Merge branch 'main' of https://github.com/Git-Hub-Chris/Agent365-python

Author: Git-Hub-Chris

.github/workflows/codeql.yml

@@ -50,7 +50,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -1,27 +1,24 @@
-# Dependency Review Action
-#
-# This Action will scan dependency manifest files that change as part of a Pull Request,
-# surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required,
-# PRs introducing known-vulnerable packages will be blocked from merging.
-#
-# Source repository: https://github.com/actions/dependency-review-action
-name: 'Dependency Review'
-on: [pull_request]
+# Dependency Review - blocks PRs that introduce known-vulnerable dependencies
+name: Dependency Review
+
+on:
+  pull_request:
+    branches: [main]
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
-        with:
-          egress-policy: audit
+      - name: Checkout repository
+        uses: actions/checkout@v6
 
-      - name: 'Checkout Repository'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: high
+          comment-summary-in-pr: always
+          deny-licenses: GPL-3.0-only, AGPL-3.0-only

.github/workflows/scorecards.yml

@@ -76,6 +76,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -1,14 +1,35 @@
+# Pre-commit hooks for Agent365-python
+# Install: pip install pre-commit && pre-commit install
+# Run manually: pre-commit run --all-files
+
 repos:
-- repo: https://github.com/gitleaks/gitleaks
-  rev: v8.16.3
-  hooks:
-  - id: gitleaks
-- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
-  hooks:
-  - id: end-of-file-fixer
-  - id: trailing-whitespace
-- repo: https://github.com/pylint-dev/pylint
-  rev: v2.17.2
-  hooks:
-  - id: pylint
+  # Gitleaks - detect secrets in code
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.4
+    hooks:
+      - id: gitleaks
+
+  # Whitespace fixes
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: check-merge-conflict
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+      - id: check-json
+      - id: check-toml
+      - id: check-ast
+
+  # Python specific - using Ruff (matches CI settings)
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.4.4
+    hooks:
+      - id: ruff
+        args: [--fix, --line-length=100]
+      - id: ruff-format
+        args: [--line-length=100]

libraries/microsoft-agents-a365-observability-core/microsoft_agents_a365/observability/core/execute_tool_scope.py

@@ -30,6 +30,7 @@ def start(
         agent_details: AgentDetails,
         tenant_details: TenantDetails,
         request: Request | None = None,
+        parent_id: str | None = None,
     ) -> "ExecuteToolScope":
         """Creates and starts a new scope for tool execution tracing.
 
@@ -38,18 +39,21 @@ def start(
             agent_details: The details of the agent making the call
             tenant_details: The details of the tenant
             request: Optional request details for additional context
+            parent_id: Optional parent Activity ID used to link this span to an upstream
+                operation
 
         Returns:
             A new ExecuteToolScope instance
         """
-        return ExecuteToolScope(details, agent_details, tenant_details, request)
+        return ExecuteToolScope(details, agent_details, tenant_details, request, parent_id)
 
     def __init__(
         self,
         details: ToolCallDetails,
         agent_details: AgentDetails,
         tenant_details: TenantDetails,
         request: Request | None = None,
+        parent_id: str | None = None,
     ):
         """Initialize the tool execution scope.
 
@@ -58,13 +62,16 @@ def __init__(
             agent_details: The details of the agent making the call
             tenant_details: The details of the tenant
             request: Optional request details for additional context
+            parent_id: Optional parent Activity ID used to link this span to an upstream
+                operation
         """
         super().__init__(
             kind="Internal",
             operation_name=EXECUTE_TOOL_OPERATION_NAME,
             activity_name=f"{EXECUTE_TOOL_OPERATION_NAME} {details.tool_name}",
             agent_details=agent_details,
             tenant_details=tenant_details,
+            parent_id=parent_id,
         )
 
         # Extract details using deconstruction-like approach

libraries/microsoft-agents-a365-observability-core/microsoft_agents_a365/observability/core/inference_scope.py

@@ -34,6 +34,7 @@ def start(
         agent_details: AgentDetails,
         tenant_details: TenantDetails,
         request: Request | None = None,
+        parent_id: str | None = None,
     ) -> "InferenceScope":
         """Creates and starts a new scope for inference tracing.
 
@@ -42,18 +43,21 @@ def start(
             agent_details: The details of the agent making the call
             tenant_details: The details of the tenant
             request: Optional request details for additional context
+            parent_id: Optional parent Activity ID used to link this span to an upstream
+                operation
 
         Returns:
             A new InferenceScope instance
         """
-        return InferenceScope(details, agent_details, tenant_details, request)
+        return InferenceScope(details, agent_details, tenant_details, request, parent_id)
 
     def __init__(
         self,
         details: InferenceCallDetails,
         agent_details: AgentDetails,
         tenant_details: TenantDetails,
         request: Request | None = None,
+        parent_id: str | None = None,
     ):
         """Initialize the inference scope.
 
@@ -62,6 +66,8 @@ def __init__(
             agent_details: The details of the agent making the call
             tenant_details: The details of the tenant
             request: Optional request details for additional context
+            parent_id: Optional parent Activity ID used to link this span to an upstream
+                operation
         """
 
         super().__init__(
@@ -70,6 +76,7 @@ def __init__(
             activity_name=f"{details.operationName.value} {details.model}",
             agent_details=agent_details,
             tenant_details=tenant_details,
+            parent_id=parent_id,
         )
 
         if request:

tests/observability/core/test_execute_tool_scope.py

@@ -131,6 +131,32 @@ def test_request_metadata_set_on_span(self):
             request.source_metadata.description,
         )
 
+    def test_execute_tool_scope_with_parent_id(self):
+        """Test ExecuteToolScope uses parent_id to link span to parent context."""
+        parent_trace_id = "1234567890abcdef1234567890abcdef"
+        parent_span_id = "abcdefabcdef1234"
+        parent_id = f"00-{parent_trace_id}-{parent_span_id}-01"
+
+        with ExecuteToolScope.start(
+            self.tool_details, self.agent_details, self.tenant_details, parent_id=parent_id
+        ):
+            pass
+
+        finished_spans = self.span_exporter.get_finished_spans()
+        self.assertTrue(finished_spans, "Expected at least one span to be created")
+
+        span = finished_spans[-1]
+
+        # Verify span inherits parent's trace_id
+        span_trace_id = f"{span.context.trace_id:032x}"
+        self.assertEqual(span_trace_id, parent_trace_id)
+
+        # Verify span's parent_span_id matches
+        self.assertIsNotNone(span.parent, "Expected span to have a parent")
+        self.assertTrue(hasattr(span.parent, "span_id"), "Expected parent to have span_id")
+        span_parent_id = f"{span.parent.span_id:016x}"
+        self.assertEqual(span_parent_id, parent_span_id)
+
 
 if __name__ == "__main__":
     # Run pytest only on the current file

tests/observability/core/test_inference_scope.py

@@ -340,6 +340,38 @@ def test_record_thought_process(self):
             # Should not raise an exception
             self.assertTrue(hasattr(scope, "record_thought_process"))
 
+    def test_inference_scope_with_parent_id(self):
+        """Test InferenceScope uses parent_id to link span to parent context."""
+        details = InferenceCallDetails(
+            operationName=InferenceOperationType.CHAT,
+            model="gpt-4",
+            providerName="openai",
+        )
+
+        parent_trace_id = "1234567890abcdef1234567890abcdef"
+        parent_span_id = "abcdefabcdef1234"
+        parent_id = f"00-{parent_trace_id}-{parent_span_id}-01"
+
+        with InferenceScope.start(
+            details, self.agent_details, self.tenant_details, parent_id=parent_id
+        ):
+            pass
+
+        finished_spans = self.span_exporter.get_finished_spans()
+        self.assertTrue(finished_spans, "Expected at least one span to be created")
+
+        span = finished_spans[-1]
+
+        # Verify span inherits parent's trace_id
+        span_trace_id = f"{span.context.trace_id:032x}"
+        self.assertEqual(span_trace_id, parent_trace_id)
+
+        # Verify span's parent_span_id matches
+        self.assertIsNotNone(span.parent, "Expected span to have a parent")
+        self.assertTrue(hasattr(span.parent, "span_id"), "Expected parent to have span_id")
+        span_parent_id = f"{span.parent.span_id:016x}"
+        self.assertEqual(span_parent_id, parent_span_id)
+
 
 if __name__ == "__main__":
     # Run pytest only on the current file