refactor: enhance error logging, escape HTML and remove unused state update tes…

[Kingshuk-Microsoft]

Purpose

This pull request introduces several improvements across the backend and frontend codebases, focusing on better error logging, enhanced security for frontend configuration, and minor code and dependency cleanups. The most significant changes include replacing silent exception handling with debug logging for agent lifecycle events, escaping environment variables before injecting them into the frontend, and removing unnecessary state management and peer dependency flags.

Backend Improvements:

• Added debug logging for agent lifecycle exception handling in lifecycle.py, replacing silent exception swallowing with informative log messages when agent registration, closing, or unregistration fails. This improves observability and troubleshooting for agent state transitions. [1] [2] [3]

Frontend Improvements:

• Escaped environment variable values (API_URL, ENABLE_AUTH) before injecting them into the frontend config to prevent potential HTML injection vulnerabilities.
• Removed the unnecessary raiError state and related code from HomeInput.tsx, simplifying the component's state management. [1] [2] [3] [4]

Dependency and Test Cleanups:

• Removed the "peer": true flag from multiple dependencies in package-lock.json to clean up the dependency tree and avoid unnecessary peer dependency warnings. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23]
• Cleaned up unused imports in test modules for test_foundry_integration.py and test_human_approval_manager.py. [1] [2]

Does this introduce a breaking change?

• Yes
• No

How to Test

• Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

What to Check

GP Testing

[Copilot]

Pull request overview

This pull request enhances error observability in the backend, attempts to improve security in the frontend configuration endpoint, and performs code cleanup by removing unused state management and dependencies. The changes focus on replacing silent exception handling with debug logging, escaping environment variables for HTML injection prevention, and cleaning up unused imports and peer dependency flags.

Key Changes

• Added debug logging for agent lifecycle exception handling in lifecycle.py to improve observability when agent registration, closing, or unregistration fails
• Applied HTML escaping to environment variables (API_URL, ENABLE_AUTH) in the frontend configuration endpoint
• Removed unused raiError state and related code from HomeInput.tsx component

Reviewed changes

Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/backend/v4/magentic_agents/common/lifecycle.py	Replaced silent exception handling with debug logging for agent lifecycle events (registration, closing, unregistration)
src/frontend/frontend_server.py	Added HTML escaping to environment variables before returning them in the /config endpoint
src/frontend/src/components/content/HomeInput.tsx	Removed unused raiError state variable and its associated setter calls
src/tests/agents/test_human_approval_manager.py	Removed unused MStep import
src/tests/agents/test_foundry_integration.py	Removed unused BingConfig import
src/frontend/package-lock.json	Removed "peer": true flags from multiple dependencies and minor version updates
package-lock.json	Added new empty root-level package-lock.json file

Files not reviewed (1)

• src/frontend/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

HTML escaping is not necessary for JSON API responses. The /config endpoint returns a JSON dictionary, not HTML content. HTML escaping is intended for values that will be embedded in HTML templates, but FastAPI's JSONResponse (the default for dict returns) already handles proper JSON encoding. Using html.escape() here will double-escape special characters when the values are used in the frontend JavaScript, potentially breaking URLs or configuration values that contain HTML special characters like &.