Standardize Azure environment configuration and harden blob/search/OpenAI client initialization for TriResolve-AI project

[Copilot]

Summary

Audits and standardizes Azure environment variable configuration across the frontend and both backend implementations. Hardens all Azure client initializations to support partially-configured environments, and ensures backward compatibility with legacy env var names during a transition period. All blob connection string references across the codebase now consistently accept both AZURE_BLOB_CONNECTION_STRING (preferred) and AZURE_STORAGE_CONNECTION_STRING (legacy fallback) to avoid breaking existing deployments. The search index default is restored to "documents" for backward compatibility with unconfigured deployments; cg-knowledge-index is documented as the recommended value in .env.example and is used by any deployment that sets AZURE_SEARCH_INDEX explicitly.

Workstream

• Architecture / Docs
• Governance / Risk
• Evaluation / Analytics
• RAG Pipeline / Data
• Backend / API
• Frontend
• DevSecOps / Config

Expected Review Path

• Backend / API → @megan-nepshinsky
• DevSecOps / Config → @portiajefferson

Files Changed

• backend/config/azureConfig.js – guarded BlobServiceClient, SearchIndexClient/SearchClient, and OpenAIClient initializations; exports null + warnMissing when required vars are absent; accepts AZURE_BLOB_CONNECTION_STRING || AZURE_STORAGE_CONNECTION_STRING and AZURE_OPENAI_KEY || AZURE_OPENAI_API_KEY; restored "documents" as hardcoded search index fallback for backward compatibility
• backend/services/blobService.js – reads AZURE_BLOB_CONNECTION_STRING || AZURE_STORAGE_CONNECTION_STRING for backward compatibility; updated error message to name both accepted var names
• backend/routes/documents.js – updated 503 error message to reference both accepted blob connection string env var names
• services/auditService.js – reads AZURE_BLOB_CONNECTION_STRING || AZURE_STORAGE_CONNECTION_STRING for backward compatibility; updated error message to name both accepted var names
• frontend/.env.example – added with VITE_API_URL documented
• .env.example – added repo-wide example with all required Azure env vars; AZURE_SEARCH_INDEX=cg-knowledge-index documented as the recommended search index name

Validation

• Local run completed
• Relevant route or UI flow tested
• Docs updated if behavior changed
• No secrets, keys, or credentials committed
• Change stays within MVP scope

Risk / Impact

• Low
• Medium
• High

Notes on impact, blockers, or follow-up work:
Legacy env var AZURE_STORAGE_CONNECTION_STRING is accepted as a fallback alongside the preferred AZURE_BLOB_CONNECTION_STRING to avoid breaking existing deployments. Similarly, AZURE_OPENAI_API_KEY is accepted alongside AZURE_OPENAI_KEY. Once all environments have been updated, the legacy fallbacks can be removed.

The hardcoded default for AZURE_SEARCH_INDEX is "documents" (restored for backward compatibility). Deployments should set AZURE_SEARCH_INDEX=cg-knowledge-index explicitly — as documented in .env.example — to use the correct project index.

The default AZURE_OPENAI_DEPLOYMENT fallback value (gpt-4o) has been flagged as a potential incompatibility with the legacy getCompletions(...) API used in backend/services/openaiService.js. This is pending review by @megan-nepshinsky and @steffahv before any change is made to avoid breaking existing deployment wiring.

Governance / Compliance Check

• Citation behavior reviewed
• Governance logic reviewed
• No change to regulated-output behavior
• If regulated-output behavior changed, architecture/compliance docs were updated

Deployment Notes

• None
• Environment variable update needed
• New dependency installed
• Data or index refresh needed
• Manual verification needed after merge

Preferred env var names going forward:

• AZURE_BLOB_CONNECTION_STRING (replaces AZURE_STORAGE_CONNECTION_STRING)
• AZURE_OPENAI_KEY (replaces AZURE_OPENAI_API_KEY)
• AZURE_SEARCH_INDEX=cg-knowledge-index (should be set explicitly; code falls back to "documents" if unset)

Both old blob and OpenAI key names remain functional as fallbacks until environments are migrated.

Reviewer Notes

Focus on the guarded client initialization pattern in backend/config/azureConfig.js — all Azure clients now export null and emit a startup warning when required env vars are absent, matching the existing 503-response pattern in route handlers. All four files that read the blob connection string (backend/config/azureConfig.js, backend/services/blobService.js, backend/routes/documents.js, and services/auditService.js) are now consistent in accepting both the new and legacy env var names. The search index default is "documents" to avoid silently breaking existing unconfigured deployments; set AZURE_SEARCH_INDEX=cg-knowledge-index in your environment to use the correct project index.

Pending: The AZURE_OPENAI_DEPLOYMENT default in backend/services/openaiService.js is awaiting confirmation from @megan-nepshinsky and @steffahv on whether gpt-4o is compatible with the getCompletions(...) call path before any adjustment is made.

---

⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

[Copilot]

Pull request overview

This PR updates environment-variable configuration across the frontend and both backend implementations, aiming to standardize Azure connection settings and make the frontend API base URL configurable via Vite.

Changes:

• Renames Azure Blob connection string env var usage to AZURE_BLOB_CONNECTION_STRING across audit/blob services.
• Makes the frontend API base URL configurable via import.meta.env.VITE_API_URL and adds a frontend .env.example.
• Updates backend Azure/OpenAI defaults (e.g., default completion deployment and search index name) and adds a repo-wide .env.example.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
services/auditService.js	Switches audit blob connection env var name to AZURE_BLOB_CONNECTION_STRING.
frontend/src/App.jsx	Uses VITE_API_URL for API base instead of hardcoded localhost.
frontend/.env.example	Documents VITE_API_URL for frontend configuration.
backend/services/openaiService.js	Updates default Azure OpenAI completion deployment to gpt-4o.
backend/services/blobService.js	Switches blob connection env var name to AZURE_BLOB_CONNECTION_STRING.
backend/services/auditService.js	Updates local-fallback detection to use AZURE_BLOB_CONNECTION_STRING.
backend/config/azureConfig.js	Refactors Azure client construction (Blob/Search/OpenAI) and changes default index name.
.env.example	Adds a consolidated environment template for local/dev configuration.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

[Copilot]

isLocalFallbackEnabled() only checks AZURE_BLOB_CONNECTION_STRING. If an environment still uses the legacy AZURE_STORAGE_CONNECTION_STRING, this will incorrectly enable the local fallback and bypass Blob storage even though Blob is configured. Update the check to treat Blob as configured when either env var is set (same fallback logic used elsewhere).

Suggested change

	return !process.env.AZURE_BLOB_CONNECTION_STRING;
	return !(
	process.env.AZURE_BLOB_CONNECTION_STRING ||
	process.env.AZURE_STORAGE_CONNECTION_STRING
	);

[Copilot]

The default AZURE_OPENAI_DEPLOYMENT fallback is now gpt-4o, but this service calls OpenAIClient.getCompletions(...) (legacy completions API). GPT‑4o deployments are intended for chat-style APIs and are not compatible with the completions endpoint; this default is likely to fail at runtime. Either switch this implementation to getChatCompletions(...) with messages, or keep the default aligned with a completions-compatible instruct deployment (e.g. gpt-35-turbo-instruct).

Suggested change

	this.completionDeployment = process.env.AZURE_OPENAI_DEPLOYMENT || "gpt-4o";
	this.completionDeployment = process.env.AZURE_OPENAI_DEPLOYMENT || "gpt-35-turbo-instruct";

[portiajefferson]

@megan-nepshinsky will you check this comment please. GPT‑4o is the correct deployment but I am not sure how your code is setup and don't want to break anything. I am also not sure as to how @steffahv may have wired the chat deployments in the background either. So I just want to make sure before making any changes.

[Copilot]

This changes the default search index from "documents" to "cg-knowledge-index". If AZURE_SEARCH_INDEX isn’t set in existing deployments, this will silently point the runtime at a different index (and likely break search/ingest). If intentional, it should be called out in the PR description and/or accompanied by migration notes; otherwise consider keeping the prior default.

[portiajefferson]

@copilot documents was initially there as a placeholder and cg-knowledge-index is the correct index but perhaps you should set documents as a fallback just in case.

[Copilot]

Done in commit 98ee1d7. The hardcoded default is restored to "documents" so existing deployments without AZURE_SEARCH_INDEX set keep working as before. cg-knowledge-index is documented as the recommended value in .env.example, so new deployments will pick it up via the env var.

[portiajefferson]

@megan-nepshinsky & @steffahv will you check this commit to ensure that the suggestions by co-pilot are on par with how you have it wired on the backend @megan-nepshinsky and how you have deployments setup @steffahv Thank you.

[megan-nepshinsky]

I am good with the changes! Thank you so much, Portia!