first commit

Author: rakeshl4

.devcontainer/devcontainer.json

@@ -0,0 +1,28 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/python
+{
+  "name": "AI Agent Development Environment",
+  "features": {
+    "ghcr.io/devcontainers/features/azure-cli:1": {
+      "extensions": "ml"
+    },
+    "ghcr.io/devcontainers/features/dotnet:latest": {
+      "version": "10.0"
+    },
+    "ghcr.io/azure/azure-dev/azd:latest": {}
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-azuretools.vscode-docker",
+        "ms-python.python",
+        "ms-toolsai.jupyter",
+        "ms-python.black-formatter",
+        "mathematic.vscode-pdf",
+        "ms-dotnettools.csdevkit",
+        "ms-dotnettools.dotnet-interactive-vscode"
+      ]
+    }
+  },
+  "postCreateCommand": "dotnet tool install -g Microsoft.dotnet-interactive && dotnet interactive jupyter install"
+}

.dockerignore

@@ -0,0 +1,7 @@
+.git
+.venv
+.files
+.ruff_cache
+.vscode
+.env
+__pycache__`

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly

.github/workflows/ci.yml

@@ -0,0 +1,32 @@
+name: ci
+on:
+  push:
+    branches:
+      - master
+      - main
+permissions:
+  contents: write
+jobs:
+  deploy:
+    env:
+      CONFIG_FILE: docs/mkdocs.yml
+      REQUIREMENTS: docs/requirements.txt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure Git Credentials
+        run: |
+          git config user.name github-actions[bot]
+          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+      - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
+      - uses: actions/cache@v3
+        with:
+          key: mkdocs-material-${{ env.cache_id }}
+          path: .cache
+          restore-keys: |
+            mkdocs-material-
+      - run: pip install mkdocs-material mkdocs-glightbox mkdocs-include-markdown-plugin
+      - run: mkdocs gh-deploy --force --config-file docs/mkdocs.yml

.gitignore

@@ -0,0 +1,123 @@
+__pycache__
+*.py[co]
+[.][v]env/
+.DS_Store
+.ruff_cache
+.env
+.coverage
+*.orig
+# .NET stuff
+bin
+obj
+appsettings.*.json
+*.csproj.user
+.mono
+*.user
+.vs
+
+# AZD
+.azure/
+.files/
+src/workshop/[.][v]env/
+
+/src/shared/files
+.azure
+
+# Node.js
+node_modules/
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+dist/
+build/
+
+# dotenv environment variables files
+.env
+.env.*
+.env.local
+
+# next.js build output
+.next/
+
+# Vite build output
+dist/
+
+# Parcel build output
+dist/
+.cache/
+
+# Svelte build output
+public/build
+
+# Storybook build outputs
+.out/
+.storybook-out/
+
+# VS Code settings
+.vscode/
+
+# Mac system files
+.DS_Store
+
+# Windows system files
+Thumbs.db
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+yarn.lock
+
+# pnpm lockfile
+pnpm-lock.yaml
+
+# TypeScript cache
+*.tsbuildinfo
+
+# IDE files
+.idea/
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

README.md

@@ -0,0 +1,84 @@
+# Contoso Bike Store AI Assistant
+
+An end-to-end sample that uses Microsoft Agent Framework to demonstrate how to build Human In the loop (HITL) AI assistant.
+The agent uses GitHub Models for inference and exposes an AG-UI endpoint. The frontend integrates via CopilotKit to provide a chat experience for Contoso Bike Store.
+
+## Tech Stack
+
+- Backend: .NET (ASP.NET Core), Microsoft Agent Framework, AG-UI, `OpenAIClient` (GitHub Models)
+- Frontend: Next.js (App Router), TypeScript
+- Tools: Product inventory tools + a payment approval tool (server function with approval)
+
+## Prerequisites
+
+- .NET 9/10 SDK (match your local environment)
+- Node.js 20+ and npm
+- GitHub account and Personal Access Token (PAT) for GitHub Models access
+
+## GitHub Models Setup
+
+1. Create a GitHub Personal Access Token:
+   - Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
+   - Generate a new token; no special scopes are required for models
+   - Copy the token value
+
+2. Set environment variables (choose your shell):
+
+   Windows (PowerShell):
+   ```powershell
+   $env:GITHUB_TOKEN="<your_github_token>"
+   $env:GITHUB_MODEL_ID="gpt-4o"       # optional, defaults to gpt-4o
+   $env:GITHUB_MODELS_BASE_URL="https://models.inference.ai.azure.com" # optional
+   ```
+
+   Windows (Command Prompt):
+   ```cmd
+   set GITHUB_TOKEN=<your_github_token>
+   set GITHUB_MODEL_ID=gpt-4o
+   set GITHUB_MODELS_BASE_URL=https://models.inference.ai.azure.com
+   ```
+
+   macOS/Linux:
+   ```bash
+   export GITHUB_TOKEN="<your_github_token>"
+   export GITHUB_MODEL_ID="gpt-4o"
+   export GITHUB_MODELS_BASE_URL="https://models.inference.ai.azure.com"
+   ```
+
+You can also use the command `dotnet user-secrets` to set the `GITHUB_TOKEN` for the backend project.
+
+## How to Run
+
+1. Clone and open the repo
+   ```bash
+   git clone <this-repository-url>
+   cd maf-apporval-workflow
+   ```
+
+2. Start the backend (agent host)
+   ```bash
+   cd src/backend/ContosoBikestore.Agent.Host
+   dotnet restore
+   dotnet run
+   ```
+   - Agent Dev UI: http://localhost:5001/devui
+   - AG-UI endpoint: http://localhost:5001/agent/customer_service_assistant
+
+3. Start the frontend (Next.js)
+   ```bash
+   cd src/frontend
+   npm install
+   # optional: echo backend base URL to .env.local
+   # Windows PowerShell
+   "$env:BACKEND_AGENT_BASE_URL=http://localhost:5001" | Out-File -Encoding utf8 .env.local
+   # macOS/Linux
+   # echo "BACKEND_AGENT_BASE_URL=http://localhost:5001" > .env.local
+   npm run dev
+   ```
+   - App: http://localhost:3000
+
+## Resources
+
+- Microsoft Agent Framework Documentation: https://learn.microsoft.com/en-us/agent-framework/overview/agent-framework-overview
+- CopilotKit: https://www.copilotkit.ai/
+- GitHub Models: https://docs.github.com/en/github-models

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.9 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet) and [Xamarin](https://github.com/xamarin).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

package-lock.json

@@ -0,0 +1,36 @@
+[tool.black]
+line-length = 120
+
+[tool.ruff]
+line-length = 120
+
+# Enable import sorting
+select = ["I"]
+
+[tool.ruff.lint]
+extend-select = [
+  "B",
+  "C4",
+  "PT",
+  "RET",
+  "SIM",
+  "ARG",
+  "PTH",
+  "RUF",
+  "PLE",
+  "ANN",
+  "RUF",
+  "I"  # Add 'I' to extend-select to activate import sorting
+]
+
+[tool.ruff.lint.extend-per-file-ignores]
+"*.ipynb" = [
+  "PLE1142", # await-outside-async: Jupyter Notebooks support top level await
+  "E402", # module-import-not-at-top-of-file: It's relatively common to have to import "just in time"
+  "E501", # line-too-long: Let black handle this
+]
+
+# isort configuration
+[tool.isort]
+profile = "black"  # Use the same line length and styling as Black
+line_length = 120  # Consistent line length with Ruff and Black

pyproject.toml

@@ -0,0 +1,4 @@
+[*.cs]
+
+# SKEXP0110: Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+dotnet_diagnostic.SKEXP0110.severity = warning