Roger Barreto

This commit introduces a **breaking security enhancement** by **hardening the default settings** for the **`WebFileDownloadPlugin`**, **`FileIOPlugin`**, and **`HttpPlugin`** within the .NET plugins. It changes `AllowedDomains` and `AllowedFolders` from an "allow-all" to a "deny-all" default, sets `DisableFileOverwrite` to `true`, and introduces a `MaximumDownloadSize` of 10MB for downloads. Additionally, it implements path canonicalization via `Path.GetFullPath()` to prevent directory traversal attacks and includes a minor bug fix for `FileStream` usage. This significantly improves the security posture of applications using these plugins by reducing the attack surface. As a **breaking change**, existing applications relying on the previous permissive defaults will now require explicit configuration for allowed operations.

This commit **hardens the security defaults** of the **`DocumentPlugin`** by introducing a deny-by-default `AllowedDirectories` property and a comprehensive path validation mechanism. It gates `ReadTextAsync` and `AppendTextAsync` operations with checks that prevent path traversal, reject UNC paths, and enforce fully qualified paths, thereby mitigating arbitrary file access vulnerabilities. This **security enhancement** is a **breaking change**, requiring users to explicitly configure `AllowedDirectories` for any file operations to succeed. This significantly improves the plugin's resilience against indirect prompt injection attacks by preventing AI agents from accessing unauthorized file system locations.

This commit **updates the .NET connector for OpenAI** to migrate from deprecated DALL-E models to the newer `gpt-image-1` model, primarily as a **feature update and maintenance** effort. It **changes the default image generation model** in `ClientCore` and `OpenAITextToImageService` to `gpt-image-1`, and introduces **support for base64 image responses** in `GenerateImageAsync` since the new model exclusively returns base64 data. Additionally, new `Medium`, `Low`, and `Auto` quality options are added to `GetGeneratedImageQuality`, and **integration tests** for both OpenAI and Azure OpenAI are updated to use the new model, API version, and accommodate base64 responses, ensuring compatibility and correct functionality with the latest image generation capabilities.

This commit implements a **security fix** by updating several **.NET system package dependencies** to address **CVE-2026-26127**, a high-severity denial of service vulnerability. Specifically, `Microsoft.Bcl.Memory`, `Microsoft.Bcl.AsyncInterfaces`, and `System.Linq.AsyncEnumerable` are upgraded to version 10.0.4 to mitigate an out-of-bounds read during malformed Base64Url decoding. To ensure the fix is applied across all relevant components, direct `PackageReference` entries for `Microsoft.Bcl.Memory` are added to the `SemanticKernel.UnitTests`, `IntegrationTests`, and `Concepts` projects. This **dependency update** significantly enhances the project's security posture by resolving a critical vulnerability.

.Net: Bumping - Version 1.71.0 (#13552)

This commit implements **robust security controls** for file upload and download operations within the **`SessionsPythonPlugin`** across both its **Python and .NET implementations**. It introduces new configuration settings, `EnableDangerousFileUploads` and `AllowedUploadDirectories`, which are now mandatory for file uploads, while downloads apply path validation if `AllowedDownloadDirectories` are configured. The core mechanism involves **path canonicalization** to prevent traversal attacks, significantly enhancing the plugin's security posture by restricting file system access. This **feature** is thoroughly validated with new **unit and integration tests** and includes updated sample code to guide developers on configuring these new safeguards.

This commit **enhances the Codespaces development environment** by integrating the **Copilot CLI** and other essential developer tools. It **adds new features** to `.devcontainer/devcontainer.json`, including GitHub CLI, PowerShell, Azure Dev CLI, and common utilities, alongside the Copilot CLI. This work provides a **new capability** to streamline development with Semantic Kernel within Codespaces, mirroring configurations found in .NET templates. The primary impact is an improved **developer experience**, enabling easier use of Copilot CLI and related tools for .NET projects.

.Net: Update AWS Vulnerable Package Dependencies (#13449)

This commit primarily performs a **dependency update** for key AI-related NuGet packages, including `Microsoft.Extensions.AI.*` to 9.8.0-* and `Azure.AI.OpenAI` to 2.3.0-beta.1. Concurrently, it introduces a **feature enhancement** by adding explicit support for the new `'2025-04-01-PREVIEW'` Azure OpenAI API service version within the **.NET Azure OpenAI connectors**. This update ensures that the core client (`AzureClientCore.cs`) and various service tests (e.g., for audio-to-text, chat completion, embeddings) are compatible with the latest API versions. The change allows users to leverage the newest capabilities and maintain up-to-date integrations with Azure OpenAI services, improving the overall **compatibility and future-proofing** of the AI components.

This commit performs a crucial **security update** and a **major version upgrade** for the **Microsoft Graph Plugin** within the .NET project. It addresses vulnerability warnings by updating various packages, most notably upgrading the `Microsoft.Graph` library to its latest major version (V5). This necessitated extensive **refactoring** across the `Plugins.MsGraph` connectors, interfaces, and models to adapt to the new API surface and handle nullability changes. Consequently, new **sample applications** were added to demonstrate the updated MsGraph plugin functionalities, and corresponding **unit tests** were adjusted to reflect these changes.

This commit **refactors** the **.NET `GettingStarted` samples** to align with the latest API recommendations. It **migrates** all examples from using `AddOpenAIChatCompletion` to the newer `AddOpenAIChatClient` for creating kernels and configuring dependency injection. This **API migration** ensures that new users learning the framework are presented with the most current and recommended approach for integrating OpenAI chat models. The change impacts all `StepX_*.cs` files within the `dotnet/samples/GettingStarted` directory, improving the **clarity and accuracy of the sample code** and documentation.

This commit implements a crucial **security enhancement** for the **Google Gemini** and **Google AI connectors** within the `.Net` project. It **refactors** the authentication mechanism by moving the API key from being a URL query parameter to the more secure `x-goog-api-key` HTTP header. This change, primarily affecting the `ClientBase` and various client implementations like `GeminiChatCompletionClient`, `GeminiTokenCounterClient`, and `GoogleAIEmbeddingClient`, prevents sensitive API keys from being exposed in logs or tracing systems. New unit tests confirm that all Google AI clients now correctly utilize header-based authentication, significantly improving the **security posture** for users interacting with Google's AI services.

This commit **refactors** the .Net samples by **removing the `SKEXP0070` experimental warning suppression** from the `OllamaFunctionCalling` demo in `Program.cs`. This **maintenance** task aligns with a broader initiative to remove the `Experimental` attribute from non-GA **AI Connectors** packages. Since these connectors are still in preview, alpha, or beta stages, the explicit experimental warnings are considered redundant. The change simplifies the codebase by eliminating unnecessary suppression directives within the **AI Connectors** subsystem.

This commit introduces **new capabilities** by **exposing conversion helper methods** within the **Semantic Kernel Abstractions** library. It makes the `ToChatMessage` and `ToChatResponseUpdate` extension methods public, enabling direct **conversion from Semantic Kernel content types** like `ChatMessageContent` and `StreamingChatMessageContent` to their respective **MEAI content primitives**. This allows developers to seamlessly integrate and transform Semantic Kernel content for custom scenarios or evaluation against MEAI primitives, enhancing interoperability. Null checks were also added to these newly exposed methods for improved robustness.

This commit introduces a **new capability** to properly handle `ChatSystem` and `DeveloperPrompt` properties within **`OpenAIPromptExecutionSettings`** for **OpenAI chat clients**, resolving an issue where these prompts were previously ignored. It achieves this by introducing a new virtual method `PrepareChatHistoryForRequest` in `PromptExecutionSettings` and its specific implementation in `OpenAIPromptExecutionSettings`. This mechanism allows the **chat client extensions** and **chat completion service** to inject these prompts into the chat history before sending requests, ensuring that **system and developer prompts** are consistently honored by **OpenAI connectors**. Extensive unit and integration tests have been added to validate the correct invocation and processing of these prompts.

This commit primarily **reverts the use of `RetryFact` attributes** across several **Azure OpenAI integration tests** within the `.Net` connector library. This **maintenance change** addresses potential disruptions in the integration infrastructure when tests run in parallel, improving overall test suite stability. To further enhance reliability, an `HttpClient` with a 100-second timeout is now explicitly added to these tests, along with `IDisposable` implementation for proper resource cleanup. This ensures more consistent and accurate test results for the **Azure OpenAI connector** by preventing flaky failures and managing long-running operations. Additionally, the `ChatCompletionWithAudioInputAndOutputAsync` test in `OpenAIChatCompletion_NonStreamingTests.cs` is now skipped for manual verification.

This commit primarily **fixes a bug** in the **Semantic Kernel Abstractions** where `FunctionResultContent.FunctionName` was not correctly populated by `ChatClient` instances acting as `CompletionServices`. A new helper method in `ChatMessageExtensions.cs` now correctly maps the function name from `FunctionCallContent` to `FunctionResultContent`, ensuring proper data flow during **function calling**. Additionally, it includes **dependency updates** and refines **Ollama connector integration tests** (`OllamaChatClientIntegrationTests.cs`, `OllamaChatCompletion_FunctionCallingTests.cs`) to improve their robustness and clarity. This work ensures more reliable **function calling** behavior and better test coverage for chat completion services.

This commit performs **maintenance refactoring** within the **unit tests** for several **AI connectors**, including **Azure OpenAI**, **Mistral AI**, **Ollama**, and **OpenAI**. It specifically updates local helper functions, such as `MutateChatHistory`, to correctly return a `Task`, ensuring proper asynchronous handling within the test suite. This **test code improvement** enhances the reliability and consistency of the connector tests, with no direct impact on the runtime behavior or public interfaces of the connectors themselves.

This commit delivers a **bug fix** and **feature enhancement** for the **Agents** subsystem, resolving a regression that prevented the `Kernel` instance from being mutable during agent iterations. It introduces a new `UseImmutableKernel` property in `Agent.cs`, allowing explicit control over whether the kernel is cloned or remains mutable during `AgentChatCompletions` invocations. This change impacts various **agent implementations**, including `AzureAIAgent`, `ChatCompletionAgent`, and `OpenAIAssistantAgent`, by adjusting their kernel cloning logic and adding validation for `AIContextProviders` with `AIFunctions`. The fix ensures that `AIContextProviders` can correctly interact with a mutable kernel, restoring expected behavior. New unit and integration tests have been added to thoroughly verify both the restored mutability and the new immutability control.

This commit **fixes a bug** in the **.NET Google Gemini connector** by making the `MaxTokens` property within `GeminiPromptExecutionSettings` optional. Specifically, the hardcoded default value for `MaxTokens` has been removed, allowing it to be `null` when not explicitly set, which enables the Gemini model to use its own internal defaults. This **enhancement** provides greater flexibility for users of the **Gemini connector**, and the change is validated by an updated unit test in `GeminiPromptExecutionSettingsTests.cs` that now asserts a `null` default.