# Lab 4: Azure AI Foundry Agent Service - Workflow Pattern

## Overview

This notebook demonstrates deploying a Multi-Agent system based on **Workflow Pattern** using **Azure AI Foundry Agent Service**.

### üîë Core Implementation Approach

- **Azure AI Foundry Agent Service**: Same Agent foundation as Lab 3
- **Workflow Pattern**: Orchestration using Router + Executor pattern
- **AI-based Routing**: Intent classification using LLM
- **Workflow Context**: Message-based state management

### üí° Differences from Lab 3

| Feature | Lab 3 (Connected Agent) | Lab 4 (This Notebook) |
|---------|------------------------|----------------------|
| **Agent Foundation** | ‚úÖ Foundry Agent Service | ‚úÖ Foundry Agent Service |
| **Workflow** | Connected Agent (Handoff) | **Workflow Pattern (Router+Executor)** |
| **Routing Method** | `handoff_to_agent()` API | **Router Executor Function** |
| **Execution Flow** | Main ‚Üí Handoff ‚Üí Sub Agent | **Router ‚Üí Executor ‚Üí Output** |
| **State Management** | Thread-based | **Workflow Context-based** |
| **Parallel Execution** | Sequential Handoff | **Orchestrator Parallel Capable** |

> **‚úÖ Common Ground**: Both labs use the **same Azure AI Foundry Agent Service**.
> 
> **üéØ Difference**: Different **Agent orchestration patterns** (Connected Agent vs Workflow Pattern).
> 
> **‚ö° Advantage**: Workflow Pattern enables advanced orchestration including complex conditional branching, parallel execution, and loops.

### Architecture
```
‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê
‚îÇ        Agent Framework - Workflow Pattern                 ‚îÇ
‚îÇ                                                            ‚îÇ
‚îÇ  ‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê             ‚îÇ
‚îÇ  ‚îÇ        Router Executor                   ‚îÇ             ‚îÇ
‚îÇ  ‚îÇ   (AI-based Intent Classification)       ‚îÇ             ‚îÇ
‚îÇ  ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò             ‚îÇ
‚îÇ       ‚îÇ      ‚îÇ        ‚îÇ            ‚îÇ                      ‚îÇ
‚îÇ   ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îê ‚îå‚ñº‚îÄ‚îÄ‚îÄ‚îê  ‚îå‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îê   ‚îå‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê             ‚îÇ
‚îÇ   ‚îÇ Tool ‚îÇ ‚îÇResearch‚îÇ ‚îÇGeneral‚îÇ ‚îÇOrchestrator‚îÇ            ‚îÇ
‚îÇ   ‚îÇExec  ‚îÇ ‚îÇExecutor‚îÇ ‚îÇExecutor‚îÇ ‚îÇExecutor  ‚îÇ             ‚îÇ
‚îÇ   ‚îî‚îÄ‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îò ‚îî‚î¨‚îÄ‚îÄ‚îÄ‚îò  ‚îî‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îò   ‚îî‚îÄ‚îÄ‚î¨‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò             ‚îÇ
‚îÇ       ‚îÇ     ‚îÇ        ‚îÇ            ‚îÇ                      ‚îÇ
‚îÇ   ‚îå‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚ñº‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê               ‚îÇ
‚îÇ   ‚îÇ      Workflow Context                ‚îÇ               ‚îÇ
‚îÇ   ‚îÇ   (Message Passing & Output)         ‚îÇ               ‚îÇ
‚îÇ   ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò               ‚îÇ
‚îÇ                                                            ‚îÇ
‚îÇ   External Resources:                                     ‚îÇ
‚îÇ   ‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê    ‚îå‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îê                 ‚îÇ
‚îÇ   ‚îÇ  MCP Server  ‚îÇ    ‚îÇ  Azure AI      ‚îÇ                 ‚îÇ
‚îÇ   ‚îÇ  (Tools)     ‚îÇ    ‚îÇ  Search (RAG)  ‚îÇ                 ‚îÇ
‚îÇ   ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò    ‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò                 ‚îÇ
‚îî‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îÄ‚îò
```

### Key Differences: Foundry Agent vs Agent Framework

| Feature | Foundry Agent (Lab 3) | Agent Framework (Lab 4) |
|---------|----------------------|-------------------------|
| **Pattern** | Connected Agent (Handoff) | Workflow Executor Pattern |
| **Message Flow** | Thread-based conversation | Workflow Context streaming |
| **Inter-Agent Communication** | Agent API call (handoff) | Workflow message routing |
| **Execution Model** | Synchronous handoff | Async executor graph |
| **Scalability** | Handoff setup when adding agents | Add Executor & Edge |
| **Tracing** | Agent Service built-in tracing | Custom OpenTelemetry |
| **State Management** | Thread state persistence | Workflow Context-based |
| **Complexity** | Medium (Azure managed) | Low (code-centric) |

### Advantages of Workflow Pattern

1. ‚úÖ **Flexible Message Routing**: Control complex flows with simple conditionals
2. ‚úÖ **Asynchronous Execution**: Support for parallel execution (Orchestrator)
3. ‚úÖ **Clear Execution Graph**: Visual structure definition with WorkflowBuilder
4. ‚úÖ **Easy Local Development**: Minimal Azure dependencies, fast testing
5. ‚úÖ **Custom Control**: Fine-grained error handling and logging

### Python Module Structure

```
src/agent_framework/
‚îú‚îÄ‚îÄ main_agent_workflow.py  - Workflow definition and Executor implementation
‚îú‚îÄ‚îÄ tool_agent.py           - Tool Agent class (MCP)
‚îú‚îÄ‚îÄ research_agent.py       - Research Agent class (RAG)
‚îú‚îÄ‚îÄ api_server.py           - FastAPI HTTP server
‚îú‚îÄ‚îÄ masking.py              - Masking utilities
‚îî‚îÄ‚îÄ requirements.txt        - Python dependencies
```

### Learning Objectives

1. ‚úÖ Understand Microsoft Agent Framework Workflow Pattern
2. ‚úÖ Implement Executor-based Multi-Agent system
3. ‚úÖ Message routing through Workflow Context
4. ‚úÖ Parallel execution (Orchestrator) pattern
5. ‚úÖ Deploy Agent Framework-based system to ACA
6. ‚úÖ Compare Foundry Agent and Agent Framework


---

## ‚öôÔ∏è Before You Start

**Select Python Kernel:**

1. Click **"Select Kernel"** at the top right of the notebook
2. Select **"Python Environments..."**
3. Select **`.venv (Python 3.x.x)`** (virtual environment created at project root)

> üí° **GitHub Codespaces**: The `.venv` environment is automatically created in Codespaces.  
> If you don't see `.venv`, create it in the terminal with `python -m venv .venv`.

---


## 1. Environment Setup & Authentication

### Tenant ID Configuration Guide

**In most cases**: You don't need to specify a tenant ID. Leave the `tenant_id` variable as `"<YOUR_TENANT_ID>"` or `None` and proceed.

**When tenant ID is required**:
- ‚úÖ When you have access to multiple organization (company) Azure tenants
- ‚úÖ When you need to work with resources from a specific organization only
- ‚úÖ When you get "multiple tenants" related errors during login

**How to find your Tenant ID**:
- Azure Portal ‚Üí Azure Active Directory ‚Üí Overview ‚Üí Copy Tenant ID
- Or contact your organization administrator


In [None]:
import sys, subprocess, os, json
import platform

# Set PATH according to operating system
system = platform.system()
if system == 'Darwin':  # macOS
    extra_paths = '/opt/homebrew/bin:/usr/local/bin'
elif system == 'Linux':  # Linux / Codespaces
    extra_paths = '/usr/local/bin:/usr/bin:/home/codespace/.local/bin'
else:  # Windows
    extra_paths = ''

if extra_paths:
    os.environ['PATH'] = extra_paths + ':' + os.environ.get('PATH', '')

def check(cmd, name):
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, timeout=3, env=os.environ)
        print(f"{'‚úì' if result.returncode == 0 else '‚úó'} {name}")
    except Exception as e:
        print(f"‚úó {name}")

print("=== Prerequisites Check ===")
print(f"‚úì Python {sys.version.split()[0]} ({system})")
check("az --version", "Azure CLI")
check("docker --version", "Docker")
print("="*50)


In [None]:
import subprocess, json

print("=== Azure Authentication ===")
print("‚ÑπÔ∏è  Checking authentication status and logging in if needed.\n")

# Enter your tenant ID here (optional)
# Example: tenant_id = "16b3c013-d300-468d-ac64-7eda0820b6d3"
tenant_id = "<YOUR_TENANT_ID>"  # Or set to None to use default tenant

# Check Azure CLI authentication status
az_account = subprocess.run("az account show", shell=True, capture_output=True, text=True)

if az_account.returncode == 0:
    account_info = json.loads(az_account.stdout)
    print(f"‚úÖ Azure CLI authentication successful (using existing session)")
    print(f"   Subscription: {account_info.get('name', 'N/A')}")
    print(f"   Tenant: {account_info.get('tenantId', 'N/A')}")
else:
    print("‚ö†Ô∏è  Azure CLI authentication required. Opening browser...")
    # If tenant ID is configured, log in to that tenant
    if tenant_id and tenant_id != "<YOUR_TENANT_ID>":
        az_login = subprocess.run(f"az login --tenant {tenant_id}", shell=True)
    else:
        az_login = subprocess.run("az login", shell=True)
    
    if az_login.returncode == 0:
        print("‚úÖ Azure CLI login successful")
    else:
        raise Exception("‚ùå Azure CLI login failed")

print("="*50)


In [None]:
# Load configuration file
config_path = "config.json"
with open(config_path) as f:
    config = json.load(f)

# Set environment variables
RESOURCE_GROUP = config["resource_group"]
LOCATION = config["location"]
PROJECT_CONNECTION_STRING = config["project_connection_string"]
SEARCH_ENDPOINT = config["search_endpoint"]
SEARCH_INDEX = config["search_index"]
CONTAINER_REGISTRY = config["container_registry_endpoint"]
CONTAINER_ENV_ID = config["container_apps_environment_id"]
MCP_ENDPOINT = config.get("mcp_endpoint", "")

# Convert PROJECT_CONNECTION_STRING to simple format
simple_project_conn = PROJECT_CONNECTION_STRING.split(';')[0] if PROJECT_CONNECTION_STRING else ""

print("=== Configuration Loaded ===")
print(f"Resource Group: {RESOURCE_GROUP}")
print(f"Location: {LOCATION}")
print(f"Search Index: {SEARCH_INDEX}")
print(f"MCP Endpoint: {MCP_ENDPOINT if MCP_ENDPOINT else 'Not configured'}")
print(f"Container Registry: {CONTAINER_REGISTRY}")
print("="*50)


## 2. Install Required Packages

Installs Azure AI related required packages. Most packages may already be installed if running in GitHub Codespace.


In [None]:
# Install required packages
import subprocess
import sys

packages = [
    "azure-ai-projects",
    "azure-ai-inference",
    "azure-search-documents",
    "azure-identity",
    "openai",
    "python-dotenv",
    "requests",
    "fastapi",
    "uvicorn",
    "httpx"
]

print("=== Installing Required Packages ===\n")

for package in packages:
    print(f"Installing {package}...")
    result = subprocess.run(
        [sys.executable, "-m", "pip", "install", "-q", package],
        capture_output=True,
        text=True
    )
    if result.returncode == 0:
        print(f"‚úÖ {package} installed")
    else:
        print(f"‚ö†Ô∏è  {package} may already be installed or failed to install")

print("\n" + "="*50)
print("‚úÖ Package installation completed!")


## 3. Get Azure AI Search Key

Retrieves the Azure AI Search admin key to be used by the Research Agent.


In [None]:
# Get AI Search admin key
search_name = config["search_service_name"]

search_key_cmd = f"""
az search admin-key show \
    --resource-group {RESOURCE_GROUP} \
    --service-name {search_name} \
    --query primaryKey -o tsv
"""

result = subprocess.run(search_key_cmd, shell=True, capture_output=True, text=True)
SEARCH_KEY = result.stdout.strip()

if SEARCH_KEY:
    print(f"‚úÖ Search key retrieved: {SEARCH_KEY[:10]}...")
    os.environ['SEARCH_KEY'] = SEARCH_KEY
else:
    print("‚ùå Failed to retrieve search key")


## 4. Build Agent Framework Container

### Container Configuration

- **Framework**: Microsoft Agent Framework (Workflow Pattern)
- **Port**: 8000
- **Endpoints**:
  - `/health` - Health check
  - `/` - Agent Framework status information
  - `/chat` - Workflow execution endpoint (POST)

### Workflow Executors

- **Router Executor**: AI-based intent classification and routing
- **Tool Executor**: MCP tool execution
- **Research Executor**: RAG-based knowledge retrieval
- **General Executor**: General conversation
- **Orchestrator Executor**: Parallel execution and result aggregation

### MCP Server Features

- **Real-time Weather Information**:
  - `get_weather(location)` - Accurate real-time weather for cities worldwide
  - Data source: wttr.in API (free, highly reliable)
  - Supported languages: Both Korean/English city names (e.g., 'Seoul', 'ÏÑúÏö∏')
  - Provided info: Temperature, feels-like temp, weather condition, humidity, wind speed/direction, observation time

### Environment Variable Configuration

The following variables are automatically configured in the `.env` file:

- `AZURE_AI_PROJECT_ENDPOINT` - Azure AI Project endpoint
- `AZURE_AI_MODEL_DEPLOYMENT_NAME` - Model deployment name (gpt-4o)
- `SEARCH_ENDPOINT`, `SEARCH_INDEX` - Azure AI Search configuration
- `MCP_ENDPOINT` - MCP Server endpoint
- `APPLICATIONINSIGHTS_CONNECTION_STRING` - Application Insights (Analytics)
- `OTEL_*` - OpenTelemetry configuration (Tracing)
- `AZURE_TRACING_GEN_AI_CONTENT_RECORDING_ENABLED` - Prompt/Completion recording


In [None]:
# Container Registry login
registry_name = CONTAINER_REGISTRY.split('.')[0]

print("=== Container Registry Login ===")
login_cmd = f"az acr login --name {registry_name}"
result = subprocess.run(login_cmd, shell=True, capture_output=True, text=True)

if result.returncode == 0:
    print(f"‚úÖ Logged in to {registry_name}")
else:
    print(f"‚ùå Login failed: {result.stderr}")
print("="*50)


In [None]:
# Create .env file (for Agent Framework Container)
print("=== Creating .env file for Agent Framework Container ===\n")

# 1. Get Application Insights Connection String
print("üìä Getting Application Insights connection string...")
appinsights_cmd = f"""
az monitor app-insights component show \
    --resource-group {RESOURCE_GROUP} \
    --query "[0].connectionString" -o tsv
"""

result = subprocess.run(appinsights_cmd, shell=True, capture_output=True, text=True)

if result.returncode == 0 and result.stdout.strip():
    APP_INSIGHTS_CONN_STR = result.stdout.strip()
    print(f"‚úÖ Application Insights connection string retrieved\n")
else:
    print(f"‚ö†Ô∏è  Could not get Application Insights connection string")
    print(f"   Proceeding without Application Insights\n")
    APP_INSIGHTS_CONN_STR = ""

# 2. Get model configuration (from config.json)
model_deployment_name = config.get("model_deployment_name", "gpt-4o")
model_version = config.get("model_version", "2024-11-20")
model_capacity = config.get("model_capacity", 50)
print(f"üì¶ Model Configuration:")
print(f"   Deployment Name: {model_deployment_name}")
print(f"   Model Version: {model_version}")
print(f"   Capacity (TPM): {model_capacity}")
print(f"   (from config.json - set in Lab 1 infrastructure deployment)\n")

# 3. Create .env file
env_content = f"""# Azure AI Project Configuration (Microsoft Agent Framework)
AZURE_AI_PROJECT_ENDPOINT={simple_project_conn}

# Model Configuration
# The model deployment name and version from Azure OpenAI
# These values are automatically set from Lab 1 infrastructure deployment (infra/main.bicep)
AZURE_AI_MODEL_DEPLOYMENT_NAME={model_deployment_name}
AZURE_AI_MODEL_VERSION={model_version}

# MCP Server Configuration
MCP_ENDPOINT={MCP_ENDPOINT if MCP_ENDPOINT else ''}

# Azure AI Search Configuration (for Research Agent with RAG)
SEARCH_ENDPOINT={SEARCH_ENDPOINT}
SEARCH_INDEX={SEARCH_INDEX}
SEARCH_KEY={SEARCH_KEY}

# Application Insights Configuration (for Application Analytics)
APPLICATIONINSIGHTS_CONNECTION_STRING={APP_INSIGHTS_CONN_STR}

# OpenTelemetry Configuration (for Tracing)
OTEL_SERVICE_NAME=agent-framework-workflow
OTEL_TRACES_EXPORTER=azure_monitor
OTEL_METRICS_EXPORTER=azure_monitor
OTEL_LOGS_EXPORTER=azure_monitor
OTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED=true
AZURE_TRACING_GEN_AI_CONTENT_RECORDING_ENABLED=true

# Masking / PII Handling
AGENT_MASKING_MODE=standard  # off|standard|strict
"""

env_file_path = "src/agent_framework/.env"

try:
    with open(env_file_path, 'w') as f:
        f.write(env_content)
    
    print(f"‚úÖ Created {env_file_path}")
    print("\nüìã Environment variables:")
    for line in env_content.strip().split('\n'):
        if line and not line.startswith('#'):
            key = line.split('=')[0]
            print(f"   ‚Ä¢ {key}")
    
    print("\nüí° This file will be included in the Docker image.")
    
    if APP_INSIGHTS_CONN_STR:
        print("\n‚úÖ Application Insights configured!")
        print("   ‚Üí OpenTelemetry Tracing enabled")
        print("   ‚Üí GenAI content recording enabled")
    else:
        print("\n‚ö†Ô∏è  Application Insights not configured")
        print("   ‚Üí Analytics won't work but Agent will function normally.")
    
    print(f"\nüîç Azure AI Search configured!")
    print(f"   ‚Üí RAG (Retrieval-Augmented Generation) enabled")
    print(f"   ‚Üí Research Agent can search knowledge base")
    print(f"\nü§ñ Model: {model_deployment_name} (version {model_version}, capacity {model_capacity}K TPM)")
    
except Exception as e:
    print(f"‚ùå Failed to create .env file: {e}")

print("\n" + "="*60)


In [None]:
# Build and push Agent Framework Container image
import time

framework_image = f"{CONTAINER_REGISTRY}/agent-framework:latest"

print("=== Building Agent Framework Image ===")
print(f"Image: {framework_image}\n")

# Build (linux/amd64 platform for Azure Container Apps)
build_cmd = f"docker build --platform linux/amd64 -t {framework_image} ./src/agent_framework"
print("üî® Building image (linux/amd64)...")
start_time = time.time()

result = subprocess.run(build_cmd, shell=True, capture_output=True, text=True)
elapsed = time.time() - start_time

if result.returncode == 0:
    print(f"‚úÖ Build successful ({elapsed:.1f}s)")
    print(f"   Framework: Microsoft Agent Framework (Workflow Pattern)")
else:
    print(f"‚ùå Build failed: {result.stderr}")
    
# Push
if result.returncode == 0:
    print("\nüì§ Pushing image to registry...")
    push_cmd = f"docker push {framework_image}"
    result = subprocess.run(push_cmd, shell=True, capture_output=True, text=True)
    
    if result.returncode == 0:
        print(f"‚úÖ Push successful")
    else:
        print(f"‚ùå Push failed: {result.stderr}")

print("="*50)


## 5. Verify Azure Resources

Verify required Azure resources before deploying Agent Framework Service.

**Verification Items:**
- ‚úÖ Azure AI Project resource ID


In [None]:
# Verify Azure AI Project resource ID
print("=== Verifying Azure Resources ===\n")

# Extract project_name from URL
if '/api/projects/' in simple_project_conn:
    project_name = simple_project_conn.split('/api/projects/')[-1].strip()
else:
    project_name = None

print(f"üìã Project Information:")
print(f"   Resource Group: {RESOURCE_GROUP}")
print(f"   Project Name: {project_name if project_name else 'Not found'}\n")

# Get AI Project resource ID
print("üîç Finding AI Project resource...")
if project_name:
    ai_project_cmd = f"""
    az resource list \
        --resource-group {RESOURCE_GROUP} \
        --query "[?contains(name, '{project_name}') && type=='Microsoft.CognitiveServices/accounts/projects'].id" -o tsv
    """
else:
    ai_project_cmd = f"""
    az resource list \
        --resource-group {RESOURCE_GROUP} \
        --query "[?type=='Microsoft.CognitiveServices/accounts/projects'].id | [0]" -o tsv
    """

result = subprocess.run(ai_project_cmd, shell=True, capture_output=True, text=True)
if result.returncode == 0 and result.stdout.strip():
    ai_project_resource_id = result.stdout.strip()
    print(f"   ‚úÖ AI Project Resource ID:")
    print(f"   {ai_project_resource_id}\n")
else:
    print(f"   ‚ùå Could not find AI Project")
    raise Exception("AI Project not found")

print("‚úÖ All required resources verified!")
print("="*60)


## 6. Deploy Agent Framework Service

Deploy Agent Framework Service and **automatically** configure Managed Identity immediately after deployment.

### Automatic Actions Performed

1. ‚úÖ Deploy Container App (starting with replicas=0)
2. ‚úÖ Enable System-assigned Managed Identity
3. ‚úÖ Assign Azure AI User role (AI Project scope)
4. ‚úÖ Permission propagation wait notice

> üí° **Important**: Deployment and permission setup are handled together, taking approximately 3-4 minutes to complete.


In [None]:
# Deploy Agent Framework Service to Container App + Configure Managed Identity permissions
framework_app_name = "agent-framework"

print("=== Deploying Agent Framework Service to ACA ===")
print(f"App Name: {framework_app_name}\n")

print("üí° Environment variables are already included in the Docker image.\n")

# 1. Deploy Container App (with Managed Identity, replicas=0)
deploy_cmd = f"""
az containerapp create \
    --name {framework_app_name} \
    --resource-group {RESOURCE_GROUP} \
    --environment {CONTAINER_ENV_ID.split('/')[-1]} \
    --image {framework_image} \
    --target-port 8000 \
    --ingress external \
    --min-replicas 0 \
    --max-replicas 3 \
    --cpu 1.0 \
    --memory 2.0Gi \
    --registry-server {CONTAINER_REGISTRY} \
    --system-assigned \
"""

print("üöÄ Deploying Agent Framework Service with Managed Identity...")
print("   (Starting with 0 replicas to configure permissions first)")
result = subprocess.run(deploy_cmd, shell=True, capture_output=True, text=True, timeout=180)

if result.returncode == 0:
    print("‚úÖ Deployment successful\n")
    
    # Get endpoint
    show_cmd = f"""
    az containerapp show \
        --name {framework_app_name} \
        --resource-group {RESOURCE_GROUP} \
        --query properties.configuration.ingress.fqdn -o tsv
    """
    result = subprocess.run(show_cmd, shell=True, capture_output=True, text=True)
    FRAMEWORK_ENDPOINT = f"https://{result.stdout.strip()}"
    
    print(f"üåê Agent Framework Endpoint: {FRAMEWORK_ENDPOINT}")
    
    # Update config
    config['agent_framework_endpoint'] = FRAMEWORK_ENDPOINT
    with open(config_path, 'w') as f:
        json.dump(config, f, indent=2)
    print("‚úÖ Config updated\n")
    
    # 2. Get Managed Identity Principal ID
    print("="*60)
    print("üîê Configuring Permissions\n")
    
    print("1Ô∏è‚É£ Getting Managed Identity Principal ID...")
    identity_cmd = f"""
    az containerapp show \
        --name {framework_app_name} \
        --resource-group {RESOURCE_GROUP} \
        --query identity.principalId -o tsv
    """
    
    result = subprocess.run(identity_cmd, shell=True, capture_output=True, text=True)
    if result.returncode == 0 and result.stdout.strip():
        principal_id = result.stdout.strip()
        print(f"   ‚úÖ Principal ID: {principal_id}\n")
    else:
        print(f"   ‚ùå Failed to get Principal ID\n")
        raise Exception("Failed to get Managed Identity Principal ID")
    
    # 3. Assign Azure AI User role
    print("2Ô∏è‚É£ Assigning 'Azure AI User' role to AI Project...")
    print(f"   Scope: {ai_project_resource_id}")
    role_assignment_cmd = f"""
    az role assignment create \
        --assignee {principal_id} \
        --role "Azure AI User" \
        --scope {ai_project_resource_id}
    """
    
    result = subprocess.run(role_assignment_cmd, shell=True, capture_output=True, text=True)
    if result.returncode == 0:
        print("   ‚úÖ Azure AI User role assigned\n")
    elif "already exists" in result.stderr.lower():
        print("   ‚úÖ Azure AI User role already exists\n")
    else:
        print(f"   ‚ùå Role assignment FAILED!")
        print(f"   Error: {result.stderr}\n")
    
    # 4. Verify permissions
    print("3Ô∏è‚É£ Verifying role assignments...\n")
    import time
    time.sleep(5)
    
    role_check_cmd = f"""
    az role assignment list \
        --assignee {principal_id} \
        --query "[].{{role:roleDefinitionName, scope:scope}}" -o json
    """
    
    result = subprocess.run(role_check_cmd, shell=True, capture_output=True, text=True)
    if result.returncode == 0:
        import json as json_lib
        current_roles = json_lib.loads(result.stdout)
        
        print(f"   üìã Current Role Assignments ({len(current_roles)} total):\n")
        
        required_roles = {"Azure AI User (AI Project)": False}
        
        for role in current_roles:
            scope_parts = role['scope'].split('/')
            resource_name = scope_parts[-1] if scope_parts else 'Unknown'
            role_name = role['role']
            
            print(f"      ‚Ä¢ {role_name} ‚Üí {resource_name}")
            
            if role_name == "Azure AI User":
                if "projects" in role['scope'] or ai_project_resource_id in role['scope']:
                    required_roles["Azure AI User (AI Project)"] = True
        
        print(f"\n   üîç Required Roles Verification:")
        all_roles_ok = True
        for role_name, assigned in required_roles.items():
            status = "‚úÖ" if assigned else "‚ùå"
            print(f"      {status} {role_name}")
            if not assigned:
                all_roles_ok = False
        
        if all_roles_ok:
            print(f"\n   ‚úÖ All required roles are assigned!\n")
        else:
            print(f"\n   ‚ùå Some required roles are missing!\n")
    
    # 5. Permission propagation wait notice
    print("="*60)
    print("4Ô∏è‚É£ Permissions assigned - waiting for propagation...\n")
    print("‚ö†Ô∏è  Azure RBAC permission propagation can take up to 5-10 minutes.")
    print("   Container will remain at replicas=0 state.\n")
    
    print("üìã Next steps:")
    print("   1. Verify all 'Required Roles Verification' above are ‚úÖ")
    print("   2. Wait about 2-3 minutes")
    print("   3. Run the next cell (Section 7) to start the Container")
    
    print("\n" + "="*60)
    print("‚úÖ Permissions configured successfully!")
    print(f"\nüåê Endpoint: {FRAMEWORK_ENDPOINT}")
    print(f"\n‚è≥ Wait for permission propagation before running the next cell!")
else:
    print(f"‚ùå Deployment failed: {result.stderr}")
    FRAMEWORK_ENDPOINT = None

print("\n" + "="*60)


## 7. Start Agent Framework Service

After permission propagation completes, run this cell to start the Container.

**When to execute:**
- ‚è∞ **Wait 2-3 minutes** after Section 6 completes
- ‚ö†Ô∏è If permission errors occur: Wait an additional 2-3 minutes and retry


In [None]:
# Scale to 1 replica
scale_cmd = f"""
az containerapp update \
    --name {framework_app_name} \
    --resource-group {RESOURCE_GROUP} \
    --min-replicas 1 \
    --max-replicas 1
"""

print("üöÄ Scaling to 1 replica...")
result = subprocess.run(scale_cmd, shell=True, capture_output=True, text=True, timeout=120)

if result.returncode == 0:
    print("‚úÖ Agent Framework Service started successfully!")
    print(f"\nüåê Endpoint: {FRAMEWORK_ENDPOINT}")
    print("\nüí° It takes about 30 seconds for the Container to start.")
    print(f"   View logs: az containerapp logs show --name {framework_app_name} --resource-group {RESOURCE_GROUP} --tail 50")
else:
    print(f"‚ùå Failed to start: {result.stderr}")

print("\n" + "="*60)


## 8. Test Deployed Agent Framework

**‚úÖ Foundry Agent vs Agent Framework - Monitoring & Tracing:**

**Foundry Agent (Lab 3):**
- ‚úÖ Automatic Application Analytics collection
- ‚úÖ Automatic Tracing activation (Azure Agent Service built-in feature)
- ‚úÖ Execution flow viewable in AI Foundry portal

**Agent Framework (Lab 4 - Current):**
- ‚úÖ **Application Analytics collection available** (OpenTelemetry implemented)
- ‚úÖ **Tracing enabled** (custom instrumentation code implemented)
- ‚úÖ **Execution flow viewable in AI Foundry portal**
- üìä **Additional implemented features:**
  - Router intent classification tracking
  - Executor execution time measurement
  - Tool Agent MCP call detailed tracking
  - Research Agent RAG search tracking
  - Orchestrator parallel execution tracking

> üí° **Advantage of Agent Framework**:  
> Code-centric approach enables **complete customization**,  
> and direct OpenTelemetry implementation provides **fine-grained monitoring**.

**Tracing hierarchy structure:**
```
üìä api.chat (HTTP Request)
  ‚îî‚îÄ ü§ñ agent_framework.workflow
      ‚îú‚îÄ üß≠ workflow.router (Intent Classification)
      ‚îÇ   ‚îú‚îÄ router.method: rule_based / ai_based
      ‚îÇ   ‚îî‚îÄ router.intent: tool / research / orchestrator / general
      ‚îÇ
      ‚îî‚îÄ ‚öôÔ∏è workflow.executor.{type}
          ‚îú‚îÄ tool_agent.execute ‚Üí mcp_call
          ‚îú‚îÄ research_agent.execute ‚Üí search + generate
          ‚îú‚îÄ general_agent.execute
          ‚îî‚îÄ orchestrator.parallel_execution
```

**Workflow execution flow:**
1. Router Executor: Intent classification (tool/research/orchestrator/general)
2. Message routing to corresponding Executor
3. Output collection through Workflow Context
4. Return integrated response
5. **All steps recorded in Azure AI Foundry Tracing**


In [None]:
import requests
import json

print("=== Testing Deployed Agent Framework Service ===\n")

if not FRAMEWORK_ENDPOINT:
    print("‚ùå FRAMEWORK_ENDPOINT is not set!")
    print("   Please run Section 6 first.\n")
else:
    print(f"üåê Agent Framework Endpoint: {FRAMEWORK_ENDPOINT}\n")
    
    # 1. Health check
    print("1Ô∏è‚É£ Health Check:")
    try:
        response = requests.get(f"{FRAMEWORK_ENDPOINT}/health", timeout=10)
        if response.status_code == 200:
            print(f"   ‚úÖ Health: {response.json()}\n")
        else:
            print(f"   ‚ùå Health check failed: {response.status_code}\n")
    except Exception as e:
        print(f"   ‚ùå Error: {e}\n")
    
    # 2. Check root endpoint
    print("2Ô∏è‚É£ Agent Framework Status:")
    try:
        response = requests.get(f"{FRAMEWORK_ENDPOINT}/", timeout=10)
        if response.status_code == 200:
            status = response.json()
            print(f"   ‚úÖ Status: {status.get('status')}")
            print(f"   üìã Framework: {status.get('framework')}")
            print(f"   üîß Agents:")
            for agent_name, available in status.get('agents', {}).items():
                icon = "‚úÖ" if available else "‚ùå"
                print(f"      {icon} {agent_name}: {available}")
            print()
        else:
            print(f"   ‚ùå Status check failed: {response.status_code}\n")
    except Exception as e:
        print(f"   ‚ùå Error: {e}\n")
    
    print("="*70)
    print("\nüí° Agent Framework Service is running normally!")
    print("   Test Workflow execution in the next cell.\n")
    print("   MCP server uses wttr.in API to provide real-time weather information.\n")
    print("="*70)


## 9. Test Workflow Pattern (Various Questions)

Send various questions to the deployed Agent Framework to test Workflow execution.

**Router intent classification:**
- **tool**: Simple tool execution (weather)
- **research**: Simple knowledge search (RAG)
- **orchestrator**: Complex query (tool + knowledge)
- **general**: General conversation

---

### üìö Research Agent Citation Feature

When Research Agent answers using Azure AI Search, it **automatically displays citations (sources)**:

**Citation format:**
- `„Äê1:0‚Ä†source„Äë` = First search result document
- `„Äê2:0‚Ä†source„Äë` = Second search result document
- `„Äê3:0‚Ä†source„Äë` = Third search result document

**Example response:**
```
üìö [RAG-based Answer]

RAG pattern is a retrieval-augmented generation approach„Äê1:0‚Ä†source„Äë.
Main advantages include improved accuracy and reduced hallucination„Äê2:0‚Ä†source„Äë.
It can perform hybrid search by integrating with Azure AI Search„Äê1:0‚Ä†source„Äë„Äê3:0‚Ä†source„Äë.
```

**How it works:**
1. Research Agent searches knowledge base with Azure AI Search
2. Top 5 search results injected into LLM context ([Document 1], [Document 2] format)
3. Prompt instructs LLM to cite sources in `„ÄêN:0‚Ä†source„Äë` format
4. LLM automatically cites relevant documents when generating answer
5. Citations are naturally included in the answer text

> üí° **Difference from Lab 3:** Lab 3's Azure AI Foundry `AzureAISearchTool` automatically generates citations, while Lab 4 implements the same format (`„ÄêN:0‚Ä†source„Äë`) with custom code to provide a consistent user experience.


In [None]:
# Test Agent Framework Workflow
import requests
import json
import time
import statistics

print("=== Agent Framework Workflow Test ===\n")

# Test cases (3 total)
test_cases = [
    {
        "message": "Hello",
        "description": "General Executor (general conversation) - Warmup"
    },
    {
        "message": "Please tell me the current weather in Seoul. Include temperature, feels-like temperature, weather condition, humidity, and wind information.",
        "description": "Tool Executor (weather query - wttr.in API)"
    },
    {
        "message": "Please recommend tourist attractions in Jeju Island",
        "description": "Research Executor (knowledge search - Jeju Island travel)"
    }
]

success_count = 0
fail_count = 0
latencies = []

for i, test in enumerate(test_cases, 1):
    print(f"{'='*70}")
    print(f"[Test {i}/{len(test_cases)}]")
    print(f"Question: {test['message']}")
    print(f"Expected path: {test['description']}")
    print(f"{'='*70}")
    
    try:
        start_req = time.perf_counter()
        response = requests.post(
            f"{FRAMEWORK_ENDPOINT}/chat",
            json={"message": test['message']},
            headers={"Content-Type": "application/json"},
            timeout=90
        )
        elapsed_req = (time.perf_counter() - start_req) * 1000
        
        if response.status_code == 200:
            result = response.json()
            full_resp = result.get('response', 'No response') or ''
            print(f"\n‚úÖ Response successful (HTTP {response.status_code}) - {elapsed_req:.1f} ms")
            latencies.append(elapsed_req)
            print(f"\nüìù Workflow response:")
            print(full_resp)
            print()
            success_count += 1
        else:
            print(f"\n‚ùå Request failed (HTTP {response.status_code})")
            print(f"Error: {response.text[:200]}")
            print()
            fail_count += 1
        
    except Exception as e:
        print(f"\n‚ùå Error occurred: {e}")
        print()
        fail_count += 1
    
    if i < len(test_cases):
        time.sleep(2)

print("="*70)
print(f"\nüìä Test Results:")
print(f"   ‚úÖ Success: {success_count}/{len(test_cases)}")
print(f"   ‚ùå Failed: {fail_count}/{len(test_cases)}")
print(f"\nüí° Weather information is provided in real-time from wttr.in API.")


## üìç Next Steps

You've completed deploying the MAF-based Agent! Now proceed to the next notebooks in order:

1. **Notebook 05**: MAF Workflow Patterns Practice (`05_maf_workflow_patterns.ipynb`)
2. **Notebook 06**: MAF Dev UI Practice (`06_maf_dev_ui.ipynb`)
3. **Notebook 07**: Agent Evaluation (`07_evaluate_agents.ipynb`)
