feat(ai-agents): add --agent-endpoint flag to invoke command (#8028)

* ai agents: --agent-endpoint flag for ephemeral remote invokes

Adds a new --agent-endpoint flag to 'azd ai agent invoke' that accepts
the full Foundry agent invocation URL printed by 'azd up' / 'azd deploy'
and lets the user invoke a deployed agent from any directory without an
azd project on disk.

* Parses the URL strictly: requires https, the *.services.ai.azure.com
  Foundry host, the canonical /api/projects/.../agents/.../endpoint/
  protocols/<protocol>[?api-version=...] path, no explicit port, and a
  non-empty api-version when present.
* Derives the protocol (invocations or openai/responses) from the URL
  and rejects any flags that have no meaning in ephemeral mode (--local,
  positional name, --port, --protocol, --new-session, --new-conversation).
* Body validation runs before bearer-token acquisition so local input
  errors surface ahead of any auth round-trip.
* Prints continuation hints for both server-assigned --session-id and
  auto-created --conversation-id so users can preserve multi-turn state
  on the next invoke.
* Adds buildResponsesURL / buildInvocationsURL helpers and unit tests
  covering api-version propagation and URL-encoding of session ids.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: address review feedback on --agent-endpoint

- agent_endpoint.go: replace ad-hoc segment-by-segment path validation
  with a single regex match (matches existing projectResourceIdRegex
  style elsewhere in the package).
- agent_endpoint.go: introduce agentEndpointHint constant and use it
  everywhere the previous 'pass the agent endpoint printed by azd up
  or azd deploy' message appeared. Now points users at
  'azd ai agent show', which persistently prints the endpoint URL.
- invoke.go: collapse validateAgentEndpointFlags' six-case switch into
  a generic table-driven loop over disallowed flags.
- agent_endpoint_test.go: update unknown_protocol_tail expectation to
  match the unified regex error message.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: address multi-model code review findings

- invoke.go: restore the `Invocation:` print line that was lost during
  the rebase. Previously, `invocationsRemote` always printed the
  `x-agent-invocation-id` header so users could correlate the call
  for tracing. The rebased version only persisted it (and only in
  project mode), so `--agent-endpoint` callers and project-mode
  callers both lost the visible handle. Restore the print and keep
  the persist as an extra step in project mode.

- agent_endpoint.go: reject `%2F` (or other encoded path separators)
  inside the project segment of `--agent-endpoint`. The regex captures
  `[^/]+` against the escaped path, so an encoded slash slipped through
  validation and `url.PathUnescape` then materialized a literal `/`
  in the project name. Add a `ContainsAny(name, "/\\")` check to
  match the strictness already applied to the agent segment. Add a
  test case covering `proj%2Fother`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: enable global-config persistence for --agent-endpoint

After PR #8034 the session/conversation store is keyed by an endpoint-derived agentKey in global UserConfig (env-independent). This wires --agent-endpoint into that store so ephemeral invokes auto-resume across calls.

Changes:

- Add buildEphemeralAgentKey: a stable, query-string-free key derived from the parsed projectEndpoint+agentName. Distinct '/ephemeral' suffix so it never collides with project-mode '/remote' keys.

- resolveRemoteContext (ephemeral): best-effort attach the parent azd daemon and set rc.agentKey. Standalone runs (no daemon) silently fall back to no-persistence.

- responsesRemote / invocationsRemote: drop the local agentKey computation; use rc.agentKey. Tighten OpenAPI-spec fetch to project mode only (no on-disk side effect for ephemeral).

- Drop --new-session / --new-conversation from validateAgentEndpointFlags so users can reset stored IDs in ephemeral mode. Add warnIneffectiveResetFlags to log a no-op warning when standalone.

- Continuation hints now require resp.StatusCode<400 so failed invokes don't tell users to continue a never-created conversation (review feedback).

- Hint gate widened to (agentKey == '' || azdClient == nil) so it fires whenever persistence is genuinely unavailable, not just when the daemon is missing.

Tests: TestBuildEphemeralAgentKey covers URL-variant stability (canonical, trailing-slash, mixed case host) and the project-mode key-collision contract. The two dropped --new-* validation cases removed from TestAgentEndpointFlagValidation.

Live-verified against the deployed responses agent: invokes 1+2 share session+conversation IDs and the agent recalls prior turns; invoke 3 with --new-session --new-conversation produces fresh IDs; invoke 4 with a URL variant (no ?api-version) hits the same persisted entry.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: replace ephemeral hint fallback with help-pointer tip

The standalone-mode hint code (printEphemeralSessionHint /
printEphemeralConversationHint) only fired when the parent azd daemon
was unreachable -- a path that does not occur in normal user flow
(�zd ai agent invoke ... always spawns the daemon). With persistence
working under #8034 those hints were essentially dead code.

Remove both helpers (and their tests / unused captureStdout helper /
net/http import) and replace with a single concise tip printed after a
successful invoke when persistence is active in both responsesRemote
and invocationsRemote:

  (tip: pass --new-session or --new-conversation to reset; see
   `azd ai agent invoke --help`)

Tests + lint clean. Live verified end-of-output ordering against
hello-world-python-responses.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* azure.ai.agents: protocol-aware reset hint for invoke

The post-invoke tip and reset-flag handling now match each protocol's
actual memory model:

- Responses protocol keeps the existing tip mentioning both
  --new-session and --new-conversation (it uses the Foundry
  Conversations API for multi-turn memory).
- Invocations protocol prints a tip that only mentions --new-session,
  since memory is bound to the session and --new-conversation has no
  observable effect on this path.
- If the user does pass --new-conversation while invoking an
  invocations endpoint, a stderr note explains that the flag is a
  no-op for this protocol and points to --new-session instead.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* azure.ai.agents: address PR review findings on --agent-endpoint

- agent_endpoint.go: agent-name validation now delegates to
  agent_yaml.ValidateAgentName so --agent-endpoint enforces the same
  deployable-name format as the rest of the extension. Previously
  underscores and unbounded lengths slipped through local validation
  only to fail later as 404s. The bespoke isValidAgentNameSegment
  helper and its unit test are removed; a new
  TestParseAgentEndpoint_RejectsInvalidAgentNames covers underscore,
  length>63, and leading/trailing hyphen rejection.

- invoke.go (warnIneffectiveResetFlags): switched from log.Printf to
  fmt.Fprintln(os.Stderr, ...). The extension silences the standard
  logger unless debug mode is enabled (setupDebugLogging redirects to
  io.Discard), so the previous warning never reached users in
  standalone --agent-endpoint mode.

- invoke.go (invocationsRemote): removed the saveContextValue(...,
  "invocations") call. validateStoreField only allows "sessions" and
  "conversations", so the persistence call always failed silently. The
  invocation ID is still printed for trace correlation; we just no
  longer pretend to persist it.

- config_store.go: rewrote a doc comment to use "scopes" instead of
  "lifecycles" so the cspell pipeline passes.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: replace buildEphemeralAgentKey with buildAgentKey

Per PR review (trangevi): unify ephemeral and project-mode key builders.
buildAgentKey(ep, name, '', false) yields the same canonical shape used
elsewhere  '<ep>/agents/<name>/versions/latest/remote'  and inherits
the segment validation logic for free.

- Remove buildEphemeralAgentKey helper (config_store.go)
- Update sole call site in invocations setup (invoke.go)
- Drop now-redundant ephemeral-specific tests; URL-variant stability
  remains covered by TestNormalizeEndpoint_StripScheme and
  TestBuildRemoteAgentKeyFromEndpoint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: fix --agent-endpoint help-text example to use responses URL

Per PR review (trangevi): the example used the /protocols/invocations URL
paired with a plain "Hello!" body, but most invocations samples expect a
JSON request body. Switch the example to the responses-protocol URL
(/protocols/openai/responses) which matches the plain-string body shape
and aligns with the other "Hello!" examples in this help block.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: remove warnIneffectiveResetFlags (dead in normal use)

The warning only fired when running the extension binary standalone with --agent-endpoint and a reset flag (no parent azd daemon). End-user invokes always go through the host and persist via gRPC, so the warn was effectively dead for the supported flow.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ai agents: address wbreza PR review nits + add resolveRemoteContext test

- Rename url locals to respURL/convURL to avoid shadowing the net/url
  package import (invoke.go: responsesRemote and createConversation).
- Add t.Parallel() to the 4 functions in agent_endpoint_test.go.
- Add TestResolveRemoteContext_EphemeralMode covering the api-version
  default fallback (when URL omits ?api-version=) and explicit override,
  plus name/projectEndpoint/agentKey propagation. Pins the existing safe
  behavior end-to-end.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Antriksh Jain <antrikshjain@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: 3 people

cli/azd/extensions/azure.ai.agents/internal/cmd/agent_endpoint.go

@@ -0,0 +1,186 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package cmd
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+
+	"azureaiagent/internal/exterrors"
+	"azureaiagent/internal/pkg/agents/agent_api"
+	"azureaiagent/internal/pkg/agents/agent_yaml"
+)
+
+// agentEndpointHostSuffix is the required Foundry host suffix for endpoint URLs.
+const agentEndpointHostSuffix = ".services.ai.azure.com"
+
+// agentEndpointHint is the suggestion appended to most --agent-endpoint validation errors.
+// `azd ai agent show` persistently prints the agent endpoint URL, so it's the right
+// thing to point users at any time after a deploy.
+const agentEndpointHint = "run `azd ai agent show` to see the agent endpoint URL"
+
+// agentEndpointPathRegex matches the full Foundry agent-endpoint path. Captures:
+//
+//	[1] project name (URL-escaped),
+//	[2] agent name (URL-escaped),
+//	[3] protocol tail ("invocations" or "openai/responses").
+var agentEndpointPathRegex = regexp.MustCompile(
+	`^/api/projects/([^/]+)/agents/([^/]+)/endpoint/protocols/(invocations|openai/responses)/?$`,
+)
+
+// parsedAgentEndpoint describes a deployed agent invocation endpoint.
+type parsedAgentEndpoint struct {
+	// ProjectEndpoint is the Foundry project root: https://<acct>.services.ai.azure.com/api/projects/<proj>.
+	ProjectEndpoint string
+	AgentName       string
+	Protocol        agent_api.AgentProtocol
+	// APIVersion is the api-version query parameter from the URL, or empty if absent.
+	APIVersion string
+}
+
+// parseAgentEndpoint parses the full agent invocation URL printed by `azd ai agent show`.
+//
+// Accepted shapes:
+//
+//	https://<acct>.services.ai.azure.com/api/projects/<proj>/agents/<name>/endpoint/protocols/invocations[?api-version=…]
+//	https://<acct>.services.ai.azure.com/api/projects/<proj>/agents/<name>/endpoint/protocols/openai/responses[?api-version=…]
+//
+// The host must be a `*.services.ai.azure.com` Foundry host. The path must include the
+// protocol-specific suffix; the protocol is derived from the URL.
+func parseAgentEndpoint(rawURL string) (*parsedAgentEndpoint, error) {
+	if strings.TrimSpace(rawURL) == "" {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			"--agent-endpoint requires a non-empty URL",
+			agentEndpointHint,
+		)
+	}
+
+	u, err := url.Parse(rawURL)
+	if err != nil {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			fmt.Sprintf("invalid --agent-endpoint URL: %v", err),
+			agentEndpointHint,
+		)
+	}
+
+	if !strings.EqualFold(u.Scheme, "https") {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			"--agent-endpoint must use https",
+			agentEndpointHint,
+		)
+	}
+
+	host := strings.ToLower(u.Hostname())
+	if host == "" || !strings.HasSuffix(host, agentEndpointHostSuffix) {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			fmt.Sprintf("--agent-endpoint host %q is not a Foundry host (*%s)", u.Hostname(), agentEndpointHostSuffix),
+			agentEndpointHint,
+		)
+	}
+
+	// Reject explicit ports — Foundry endpoints always use the default HTTPS port,
+	// and silently dropping a non-default port would route requests to a different origin.
+	if u.Port() != "" {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			fmt.Sprintf("--agent-endpoint host %q must not include a port", u.Host),
+			agentEndpointHint+" (no explicit port)",
+		)
+	}
+
+	// Match the full path against the canonical Foundry agent-endpoint shape and pull
+	// the project name, agent name, and protocol tail out in one pass.
+	matches := agentEndpointPathRegex.FindStringSubmatch(u.EscapedPath())
+	if matches == nil {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			"--agent-endpoint path must match /api/projects/<project>/agents/<name>/endpoint/protocols/<protocol>",
+			agentEndpointHint,
+		)
+	}
+	projectSegment, agentSegment, protocolTail := matches[1], matches[2], matches[3]
+
+	projectName, err := url.PathUnescape(projectSegment)
+	if err != nil || projectName == "" || strings.ContainsAny(projectName, "/\\") {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidParameter,
+			"--agent-endpoint project segment is invalid",
+			agentEndpointHint,
+		)
+	}
+
+	agentName, err := url.PathUnescape(agentSegment)
+	if err != nil || agent_yaml.ValidateAgentName(agentName) != nil {
+		return nil, exterrors.Validation(
+			exterrors.CodeInvalidAgentName,
+			fmt.Sprintf("--agent-endpoint agent name %q is invalid", agentSegment),
+			"agent names must start and end with an alphanumeric character, "+
+				"may contain hyphens in the middle, and be 1-63 characters long",
+		)
+	}
+
+	var protocol agent_api.AgentProtocol
+	switch protocolTail {
+	case "invocations":
+		protocol = agent_api.AgentProtocolInvocations
+	case "openai/responses":
+		protocol = agent_api.AgentProtocolResponses
+	}
+
+	// Reject an explicit but empty api-version query parameter; the default fallback would
+	// otherwise silently invoke a different version than the user pasted.
+	apiVersion := ""
+	query := u.Query()
+	if values, present := query["api-version"]; present {
+		if len(values) == 0 || values[0] == "" {
+			return nil, exterrors.Validation(
+				exterrors.CodeInvalidParameter,
+				"--agent-endpoint api-version query parameter is empty",
+				"include a non-empty api-version value or omit the parameter to use the default",
+			)
+		}
+		apiVersion = values[0]
+	}
+
+	projectEndpoint := fmt.Sprintf("https://%s/api/projects/%s", host, projectSegment)
+
+	return &parsedAgentEndpoint{
+		ProjectEndpoint: projectEndpoint,
+		AgentName:       agentName,
+		Protocol:        protocol,
+		APIVersion:      apiVersion,
+	}, nil
+}
+
+// buildResponsesURL builds the Foundry "openai/responses" protocol URL for an agent.
+// apiVersion is URL-encoded so unusual characters cannot break out of the query value.
+func buildResponsesURL(projectEndpoint, agentName, apiVersion string) string {
+	return fmt.Sprintf(
+		"%s/agents/%s/endpoint/protocols/openai/responses?api-version=%s",
+		projectEndpoint, agentName, url.QueryEscape(apiVersion),
+	)
+}
+
+// buildInvocationsURL builds the Foundry "invocations" protocol URL for an agent.
+// When sid is non-empty, an agent_session_id query parameter is appended (URL-encoded).
+func buildInvocationsURL(projectEndpoint, agentName, apiVersion, sid string) string {
+	invURL := fmt.Sprintf(
+		"%s/agents/%s/endpoint/protocols/invocations?api-version=%s",
+		projectEndpoint, agentName, url.QueryEscape(apiVersion),
+	)
+	if sid != "" {
+		invURL += "&agent_session_id=" + url.QueryEscape(sid)
+	}
+	return invURL
+}
+
+// (isValidAgentNameSegment was removed — agent name validation now delegates
+// to agent_yaml.ValidateAgentName so --agent-endpoint enforces the same
+// deployable-name format as the rest of the extension.)