Eduard van Valkenburg

This commit implements a critical **security refinement** by **refactoring** the **in-memory vector collection filter** to employ a **new safe AST evaluator**, effectively **preventing code injection** and enforcing new security limits. It also **fixes** a similar **injection vulnerability** within the **Azure Cosmos DB connector** by ensuring proper escaping of single quotes in filter expressions. These updates significantly enhance the **robustness and security** of data filtering across the **`in_memory`** and **`Azure Cosmos DB`** connectors, with comprehensive unit tests added to validate the injection prevention and safety measures.

This commit introduces a **security refinement** to the **Python in-memory connector** by implementing a blocklist for dangerous attributes. It **validates filter expressions** against this blocklist using the `_validate_ast_node` function within `semantic_kernel/connectors/in_memory.py`. This **prevents potential sandbox escapes** by ensuring that filter expressions do not access restricted attributes, thereby enhancing the overall security and robustness of the in-memory filtering mechanism.

This commit introduces a **new capability** to the **`HttpPlugin`** in the Python Semantic Kernel, allowing users to specify `allowed_domains`. This enhancement enables **URL validation** within the plugin, restricting outbound HTTP requests to only those domains explicitly permitted, thereby improving security and control over external calls. The change involves adding an `allowed_domains` property to `http_plugin.py` and implementing new validation logic, thoroughly covered by **new unit tests**. This feature provides a crucial mechanism for developers to configure and enforce safe domain access for HTTP operations. Additionally, several Google AI integration tests were updated to be skipped due to occasional throttling issues.

This commit **refactors** the filter validation logic within the **Python `semantic-kernel`'s `InMemoryCollection`** for in-memory vector stores. It **inverts the filtering approach** from a denylist (forbidden list) to an allowlist, ensuring only explicitly permitted Abstract Syntax Tree (AST) nodes and functions are used. This **bug fix** addresses previous issues with the less secure denylist method, enhancing the reliability and correctness of filter operations for in-memory data. The change specifically impacts the `_parse_and_validate_filter` method in `in_memory.py`, improving the robustness of the **in-memory vector store filtering** mechanism.

This commit **enhances the Python Oracle connector** by making the `OracleCollection` class publicly accessible. It **adds `OracleCollection` to the `__all__` list** within `python/semantic_kernel/connectors/oracle.py`, allowing developers to directly import and utilize this component for Oracle-specific data operations. Concurrently, the `python/uv.lock` file has been **updated to include the `oracledb` dependency**, ensuring proper support for the new Oracle integration. This **new capability** streamlines the use of Oracle-specific collection functionalities within the Semantic Kernel, providing a more complete and accessible connector.

This commit introduces a **security enhancement** to the **Python `semantic_kernel` library's in-memory vector store connector**. It **improves the filtering mechanism** by explicitly forbidding the use of sensitive Python dunder methods like `__class__`, `__bases__`, and `__subclasses__` within filter expressions. This **maintenance fix** prevents potential security vulnerabilities or unexpected behavior during filter parsing in the `_parse_and_validate_filter` function. Consequently, the **in-memory vector store's data access becomes more secure and robust**, safeguarding against malicious or unintended filter evaluations.

This commit introduces a **new capability** to the **Python Semantic Kernel**, enabling seamless interoperability with external agent frameworks. A new method, `as_agent_framework_tool`, has been added to the `KernelFunction` class in `kernel_function.py`, allowing any `KernelFunction` to be converted into an **Agent Framework Tool**. This **feature** acts as a **bridge**, significantly enhancing the extensibility of the Semantic Kernel by allowing its functions to be directly consumed and utilized within agent-based systems. A new sample, `agent_framework_tools.py`, demonstrates how to leverage this integration, though users must install `agent-framework-core` separately.

This commit **removes the GitHub Actions workflow** responsible for automatically applying the `needs-port` label. This is a **maintenance** change that streamlines the project's labeling automation by eliminating a no-longer-required action. The **CI/CD pipeline** and **label management system** are affected, simplifying the process for contributors and maintainers by removing an unnecessary automated step.

This commit **fixes** a **bug** in the **Python `mcp` server connector** where the parsing of tool call output types was incorrect, addressing issue #12850. It **refactors** the content type parsing logic within the `create_mcp_server_from_kernel` function in `python/semantic_kernel/connectors/mcp.py`. By replacing `isinstance` checks with more robust `match` statements, this change ensures improved and correct handling of diverse content types. This ultimately enhances the reliability of **tool call output processing** for the `mcp` server, preventing errors in how external tool results are interpreted.

This commit introduces a **new Python sample** (`foundry_local_chatbot.py`) demonstrating how to integrate **Foundry Local models** with the **Semantic Kernel's OpenAIChatCompletion service**. This **feature addition** provides a practical example for developers looking to utilize local model inference within their applications. The sample, located in the `python/samples/concepts/local_models` directory, showcases the setup and usage, making it easier for users to leverage **local AI capabilities** with **Semantic Kernel**.

This commit **updates the ONNX dependencies** for the Python `semantic-kernel` project, specifically `onnxruntime_genai`. This **maintenance** task addresses previous limitations, enabling support for **Python 3.13 and all platforms**. As a direct result of this enhanced compatibility, the **ONNX AI connector tests** within `test_onnx_text_completion.py` are simplified by removing conditional `skipif` decorators and import checks. This change improves the robustness and accessibility of **ONNX-based AI features** by ensuring broader platform and Python version support.

This commit introduces **WebRTC support** for **Azure OpenAI Realtime** models within the **Python Semantic Kernel**, enabling more efficient and lower-latency real-time audio interactions. It adds the new `AzureRealtimeWebRTC` class and expands prompt execution settings to include options for transcription models, turn detection, and input audio noise reduction. This **new capability** is demonstrated through a dedicated sample (`realtime_agent_with_function_calling_webrtc.py`), enhancing the framework's ability to build **real-time AI agents** with advanced audio processing. The changes also involve updates to token and URL handling for WebRTC connections and public export of the new class.

This commit **deprecates** the entire **`planners` module** within the Python Semantic Kernel, including classes like `FunctionCallingStepwisePlanner`, `SequentialPlanner`, `Plan`, and their associated options and extensions. This **refactoring** effort aligns the Python SDK with the .NET SDK's strategy, marking these components as no longer recommended for use. Consequently, all related **documentation** in `README.md` and **sample tests** that utilized these planners have been removed or updated. The change signals a shift away from these specific planning implementations, impacting users who currently rely on them and encouraging migration to alternative planning mechanisms.

This commit delivers significant **improvements and fixes for the Python MCP connector** within `semantic_kernel`. It introduces new constructor parameters like `load_tools`, `load_prompt`, and `request_timeout` to provide finer control over MCP plugin behavior, while also **resolving intermittent hangs** by removing problematic suppressed calls to the MCP server. Furthermore, the commit **updates validation logic** to permit hyphens in function names, adds a new integration test for MCP samples, and includes general test refactoring and a `mcp` package version update.

replace mongo link (#11814)

This commit **updates the Python samples** to leverage the latest agent technologies and best practices. The `mixed_chat` sample in `python/samples/concepts/agents/mixed_chat/mixed_chat_agents.py` has been **enhanced** to utilize **Azure AI Agents** and the newest `ChatCompletionAgent` syntax, replacing the older Assistant API integration. Concurrently, `python/samples/getting_started_with_agents/azure_ai_agent/step4_azure_ai_agent_code_interpreter.py` received a **refactoring** to directly instantiate `AzureAIAgentSettings` and improve type hints. This ensures the agent-related samples demonstrate the most current and recommended implementations for users.

This commit introduces a **new capability** to easily create an **MCP server** directly from a `semantic_kernel.agents.Agent` instance or a collection of functions, plugins, and agents. It adds an `as_mcp_server` method to the **`Agent` class** and a `create_mcp_server_from_functions` utility to the **`mcp` connector**, significantly **enhancing the flexibility** of the Multi-Agent Communication Protocol. This **refactoring** simplifies the process of exposing agent capabilities as servers, providing a more direct and intuitive approach. The change is demonstrated through **new and updated samples**, showcasing scenarios like Azure AI Agents for restaurant menu and booking services, thereby improving developer experience and integration possibilities.

This commit introduces a **new capability** for the **Semantic Kernel's Multi-Agent Communication Protocol (MCP) server**, enabling it to expose a list of prompt templates and support advanced sampling logic. It significantly enhances the `semantic_kernel/connectors/mcp.py` module and extends the `kernel.py`'s `as_mcp_server` method to include prompt exposure, alongside adding `include_in_function_choices` metadata for better control over function visibility. This allows for more sophisticated multi-agent interactions where agents can discover and utilize pre-defined prompts and sampling capabilities, as demonstrated by several new and updated **MCP samples**.

This commit performs a **maintenance update** for the **Python `semantic_kernel` package**, incrementing its official version number. Specifically, it updates the `__version__` string within the `python/semantic_kernel/__init__.py` file from `1.27.2` to `1.28.0`. This change signifies a new release for the **Python SDK**, ensuring that all installations and references to the library will now reflect the `1.28.0` version.

This commit performs **code cleanup and refactoring** within the **Python call automation sample** (`call_automation.py`). It **improves logging** by transitioning to `app.logger` with appropriate levels, ensuring clearer separation of debug and info messages. Additionally, the commit **enhances event handling** logic by introducing a `match` statement for better structure and readability in functions like `handle_realtime_messages` and `incoming_call_handler`. This **maintenance** work makes the sample more robust, readable, and easier to debug for developers.