Add generic policies (rai_policy) support to agent.yaml for hosted agents#8521
Merged
Merged
Conversation
Add support for the policies.rai_config.rai_policy_name field in the azure.ai.agents extension's agent.yaml manifest so users can attach a Responsible AI (content safety) guardrail policy to hosted agents. The value is the full ARM resource ID of the RAI policy, which azd deploy forwards to the Foundry data plane via the existing rai_config field. - yaml.go: add RaiConfig and AgentPolicies manifest structs and a Policies field on ContainerAgent - map.go: add mapRaiConfig helper and wire it into both the container/image and code-deploy request builders - parse.go: validate rai_policy_name is non-empty when present - tests + testdata fixture covering image, code, and validation paths - CHANGELOG entry Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
amitbhave10
requested review from
JeffreyCA,
glharper,
therealjohn,
trangevi and
trrwilson
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for the policies.rai_config.rai_policy_name field in the agent.yaml manifest for hosted agents in the azure.ai.agents extension, allowing users to attach a Responsible AI (content safety) policy whose value is the full ARM resource ID of the RAI policy. The new manifest field is mapped to the existing agent_api.RaiConfig data-plane structure via a small helper and validated during parse.
Changes:
- Introduce
RaiConfigandAgentPoliciesYAML structs and aPoliciesfield onContainerAgent. - Add
mapRaiConfighelper and wire it into both image-based and code-deploy hosted-agent API request builders, plus parse-time validation thatrai_policy_nameis non-empty whenrai_configis present. - Add unit tests and a YAML fixture covering valid, missing, and absent policy cases, plus a CHANGELOG entry.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/yaml.go | Adds RaiConfig/AgentPolicies types and Policies field on ContainerAgent. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/map.go | Adds mapRaiConfig helper and wires it into both image and code hosted-agent request builders. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/parse.go | Validates that rai_policy_name is non-empty when rai_config is present. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/parse_test.go | Tests validation across valid, missing-name, and absent-policies cases. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/map_test.go | Tests RaiConfig mapping for image, code, no-rai paths, and the helper directly. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/testdata_test.go | Registers the new fixture in the YAML round-trip tests. |
| cli/azd/extensions/azure.ai.agents/internal/pkg/agents/agent_yaml/testdata/hosted-agent-with-rai.yaml | New fixture exercising policies.rai_config.rai_policy_name. |
| cli/azd/extensions/azure.ai.agents/CHANGELOG.md | Documents the new manifest field under Unreleased. |
github-actions
Bot
added
the
ext-agents
Replace the nested `policies.rai_config.rai_policy_name` object with a generic `policies` list of typed entries. Each entry has a `type` discriminator; `type: rai_policy` attaches a Responsible AI (content safety) guardrail via `rai_policy_name` (full ARM resource ID of the RAI policy). This keeps the manifest authoring shape extensible to future policy types while the mapping layer continues to flatten a `rai_policy` entry into the data-plane `rai_config.rai_policy_name` that the Foundry hosted-agent API expects (unchanged on the wire). Updates the yaml model (Policy / PolicyType), mapRaiConfig, manifest validation (known type + required rai_policy_name), the test fixture, CHANGELOG, and unit tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
amitbhave10
changed the title
trangevi
approved these changes
Jun 4, 2026
Member
|
/check-enforcer override |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support for a generic policies list in the azure.ai.agents extension's agent.yaml manifest so users can attach governance policies to hosted agents.
Each entry has a type discriminator; type: rai_policy attaches a Responsible AI (content safety) guardrail via rai_policy_name, the full ARM resource ID of the RAI policy.
azd deploy flattens a rai_policy entry into the Foundry data-plane rai_config.rai_policy_name field (unchanged on the wire).
The typed-list shape keeps the manifest extensible to future policy types.
Updates yaml.go (Policy/PolicyType + Policies []Policy), map.go (mapRaiConfig), parse.go validation, fixture, CHANGELOG, and unit tests.
Paired with microsoft/AgentSchema#101 (microsoft/AgentSchema#101).