A production-ready RAG (Retrieval-Augmented Generation) application with enterprise-grade security, built for Azure with Next.js frontend and FastAPI backend.
- Frontend: Next.js 15+ with App Router
- Backend: FastAPI with async/await
- Authentication: Entra ID with OBO token flow
- Search: Azure AI Search (Free tier)
- AI: Azure OpenAI (GPT-4o)
- Document Processing: Azure Document Intelligence (F0 tier)
- Content Safety: Azure Content Safety (F0 tier)
- Storage: Azure Storage with security best practices
- Monitoring: Application Insights + Log Analytics
- Deployment: Azure Developer CLI (azd) with Bicep
- Azure CLI installed
- Azure Developer CLI (azd) installed
- Access to Azure subscription
git clone <repository>
cd droitai# Windows Command Prompt
cd scripts
setup-entra-app.cmd
# Linux/Mac Bash
cd scripts
./setup-entra-app.sh# Deploy all infrastructure and applications
azd up
# Get environment variables for local development
azd env get-values- Frontend:
https://<app-name>.azurewebsites.net - Backend API:
https://<app-name>-app.azurewebsites.net - API Docs:
https://<app-name>-app.azurewebsites.net/docs
# Get Azure credentials
azd env get-values > .env.local
# Frontend
cd frontend
npm install
npm run dev
# Backend
cd backend
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000docker-compose -f docker-compose.dev.yml up --build/droitai
βββ /frontend (Next.js 15+ App Router)
β βββ /app
β β βββ /api/auth # Entra ID authentication
β β βββ /chat # Main chat interface
β β βββ layout.tsx # Context providers
β βββ /components
β β βββ /chat # Message components
β β βββ /governance # Feature toggles
β βββ /hooks # useChat, useOboToken
β βββ /lib # Client utilities
βββ /backend (FastAPI)
β βββ /app
β β βββ /api # API routes (v1/chat, v1/ingest)
β β βββ /core # Security, Config
β β βββ /services # Business logic
β β β βββ search_service.py # Azure AI Search
β β β βββ openai_service.py # OpenAI integration
β β β βββ docintel_service.py # Document Intelligence
β β β βββ safety_service.py # Content Safety
β β βββ main.py
β βββ /evaluators # Responsible AI metrics
β βββ /models # Pydantic schemas
βββ /infra (Infrastructure as Code)
β βββ main.bicep # Azure resources with security
β βββ azure.yaml # AZD configuration
βββ /scripts
β βββ setup-entra-app.ps1 # Windows Entra ID setup
β βββ setup-entra-app.sh # Linux/Mac Entra ID setup
βββ /docs
β βββ entra-id-setup.md # Detailed setup guide
βββ docker-compose.dev.yml # Local development
- Least Privilege Access: Granular role assignments for each service
- Managed Identity: No secrets in code, uses Azure AD identities
- Network Security: Storage with deny-by-default, HTTPS only
- OBO Token Flow: Secure user delegation across services
- Content Safety: Built-in content filtering and moderation
- Data Encryption: All data encrypted at rest and in transit
- Audit Logging: Complete audit trail with Application Insights
- CORS Configuration: Secure cross-origin resource sharing
- Token Validation: Both frontend and backend validate tokens
- Free Tiers: Search (Free), Document Intelligence (F0), Content Safety (F0)
- Basic Tiers: App Service (B1), Storage (Standard_LRS)
- Pay-as-you-go: OpenAI (S0) with usage-based billing
- Monitoring: Free tier for Application Insights and Log Analytics
- Enterprise Authentication: Entra ID with single app setup
- Document Intelligence: Support for PDF, Word, images, and more
- Intelligent Search: Azure AI Search with semantic capabilities
- Content Safety: Built-in moderation and filtering
- Scalable Architecture: Microservices with container support
- Responsible AI: Evaluation metrics and governance controls
- Developer Experience: Full local development with Docker
# Preview infrastructure changes
azd provision --preview
# Deploy infrastructure only
azd provision
# Deploy application only
azd deploy# List environments
azd env list
# Create new environment
azd env new dev
# Set environment variables
azd env set LOG_LEVEL DEBUG- Application Insights: Request tracking, performance monitoring
- Log Analytics: Centralized logging and querying
- Health Checks: Application health monitoring
- Error Tracking: Comprehensive error reporting
- Development: Local Docker with hot reload
- Staging: Azure with reduced resources
- Production: Azure with full security and monitoring
- Fork the repository
- Create a feature branch
- Make your changes
- Test with
azd up - Submit a pull request
MIT License - see LICENSE file for details
Built with β€οΈ for Azure Innovation Challenge