Azure.AI.AgentServer.Responses_1.0.0-beta.2

1.0.0-beta.2 (2026-04-17)

Features Added

• Added chat isolation key enforcement across all endpoints. When a response is created with
  x-agent-chat-isolation-key, all subsequent GET, Cancel, DELETE, and InputItems calls must
  include the same key. Mismatched or missing keys return 404 (indistinguishable from not-found)
  to ensure tenant isolation.
• Added x-agent-session-id response header on all protocol endpoints (POST, GET, Cancel,
  Delete, InputItems). The resolved session ID is echoed as a response header per spec §8,
  with fallback to the FOUNDRY_AGENT_SESSION_ID environment variable for error responses.
• Added validation for malformed response IDs in both the response_id path parameter and the
  previous_response_id request body field. IDs that do not match the expected format (prefix
  and length) are rejected with 400 and a descriptive error message.
• Added metadata constraint validation: metadata maps are limited to 16 keys with key length ≤ 64
  and value length ≤ 512 characters, enforced via the validator pipeline.
• Added deterministic agent_session_id derivation: SHA-256 hash of
  "{agent_name}:{agent_version}:{partition_hint}" truncated to 63 lowercase hex chars.
  Falls back to random hex when no conversational context is available.
• Added eager eviction of completed ResponseExecution entries from the in-flight tracker,
  reducing memory pressure for long-running servers.
• Added FoundryStorageLoggingPolicy — an Azure.Core per-retry pipeline policy that logs every
  outbound Foundry storage API call with HTTP method, URI, status code, duration, and correlation
  headers (x-ms-client-request-id, x-ms-request-id, x-request-id, apim-request-id).
• Added structured Information-level logging to all Responses API endpoints (GET, Cancel, Delete,
  InputItems) with response ID context. The POST /responses creation log now includes response ID,
  conversation ID, previous response ID, and store flag for full request traceability.
• Added isolation key presence logging (HasUserIsolationKey, HasChatIsolationKey) to all
  endpoint handler logs and outbound Foundry storage request logs. Key values are never logged.
• Added startup configuration logging: storage provider type, default model, fetch history count,
  and event stream TTL are logged at Information level when the host starts.
• Added server version User-Agent header on all outbound Foundry storage API requests. The
  composed identity from ServerVersionRegistry (including developer-registered segments) is
  prepended to the standard Azure.Core user-agent, read lazily per-request.
• Added Foundry storage URL masking in diagnostic logs: everything before /storage is redacted
  and query parameters are stripped (except api-version) to prevent leaking account and project
  information.
• Added inbound request logging for Tier 1 and Tier 2 setups (via ResponsesServer.Run() or
  AgentHost.CreateBuilder()). All incoming HTTP requests are logged with method, path, status
  code, duration, and correlation headers (x-request-id, x-ms-client-request-id).

Breaking Changes

• Made ResponsesActivitySource internal. The activity source is managed by
  the framework; handlers do not need to create tracing activities directly.
• Made ResponsesTracingConstants internal. The tracing tag, baggage, and log scope
  constants are implementation details not needed by handler authors.

Bugs Fixed

• Fixed error response shapes to match the container specification: invalid_request_error type
  for 400 errors and not_found message format.
• Fixed cancel-after-terminal to return invalid_request_error type with the correct error shape
  per the specification.
• Fixed DELETE endpoint to return 404 (not 400) when the response ID does not exist, aligning
  with the specification.
• Fixed cancel-after-delete to return 404 (not-found) per the specification.