Skip to content

Add Mastering Toolboxes in Microsoft Foundry recipe#52

Open
lindazqli wants to merge 21 commits into
mainfrom
recipe/mastering-foundry-toolbox
Open

Add Mastering Toolboxes in Microsoft Foundry recipe#52
lindazqli wants to merge 21 commits into
mainfrom
recipe/mastering-foundry-toolbox

Conversation

@lindazqli

Copy link
Copy Markdown
Contributor

Mastering Toolboxes in Microsoft Foundry

Adds a new end-to-end recipe notebook modeled on the existing Foundry IQ recipe.

What it covers

  • Building a toolbox and the rule that only one unnamed tool is allowed per toolbox
  • Every tool type with detailed what it is / how it works / supported parameters: Web Search, Code Interpreter (Files API upload + generated-file download), File Search (vector stores), MCP, Azure AI Search, OpenAPI, A2A, Work IQ, Fabric IQ, Browser Automation, Skills
  • Identity & auth: agent must first be authorized to the toolbox (Foundry user role), then per-tool auth (key / project managed identity / OAuth2 / user Entra token / agentic identity); token passthrough for OAuth2 and Foundry managed identity passthrough
  • Tool Search, toolbox versioning, governance policies
  • Consuming a toolbox from Agent Framework, LangGraph, and the Copilot SDK

Notes

  • Grounded against the installed azure-ai-projects 2.2.0 SDK and verified Microsoft Learn docs
  • Adds registry entry, author entry, and required dependencies

End-to-end notebook covering every Foundry tool type, identity/auth,
Tool Search, versioning, governance, and consuming a toolbox from
Agent Framework, LangGraph, and the Copilot SDK.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lindazqli lindazqli requested review from a team and nicholasdbrady as code owners June 16, 2026 19:53
@github-actions

Copy link
Copy Markdown
Contributor

🔍 Preview

A live preview of this PR is available at:
https://microsoft-foundry.github.io/forgebook/preview/pr-52/

lindazqli and others added 20 commits July 3, 2026 15:01
- Rewrite intro thesis to lead with the problem/pattern, not a product definition
- Replace 8-item feature list with 4 action-verb learning objectives; map them in the conclusion
- Reframe as a reference walkthrough with an explicit runnable core spine; tag catalog/reference sections
- Add a Failure modes section (symptom / cause / fix)
- Bump azure-ai-projects floor to >=2.2.0 (preview tool classes require it)

Executed cell outputs still need to be captured against a live Foundry project.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
SDK 2.3.0 relocates project.beta.toolboxes to project.toolboxes and switches
create_version to require the *ToolboxTool classes (Tool -> ToolboxTool),
renaming ToolboxSearchPreviewTool. The notebook is written for the 2.2.0 API,
so cap the floor-only range in requirements.txt and the inline %pip install.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2.3.0 relocates the operation group from project.beta.toolboxes to
project.toolboxes and switches create_version from the agent Tool classes to
the dedicated *ToolboxTool family. Swap every tool class (WebSearchTool ->
WebSearchToolboxTool, MCPTool -> MCPToolboxTool, ToolboxSearchPreviewTool ->
ToolboxSearchPreviewToolboxTool, etc.), update the operation path, and pin
requirements + inline %pip to >=2.3.0,<2.4.0. Helper types, field names,
wire shapes, and api-version=v1 are unchanged between 2.2.0 and 2.3.0; all 26
imported model symbols verified present and every tool validated to construct
and serialize against 2.3.0.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Executed the full notebook end-to-end against a live Foundry project on
azure-ai-projects 2.3.0 and fixed every issue that surfaced:

- Cell 38: drop invalid *: ToolConfig(pin=False) - the service rejects
  any explicit pin=False (toolbox_search_preview is always pinned). Omit a
  tool to leave it search-gated instead.
- Cell 36 (declarative REST): give every tool a unique
ame - the service
  requires all-but-one tool to carry an identifier (name/server_label).
- Cell 48 (Microsoft Agent Framework): update to MAF 1.10 API
  (ChatAgent->Agent, AzureAIAgentClient->foundry.FoundryChatClient, still
  MCPStreamableHTTPTool). Authenticate the MCP initialize handshake via a
  pre-authenticated http_client (header_provider only injects on tool calls),
  and build FoundryChatClient from project_endpoint+credential (the
  project_client= path is incompatible with the 2.3.0 preview).
- Cell 49 (LangGraph): pass project_endpoint+credential explicitly to
  AzureAIProjectToolbox and AzureAIChatCompletionsModel; add
  langchain-mcp-adapters (cell 2 pip + requirements.txt).

All cells now carry real executed outputs (0 error cells), including live
MAF and LangGraph agent responses over the toolbox MCP endpoint. Cleanup
verified: no toolboxes left behind.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Work IQ runs as the signed-in user (delegated/OBO auth), so its oauth2 connection must be backed by a per-tenant Entra app registration with the WorkIQAgent.Ask delegated permission and admin consent. Replace the generic azd connection snippet with the authoritative step-by-step (app registration, OAuth field values, redirect URI, and the one-time tenant enablement) from the public Microsoft Learn docs, and note the runtime failures (TokenAudience is required for OBO / agent-card 404) that result when the app isn't configured.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Validated the Work IQ guidance against the primary Foundry how-to page. The WorkIQPreviewToolboxTool connects over Agent-to-Agent (A2A), not the 'Work IQ MCP' catalog surface: the connection is authType OAuth2 / category RemoteA2A targeting https://workiq.svc.cloud.microsoft/a2a/. Reframe the section around A2A+OBO (matching the runtime 'agent card 404' error), switch to Settings > Connections > New connection > Work IQ, add single-tenant + 'APIs my organization uses' registration specifics, VNet-not-supported prereq, and the ARM REST alternative. OAuth field table, scopes, redirect URI, and az ad sp create appId all verified verbatim against the docs.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Corrected doc-contradicted service facts across the notebook after
validating every prose claim against Microsoft Learn:

- Connection categories: RemoteTool_Preview does not exist. MCP/Fabric IQ
  use RemoteTool; A2A/Work IQ use RemoteA2A; AI Search uses CognitiveSearch
  (cell 6, plus azd --kind remote-a2a).
- Fabric IQ auth: requires delegated user auth (oauth2 / user-entra-token OBO);
  application-only project-managed-identity is not supported (cells 5, 27).
- Web Search (Bing Custom Search) auth is api-key, not custom-keys (cells 5, 11).
- OpenAPI auth table now includes anonymous (none) (cell 5).
- Browser Automation: powered by Playwright Workspaces (not Azure Playwright
  Testing); connection kind PlaywrightWorkspace, auth api-key (cells 5, 29).
- Skills are behavioral SKILL.md instructions only (no packaged tools); no
  default=True on skills.create - default promotion is a separate step
  (cells 31, 32).
- Unnamed-tool rule is per built-in type, not one per toolbox (cells 8, 36, 55).
- CONSENT_REQUIRED code aligned to documented -32006 (cells 5, 45).
- user-entra-token relabeled 'managed user identity passthrough' (OBO), not
  'Foundry managed identity passthrough' (cells 5, 17).
- ImportError troubleshooting pinned to azure-ai-projects 2.3.0 (cell 55).

SDK-introspection (azure-ai-projects 2.3.0) confirmed base_url, agent_card_path,
MCPToolFilter(read_only), MCPToolRequireApproval, and create_version(metadata=)
are real SDK params, so those claims were kept despite docs omitting them.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Rework the opening architecture section (cell 0 + the Mermaid diagram) to
mirror the canonical model on the Foundry toolbox how-to page:

- Replace the invented 'four pillars' (One endpoint / Identity / Tool Search /
  Governed) with the doc's tool-lifecycle framing: four pillars with Build and
  Consume available today, each described in the doc's own terms (select tools +
  configure auth centrally; connect any agent to one MCP-compatible endpoint).
- Add the doc's managed-resource + versioning promise (reconfigure without code
  changes; promote a version to default and every consumer picks it up).
- Diagram: label the endpoint 'MCP-compatible'; drop the APIM / Azure Policy
  callouts from the governed-by-default node (not part of the toolbox docs) in
  favor of the doc's runtime governance (identity, credential injection, token
  refresh, policy enforcement); trim the Consume surface to the three clients
  the notebook actually demonstrates (Microsoft Agent Framework, LangGraph,
  Copilot SDK).
- Regenerate 01-toolbox-architecture.svg from the updated .mmd source.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Policy enforcement (section 8 + diagram): the customer-owned APIM runtime
gateway governs *only MCP-server tools* - calls that route through your MCP
server. Built-in / first-party tools (Web Search, Code Interpreter, File
Search, Azure AI Search, ...) never traverse the gateway. Added a bypass
branch to the diagram, scoped the RT subgraph label, and updated the table
row, blockquote, and alt text (also noting the RAI guardrail screens every
tool, unlike APIM).

Auth & identity (section 3 + diagram): added a 'Two identities, better
together' explanation of the hosted-agent story - the agent authenticates to
the toolbox with its own agent managed identity (the trust boundary, Foundry
user role), yet for oauth2 / user-entra-token connections it forwards the
caller's end-user token so the downstream tool acts as the real user (OBO),
with no OAuth wiring in agent code. Diagram now labels the two hops
(agent->toolbox, toolbox->tool), adds a better-together callout, and fixes the
user-entra-token label to 'managed user identity passthrough'.

Regenerated 02-auth-identity.svg and 04-policy-enforcement.svg from source.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The previous revision showed built-in / first-party tools as a dead-end
('never traverse your gateway'), which wrongly implied they were ungoverned.
Built-in tools skip only the customer-owned APIM gateway (control point 2);
the RAI guardrail (control point 3) still screens every tool's inputs and
outputs at the toolbox layer. Route both MCP-server and built-in tools into
the guardrail in the diagram, relabel it 'Toolbox guardrail (all tools)', and
update the alt text and RAI table row so bypassing the gateway never reads as
bypassing content governance.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Replace the hand-drawn Mermaid architecture diagram with the exact
toolbox-architecture.png published in the Foundry toolbox docs (Build /
Consume pillars, consumed by LangGraph, Microsoft Agent Framework, GitHub
Copilot, Claude Code, and Microsoft Copilot Studio, governed by default).
Update cell 0's image reference and alt text to match the doc verbatim, and
drop the now-unused 01-toolbox-architecture.mmd/.svg.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Drop the explicit 'built-in tools bypass the gateway' call-out from the
policy-enforcement diagram and its prose. The diagram now states only what is
governed: the runtime gateway governs MCP-server tools, and the toolbox
guardrail governs all tools. Remove the enumerated built-in-tools bypass node
and soften the alt text, RAI table row, and blockquote so they no longer frame
governance in terms of what skips the gateway.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The Skills section only covered build-time references (ToolboxSkillReference in
the skills= list). Explain that once attached, a skill is not a callable tool -
it surfaces as an MCP Resource on the same toolbox endpoint (Skills-for-MCP
SEP-2640): any MCP client calls resources/list to discover skills and
resources/read to download each SKILL.md body, with no Foundry SDK. Add section
10b with a runnable, skip-guarded consume_skills() that reuses the existing raw
MCP session to list and read skill resources over the consumer endpoint.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Tool search ranks the toolbox's own un-pinned tools (pinned/auto-pinned tools
are already in tools/list), not a Foundry-wide catalog. Fix the wording in the
03-tool-search-flow diagram and cells 37/38/45. Add the discover/progressive-
disclosure framing to the intro so the Consume pillar's dynamic discovery is
tied to Tool Search. Point the Skills section and section 10b at the official
'Attach skills to a toolbox' doc and the MAF Skills-in-Toolbox sample.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Drop the 'four pillars, two available today' Build/Consume framing. Present the
three pillars that are available now: (1) Build & curate, (2) Discover with Tool
Search (progressive disclosure), and (3) Govern with an RAI guardrail plus a
bring-your-own AI gateway for MCP - governed by default, with more governance
controls to come. Make Discover a first-class pillar and align the 'By the end'
outcomes to Build & curate / Discover / Govern / Consume.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Replace the official Build/Consume doc PNG with a custom Mermaid diagram that
matches the three-pillar intro exactly: (1) Build & curate feeds the toolbox
default version, which holds the curated tools plus (2) Discover with Tool
Search and (3) Govern (RAI guardrail over all tools + BYO AI gateway for MCP,
more to come); the toolbox is exposed through one MCP-compatible endpoint and
consumed unchanged by Microsoft Agent Framework, LangGraph, and the Copilot SDK.
Update cell 0's image reference and alt text accordingly.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Keep the official left-to-right structure (Build & curate -> Toolbox ->
Consume, governed by default) and add a single Discover with Tool Search box in
the middle toolbox column. Govern stays as the toolbox's governed-by-default
treatment rather than a separate box. Update cell 0 alt text to match.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…ddle

Recreate the public doc's layout as a custom diagram: a Toolboxes in Foundry
title banner, a Consumed by row (LangGraph, Microsoft Agent Framework, GitHub
Copilot, Claude Code, Microsoft Copilot Studio), a Tool lifecycle arrow over the
pillars, and a Governed by default banner. Add a single Discover pillar (Tool
Search) between Build and Consume. Update cell 0 alt text to match.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Replace the Mermaid render with a hand-authored SVG that mirrors the public
doc's exact look: full-width rounded Toolboxes in Foundry title banner, a
Consumed by chip row, a Tool lifecycle arrow, three green pillars with pink /
blue / orange inner pills, and a full-width Governed by default banner with the
same caption. The only addition is the Discover (Tool Search) pillar in the
middle. Remove the now-unused .mmd source since the SVG is authored directly.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant