v0.8.12

A new 08-agents lab: the 08-10 Copilot SDK container rehosted on the shared 1:N multi account, taking its inference from the APIM core gateway.

Added

• 08-agents/08-10b-hosted-copilot-sdk-agent-multi - self-contained "B" variant of 08-10 that rehosts the GitHub Copilot SDK container on the existing shared aif-spoke-multi (1:N) account, with inference from the APIM core gateway instead of a local model deployment. Ships its own src/ and data/ (no dependency on 08-10). The 08-10b-01 notebook mints a dedicated foundry-gateway-copilot-sdk APIM subscription, deploys a gpt-5-mini reasoning model on the gateway backend, deploys the project + ACR Bicep, enables the capability host, builds the agent image, registers + role-grants the hosted agent in APIM-direct mode, then runs the smoke tests and the M365 analytics demo.
• APIM-direct, not a Foundry connection - the container points straight at the gateway (base_url = <apim>/openai, the subscription key in the api-key header, bare reasoning model gpt-5-mini), bypassing the Foundry project connection. Foundry's connection model-gateway is supported only for prompt agents, so a hosted agent's Responses call through a connection/deployment model string fails with DeploymentNotFound. A reasoning model is required because the Copilot CLI's Responses protocol carries encrypted reasoning content that gpt-4.1-mini rejects. No connection and no local model deployment, so the rg-foundry-multi deny-model-deployments policy holds; agent RBAC is AcrPull + Foundry User only. Tradeoff: the gateway key lives in the container env var (Key Vault or managed-identity-to-APIM noted as hardening).
• Notebook-output scrubbing tooling - scripts/scrub_notebooks.py plus a .githooks/pre-commit hook that redacts Azure secrets and identifiers from committed notebook outputs per the CONTRIBUTING.md policy (keeps the canonical demo suffix and resource names, maps subscription/tenant/principal UUIDs to the all-zeros placeholder, redacts keys, UPNs, and session ids). Enable with git config core.hooksPath .githooks.

Changed

• README 08-agents sub-lab table: added a row for 08-10b.

v0.8.11

Two new 08-agents labs: invoking a Foundry agent over raw REST, and deploying a GitHub Copilot SDK agent as a Foundry hosted agent.

Added

• 08-agents/08-09-invoke-agent-via-rest - three notebooks that invoke a Foundry agent over raw REST (the responses API) instead of the SDK: 08-09-01-rest-single-shot, 08-09-02-rest-multi-turn, 08-09-03-rest-streaming, plus an 08-09-00 overview. Closes the gap where the repo only demonstrated agent consumption through the SDK.
• 08-agents/08-10-hosted-copilot-sdk-agent - deploys a GitHub Copilot SDK agent (CopilotClient + the azure-ai-agentserver-invocations protocol) as a Microsoft Foundry hosted agent. The 08-10-01 notebook walks Bicep (az deployment sub create), az acr build, and AIProjectClient.agents.create_version, with a two-pass register and bootstrap-version delete, runtime role grants on the per-agent managed identity, a smoke test, and an M365 license-analytics demo.
• BYOK Foundry model path - the Copilot SDK routes inference to a Foundry-deployed gpt-5.4-mini over the project endpoint (<project>/openai/v1/, audience ai.azure.com) via Managed Identity, with a GITHUB_TOKEN Copilot-model fallback.
• Analytics demo with rendered tables and a downloadable chart - markdown tables render inline (new render=True mode on invoke()), and the agent generates a cost-by-department chart (matplotlib, pip-installed into its own session shell, with a dependency-free SVG fallback) which the notebook pulls back via a new download_session_file() helper.
• Docs - 08-10-00 covers the two-layer agentic loop, the BYOK wiring, and the agent permission model (PermissionHandler.approve_all as the yolo-equivalent, a four-layer "what the agent is allowed to do" table, and tool-call observability). OpenTelemetry tracing maps Copilot SessionEvents to GenAI-semantic-convention spans surfaced in the Foundry portal.

Changed

• pyproject.toml: bumped azure-ai-projects from >=2.0.0b1 to >=2.1.0 (required for the hosted-agent agents.create_version API).

Removed

• pyproject.toml: dropped the unused azure-ai-inference>=1.0.0 from the finetune group (zero usages; its floor conflicted with agent-framework-azure-ai's <1.0.0b10 pin and blocked uv lock).
• Removed an accidentally-committed upstream .git directory and azd scaffolding from the old 08-agents/08-09 path.

Full Changelog: v0.8.10...v0.8.11

v0.8.10

End-to-end fixes for the section 15 fine-tuning pipeline. The pipeline failed at multiple points; this release fixes them in sequence so the notebooks run from a fresh clone.

Fixed

• `15-fine-tune/15-01-data-preparation.ipynb` failed at cell 3 with `ModuleNotFoundError: No module named 'torch'`. Two underlying issues: (1) `torch`, `transformers`, `peft`, `matplotlib`, `azure-storage-blob`, and `azure-ai-inference` were never declared in `pyproject.toml`, and (2) cell 2's inline `%pip install` silently failed in the uv-managed `.venv` (which doesn't ship `pip`, so `%pip` prints `No module named pip`). Same import-failure pattern would have hit `15-04-local-inference.ipynb`, which depends on torch/transformers/peft but had no install cell at all.
• `15-fine-tune/15-01-data-preparation.ipynb` cell 8 then failed with `OpenAIError: Missing credentials` because `FINETUNE_GATEWAY_KEY` was missing from `.env`. The Bicep at `15-fine-tune/main.bicep` does not create a dedicated `foundry-gateway-finetune` APIM subscription (unlike 10-01 / 11-01 which provision their own), so this env var was never going to be set. The teacher-model call only needs any valid APIM key, so the cell now reuses `ALPHA_GATEWAY_KEY` (already in `.env` from the project-spoke deployment). This removes a phantom env variable and one redundant Azure resource.
• `15-fine-tune/15-02-fine-tune.ipynb` ACA job failed with `The specified resource name length is not within the permissible limits`. Container name `"ft"` violated Azure Storage's 3-63 character minimum. The container creation silently failed (because the helper used `check=False`), then the in-job blob download from `"ft"` errored visibly. Renamed to `"finetune"` in 15-02 / 15-03 / 15-04 cell-3 constants and in `15-fine-tune/main.bicep` (which had the same bug). `azure_infra.py` takes the name as a parameter so no source change there.
• `15-fine-tune/15-03-evaluate.ipynb` raised `NameError: name 'eval_dataset' is not defined` when run in a fresh kernel. It implicitly relied on `eval_dataset` / `reports_data` / `env_id` / `accuracy` being in memory from 15-01 + 15-02. Cell 3 now re-derives all four: `eval_dataset` via `iss_utils.get_evaluation_dataset()`, `reports_data` via NASA fetch (~30s), `env_id` via `az containerapp env show`, and fallback teacher/base accuracies with comments explaining how to override. Also added `import pandas as pd` and `from IPython.display import display` to the imports cell (previously caused `NameError: pd not defined` in the comparison cell) and fixed an outdated `"DeepSeek-V3.2 (Teacher)"` label in the summary table to match the actual teacher (`gpt-4.1-mini`) used throughout the chain.
• `15-fine-tune/15-04-local-inference.ipynb` failed with `ImportError: cannot import name 'LossKwargs' from transformers.utils`. Phi-4-mini's custom remote modeling code (`modeling_phi3.py` from the Hugging Face hub) imports symbols (`LossKwargs`, etc.) that were removed in transformers 5.x. The `[finetune]` dep group's `transformers>=4.40.0` constraint allowed 5.x to be pulled in. Tightened to `>=4.46.0,<5.0.0` with a comment explaining the upper bound; matches the `transformers==4.53.3` pin the ACA fine-tune job uses inline.
• `15-fine-tune/15-04-local-inference.ipynb` `generate()` emitted a "The attention mask is not set and cannot be inferred" warning because `apply_chat_template` returned just the input_ids tensor and Phi-4-mini has `pad_token == eos_token`. Reworked to use `apply_chat_template(..., return_dict=True)` and pass `**inputs` to `generate()` so both `input_ids` and `attention_mask` are present.

Added

• New `[dependency-groups] finetune` entry in `pyproject.toml` declaring the heavy ML dependencies needed for section 15. Users run `uv sync --group finetune` once before opening section 15. Base install stays lean for everyone else (~3 GB saved when section 15 isn't needed). Matches the pattern used for `azure-ai-evaluation[redteam]` in section 14.
• Committed `15-fine-tune/data/train.jsonl` (100-example synthetic+real distillation training set generated against the gpt-4.1-mini teacher). Useful as a fixed artifact so 15-02 can be re-run without regenerating the data (saves ~200 teacher calls), and readers can inspect what the LoRA trains on.
• New entries in `.gitignore` for section 15 artifacts that should not be committed by accident: `15-fine-tune/data/`, `15-fine-tune/models/` (~350MB of LoRA adapter weights), `15-fine-tune/eval_job.json`, and `15-fine-tune/job.json` (contain real subscription IDs when written by local runs).

Changed

• Cell 2 of `15-01-data-preparation.ipynb` converted from a broken `%pip install` code cell to a markdown cell that points readers at the `uv sync --group finetune` command and explains why `%pip` doesn't work in this venv.
• Updated `15-00-fine-tune.md` prerequisites to specify `uv sync --group finetune` and reference `ALPHA_GATEWAY_KEY` (no separate `FINETUNE_GATEWAY_KEY`).
• Reduced default `TARGET_TOTAL` in `15-01` from 500 to 100 (demo-sized, ~200 teacher calls), with a rationale block above the constant and an expanded markdown header pointing readers at the literature's 500-2000 sweet spot for narrow classification distillation.

v0.8.9

Bundles three concerns: guardrails Responses API workaround, section 14 intro page + scan artifacts, and accumulated cleanup.

Added

• New 14-00-red-teaming.md section overview: introduces the AI Red Teaming Agent (PyRIT), the region constraint, the two notebooks, the callback/APIM architecture, and links to the official Microsoft docs + PyRIT GitHub. Brings section 14 in line with every other section's `NN-00-*` intro page.
• Committed PyRIT scan output artifacts (`14-red-teaming/redteam_basic_output/` and `14-red-teaming/redteam_advanced_output/{strategies,multilang,custom}/`) so readers can see what the scans produce without running them. ~110KB total, no tenant identifiers.
• Added `14-red-teaming/custom_attack_prompts.json` as the source-of-truth seed file for the custom-objectives scan.
• Re-added the `[redteam]` extra to `azure-ai-evaluation` in `pyproject.toml` (pulls in PyRIT for section 14).

Fixed

• `13-guardrails/13-02-create-bank-agent.ipynb` (and the demo runner in `13-03`) returned `InternalServerError: 500` on every Responses API call. Root cause empirically isolated: when ANY `customBlocklists` entry is attached to the RAI policy (Prompt-side, Completion-side, or both), the Responses API runtime returns 500 on happy-path content while still correctly returning 400 `content_filter` on blocked content. Same policy works fine through Chat Completions. This is the service-side analogue of the Java SDK array-shape issue #49196.
• Fix applied in `13-01-configure-bank-guardrails.ipynb`: `customBlocklists` is now an empty list. The `bank-demo-blocklist` resource is still created (so it shows in the portal and can be re-attached with two lines once the service bug is fixed), but the attachment to the policy is removed. Standard content filters and Prompt Shields (Jailbreak / Indirect Attack / Protected Material) still work via the Responses API path used by all the other agent notebooks in this repo.
• Scrubbed absolute local paths (`/home/jp/...`) from cached outputs and stack traces in `14-01-red-team-basics.ipynb` (6 occurrences) and `14-02-red-team-advanced.ipynb` (80 occurrences), replaced with `` and `` placeholders per the notebook-output hygiene policy in `CONTRIBUTING.md`.

Changed

• Renamed PyRIT `scan_name` arguments from the legacy `Lab16-` form to descriptive `redteam-` names (escaped the 0.8.0 "Lab N" cleanup): `Lab16-Basic` → `redteam-basic` in `14-01-red-team-basics.ipynb`; `Lab16-Advanced/MultiLang/Custom` → `redteam-advanced/multilang/custom` in `14-02-red-team-advanced.ipynb`. Updated in source cells and in cached outputs / committed scan JSON.
• Refreshed cached outputs in `13-02-create-bank-agent.ipynb` and `13-03-demo-guardrails.ipynb` from runs against the now-fixed `customBlocklists`-empty policy.
• Updated 13-00, 13-01, and 13-03 with the Known limitation note about the blocklist service bug. Added an "Important context" paragraph noting the blocklist mechanism itself has been verified end-to-end here previously: the cached outputs of 13-03 (captured when `customBlocklists` was attached) show all 5 PII inputs and all 5 codename/competitor prompts blocking correctly. So when Microsoft fixes the service bug, no further demo verification is required.

Note

This release bundles the changes that would have been tagged as v0.8.8 (the standalone Responses API blocklist workaround) and v0.8.9 (section 14 intro + artifacts + cleanup). PR #16 contained both rounds; this single tag reflects what landed on `main`.

v0.8.7

Fixed

• `13-guardrails/13-00-guardrails.md` portal-fallback section referenced a hard-coded resource name `aif-core-6fe574`. Users following the doc against their own deployment will have a different suffix. Replaced with `aif-core-{suffix}` to match the placeholder convention used everywhere else in prose.

Changed

• Normalised a stale older deployment suffix `6fe574` to the current canonical demonstration suffix `c2676f` across cached notebook outputs in `09-content-understanding-integration/09-01-deploy-setup.ipynb` (11 occurrences), `09-content-understanding-integration/09-02-cu-analyze.ipynb` (2), and `10-foundry-iq/10-03-knowledge-base-setup.ipynb` (2). The two suffixes co-existed in different files because the cached outputs were captured from two different deployment generations; readers now see a single consistent suffix.

v0.8.6

Tenant-identifier scrub of cached notebook outputs across sections 08 and 12, plus refreshed cached outputs for the deep-research notebooks.

Changed

• Scrubbed nine tenant-specific UUIDs from cached notebook outputs to the conventional `00000000-0000-0000-0000-000000000000` placeholder. Per the notebook-output hygiene policy in `CONTRIBUTING.md`: deterministic resource-name suffixes (`c2676f`, `n5d3ja`) are kept; subscription IDs, Entra principal IDs, project managed-identity principals, eval-run IDs, and ACR build volume IDs are scrubbed.
  • `08-agents/08-03-hosted-agents/08-03-01-deploy-hosted-agent.ipynb` - Entra principal ID + ACR build volume ID
  • `08-agents/08-05-contoso-pmo-mcp/08-05-01-contoso-pmo-agent-setup.ipynb` - project MI principal
  • `08-agents/08-05b-contoso-private-banking-mcp/08-05b-01-private-banking-agent-setup.ipynb` - project MI principal
  • `08-agents/08-06-agent-offline-evaluation/08-06-05-results-and-portal.ipynb` - two eval-run IDs in portal URLs
  • `08-agents/08-07-agent-live-observability/08-07-01-deploy-observability-infra.ipynb` - Entra principal ID
  • `12-foundry-iq-deep-research/12-01-deploy-o3-backend.ipynb` - subscription ID + Entra principal ID
• Refreshed cached outputs in `12-foundry-iq-deep-research/12-01-deploy-o3-backend.ipynb` and `12-foundry-iq-deep-research/12-02-deep-research-loop.ipynb` from a successful end-to-end run after the v0.8.4 / v0.8.5 fixes landed.

Kept (false positive flagged for completeness)

• `08-agents/08-03-hosted-agents/08-03-01-deploy-hosted-agent.ipynb` references `53ca6127-db72-4b80-b1b0-d745d6d5456d` as `FOUNDRY_USER_ROLE_ID`. This is the public Azure built-in role-definition ID for "Foundry User", identical across all Azure tenants - not personal data.

v0.8.5

Fixed

• Raised the `o3-deep-research` model deployment capacity from 10 (10K TPM) to 200 (200K TPM) in both `05-foundry-project-pattern-setup/05-02-deploy-foundry-core-gateway/main.bicep` and `12-foundry-iq-deep-research/main.bicep`. The original 10K cap throttled multi-step deep-research runs with 429 errors before completion. 200K stays well under the Norway East `o3-DeepResearch` subscription quota (3000). Existing live deployments must be updated separately (`az cognitiveservices account deployment update --sku-capacity 200`) or via a fresh Bicep apply.

Shipped together with v0.8.4 (same merge commit). Both tags point at the same code; separate releases reflect the two distinct fixes.

v0.8.4

Fixed

• `12-foundry-iq-deep-research/12-01-deploy-o3-backend.ipynb` failed on Step 5 with `'subscription' is misspelled or not recognized` because it used `az apim subscription list-secrets`, which requires the `apim` Azure CLI extension. Same issue affected Step 3's `az apim backend show`. Both calls rewritten to use `az rest` against the ARM management endpoint, matching the pattern already used by `10-01-deploy-search-and-project.ipynb` and `11-01-deploy-setup.ipynb`. Step 2 now also resolves `SUB_ID` and an `APIM_BASE_URI` helper used by Steps 3 and 5. No new dependencies; works with the base Azure CLI.

Shipped together with v0.8.5 (same merge commit). Both tags point at the same code; separate releases reflect the two distinct fixes.

v0.8.3

Two leftovers from prior cleanup passes: residual "Lab N" pointers in repo-root files, and a repo-wide em/en dash sweep that had never been done.

Changed

• Removed remaining Lab N cross-references from README.md (line 48 "Lab 05" → "project pattern setup", line 69 "Lab 08 sub-labs" → "Agents sub-labs") and the .github/ISSUE_TEMPLATE/lab_proposal.md example. The Lab column header in the README labs table is kept since it is a concept noun, not a section pointer.
• Replaced every em dash (—) and en dash (–) with a single hyphen across 22 prose files: README.md, CONTRIBUTING.md, SECURITY.md, .github/ templates, 04-01-foundry-enterprise-provisioning.md, and 17 notebooks (markdown cells + cached cell outputs only - code cell sources left untouched to avoid altering string-literal behaviour). 139 character replacements in total. Per CLAUDE.md writing style: single hyphen only.

Skipped (intentional)

• Simulated dataset JSON under assets/contoso-*-dataset/ and 08-agents/08-05*/contoso-*-mcp/data/: dashes there are authentic punctuation in mock meeting notes / research reports and removing them changes the dataset's character.
• CHANGELOG.md: historical release notes preserved as published.

v0.8.2

Repo-wide file-naming sweep: brought six off-convention files into the NN-MM-NN-slug pattern used by sibling sub-folders and updated all inbound cross-references.

Changed

• Renamed five notebooks and one markdown stub:
  • 05-foundry-project-pattern-setup/05-02-deploy-foundry-core-gateway/deploy-foundry-core-gateway.ipynb → 05-02-01-deploy-foundry-core-gateway.ipynb
  • 05-foundry-project-pattern-setup/05-03-deploy-foundry-project-spoke/deploy-foundry-project-spoke.ipynb → 05-03-01-deploy-foundry-project-spoke.ipynb
  • 05-foundry-project-pattern-setup/05-04-deploy-foundry-multi-project/deploy-foundry-multi-project.ipynb → 05-04-01-deploy-foundry-multi-project.ipynb
  • 08-agents/08-03-hosted-agents/deploy-hosted-agent.ipynb → 08-03-01-deploy-hosted-agent.ipynb
  • 08-agents/08-04-agent-memory/deploy.ipynb → 08-04-01-deploy-agent-memory.ipynb
  • 08-agents/08-05-contoso-pmo-mcp/mcp-authentication-methods.md → 08-05-04-mcp-authentication-methods.md
• Updated all inbound cross-references: 04-00-control-plane.md (2 links), 05-00-project-setup.md (3 links), 05-01-architecture.md (1 link), 08-03-00-hosted-agents.md (2 links), 13-01-configure-bank-guardrails.ipynb (2 links), 11-01-deploy-setup.ipynb (1 prose mention), and 10-01-deploy-search-and-project.ipynb (1 prose mention).