…siteRunner (#106)

Commands now declare prerequisites using IRequirementCheck and fail early
with actionable messages before any side effects occur.

Phase 1 - pure reorganization (zero behavioral change):
- Add AzureAuthRequirementCheck and InfrastructureRequirementCheck adapters
- Add IPrerequisiteRunner / PrerequisiteRunner to run checks in order
- Route AllSubcommand, BlueprintSubcommand, InfrastructureSubcommand,
  and DeployCommand through the shared runner instead of ad-hoc validators
- Delete dead code: ISubCommand.ValidateAsync, IAzureValidator/AzureValidator
- Make AzureAuthValidator.ValidateAuthenticationAsync virtual for testability

Phase 2 - minimal early-fail additions:
- cleanup azure: auth check before preview display
- deploy mcp: explicit early guards for agentBlueprintId and agenticAppId
  before any Graph/network calls

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- ConfigFileNotFoundException now extends Agent365Exception so missing
  config errors surface as clean user messages (no stack trace) on all
  commands, not just those with local catch blocks. Removes ad-hoc
  FileNotFoundException catches in CleanupCommand and CreateInstanceCommand.

- config init: expand relative/dot deployment paths to absolute before
  saving so the stored value is portable across directories. Update help
  text to clarify relative paths are accepted.

- config init: drop platform-specific parenthetical from 'Allow public
  client flows' log message -- the setting is required on all platforms.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Extends fail-early validation to setup infrastructure, setup permissions,
setup copilot-studio, cleanup azure, deploy, and publish commands.
Each command now runs targeted IRequirementCheck-based pre-flight checks
with formatted [PASS]/[FAIL] output before executing destructive or
slow operations, surfacing auth and config failures immediately.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…aph, tests)

Exit codes (#7, #8/#9):
- Set Environment.ExitCode = 1 in ValidateDeploymentPrerequisitesAsync before
  each null return so callers exit non-zero on config/Web App validation failure
- Replace deploy-mcp guard `return` with ExceptionHandler.ExitWithCleanup(1)
  for AgentBlueprintId, AgenticAppId, and TenantId missing-config cases

Log severity (#15, #16, #17):
- LogCheckWarning: LogInformation -> LogWarning
- LogCheckFailure: all three LogInformation -> LogError
- ExecuteCheckWithLoggingAsync warning path: log ErrorMessage ?? Details
  so the primary warning message is no longer silently dropped

skip-graph regressions (#21, #22):
- Guard RunChecksOrExitAsync(MOS checks) behind if (!skipGraph)
- Guard clientAppId null check behind !skipGraph in PublishCommand

Unused parameter (#14):
- Remove IPrerequisiteRunner from BlueprintSubcommand.CreateCommand signature
- Update SetupCommand.cs call site and BlueprintSubcommandTests accordingly

InfrastructureRequirementCheck (#5, #6):
- Add I1/I2/I3/I1V2/I2V2/I3V2 (Isolated) SKUs to validation error message
- Wrap CheckAsync with ExecuteCheckWithLoggingAsync so [PASS]/[FAIL] is printed

PrerequisiteRunner warning message (#3):
- Log ErrorMessage ?? Details, log even when both are empty

IsCaeError gap (#18):
- Add InvalidAuthenticationToken to IsCaeError in ClientAppValidator

Stale comment (#10):
- Update ValidateDeploymentPrerequisitesAsync doc to remove "environment"

Tests (#19, #20):
- Add AppServiceAuthRequirementCheckTests (success, failure, metadata, null guard)
- Add MosPrerequisitesRequirementCheckTests (exception->failure, metadata, null guards)
- Update FrontierPreviewRequirementCheckTests: [WARN] now at LogWarning not LogInformation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…aph, tests)

- Remove redundant failure/warning logging from PrerequisiteRunner.RunAsync:
  ExecuteCheckWithLoggingAsync already emits [PASS]/[FAIL]/[WARN] output;
  the runner was re-logging the same error message and resolution guidance,
  producing ~5 lines of output for a single failed check instead of 3.
  Runner now only tracks the boolean pass/fail result.

- Fix \n escape in AppServiceAuthRequirementCheck resolution message:
  Raw \n does not render in log output; replaced with a single readable sentence.

- Fix double-error when config file is not found:
  ConfigService.LoadAsync was logging "Static configuration file not found"
  before throwing ConfigFileNotFoundException. The global exception handler in
  Program.cs then displayed the same message again via ExceptionHandler.
  Removed the pre-throw LogError; the exception message surfaces once.

- Fix redundant "Configuration file not found:" prefix in CleanupCommand and
  CreateInstanceCommand catch blocks: ex.IssueDescription already contains the
  full message including the path, so the extra prefix was duplicating it.

- Update PrerequisiteRunnerTests: RunAsync_WithWarningCheck_ShouldReturnTrue
  no longer asserts on warning logging from the runner (that is the check's
  responsibility via ExecuteCheckWithLoggingAsync).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Remove AzureWebAppCreator, IPrerequisiteRunner, IAzureEnvironmentValidator
  from all command signatures (SetupCommand, AllSubcommand, BlueprintSubcommand,
  InfrastructureSubcommand) per PR #314
- Update Program.cs and test files to match new signatures
- Retain PR #312 fixes: remove double logging in PrerequisiteRunner,
  fix \n in AppServiceAuthRequirementCheck resolution message,
  suppress pre-throw logging in ConfigService

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- DeployCommand: stop re-wrapping DeployAppException (was causing 3x stderr repetition)
- DeploymentService: throw short actionable exceptions instead of embedding full az cli stderr;
  move timing message after successful upload; remove duplicate [6/7] step label;
  pass suppressErrorLogging:true to ExecuteWithStreamingAsync
- CommandExecutor: add suppressErrorLogging param to ExecuteWithStreamingAsync;
  filter empty lines from stderr stream to avoid blank [Azure] prefixed lines
- NodeBuilder: downgrade CleanAsync log to Debug to remove out-of-sequence noise
- GraphApiService/FederatedCredentialService: extract clean error message from Graph JSON
  response body; move raw response body to LogDebug
- BlueprintSubcommand: replace multi-line FIC failure errors with single warning
- CleanConsoleFormatter: remove WARNING: text prefix from warning lines (keep yellow color)
- Tests: add regression tests for exception re-wrapping, site-start timeout, and generic az cli failure;
  update ExecuteWithStreamingAsync mocks for new suppressErrorLogging parameter;
  update CleanConsoleFormatter tests for new warning format

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

… cleanup)

- RequirementCheck: log both ErrorMessage and Details in warning path so
  FrontierPreview URL is no longer silently dropped
- DeploymentService: also match correct spelling "worker process failed to start"
  alongside the existing az cli typo to make timeout detection robust
- PrerequisiteRunner: update XML summary to accurately describe behavior
  (checks handle their own logging; runner only aggregates pass/fail)
- Program.cs: remove unused IPrerequisiteRunner/PrerequisiteRunner DI registration
  (no command injects it; checks run via RequirementsSubcommand.RunChecksOrExitAsync)
- design.md: fix Core Types snippet to match actual RequirementCheckResult API
  (Passed/IsWarning/ErrorMessage/ResolutionGuidance/Details, not RequirementCheckStatus/Issue/Resolution)
- design.md: fix FrontierPreviewRequirementCheck category from "Azure" to "Tenant Enrollment"
- MosPrerequisitesRequirementCheckTests: rewrite misleading test to actually exercise
  the MitigationSteps mapping branch by throwing SetupValidationException with known steps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>