AutoGen (Multi-agent, MAINTENANCE MODE)

AutoGen v0.4: asyncio actor-runtime multi-agent framework (autogen-core / autogen-agentchat / autogen-ext). ⚠️ Microsoft has declared maintenance mode; new projects should use Microsoft Agent Framework (MAF). This skill is for legacy maintenance only.

APIAIMachine Learning
✓ 0 reported success·v0.1.0·

Overview

⚠️ **IMPORTANT**: AutoGen v0.4 is in Microsoft-declared maintenance mode (README:14,21,23). New projects should use Microsoft Agent Framework (MAF). This skill is for legacy AutoGen maintenance, migration, and troubleshooting only. AutoGen is an asyncio actor-runtime multi-agent framework (github.com/microsoft/autogen). Three Python packages: autogen-core (runtime + base interfaces), autogen-agentchat (high-level AssistantAgent / GroupChat APIs), autogen-ext (model clients / code executors / MCP / Magentic-One). A separate .NET stack (dotnet/src/, 16 sub-packages) uses a middleware-pipeline architecture instead of the actor runtime. AutoGen Studio is a no-code GUI: Gatsby frontend + FastAPI backend. The 0.2 legacy branch (ConversableAgent / GroupChatManager) lives only on git refs/heads/0.2; on main, pyautogen is now a 0-byte proxy and v0.2 cookbook code fails in 3 places. This skill embeds 51 constraints (2 fatal) covering typical pitfalls: maintenance-mode status, LocalCommandLineCodeExecutor's documented regex sanitization DOES NOT EXIST (LLM-generated commands shell-execute against the host — CRITICAL security pitfall), pyautogen as 0-byte proxy, and the Windows requirement to set WindowsProactorEventLoopPolicy before constructing the local executor.

Blueprint Source

finance-bp-136

microsoft/autogen027ecf01 source file

Constraints

2total
2fatal
2 must-not-violate

Evidence Quality

Confidence90%

High confidence — strong evidence base

2 non-negotiable constraints

FATALdomain_rule?

WHENWhen evaluating LocalCommandLineCodeExecutor for any path that may receive LLM-generated code, especially when reading the class docstring sanitization claim

ACTIONTreat LocalCommandLineCodeExecutor as having ZERO input filtering. Never use it for untrusted/LLM-generated code without (a) wrapping in DockerCommandLineCodeExecutor for container isolation, OR (b) wrapping CodeExecutorAgent with an explicit approval_func (interactive prompt, hardcoded allowlist, or model_client_approval_func). Audit any existing setup of `CodeExecutorAgent(code_executor=LocalCommandLineCodeExecutor())` — this is the documented canonical example and is unsafe by default. Maintenance-mode SLA means this docstring will NOT be corrected upstream; document the gap in your own skill/wrapper.

CONSEQUENCEundefined behavior

domain-constraint
FATALdomain_rule?

WHENWhen choosing a CodeExecutor backend for any production deployment or any path receiving LLM-generated code

ACTIONInstantiate `DockerCommandLineCodeExecutor(work_dir='coding', image='python:3-slim')` instead of `LocalCommandLineCodeExecutor()`. Confirm Docker daemon is running before starting. Use `await code_executor.start()` / `await code_executor.stop()` (or async context manager) to manage container lifecycle. Pin the image tag explicitly to avoid silent base-image upgrades; do NOT rely on `:latest`.

CONSEQUENCEundefined behavior

domain-constraint

FAQ

Discussion (0)

No comments yet. Be the first to share!

Changelog

v0.1.02026-04-25·Contributors: tangweigang-jpg

v0.1.0: Initial release on Doramagic.ai. Multi-agent framework on microsoft/autogen v0.4 (note: upstream in maintenance mode) with bilingual metadata, 51 anti-pattern constraints, and 3 FAQs.

v0.1.02026-04-25·Contributors: tangweigang-jpg

v0.1.0: Initial release on Doramagic.ai. Multi-agent framework on microsoft/autogen v0.4 (note: upstream in maintenance mode) with bilingual metadata, 51 anti-pattern constraints, and 3 FAQs.