app.zip
+app_logs.zip
+app_logs/
+publish/
+manifest/
@@ -1,52 +1,157 @@
-# This is a demo .env file
-# Replace with your actual OpenAI API key
-OPENAI_API_KEY=
-MCP_SERVER_HOST=
-MCP_PLATFORM_ENDPOINT=
+# =============================================================================
+# Agent Framework Agent Sample — Environment Configuration
+# =============================================================================
+# Copy this file to .env and fill in ALL required values before running.
+# Lines starting with # are comments. Never commit .env to source control.
+# =============================================================================
 
-# Authentication Handler Configuration
-# Set to "AGENTIC" for production agentic auth, or leave empty for no auth handler
-AUTH_HANDLER_NAME=
+# -----------------------------------------------------------------------------
+# OPENAI / AZURE OPENAI CONFIGURATION (REQUIRED — choose one)
+# -----------------------------------------------------------------------------
 
-# Logging
-LOG_LEVEL=INFO
+# --- Option A: Standard OpenAI ---
+# Get your API key from https://platform.openai.com/api-keys
+OPENAI_API_KEY=<<YOUR_OPENAI_API_KEY>>
 
-# Observability Configuration
-OBSERVABILITY_SERVICE_NAME=agent-framework-sample
-OBSERVABILITY_SERVICE_NAMESPACE=agent-framework.samples
+# OpenAI model to use (e.g. gpt-4o, gpt-4o-mini)
+OPENAI_MODEL=gpt-4o-mini
+
+# --- Option B: Azure OpenAI (recommended for enterprise) ---
+# Get these from: Azure Portal > Your Azure OpenAI resource > Keys and Endpoint
+AZURE_OPENAI_API_KEY=<<AZURE_OPENAI_API_KEY>>
+AZURE_OPENAI_ENDPOINT=<<AZURE_OPENAI_ENDPOINT_URL>>    # e.g. https://my-resource.openai.azure.com/
+AZURE_OPENAI_DEPLOYMENT=<<DEPLOYMENT_NAME>>             # e.g. gpt-4o or gpt-4o-mini
+AZURE_OPENAI_API_VERSION=2025-01-01-preview
+
+# =============================================================================
+# AGENT IDENTITY (REQUIRED FOR MCP TOOL DISCOVERY)
+# =============================================================================
+
+# Agent Application ID — the GUID of your registered agent in the Microsoft 365 portal.
+# Find this in: Azure Portal > App Registrations > your agent app > Application (client) ID
+AGENTIC_APP_ID=<<YOUR_AGENT_APP_ID_GUID>>
+
+# Agent ID — used for observability tracing and as fallback identifier.
+# Typically the same as AGENTIC_APP_ID, or a human-readable slug like "my-agent-framework-agent"
+AGENT_ID=<<YOUR_AGENT_ID>>
 
-BEARER_TOKEN=
-OPENAI_MODEL=
+# Agent UPN (User Principal Name) — identity of the agent in Microsoft 365
+# e.g. my-agent@contoso.onmicrosoft.com
+AGENTIC_UPN=<<YOUR_AGENT_UPN>>
 
+# Display name of the agent as registered in Microsoft 365
+AGENTIC_NAME=<<YOUR_AGENT_NAME>>
+
+# Object ID (user ID) of the agent service principal in Azure AD
+AGENTIC_USER_ID=<<YOUR_AGENTIC_USER_ID>>
+
+# Tenant ID where the agent is registered
+AGENTIC_TENANT_ID=<<YOUR_TENANT_ID>>
+
+# =============================================================================
+# AUTHENTICATION
+# =============================================================================
+
+# --- Option A: Bearer Token (development / local testing) ---
+# Generate with: a365 develop get-token -o raw
+# This token expires — regenerate when you see 401 / MCP connection errors.
+# When BEARER_TOKEN is set, agentic auth is bypassed.
+BEARER_TOKEN=<<PASTE_DEV_TOKEN_HERE_OR_LEAVE_BLANK>>
+
+# --- Option B: Agentic Authentication (production / Teams deployment) ---
+# Set USE_AGENTIC_AUTH=true and fill in the CONNECTIONS__ block below.
 USE_AGENTIC_AUTH=true
 
-# Agent 365 Agentic Authentication Configuration
-CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=
-CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=
-CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=
-CONNECTIONS__SERVICE_CONNECTION__SETTINGS__SCOPES=
+# Authentication handler:
+#   "AGENTIC" — production (Teams / Azure/GCP/AWS deployment). Enforces agentic auth on message handlers.
+#   ""        — local dev / Agents Playground. Allows anonymous access.
+AUTH_HANDLER_NAME=AGENTIC
+
+# OAuth scope for the initial blueprint token exchange with the Agent 365 platform
+AGENTIC_AUTH_SCOPE=https://api.powerplatform.com/.default
+
+# =============================================================================
+# MCP (MODEL CONTEXT PROTOCOL) — ADVANCED
+# =============================================================================
+
+# Hostname for a locally running custom MCP server (leave blank if not using one)
+MCP_SERVER_HOST=
+
+# =============================================================================
+# AGENT365 SERVICE CONNECTION (Required when USE_AGENTIC_AUTH=true)
+# =============================================================================
+# Where to find them (after running `a365 config init`):
+#   CLIENTID     => a365.generated.config.json → agentBlueprintId
+#   CLIENTSECRET => a365.generated.config.json → agentBlueprintClientSecret
+#   TENANTID     => a365.config.json → tenantId
+#
+# IMPORTANT — Client Secret:
+#   The a365.generated.config.json stores the secret encrypted with Windows DPAPI.
+#   Use `a365 config display -g` to view the decrypted secret, and copy it here.
+#
+# IMPORTANT — Client ID and JWT Audience:
+#   CLIENTID is the blueprint/app-registration ID. Bot Framework tokens are issued
+#   with aud=CLIENTID, so this value is also used for JWT audience validation.
+
+# Azure AD Application (client) ID of your bot/agent app registration
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=<<AZURE_AD_CLIENT_ID>>
+
+# Client secret created in Azure Portal > your app > Certificates & secrets > New client secret
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=<<AZURE_AD_CLIENT_SECRET>>
 
+# Azure AD Tenant (directory) ID where your app is registered
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=<<AZURE_AD_TENANT_ID>>
+
+# OAuth scope(s) for the service connection token.
+# Keep this as the Agent 365 platform scope for the blueprint token exchange.
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__SCOPES=https://api.powerplatform.com/.default
+
+# Agentic user authorization handler — controls how the SDK exchanges tokens for MCP tools.
+# ALT_BLUEPRINT_NAME: name of the connection used as the token exchange blueprint
 AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__TYPE=AgenticUserAuthorization
+AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__ALT_BLUEPRINT_NAME=SERVICE_CONNECTION
+# Scopes requested when calling Graph / MCP APIs on behalf of the user
 AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__SCOPES=https://graph.microsoft.com/.default
 AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__ALTERNATEBLUEPRINTCONNECTIONNAME=https://graph.microsoft.com/.default
 
+# Maps incoming Bot Framework service URLs to a connection name.
+# Use * to match any service URL (recommended for most deployments).
 CONNECTIONSMAP_0_SERVICEURL=*
 CONNECTIONSMAP_0_CONNECTION=SERVICE_CONNECTION
 
-# Optional: Server Configuration
+# =============================================================================
+# SERVER CONFIGURATION
+# =============================================================================
+
+# Port the HTTP server listens on (default: 3978 — must match your bot channel endpoint)
 PORT=3978
 
-# Azure OpenAI Configuration
-AZURE_OPENAI_API_KEY=
-AZURE_OPENAI_ENDPOINT=
-AZURE_OPENAI_DEPLOYMENT=
-AZURE_OPENAI_API_VERSION=
+# Log verbosity: DEBUG | INFO | WARNING | ERROR | CRITICAL
+LOG_LEVEL=INFO
+
+# =============================================================================
+# OBSERVABILITY (Agent 365 Telemetry)
+# =============================================================================
+
+# Logical service name shown in traces / dashboards
+OBSERVABILITY_SERVICE_NAME=agent-framework-sample
+
+# Namespace grouping for this sample in telemetry backends
+OBSERVABILITY_SERVICE_NAMESPACE=agent-framework.samples
 
-# Required for observability SDK
+# Master switch — enable OpenTelemetry tracing for this agent
 ENABLE_OBSERVABILITY=true
+
+# Set to "true" to ship traces to the Agent 365 cloud observability backend.
+# Requires a valid token and is intended for production / staging deployments.
 ENABLE_A365_OBSERVABILITY_EXPORTER=false
+
+# Python environment label — influences routing and cluster selection in Agent 365
+# Options: development | production
 PYTHON_ENVIRONMENT=development
 
-# Enable otel logs on AgentFramework SDK. Required for auto instrumentation
+# Enable OpenTelemetry logs on the Agent Framework SDK (required for auto-instrumentation)
 ENABLE_OTEL=true
+
+# Set to "true" to include request/response payloads in traces (CAUTION: may log PII)
 ENABLE_SENSITIVE_DATA=true
@@ -1,11 +1,21 @@
 {
   "mcpServers": [
+    {
+
+      "mcpServerName": "mcp_CalendarTools",
+      "mcpServerUniqueName": "mcp_CalendarTools",
+      "url": "https://test.agent365.svc.cloud.dev.microsoft/agents/servers/mcp_CalendarTools",
+      "scope": "Tools.ListInvoke.All",
+      "audience": "19ec8e8a-5f2f-4e00-9f66-d3e5b4c3e201",
+      "publisher": "Microsoft"
+    },
     {
       "mcpServerName": "mcp_MailTools",
       "mcpServerUniqueName": "mcp_MailTools",
-      "url": "https://agent365.svc.cloud.microsoft/agents/servers/mcp_MailTools",
-      "scope": "McpServers.Mail.All",
-      "audience": "ea9ffc3e-8a23-4a7d-836d-234d7c7565c1"
+      "url": "https://test.agent365.svc.cloud.dev.microsoft/agents/servers/mcp_MailTools",
+      "scope": "Tools.ListInvoke.All",
+      "audience": "24b71c94-d291-44af-ac1e-a396e6837fd3",
+      "publisher": "Microsoft"
     }
   ]
 }
@@ -67,6 +67,9 @@ dev-dependencies = [
     "mypy>=1.0.0",
 ]
 
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+
 [build-system]
 requires = ["hatchling"]
 build-backend = "hatchling.build"