Picture by Editor
# Introduction
The Agent Framework Dev Challenge is a neighborhood initiative offering hands-on, developer-focused coaching supplies for constructing AI brokers utilizing trendy frameworks and tooling, with its Agent Framework Dev Day hosted by the Boston Azure AI Group and sponsored by Microsoft. The Microsoft Agent Framework, launched in October 2025, extends each Semantic Kernel and AutoGen right into a unified strategy for constructing manufacturing agentic programs. Paired with the Microsoft Foundry platform, it offers observability, security configuration, and enterprise-grade operational controls on prime of the core framework. Working by means of the framework’s Python content material reveals 4 interconnected technical domains, every one constructing immediately on the final, and every grounded in patterns that apply to actual deployed programs.
# Treating Security as an Empirical Measurement Downside
Most agentic tutorials deal with security as a footnote. The higher place to begin is to make security the very first thing a developer sees and measures earlier than writing a single line of agentic logic, grounding the remainder of the work in a practical image of what unguarded fashions really do.
The instrument for this can be a dual-model comparability runner. The identical immediate is shipped concurrently to 2 deployed situations of gpt-4.1-mini: one with Microsoft Foundry security guardrails enabled, one with these guardrails diminished. Outcomes seem side-by-side within the terminal, together with response textual content and latency for every mannequin, making the behavioral distinction between the 2 deployments inconceivable to dismiss as theoretical.
The default immediate is intentionally provocative: a request for directions on making a selfmade explosive. The guarded mannequin refuses. The unguarded mannequin could not. Each responses floor in the identical interface, on the identical {hardware}, on the identical time. The distinction is rapid and concrete relatively than hypothetical.
From there, the comparability opens to a few enter classes value probing:
- Profanity filterable through curated blocklists in Microsoft Foundry
- Authorities identifiers akin to Social Safety Numbers (SSNs)
- Different personally identifiable data (PII)
Every maps to an actual class of enterprise compliance concern, and every produces observable variations between the 2 deployments, giving builders a direct sense of the place guardrails interact and the place gaps stay.
Latency deserves consideration right here, not simply response content material. Security guardrails introduce measurable overhead, and that tradeoff is value quantifying relatively than assuming away. A 3rd regime — fashions operating with default settings between the 2 extremes — reinforces that security is a configurable spectrum relatively than a binary toggle, one which engineers actively tune primarily based on software context.
The underlying code makes use of the framework’s AzureAIClient to spin up short-lived brokers for every mannequin, runs each through asyncio.collect, and surfaces token counts alongside timing knowledge. The structure is deliberately minimal. The purpose is the comparability, not the infrastructure surrounding it.
The broader lesson: an agent that completes a job isn’t the identical as an agent that completes a job responsibly beneath real-world inputs, and understanding that distinction early shapes each architectural determination that follows.
# Connecting Brokers to the World with the Mannequin Context Protocol
The Mannequin Context Protocol (MCP) is a common adapter that enables AI brokers to hook up with knowledge sources and instruments by means of a standardized protocol, with out requiring adjustments to the agent shopper when the underlying service adjustments, which makes it a sensible basis for constructing brokers that work together with evolving enterprise programs.
The structure has three parts. A number software (the AI agent) connects by means of an MCP shopper to a number of MCP servers, every of which exposes instruments, assets, and prompts. Servers will be native or distant, and the shopper code doesn’t change to accommodate both, which retains the agent layer cleanly decoupled from infrastructure selections.
Two transport mechanisms cowl the principle deployment situations:
// STDIO Transport
STDIO transport runs the MCP server as a subprocess speaking by means of normal enter and output. This fits native instruments and CLI integrations the place low latency and tight course of coupling are fascinating.
// HTTP/SSE Transport
HTTP/SSE transport runs the server as an online service speaking over HTTP with Server-Despatched Occasions (SSE). This fits cloud companies and shared tooling that a number of brokers want to succeed in concurrently throughout distributed environments.
A concrete four-component implementation on a assist ticket area makes these patterns tangible. The mcp_local_server exposes 4 instruments through STDIO: GetConfig, UpdateConfig, GetTicket, and UpdateTicket. The mcp_remote_server is a FastAPI REST API operating on port 5060 managing the identical ticket knowledge as a correct service layer. The mcp_bridge runs on port 5070 and interprets between HTTP/SSE and abnormal HTTP calls to the REST backend. The mcp_agent_client consumes all of those concurrently, discovering instruments from every server dynamically and changing them into the function-calling format that Azure OpenAI expects, all inside a single agent session.
The architectural perception with essentially the most important enterprise implications: wrapping an present REST API with an MCP bridge requires no modification to the backend in anyway. Any service already exposing HTTP endpoints turns into accessible to an AI agent with out touching that service’s personal code, which dramatically lowers the mixing price for organizations with giant present API surfaces.
The total agentic loop constructed right here covers instrument discovery at runtime, dynamic perform conversion, mannequin invocation, instrument dispatch, and end result ingestion again into context, all constructed from first ideas utilizing the MCP SDK and Azure OpenAI, giving builders a whole image of how every layer connects.
# Orchestrating Workflow Patterns: Sequential, Concurrent, and Human-in-the-Loop
Workflow orchestration is the place particular person brokers begin functioning as coordinated programs able to dealing with issues too advanced for any single mannequin name to resolve cleanly by itself.
All three patterns function on the identical SupportTicket knowledge mannequin, carrying fields like ticket ID, buyer title, topic, description, and precedence. Utilizing the identical area throughout all three patterns is deliberate: the aim is to observe similar knowledge transfer by means of basically totally different processing architectures and observe what adjustments concerning the output, the latency, and the management floor accessible to the operator.
// Sequential Workflow
A high-priority ticket from a buyer unable to log in after a password reset strikes from consumption by means of an AI categorization step, which classifies and summarizes the problem in structured JSON, after which right into a response era step. The output is a whole, customer-ready reply that acknowledges urgency, provides concrete subsequent steps, and contains the ticket quantity. Your complete pipeline runs with out human intervention, and every step’s output is seen earlier than it passes to the subsequent, making the info transformation at every stage express and inspectable.
// Concurrent Workflow
A buyer reporting each a reproduction cost and a crashing software in the identical message exposes the boundaries of a sequential single-agent pipeline. Billing and technical issues require totally different experience, and routing each by means of a single agent produces a weaker end result than routing every to a specialist who can purpose deeply inside a narrower area.
The concurrent sample followers the query out to a billing professional agent and a technical professional agent concurrently. The billing agent addresses the duplicate cost and recommends a refund path. The technical agent focuses on cache clearing and reinstallation steps for the crashing software. Neither agent makes an attempt to deal with each domains. The aggregated end result provides the client a whole reply that no single specialist might have produced alone, and the response time is bounded by the slower of the 2 brokers relatively than their sum.
// Human-in-the-Loop Workflow
The very best-stakes case includes a buyer requesting a full refund on an annual premium subscription bought one week prior. The AI generates a draft response accurately invoking the 14-day money-back assure coverage and providing to course of cancellation instantly. Then execution stops, and management passes explicitly to a human reviewer earlier than something is shipped.
The supervisor receives the complete draft and three express selections: approve and ship as written, edit earlier than sending, or escalate to administration. On approval, the system data the motion, updates the ticket standing to resolved, and logs that the response was permitted with out modification, creating a whole audit path of the choice.
What operating this sample makes concrete is one thing workflow diagrams are likely to obscure: the human-in-the-loop pause isn’t a failure mode or an exception path. It’s a designed, first-class cease within the workflow. The system waits for it with out polling or timeout. That is the sample that makes AI-assisted processes auditable and defensible in regulated or high-stakes environments, and it deserves to be handled as a peer to the absolutely automated alternate options relatively than a fallback of final resort.
Extending every sample deepens the understanding significantly. Including a sentiment evaluation agent earlier than categorization within the sequential pipeline, including a safety or account specialist to the concurrent fan-out, including new supervisor actions like “Request Extra Information” to the human-in-the-loop step, and composing sequential and concurrent patterns right into a single hybrid workflow all require understanding how the executor lessons, shared shopper manufacturing unit, and knowledge fashions join throughout the complete system.
# Transferring from RAG to Agentic RAG
Commonplace retrieval-augmented era (RAG) purposes are easy to get began with however encounter query sorts that primary retrieval handles poorly, and people limitations are likely to floor shortly as soon as actual customers begin interacting with the system. Sure/no questions, counting queries, and multi-hop reasoning all stress the assumptions of a single embedding-lookup pipeline in ways in which grow to be instantly seen in manufacturing.
The development by means of this drawback strikes throughout 4 phases: ingestion, easy RAG, superior RAG, and agentic RAG. The sequencing is intentional. Encountering the constraints of naive retrieval first makes the architectural shift to agentic retrieval significant relatively than summary, as a result of the gaps within the easier strategy are already seen earlier than the answer is launched.
The answer makes use of the Microsoft Agent Framework with a Handoff workflow orchestration sample, writing specialised brokers that carry out particular search capabilities backed by Azure AI Search. The Handoff sample routes a question to essentially the most applicable specialist agent relatively than sending each query by means of a single retrieval pipeline, which suggests every agent will be optimized for the question sort it’s designed to deal with. Implementation covers 4 steps: preliminary setup, a sure/no search agent, a depend search agent, and the remaining specialist brokers, every one including a brand new retrieval functionality to the general system.
The architectural shift from normal RAG is critical and price making express. Quite than a single retrieval pipeline making an attempt to deal with all question sorts with the identical technique, an orchestrator dispatches to brokers specialised for various retrieval approaches, with Azure AI Search serving because the shared data spine that each one specialist brokers draw from. The result’s a system able to answering the complete vary of query sorts that normal RAG purposes battle with, together with questions that require reasoning over retrieved outcomes relatively than merely returning them.
# Understanding Why These 4 Matters Belong Collectively
The development displays a coherent view of what production-ready agentic improvement really requires, and the order through which the subjects seem isn’t arbitrary. Security comes first as a result of it reframes what working code means in an agentic context, establishing from the outset that functionality and accountable habits are separate properties that have to be measured independently. MCP establishes how brokers talk with exterior instruments and companies in a standardized, interoperable method — together with the perception that present APIs will be bridged with none backend modification, which makes it sensible to attach brokers to actual enterprise programs relatively than purpose-built toy backends. Workflow patterns set up how a number of brokers coordinate and, critically, when to pause for a human, introducing the management constructions that make agentic programs reliable sufficient to deploy in consequential settings. Agentic RAG demonstrates how data retrieval scales past easy lookup to deal with the complete vary of query sorts actual customers ask, finishing the image of what a manufacturing data system constructed on this framework seems to be like.
Taken collectively, the 4 domains transfer from habits commentary to structure development to system operation. That development is what separates a working prototype from a deployable system, and understanding every layer makes the subsequent one significantly simpler to purpose about.
Rachel Kuznetsov has a Grasp’s in Enterprise Analytics and thrives on tackling advanced knowledge puzzles and trying to find recent challenges to tackle. She’s dedicated to creating intricate knowledge science ideas simpler to grasp and is exploring the varied methods AI makes an influence on our lives. On her steady quest to study and develop, she paperwork her journey so others can study alongside her. Yow will discover her on LinkedIn.
