Simplify 04-foundry-toolbox sample to a single web_search + Microsoft Learn toolbox (#555)

Author: lindazqli

.github/CODEOWNERS

@@ -53,18 +53,24 @@
 /samples/typescript/quickstart/chat-with-agent/src/quickstart-chat-with-agent.ts @microsoft-foundry/AI-Platform-Docs
 /samples/typescript/quickstart/create-agent/src/quickstart-create-agent.ts @microsoft-foundry/AI-Platform-Docs
 /samples/typescript/quickstart/responses/src/quickstart-responses.ts @microsoft-foundry/AI-Platform-Docs
+/samples/typescript/quickstart/agent-service/src/quickstart.ts @microsoft-foundry/AI-Platform-Docs
 
 #### Additional ownership entries (added via issue triage) ##############################################
 # Routing for sample paths that were uncovered during issue triage.
 # Owners chosen from CODEOWNERS pattern of peer directories and from git log of top contributors.
 
-# TS quickstart agent-service — peer of chat-with-agent / create-agent / responses
-/samples/typescript/quickstart/agent-service/ @microsoft-foundry/AI-Platform-Docs
-
 # Infrastructure (bicep) — networked agent setup templates
-/infrastructure/infrastructure-setup-bicep/01-connections/apim/ @meerakurup
+/infrastructure/infrastructure-setup-bicep/01-connections/apim/ @meerakurup @rayankhouryy
 /infrastructure/infrastructure-setup-bicep/15-private-network-standard-agent-setup/ @haflidif
-/infrastructure/infrastructure-setup-bicep/16-private-network-standard-agent-apim-setup/ @meerakurup
+/infrastructure/infrastructure-setup-bicep/16-private-network-standard-agent-apim-setup/ @meerakurup @rayankhouryy @m-gheini @meerakurup @karthiksaligrama
 
 # Infrastructure (terraform) — BYO-VNet variant
 /infrastructure/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/ @deeikele
+
+# Hosted-agents specific sub-areas — owners inferred from git log of top contributors
+# (parent `/samples/python/hosted-agents/` and `/samples/csharp/hosted-agents/` still
+# route to @microsoft-foundry/hosted-agents; these add finer-grained reviewers).
+/samples/csharp/hosted-agents/agent-framework/teams-activity/                  @therealjohn @tecton
+/samples/python/hosted-agents/bring-your-own/invocations/github-copilot/       @ankitbko @huimiu
+/samples/python/hosted-agents/bring-your-own/invocations/human-in-the-loop/    @ankitbko @huimiu
+/samples/python/hosted-agents/bring-your-own/responses/langgraph-toolbox/      @antriksh30 @lindazqli

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/.env.example

@@ -1,3 +1,3 @@
 FOUNDRY_PROJECT_ENDPOINT="..."
 AZURE_AI_MODEL_DEPLOYMENT_NAME="..."
-TOOLBOX_NAME="..."
+TOOLBOX_ENDPOINT="..."

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/README.md

@@ -8,27 +8,21 @@ You can create a Foundry Toolbox by code. Refer to this sample for an example: [
 
 You can also create a Foundry Toolbox in the Foundry portal. Read more about it [in the Foundry toolbox documentation](https://learn.microsoft.com/en-us/azure/foundry/agents/how-to/tools/toolbox).
 
-> If you set up a project with this sample and provision the resources using `azd provision`, a Foundry Toolbox will be created with the specified tools in [`agent.manifest.yaml`](agent.manifest.yaml).
+This sample consumes a toolbox over its MCP endpoint. It bundles a [`toolbox.yaml`](toolbox.yaml) that defines two connectionless tools behind one endpoint:
 
-### Authentication Methods
+- **Web search**, which grounds responses in real-time public web results.
+- The **Microsoft Learn MCP server** (`https://learn.microsoft.com/api/mcp`), a public endpoint that grounds responses in official Microsoft documentation and requires no authentication.
 
-You can connect to MCP servers in Foundry Toolbox that use different authentication methods. This sample demonstrates the following authentication methods:
+You create the toolbox once from `toolbox.yaml`, then copy the versioned MCP endpoint it prints into the `TOOLBOX_ENDPOINT` environment variable. The agent connects to that endpoint at runtime.
 
-- **No authentication**: The tool does not require any authentication. The agent can invoke the tool without providing any credentials. Sample MCP server: `https://gitmcp.io/Azure/azure-rest-api-specs`
-- **Key-based authentication**: The tool requires a key to authenticate. Sample MCP server: `https://api.githubcopilot.com/mcp` (GitHub MCP server) with a Personal Access Token (PAT) for authentication.
-- **OAuth2 authentication (managed)**: The tool requires OAuth2 to authenticate. Sample MCP server: `https://api.githubcopilot.com/mcp` (GitHub MCP server) with OAuth2 for authentication.
-- **Agent identity authentication**: The tool requires an agent identity token to authenticate. Sample MCP server: `https://{foundry-resource-name}.cognitiveservices.azure.com/language/mcp?api-version=2025-11-15-preview` (Azure Language MCP server) with agent identity for authentication.
-- **Entra Pass-through authentication**: The tool requires an Entra pass-through token to authenticate. Sample MCP server: Microsoft Outlook MCP server with Entra pass-through for authentication.
-
-> Definitions of these authentication methods can be found in the [agent.manifest.yaml](agent.manifest.yaml) file in this sample. The GitHub MCP connection defaults to using a PAT for authentication in this sample, but you can switch to OAuth2 by changing the `project_connection_id` field in the `agent.manifest.yaml` file and following the instructions in the comments.
-
-There are also Non-MCP tools in the toolbox that support different authentication methods. Learn more at the [Foundry sample repository](https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/SUPPORTED_TOOLBOX_SCENARIOS.md).
+> [!NOTE]
+> To attach tools that need credentials (MCP servers with API keys or OAuth, Azure AI Search, Bing Custom Search, and more), create a project connection first and reference it from `toolbox.yaml`. For connection-backed examples, see the [`langgraph-toolbox`](../../../bring-your-own/responses/langgraph-toolbox/README.md) and [`langgraph-toolbox-user-identity`](../../../bring-your-own/responses/langgraph-toolbox-user-identity/README.md) samples, and the [supported toolbox scenarios](https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/SUPPORTED_TOOLBOX_SCENARIOS.md).
 
 ## How it works
 
 ### Model Integration
 
-The agent uses `FoundryChatClient` from the Agent Framework to create an OpenAI-compatible Responses client. It connects to the toolbox's MCP endpoint via `MCPStreamableHTTPTool`, which discovers and invokes the toolbox's tools over MCP at runtime. The endpoint URL is provided through the `FOUNDRY_TOOLBOX_ENDPOINT` environment variable.
+The agent uses `FoundryChatClient` from the Agent Framework to create an OpenAI-compatible Responses client. It connects to the toolbox's MCP endpoint via `MCPStreamableHTTPTool`, which discovers and invokes the toolbox's tools over MCP at runtime. The agent resolves the endpoint from the `TOOLBOX_ENDPOINT` environment variable. If that variable isn't set, it builds the latest-version endpoint from `FOUNDRY_PROJECT_ENDPOINT` and `TOOLBOX_NAME`.
 
 See [main.py](main.py) for the full implementation.
 
@@ -51,6 +45,18 @@ See [main.py](main.py) for the full implementation.
    azd auth login
    ```
 
+#### Initialize the agent project
+
+No cloning required. Create a new folder and initialize from the manifest:
+
+```bash
+mkdir my-toolbox-agent && cd my-toolbox-agent
+
+azd ai agent init -m https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/agent.manifest.yaml
+```
+
+Follow the prompts to configure your Foundry project and model deployment. If you don't have an existing Foundry project, `azd ai agent init` will guide you through creating one. Initializing also sets the selected project as the active project for the `azd ai` commands that follow.
+
 #### Create the toolbox with `azd ai`
 
 > [!TIP]
@@ -59,60 +65,22 @@ See [main.py](main.py) for the full implementation.
 > - [Toolbox reference](https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/microsoft-foundry/foundry-agent/create/references/toolbox-reference.md) — endpoint format, MCP protocol, OAuth consent handling, citation patterns, and troubleshooting.
 > - [Use toolbox in a hosted agent](https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/microsoft-foundry/foundry-agent/create/references/use-toolbox-in-hosted-agent.md) — endpoint resolution, env-var contract, payload shape, code integration patterns, and tracing.
 
-This sample's agent reads a `TOOLBOX_ENDPOINT` URL at startup. `azd ai agent init` + `azd provision` will create the toolbox declared in [`agent.manifest.yaml`](agent.manifest.yaml) automatically. If you prefer to create the toolbox directly with `azd` (for reuse across agents or to manage versions out-of-band), use the unified `microsoft.foundry` extension:
-
-1. Point `azd` at your Foundry project (once per shell):
-
-   ```bash
-   export PROJECT_ENDPOINT="https://<account>.services.ai.azure.com/api/projects/<project>"
-   azd ai project set $PROJECT_ENDPOINT
-   ```
-
-2. (Connections.) The tools used in this sample — `web_search` and `code_interpreter` — are built-in and do not require project connections, so this step is skipped here. For a connection-backed example (MCP servers with API keys, OAuth, etc.), see the [`langgraph-toolbox`](../../../bring-your-own/responses/langgraph-toolbox/README.md) sample.
-
-3. Author a `toolbox.yaml` describing the tools:
+The agent reads the toolbox's MCP endpoint from `TOOLBOX_ENDPOINT`. Create the toolbox once from the bundled [`toolbox.yaml`](toolbox.yaml):
 
-   ```yaml
-   # toolbox.yaml
-   description: Web search + code interpreter for the agent-framework Foundry-toolbox sample
-   tools:
-     - type: web_search
-       name: web_search
-     - type: code_interpreter
-       name: code_interpreter
-       container:
-         type: auto
-   ```
-
-4. Create the toolbox from that file:
-
-   ```bash
-   azd ai toolbox create agent-tools --from-file ./toolbox.yaml
-   ```
-
-   The first version becomes the default automatically. Use `azd ai toolbox list`, `azd ai toolbox show agent-tools`, and `azd ai toolbox version list agent-tools` to inspect, and `azd ai toolbox delete agent-tools --force` to remove it.
+```bash
+azd ai toolbox create my-toolbox --from-file ./toolbox.yaml
+```
 
-   To stage incremental changes safely, use `azd ai toolbox connection add/remove` and `azd ai toolbox skill add/list/remove` &mdash; each creates a new toolbox version that carries forward existing connections and skills but **doesn't** change the default. Promote a version with `azd ai toolbox publish agent-tools <version>` when you're ready to make it active.
+The first version becomes the default automatically. Use `azd ai toolbox list`, `azd ai toolbox show my-toolbox`, and `azd ai toolbox version list my-toolbox` to inspect, and `azd ai toolbox delete my-toolbox --force` to remove it.
 
-5. Retrieve the MCP endpoint and pass it to the agent. The agent uses `client.get_toolbox("agent-tools")`, which resolves through `TOOLBOX_ENDPOINT`:
+To stage incremental changes safely, use `azd ai toolbox connection add/remove` and `azd ai toolbox skill add/list/remove` &mdash; each creates a new toolbox version that carries forward existing connections and skills but **doesn't** change the default. Promote a version with `azd ai toolbox publish my-toolbox <version>` when you're ready to make it active.
 
-   ```bash
-   azd ai toolbox show agent-tools --output json    # returns the MCP endpoint URL
-   azd env set TOOLBOX_ENDPOINT "https://<account>.services.ai.azure.com/api/projects/<project>/toolboxes/agent-tools/mcp?api-version=v1"
-   ```
-
-#### Initialize the agent project
-
-No cloning required. Create a new folder and initialize from the manifest:
+`azd ai toolbox create` prints the toolbox's versioned MCP endpoint. Copy that endpoint and store it in your `azd` environment so the agent connects to it:
 
 ```bash
-mkdir my-toolbox-agent && cd my-toolbox-agent
-
-azd ai agent init -m https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/agent.manifest.yaml
+azd env set TOOLBOX_ENDPOINT "https://<account>.services.ai.azure.com/api/projects/<project>/toolboxes/my-toolbox/versions/1/mcp?api-version=v1"
 ```
 
-Follow the prompts to configure your Foundry project and model deployment. If you don't have an existing Foundry project, `azd ai agent init` will guide you through creating one.
-
 #### Provision Azure resources (if needed)
 
 If you don't already have a Foundry project and model deployment:
@@ -121,8 +89,6 @@ If you don't already have a Foundry project and model deployment:
 azd provision
 ```
 
-> Running `azd provision` for this sample will also create a Foundry Toolbox with the tools specified in [`agent.manifest.yaml`](agent.manifest.yaml).
-
 #### Run the agent locally
 
 ```bash
@@ -161,6 +127,7 @@ azd ai agent invoke "What tools do you have?"
 
 1. **VS Code** with the **[Foundry Toolkit](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.azure-ai-foundry)** extension installed.
 2. Sign in to Azure in VS Code.
+3. The `my-toolbox` toolbox must exist in your Foundry project. Create it from the bundled [`toolbox.yaml`](toolbox.yaml) (`azd ai toolbox create my-toolbox --from-file ./toolbox.yaml`) or in the Foundry portal before you run the agent.
 
 #### Create the project
 

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/agent.manifest.yaml

@@ -17,63 +17,14 @@ template:
   environment_variables:
     - name: AZURE_AI_MODEL_DEPLOYMENT_NAME
       value: "{{AZURE_AI_MODEL_DEPLOYMENT_NAME}}"
-    - name: TOOLBOX_NAME
-      value: "agent-tools"
-# Parameters are declared as a map of name -> definition. azd looks for an env
-# var matching the parameter name (e.g. github_pat) to resolve secret values for
-# `azd ai agent init --no-prompt`. The array/`properties` form does NOT bind
-# secret parameters to env vars, so it fails no-prompt init — use the map form.
-parameters:
-  mcp_endpoint:
-    # `azd ai agent init -m` will prompt for this value when initializing the agent manifest
-    secret: false
-    description: URL of the public MCP server (e.g. https://gitmcp.io/Azure/azure-rest-api-specs) that does not require authentication
-  github_pat:
-    # `azd ai agent init -m` will prompt for this value when initializing the agent manifest.
-    # Only needed when the GitHub MCP connection is configured to use the `github-mcp-pat-conn`
-    # PAT-based connection below; if you use the `github-mcp-oauth-conn` OAuth2 connection
-    # instead, you can leave this empty.
-    secret: true
-    description: GitHub Personal Access Token used to authenticate with the GitHub MCP server (only needed when using the PAT connection; press Enter if using OAuth2 instead)
+    # Full MCP endpoint of the toolbox the agent consumes. Create the toolbox
+    # from the bundled toolbox.yaml, then copy the versioned endpoint it prints
+    # and store it in your azd environment before you run or deploy:
+    #   azd ai toolbox create my-toolbox --from-file ./toolbox.yaml
+    #   azd env set TOOLBOX_ENDPOINT "<endpoint-from-output>"
+    - name: TOOLBOX_ENDPOINT
+      value: "{{TOOLBOX_ENDPOINT}}"
 resources:
   - kind: model
     id: gpt-4.1
     name: AZURE_AI_MODEL_DEPLOYMENT_NAME
-  - kind: connection
-    # A connection that uses a GitHub Personal Access Token (PAT) to authenticate with the GitHub MCP server
-    name: github-mcp-pat-conn
-    category: RemoteTool
-    authType: CustomKeys
-    target: https://api.githubcopilot.com/mcp
-    credentials:
-      type: CustomKeys
-      keys:
-        Authorization: "Bearer {{ github_pat }}"
-  - kind: connection
-    # A connection that uses OAuth2 to authenticate with the GitHub MCP server
-    name: github-mcp-oauth-conn
-    category: RemoteTool
-    authType: OAuth2
-    target: https://api.githubcopilot.com/mcp
-    connectorName: foundrygithubmcp
-    credentials:
-      type: OAuth2
-      clientId: managed
-      clientSecret: managed
-  - kind: toolbox
-    name: agent-tools
-    tools:
-      - type: web_search
-        name: web_search
-      - type: code_interpreter
-        name: code_interpreter
-      - type: mcp
-        # This MCP tool doesn't require authentication
-        server_label: noauth_mcp
-        server_url: "{{ mcp_endpoint }}"
-        require_approval: "never"
-      - type: mcp
-        # This MCP tool uses the GitHub MCP server with a PAT for authentication or OAuth2
-        server_label: github
-        project_connection_id: github-mcp-pat-conn # use `github-mcp-oauth-conn` for OAuth2 authentication
-        require_approval: "never"

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/agent.yaml

@@ -9,5 +9,5 @@ resources:
 environment_variables:
   - name: AZURE_AI_MODEL_DEPLOYMENT_NAME
     value: ${AZURE_AI_MODEL_DEPLOYMENT_NAME}
-  - name: TOOLBOX_NAME
-    value: "agent-tools"
+  - name: TOOLBOX_ENDPOINT
+    value: ${TOOLBOX_ENDPOINT}

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/main.py

@@ -18,13 +18,13 @@
 def resolve_toolbox_endpoint() -> str:
     """Resolve the toolbox MCP endpoint URL.
 
-    Prefers the explicit ``FOUNDRY_TOOLBOX_ENDPOINT`` env var; falls back to
+    Prefers the explicit ``TOOLBOX_ENDPOINT`` env var; falls back to
     constructing the URL from ``FOUNDRY_PROJECT_ENDPOINT`` and ``TOOLBOX_NAME``
     (the variables injected by the Foundry hosting scaffolding after ``azd provision``).
     """
-    if (endpoint := os.environ.get("FOUNDRY_TOOLBOX_ENDPOINT")) is not None:
+    if (endpoint := os.environ.get("TOOLBOX_ENDPOINT")) is not None:
         if not endpoint:
-            raise ValueError("FOUNDRY_TOOLBOX_ENDPOINT is set but empty")
+            raise ValueError("TOOLBOX_ENDPOINT is set but empty")
         return endpoint
     project_endpoint = os.environ["FOUNDRY_PROJECT_ENDPOINT"].rstrip("/")
     toolbox_name = os.environ["TOOLBOX_NAME"]

samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/toolbox.yaml

@@ -0,0 +1,16 @@
+# toolbox.yaml
+# Defines the toolbox this agent consumes. Create it once with:
+#   azd ai toolbox create my-toolbox --from-file ./toolbox.yaml
+# After creating it, copy the versioned MCP endpoint the command prints and
+# set it as the TOOLBOX_ENDPOINT environment variable. The agent connects to
+# that endpoint at runtime.
+description: Web search and Microsoft Learn behind one endpoint
+tools:
+  - type: web_search
+    name: web_search
+    description: Search the public web for current information.
+  - type: mcp
+    name: mslearn
+    server_label: mslearn
+    server_url: https://learn.microsoft.com/api/mcp
+    require_approval: never

samples/python/hosted-agents/bring-your-own/invocations/toolbox/.env.example

@@ -5,7 +5,10 @@
 # Model deployment name — must match a deployment in your Foundry project.
 AZURE_AI_MODEL_DEPLOYMENT_NAME=
 
-# Toolbox MCP endpoint — full URL including toolbox name and api-version.
+# Toolbox MCP endpoint — the full URL the agent connects to. Create the toolbox
+# from the bundled toolbox.yaml, then copy the versioned endpoint it prints:
+#   azd ai toolbox create my-toolbox --from-file ./toolbox.yaml
+# Example: https://<account>.services.ai.azure.com/api/projects/<project>/toolboxes/my-toolbox/versions/1/mcp?api-version=v1
 TOOLBOX_ENDPOINT=
 
 # Application Insights — auto-injected in hosted containers.