Bump agent-framework from 1.7.0 to 1.9.0

[dependabot]

Bumps agent-framework from 1.7.0 to 1.9.0.

Release notes

Sourced from agent-framework's releases.

python-1.9.0

[1.9.0] - 2026-06-18

Added

• agent-framework-core: Add AgentLoopMiddleware for re-running agents in a loop (#6174)
• agent-framework-core: Integrate tool approval into the harness agent (#6522)
• agent-framework-core: Add tool approval middleware (#6414)
• agent-framework-core: Integrate the shell tool into the harness agent (#6451)
• agent-framework-core: Capture context provider instructions in agent telemetry (#6515)
• agent-framework-core, agent-framework-ag-ui: Add opt-in AG-UI thread snapshot persistence and hydration (#6471)
• agent-framework-foundry-hosting: Emit failed events for hosted agent responses (#6502)

Changed

• agent-framework-core: [BREAKING] Add sampling guardrails to MCP tools — deny server-initiated sampling by default and add sampling_approval_callback, sampling_max_tokens, and sampling_max_requests parameters (#6413)
• agent-framework-core: [BREAKING] Align FileAccess tools with .NET, adding directory discovery and recursive search (#6476)
• agent-framework-declarative: [BREAKING] Additional fixes for declarative workflow execution (#6489)
• agent-framework-azure-contentunderstanding: Adopt azure-ai-contentunderstanding to_llm_input in the CU context provider (#5796)
• agent-framework-orchestrations: Promote to stable (1.0.0)

Fixed

• agent-framework-core: Stop forwarding the unsupported function_invocation_configuration kwarg from as_agent (#6520)
• agent-framework-core: Fix MCP allowed_tools empty-list handling (#6296)
• agent-framework-core: Disable harness compaction when max tokens are not provided (#6410)
• agent-framework-core: Parse MCP CallToolResult.structuredContent to prevent tool results returning None (#6421)
• agent-framework-core: Catch bare ImportError during hosted-environment detection so optional Foundry hosting probing cannot crash user-agent setup
• agent-framework-anthropic, agent-framework-core, agent-framework-openai: Fix OTel usage detail attributes (#6493)
• agent-framework-foundry, agent-framework-openai: Fix Azure AI Search citation URLs (#6453)
• agent-framework-foundry: Fix aiohttp dependency specification (#6567)
• agent-framework-declarative: Fix declarative workflow execution (#6468)
• samples: Fix harness console rendering a single streamed tool call multiple times (#6549)
• samples: Fix ollama_chat_client.py to pass tools via the options dict (#6480)

Full Changelog: microsoft/agent-framework@python-1.8.1...python-1.9.0

python-1.8.1

[1.8.1] - 2026-06-09

Added

• agent-framework-core: Add MCP client OTel spans per GenAI semantic conventions (#6349)
• agent-framework-core: Add MCP long-running task support (#6319)

Changed

• agent-framework-claude: Bump claude-agent-sdk to 0.2.87 (#6248)
• agent-framework-core: Document checkpoint storage security model and deserialization trust boundaries (#6295)
• agent-framework-azurefunctions: Document checkpoint storage security model and deserialization trust boundaries (#6295)

Fixed

• agent-framework-core: Filter MCP tool kwargs to declared params via allowlist (#6399)
• agent-framework-core: Fix per-service-call history persistence with server-storing clients (#6310)
• agent-framework-openai: Use getattr for non-OpenAI provider response compatibility (#6270)

... (truncated)

Commits

• afa7834 Updating dotnet package versions for 1.9 release (#6314)
• c6951c2 Python: Add MCP-based skills discovery (McpSkillsSource) (#6169)
• a982428 .NET: Bug fixes for AGUI hosting and workflows (#6311)
• 90a3e5d .NET: Add ILoggerFactory and IServiceProvider to HarnessAgent constructor (#6...
• 49a6e43 Python: progressive tool exposure via FunctionInvocationContext (#6233)
• 6086a74 Python: Promote agent-framework-declarative package to RC (#6256)
• fa8cfb7 Python: Fix FoundryAgent stripping model from PromptAgent requests (#5526)
• 6de4c24 .NET: Promote Workflows.Declarative packages to stable versions (#6254)
• a5f355e Python: Fix OTLP HTTP base-endpoint losing /v1/{signal} auto-append (#5913)
• 0cf4892 .NET: Add Hosted-ToolboxMcpSkills sample (#6175)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)