Python: Update FHA with toolbox sample with more auth methods

[TaoChenOSU]

Motivation & Context

Addresses #5684

Toolbox deployment flow has changed significantly. This PR brings the latest to the FHA + Toolbox sample.

Description & Review Guide

• What are the major changes?
  • Added toolbox.yaml, which is the new toolbox definition format used to deploy toolbox resources using azd
  • Update agent.manifest.yaml because of the above
  • Add 2 more tools to the sample that shows Agent identity authentication and Entra Pass-through authentication
  • Added two querying the tool catalog for linux and windows
• Update README
• What is the impact of these changes?
  • A more accurate sample showing customers the latest features
• What do you want reviewers to focus on?
  • The README

Related Issue

Addressed part of #5684

Contribution Checklist

• The code builds clean without any errors or warnings
• All unit tests pass, and I have added new tests where possible
• The PR follows the Contribution Guidelines
• This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).
• This is not a breaking change. If it is a breaking change, add the breaking change label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.

[Copilot]

Pull request overview

Updates the Python Foundry Hosted Agents (Responses) “Foundry Toolbox” sample to match the newer toolbox deployment flow (standalone toolbox.yaml) and to demonstrate additional toolbox/MCP authentication modes via project connections.

Changes:

• Added a toolbox.yaml definition (plus helper scripts) to drive toolbox creation via azd ai toolbox create.
• Switched the sample to use TOOLBOX_ENDPOINT (and updated manifest/agent yaml + env example accordingly).
• Updated the sample README with end-to-end setup guidance for toolbox + multiple auth modes.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/toolbox.yaml	New toolbox definition containing multiple tool sources behind one MCP endpoint.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/scripts/list-foundry-connectors.sh	New bash helper to list connectors / fetch connector details from the Foundry tools catalog.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/scripts/list-foundry-connectors.ps1	New PowerShell helper to list connectors / fetch connector details from the Foundry tools catalog.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/requirements.txt	Updates dependencies to the Foundry-specific package set for this sample.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/README.md	Expanded setup/run/deploy docs aligned to the new toolbox flow and auth modes.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/main.py	Uses TOOLBOX_ENDPOINT and improves toolbox name derivation from endpoint URLs.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/agent.yaml	Updates hosted-agent env var wiring to pass TOOLBOX_ENDPOINT.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/agent.manifest.yaml	Updates manifest to accept TOOLBOX_ENDPOINT and removes embedded toolbox/connection provisioning.
python/samples/04-hosting/foundry-hosted-agents/responses/04_foundry_toolbox/.env.example	Renames env var to TOOLBOX_ENDPOINT.

[github-actions]

Automated Code Review

Reviewers: 5 | Confidence: 88% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach

---

Automated review by TaoChenOSU's agents

[github-actions]

Automated Code Review

Reviewers: 4 | Confidence: 89%

✓ Correctness

The PR is largely well-structured with good error handling improvements. Two correctness issues found: (1) the bash helper script uses set -e which causes the script to exit before reaching the user-friendly error message when az fails, and (2) a comment in agent.manifest.yaml uses my-toolbox while the rest of the sample consistently uses agent-tools.

✓ Security Reliability

The PR is clean from a security and reliability standpoint. The shell script properly uses jq --arg for safe JSON construction (avoiding the injection risk from the earlier review). The Python code properly validates environment variables and wraps KeyError in a descriptive ValueError. URL parsing uses urlsplit safely. The PowerShell script uses ConvertTo-Json for proper serialization. No secrets are hardcoded, no unsafe deserialization, and resource management (httpx AsyncClient) uses async context managers correctly.

✓ Test Coverage

The PR renames the environment variable from FOUNDRY_TOOLBOX_ENDPOINT to TOOLBOX_ENDPOINT and changes the fallback error from KeyError to ValueError, but the existing test file (python/tests/samples/hosting/test_toolbox_endpoint.py) was not updated to match. Additionally, the new _toolbox_name_from_endpoint() helper has non-trivial URL parsing logic but no test coverage.

✓ Failure Modes

The Python code changes are well-structured with proper error handling (KeyError wrapped in ValueError with a clear message, safe URL parsing fallback). The shell script has one failure-mode issue where set -e causes the script to abort before reaching the user-friendly error message when az token acquisition fails. The rest of the changes are config/documentation updates with no operational failure concerns.

---

Automated review by TaoChenOSU's agents