Conversation
added 2 commits
April 3, 2026 19:08
…ll Python samples
- Update list_tool_servers() calls to pass authorization_context instead of auth_token
- Extract V2 MCPServerConfig fields (audience, scope, publisher, headers) from SDK configs
- Implement per-server header merging {**base_headers, **server_headers} in claude, crewai, google-adk
- Update all ToolingManifest.json with V2 server catalog (mcp_Admin365_GraphTools, mcp_OneDriveRemoteServer, mcp_SharePointRemoteServer, mcp_TeamsServerV1)
- Update .env.template files with AGENTIC_APP_ID and other V2-required variables
- Add 59 unit tests across all 5 Python samples (pytest with SDK mocking)
- Add a365 artifact patterns to .gitignore
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. Scanned FilesNone |
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
added 4 commits
April 9, 2026 21:20
Resolved conflicts by taking the branch's V2-aware versions: - ToolingManifest.json (agent-framework, google-adk, openai): kept full 5-server list with V2 entries and publisher field - .env.template (google-adk): kept expanded V2 auth/identity documentation - mcp_tool_registration_service.py (google-adk): kept per-audience V2 token acquisition logic
…into mcp-v1-v2-changes-python
added 6 commits
April 12, 2026 15:51
- Fix CrewAI legacy list_tool_servers() to pass authorization, auth_handler_name, and turn_context to the SDK so V2 per-audience tokens are acquired correctly - Document BEARER_TOKEN_MCP_<SERVER> dev env vars in all five .env.template files (openai, agent-framework, claude, crewai, google-adk) for V2 blueprint local testing
- Add _check_jwt_expiry to agent-framework, openai, claude, crewai samples with warning + token discard when BEARER_TOKEN or per-server tokens expire - Use generic BEARER_TOKEN_ prefix filter (not BEARER_TOKEN_MCP_ only) so non-MCP-prefixed server names are supported in all 5 samples - Switch ENVIRONMENT -> PYTHON_ENVIRONMENT in openai and claude samples - Default USE_AGENTIC_AUTH=false and AUTH_HANDLER_NAME= (empty) in all .env.template files for local-dev-first consistency with google-adk - Update ToolingManifest.json to V2 format (Tools.ListInvoke.All + per-server audience GUIDs) in agent-framework, claude, crewai, openai
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates Python sample agents to align with MCP v2 configuration and authentication patterns, including per-server token support and refreshed manifests/templates.
Changes:
- Added JWT expiry checks + per-server bearer token awareness to avoid confusing 401s and stale-token hangs.
- Updated MCP server manifests to v2 fields (scope/audience/publisher) and expanded
.env.templateguidance. - Updated Google ADK/CrewAI/Claude/Agent Framework integrations for v2 server discovery (ToolOptions, per-audience headers) and environment variable conventions.
Reviewed changes
Copilot reviewed 22 out of 23 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| python/openai/sample-agent/agent.py | Adds JWT expiry validation and switches env var to PYTHON_ENVIRONMENT for dev-mode fallback logic. |
| python/openai/sample-agent/ToolingManifest.json | Updates sample MCP servers to v2 scope/audience/publisher and adds CalendarTools. |
| python/openai/sample-agent/.env.template | Major rewrite to document required env vars and v2 token patterns. |
| python/google-adk/sample-agent/pyproject.toml | Adds Google ADK tooling extensions dependency for Agent 365 tooling. |
| python/google-adk/sample-agent/mcp_tool_registration_service.py | Uses ToolOptions + per-audience headers, adds logging and timeouts. |
| python/google-adk/sample-agent/main.py | Forces UTF-8 output on Windows; switches prod detection to PYTHON_ENVIRONMENT. |
| python/google-adk/sample-agent/agent.py | Updates run_debug call signature; adds JWT expiry checks + per-server token warnings. |
| python/google-adk/sample-agent/ToolingManifest.json | Updates sample MCP servers to v2 scope/audience/publisher and adds CalendarTools. |
| python/google-adk/sample-agent/.env.template | Expands env template and documents v2 per-server bearer tokens + identity settings. |
| python/crewai/sample_agent/mcp_tool_registration_service.py | Adds ToolOptions/per-audience headers support and JWT expiry checks. |
| python/crewai/sample_agent/agent.py | Changes default USE_AGENTIC_AUTH to false. |
| python/crewai/sample_agent/ToolingManifest.json | Removes older servers and updates remaining servers to v2 fields. |
| python/crewai/sample_agent/.env.template | Reworks template for identity/auth/v2 per-server tokens and clarifies required values. |
| python/claude/sample-agent/pyproject.toml | Adds pytest asyncio configuration defaults. |
| python/claude/sample-agent/mcp_tool_registration_service.py | Adds ToolOptions/per-audience headers support and switches to PYTHON_ENVIRONMENT. |
| python/claude/sample-agent/agent.py | Changes default USE_AGENTIC_AUTH to false. |
| python/claude/sample-agent/ToolingManifest.json | Removes older servers and updates remaining servers to v2 fields. |
| python/claude/sample-agent/.env.template | Reworks template for identity/auth/v2 per-server token guidance and connection settings. |
| python/agent-framework/sample-agent/pyproject.toml | Adds pytest testpaths configuration. |
| python/agent-framework/sample-agent/agent.py | Adds JWT expiry checks and per-server token warnings when configuring MCP servers. |
| python/agent-framework/sample-agent/ToolingManifest.json | Updates sample MCP servers to v2 scope/audience/publisher and adds CalendarTools. |
| python/agent-framework/sample-agent/.env.template | Major rewrite to document required env vars and v2 per-server token patterns. |
| .gitignore | Ignores Agent 365 generated config + deployment artifacts. |
Comment on lines
+11
to
+13
| sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding="utf-8", errors="replace") | ||
| sys.stderr = io.TextIOWrapper(sys.stderr.buffer, encoding="utf-8", errors="replace") | ||
|
|
There was a problem hiding this comment.
sys.stdout / sys.stderr are not guaranteed to have a .buffer attribute (e.g., when stdout is already wrapped, redirected, or replaced by a StringIO in some hosting/test environments). This will raise AttributeError at import time. Consider guarding with hasattr(sys.stdout, "buffer") / hasattr(sys.stderr, "buffer"), or using sys.stdout.reconfigure(...) when available, falling back only if the buffer exists.
Suggested change
| sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding="utf-8", errors="replace") | |
| sys.stderr = io.TextIOWrapper(sys.stderr.buffer, encoding="utf-8", errors="replace") | |
| if hasattr(sys.stdout, "reconfigure"): | |
| sys.stdout.reconfigure(encoding="utf-8", errors="replace") | |
| elif hasattr(sys.stdout, "buffer"): | |
| sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding="utf-8", errors="replace") | |
| if hasattr(sys.stderr, "reconfigure"): | |
| sys.stderr.reconfigure(encoding="utf-8", errors="replace") | |
| elif hasattr(sys.stderr, "buffer"): | |
| sys.stderr = io.TextIOWrapper(sys.stderr.buffer, encoding="utf-8", errors="replace") |
Comment on lines
+64
to
65
| # Acquire auth token if not provided | ||
| if not auth_token: |
There was a problem hiding this comment.
This exchanges a token even when auth_handler_name is empty (dev/Playground mode). That contradicts the later comment indicating the SDK will attach dev tokens from env vars in this mode, and it can also fail/hang if the auth stack expects a non-empty handler name. A safer approach is: only call exchange_token(...) when auth_handler_name is truthy; otherwise skip acquiring auth_token here and let the SDK’s dev-token path populate server_config.headers.
Suggested change
| # Acquire auth token if not provided | |
| if not auth_token: | |
| # Acquire auth token if not provided and an auth handler is configured. | |
| # In dev/Playground mode (empty auth_handler_name), skip token exchange here | |
| # and let the SDK attach dev tokens from environment variables. | |
| if not auth_token and auth_handler_name: |
| This is only allowed in Development environment AND when SKIP_TOOLING_ON_ERRORS is explicitly set to "true". | ||
| """ | ||
| environment = os.getenv("ENVIRONMENT", os.getenv("ASPNETCORE_ENVIRONMENT", "Production")) | ||
| environment = os.getenv("PYTHON_ENVIRONMENT", os.getenv("ASPNETCORE_ENVIRONMENT", "Production")) |
There was a problem hiding this comment.
This is a breaking behavior change for anyone already using ENVIRONMENT to control dev-mode behavior (the previous code checked ENVIRONMENT first). If backwards compatibility is desired for existing sample users, consider falling back through both names (e.g., PYTHON_ENVIRONMENT, then ENVIRONMENT, then ASPNETCORE_ENVIRONMENT) so older setups keep working.
Suggested change
| environment = os.getenv("PYTHON_ENVIRONMENT", os.getenv("ASPNETCORE_ENVIRONMENT", "Production")) | |
| environment = ( | |
| os.getenv("PYTHON_ENVIRONMENT") | |
| or os.getenv("ENVIRONMENT") | |
| or os.getenv("ASPNETCORE_ENVIRONMENT") | |
| or "Production" | |
| ) |
| # Scopes requested when calling Graph / MCP APIs on behalf of the user | ||
| AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__SCOPES=https://graph.microsoft.com/.default | ||
|
|
||
| AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__ALTERNATEBLUEPRINTCONNECTIONNAME=https://graph.microsoft.com/.default |
There was a problem hiding this comment.
ALTERNATEBLUEPRINTCONNECTIONNAME reads like it expects a connection name (e.g., SERVICE_CONNECTION), but the template sets it to a scope URL. This will likely misconfigure agentic/OBO token exchange at runtime. Recommend updating the template to use the intended connection name value and keeping scopes only in the ...__SCOPES variables. (This same pattern appears in other updated .env.template files too—worth fixing consistently.)
Suggested change
| AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__ALTERNATEBLUEPRINTCONNECTIONNAME=https://graph.microsoft.com/.default | |
| AGENTAPPLICATION__USERAUTHORIZATION__HANDLERS__AGENTIC__SETTINGS__ALTERNATEBLUEPRINTCONNECTIONNAME=SERVICE_CONNECTION |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.