.NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692)

[rogerbarreto]

Closes #5692.

Adds a Hosted-MemoryAgent sample that exercises FoundryMemoryProvider inside a Foundry hosted agent, plus the small framework hooks needed to scope memory per end user via the platform's isolation headers.

Framework (Microsoft.Agents.AI.Foundry.Hosting)

• HostedSessionContext (sealed, UserId + ChatId)
• HostedSessionIsolationKeyProvider abstract async base; default PlatformHostedSessionIsolationKeyProvider maps ResponseContext.Isolation
• AgentFrameworkResponseHandler tags fresh sessions, validates resumed sessions against the live request, and 403s on mismatch (Hosted session identity context mismatch)

Samples

• New shared project Hosted_Shared_Contributor_Setup consolidates DevTemporaryTokenCredential and adds DevTemporaryLocalSessionIsolationKeyProvider + AddDevTemporaryLocalContributorSetup
• All 9 existing responses samples migrated to consume it so local runs keep working under the strict contract
• New Hosted-MemoryAgent (travel assistant) with Dockerfile, README, and scripts/smoke.ps1

Tests

• 11 new unit tests covering provider resolution, set-on-create, validate-on-resume, and 403/500 paths (227/227 hosting unit tests pass)
• New memory IT scenario in Foundry.Hosting.IntegrationTests; verified end to end against a live Foundry project

Docs

• ADR 0026 captures the design tree (isolation keys vs request.User, storage shape, async signature, write-once-validate-on-resume)

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds hosted-session identity plumbing to Foundry hosting so sessions can be scoped/validated by platform isolation headers, and introduces a new Hosted-MemoryAgent sample + integration test to exercise per-user Foundry Memory.

Changes:

• Introduces HostedSessionContext + HostedSessionIsolationKeyProvider (+ default platform provider) and stamps/validates context in AgentFrameworkResponseHandler.
• Consolidates local-dev contributor setup into a shared samples project and migrates existing hosted response samples to use it.
• Adds Hosted-MemoryAgent sample plus a new memory integration-test scenario and unit tests around identity resolution/validation.

Reviewed changes

Copilot reviewed 49 out of 49 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/HostedSessionIdentityContextTests.cs	Adds unit tests for hosted session identity stamping/validation and provider mapping.
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/HostedOutboundUserAgentTests.cs	Registers a fake isolation key provider so outbound-agent tests satisfy the new contract.
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/FakeHostedSessionIsolationKeyProvider.cs	Introduces a test provider that supplies default isolation keys.
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/AgentFrameworkResponseHandlerWorkflowTests.cs	Updates workflow tests to register the isolation key provider.
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/AgentFrameworkResponseHandlerTests.cs	Updates handler tests to register the isolation key provider.
dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/AgentFrameworkResponseHandlerTelemetryTests.cs	Updates telemetry tests to register the isolation key provider.
dotnet/tests/Foundry.Hosting.IntegrationTests/scripts/it-bootstrap-agents.ps1	Adds the memory scenario to the integration test bootstrap list.
dotnet/tests/Foundry.Hosting.IntegrationTests/MemoryHostedAgentTests.cs	Adds an end-to-end integration test for memory recall in hosted mode.
dotnet/tests/Foundry.Hosting.IntegrationTests/Fixtures/MemoryHostedAgentFixture.cs	Adds a fixture that provisions per-run isolated memory store ids.
dotnet/tests/Foundry.Hosting.IntegrationTests.TestContainer/Program.cs	Adds IT_SCENARIO=memory agent that uses FoundryMemoryProvider scoped by hosted context.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/PlatformHostedSessionIsolationKeyProvider.cs	Adds default provider mapping ResponseContext.Isolation to hosted session context.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/HostedSessionJsonUtilities.cs	Adds source-gen JSON options/context for hosted session context persistence.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/HostedSessionIsolationKeyProvider.cs	Adds DI-resolvable abstraction for resolving hosted session identity keys.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/HostedSessionContextExtensions.cs	Adds session state bag read/write helpers for hosted session context.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/HostedSessionContext.cs	Adds sealed identity context type (UserId, ChatId) with validation.
dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/AgentFrameworkResponseHandler.cs	Stamps identity on create and validates identity on resume (403 on mismatch).
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted_Shared_Contributor_Setup/Hosted_Shared_Contributor_Setup.csproj	Adds shared contributor utilities project for local runs.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted_Shared_Contributor_Setup/HostedContributorSetupExtensions.cs	Adds AddDevTemporaryLocalContributorSetup helper for samples.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted_Shared_Contributor_Setup/DevTemporaryTokenCredential.cs	Moves dev-only bearer-token credential into shared sample project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted_Shared_Contributor_Setup/DevTemporaryLocalSessionIsolationKeyProvider.cs	Adds dev-only isolation key provider for local container runs.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Workflow-Simple/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Workflow-Simple/HostedWorkflowSimple.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Workflow-Handoff/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Workflow-Handoff/HostedWorkflowHandoff.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Toolbox/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Toolbox/HostedToolbox.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-TextRag/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-TextRag/HostedTextRag.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Observability/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-Observability/HostedObservability.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/scripts/smoke.ps1	Adds local smoke test validating per-user memory isolation across runs.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/agent.yaml	Adds container agent definition for Hosted-MemoryAgent.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/agent.manifest.yaml	Adds agent manifest metadata for Hosted-MemoryAgent.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/README.md	Documents memory scoping via hosted identity and local dev setup.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/Program.cs	Implements the Hosted-MemoryAgent using FoundryMemoryProvider scoped by hosted context.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/HostedMemoryAgent.csproj	Adds new sample project and references shared contributor setup.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/Dockerfile.contributor	Adds contributor Dockerfile using pre-published output.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/Dockerfile	Adds Dockerfile intended for NuGet-based builds.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-MemoryAgent/.env.example	Adds environment template including local isolation key fallbacks.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-McpTools/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-McpTools/HostedMcpTools.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-LocalTools/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-LocalTools/HostedLocalTools.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-FoundryAgent/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-FoundryAgent/HostedFoundryAgent.csproj	References shared contributor setup project.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-ChatClientAgent/Program.cs	Switches sample to shared contributor setup registration.
dotnet/samples/04-hosting/FoundryHostedAgents/responses/Hosted-ChatClientAgent/HostedChatClientAgent.csproj	References shared contributor setup project.
dotnet/agent-framework-dotnet.slnx	Adds new sample projects to the solution.
docs/decisions/0026-hosted-session-identity-context.md	Adds ADR documenting the design/behavior of hosted session identity.

Comments suppressed due to low confidence (5)

dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/PlatformHostedSessionIsolationKeyProvider.cs:1

• The remarks describe GetKeysAsync returning “a context with empty values” when headers are missing, but the implementation actually returns null. Update the comment to match the real behavior (returns null, which the handler treats as a configuration error leading to a 500) so callers don’t misinterpret the contract.
  dotnet/tests/Microsoft.Agents.AI.Foundry.Hosting.UnitTests/FakeHostedSessionIsolationKeyProvider.cs:1
• The summary says the fake “always returns a non-null HostedSessionContext”, but the constructor can intentionally set _context to null (when userId or chatId is null) to test the handler’s error path. Adjust the doc comment to reflect that this provider returns non-null by default, but can be configured to return null.
  dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/HostedSessionContextExtensions.cs:1
• SetHostedContext is documented as “written exactly once”, but the implementation will overwrite an existing value without complaint. To harden the identity contract and reduce the risk of accidental/intentional overwrites from within the hosting assembly, add a write-once guard (e.g., throw if StateBag already contains StateKey) before calling SetValue.
  dotnet/src/Microsoft.Agents.AI.Foundry.Hosting/AgentFrameworkResponseHandler.cs:1
• This allocates a new PlatformHostedSessionIsolationKeyProvider on every request when no provider is registered in DI. Consider caching a singleton instance (e.g., a static readonly field, or resolve once in the handler constructor as a fallback) to avoid per-request allocations on the hot path.
  dotnet/tests/Foundry.Hosting.IntegrationTests/MemoryHostedAgentTests.cs:1
• A fixed 20s sleep makes the integration test slower than necessary on fast paths and still potentially flaky on slow paths. Prefer polling until recall succeeds (or a bounded timeout is reached), which improves reliability and reduces average test runtime.

[github-actions]

Automated Code Review

Reviewers: 4 | Confidence: 85% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Design Approach

---

Automated review by rogerbarreto's agents