Skip to content

Port Cursor rules/skills to GitHub Copilot instructions + Azure Container Apps deployment infra#376

Open
fabioc-aloha wants to merge 18 commits into
microsoft:devfrom
fabioc-aloha:main
Open

Port Cursor rules/skills to GitHub Copilot instructions + Azure Container Apps deployment infra#376
fabioc-aloha wants to merge 18 commits into
microsoft:devfrom
fabioc-aloha:main

Conversation

@fabioc-aloha

Copy link
Copy Markdown

Summary

  • Installed the Alex ACT Edition framework (.github/instructions, skills, prompts, agents, scripts, config) for Copilot Chat in VS Code.
  • Ported the project's existing .cursor/rules/.mdc and .cursor/skills//SKILL.md conventions to native Copilot equivalents (.github/instructions/df-*.instructions.md and .github/skills/{error-handling,language-injection,path-safety}) so Copilot-only contributors get the same dev-convention guardrails Cursor users already have. .cursor/ is left untouched.
  • Added infra/*.bicep + azure.yaml: an azd-deployable Azure Container Apps + private Azure OpenAI (Entra ID auth, DLP, content-filter policy) reference deployment, developed and validated against a live governed subscription.
  • See COPILOT_PORTING_GUIDE.md at repo root for the full rationale and file-by-file mapping.

Commits

  • Install Alex ACT Edition framework
  • Un-ignore .vscode/markdown-light.css referenced by settings.json
  • Un-ignore .vscode/; remove Container Apps subnet delegation from network.bicep

- package nested demo assets and register modern image MIME types
- stabilize model probes, reasoning compatibility, and error classification
- align governed Azure model infrastructure with the live three-model set
- add regression coverage, audit log, meditation, and session handoff

Validation: Python compileall, Bicep build, Markdown lint, editor diagnostics, staged diff check, redacted secret scan, and live browser/API checks. Full pytest unavailable in the local environment.
@Chenglong-MS Chenglong-MS changed the base branch from main to dev July 9, 2026 21:28
@Chenglong-MS

Copy link
Copy Markdown
Collaborator

the latest development is in dev! let's consolidated a bit and then put it into main together?

Resolve the non-connector readiness backlog with bounded request and memory limits, safer loader lifecycle and persistence, OAuth state isolation, production serving, retry controls, and concurrency protection.

Add focused regression coverage and connector implementation plans. Record that the single-replica source mitigation is validated but its live deployment remains blocked by unrelated infrastructure drift.
Preserve production Container App ingress, policy-managed network state, registry defaults, and model deployment settings during full Bicep provisioning.

Add deployment safety tests and document the required what-if and post-deployment verification workflow.
Add connector-and-audience token isolation, token-free OAuth popup handling, ODBC access-token support, proxy-safe callbacks, and Driver 18 in the runtime image.

Harden token persistence and concurrent state boundaries, repair the TypeScript and ESLint baseline, and update connector plans and operational documentation.
- upgrade ACT Edition assets and relocate heir-owned guidance into local paths
- add delegated Azure SQL OAuth with managed identity federation and hardened ODBC handling
- resolve OAuth state concurrency, repository hygiene, and backend/frontend test debt
- document consent, deployment, audit evidence, and remaining session migration gates
- deploy ebada59 as healthy Container App revision 0000010
- record image provenance, OAuth, Driver 18, endpoint, and log checks
- exclude local environments and paper archives from remote build contexts
- document audit and deployment status plus enterprise data-access decision
- add Chenglong meeting brief, paper insights, and source artifacts
- clear persisted workspaces missing from server storage before autosave
- remove unused image preloads and unconditional startup debug logs
- record revision, image digest, validation, and image-based rollback
- update handoff, consent runbook, issue ledger, and meeting status
- lazily initialize no-auth connector loaders for catalog and status calls
- bound LiteLLM attempts to 90 seconds and logical retries to 120 seconds
- retry streams only before first output and preserve structured timeout errors
- pin LiteLLM 1.91.1 and add DF-024/DF-025 regression evidence

ACT: Considered one cohesive runtime-hardening commit versus splitting shared ledger changes.
Going with H1: keep validated connector and model lifecycle changes atomic.
Would revise if: staged paths include Agency files, tests fail, or remote main advances.
Validation: 2032 passed, 13 skipped; uv lock check; staged diff and secret scan clean.
- validate installer inputs before any target writes
- make verification failures enforce nonzero exit and version drift checks
- preserve process PATH entries and keep verification-only mode read-only
- ignore the generated local tool snapshot and remove broken target links

ACT: Considered an independent Agency commit versus bundling deployment records.
Going with H1: keep tooling synchronization independently reviewable and reversible.
Would revise if: staged paths include deployment docs or validation/secret scans fail.
Validation: PowerShell parse, disposable dry run, generated baseline, no-flag verifier, diagnostics, diff check, and secret scan pass.
- record revision azd-1784046335 and immutable image digest
- mark DF-024 and DF-025 production verified
- capture connector, Azure OpenAI, browser, replica, and cleanup evidence
- retain recreate-11dfb1fd3d3c as the immediate rollback image

ACT: Considered committing verified live state separately from Agency tooling.
Going with H1: preserve deployment evidence as an independently auditable record.
Would revise if: live revision/image/traffic changes or staged scope/secret scan fails.
Validation: one ready replica, zero restarts, 100% traffic, catalog 16 nodes, LiteLLM 1.91.1, ODBC 18, all models connected, non-streaming and streaming tool paths pass, browser clean, smoke sessions empty.
- chronicle connector, model, client-state, deployment, and documentation work
- record build-versus-rollout recovery and workspace-bound smoke patterns
- map shipped commits, rollback state, validation, and owned remaining gates
- index the session for future retrieval

Validation: Markdown diagnostics, diff check, and no-context comprehension review pass.
- add profile contracts, internal FastMCP gateway, auth, approvals, and drift checks
- add feature-gated gateway container and Bicep provisioning foundation
- document Entra consent, Fabric fixture, rollout, and handoff state
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants