Summary
The AIProjectClient GetAIAgentAsync extension method currently resolves a Foundry agent by name only. There doesn’t appear to be a way to pin resolution to a specific agent version.
Why this matters
This creates a security problem. If a malicious or unauthorized user updates the agent in Foundry (for example changing instructions, tools, or other behavior), application code that calls GetAIAgentAsync by name will automatically start executing the new version without any code change, config change, or deployment.
That effectively makes agent behavior mutable at runtime and breaks normal change-control and deployment safety expectations.
Requested change
Please add support to resolve a Foundry agent by both name and version (or another immutable versioned identifier).
For example, something conceptually like:
- GetAIAgentAsync(new ChatClientAgentOptions { Name = "my-agent", Version = "1.2.3" })
- or an overload that accepts name + version
- or a way to bind to an immutable agent revision ID
Current behavior
Only agent name can be provided, so the resolved agent can change over time outside the application’s deployment process.
Expected behavior
Applications should be able to pin the exact Foundry agent version they intend to run.
Example call site
The current usage pattern looks like:
await _projectClient.GetAIAgentAsync(new ChatClientAgentOptions { Name = _options.MainAgentName }, cancellationToken);
That should be able to include a version so the application does not silently pick up new instructions or tools.
Summary
The AIProjectClient GetAIAgentAsync extension method currently resolves a Foundry agent by name only. There doesn’t appear to be a way to pin resolution to a specific agent version.
Why this matters
This creates a security problem. If a malicious or unauthorized user updates the agent in Foundry (for example changing instructions, tools, or other behavior), application code that calls GetAIAgentAsync by name will automatically start executing the new version without any code change, config change, or deployment.
That effectively makes agent behavior mutable at runtime and breaks normal change-control and deployment safety expectations.
Requested change
Please add support to resolve a Foundry agent by both name and version (or another immutable versioned identifier).
For example, something conceptually like:
Current behavior
Only agent name can be provided, so the resolved agent can change over time outside the application’s deployment process.
Expected behavior
Applications should be able to pin the exact Foundry agent version they intend to run.
Example call site
The current usage pattern looks like:
await _projectClient.GetAIAgentAsync(new ChatClientAgentOptions { Name = _options.MainAgentName }, cancellationToken);
That should be able to include a version so the application does not silently pick up new instructions or tools.