fix: publish command now packages manifest and provides manual upload instructions

CHANGELOG.md

@@ -9,7 +9,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 ### Added
 - `a365 cleanup azure --dry-run` — preview resources that would be deleted without making any changes or requiring Azure authentication
 - `AppServiceAuthRequirementCheck` — validates App Service deployment token before `a365 deploy` begins, catching revoked grants (AADSTS50173) early
-- `MosPrerequisitesRequirementCheck` — validates MOS service principals before `a365 publish` proceeds
+### Changed
+- `a365 publish` updates manifest IDs, creates `manifest.zip`, and prints concise upload instructions for Microsoft 365 Admin Center (Agents > All agents > Upload custom agent). Interactive prompts only occur in interactive terminals; redirect stdin to suppress them in scripts.
 
 ### Fixed
 - macOS/Linux: device code fallback when browser authentication is unavailable (#309)

src/Microsoft.Agents.A365.DevTools.Cli/Commands/DevelopSubcommands/GetTokenSubcommand.cs

@@ -392,7 +392,7 @@ private static (string resourceAppId, string displayName, string? url)? ResolveR
         return keyword.ToLowerInvariant() switch
         {
             "mcp" => (ConfigConstants.GetAgent365ToolsResourceAppId(environment), "Agent 365 Tools (MCP)", ConfigConstants.GetDiscoverEndpointUrl(environment)),
-            "powerplatform" => (MosConstants.PowerPlatformApiResourceAppId, "Power Platform API", null),
+            "powerplatform" => (PowerPlatformConstants.PowerPlatformApiResourceAppId, "Power Platform API", null),
             _ => null
         };
     }

src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/CopilotStudioSubcommand.cs

@@ -97,7 +97,7 @@ public static Command CreateCommand(
                 logger.LogInformation("DRY RUN: Configure CopilotStudio Permissions");
                 logger.LogInformation("Would configure Power Platform API permissions:");
                 logger.LogInformation("  - Blueprint: {BlueprintId}", setupConfig.AgentBlueprintId);
-                logger.LogInformation("  - Resource: Power Platform API ({ResourceAppId})", MosConstants.PowerPlatformApiResourceAppId);
+                logger.LogInformation("  - Resource: Power Platform API ({ResourceAppId})", PowerPlatformConstants.PowerPlatformApiResourceAppId);
                 logger.LogInformation("  - Scopes: CopilotStudio.Copilots.Invoke");
                 return;
             }
@@ -144,9 +144,9 @@ await SetupHelpers.EnsureResourcePermissionsAsync(
                 graphService,
                 blueprintService,
                 setupConfig,
-                MosConstants.PowerPlatformApiResourceAppId,
+                PowerPlatformConstants.PowerPlatformApiResourceAppId,
                 "Power Platform API (CopilotStudio)",
-                new[] { MosConstants.PermissionNames.PowerPlatformCopilotStudioInvoke },
+                new[] { PowerPlatformConstants.PermissionNames.PowerPlatformCopilotStudioInvoke },
                 logger,
                 addToRequiredResourceAccess: false,
                 setInheritablePermissions: true,

src/Microsoft.Agents.A365.DevTools.Cli/Commands/SetupSubcommands/PermissionsSubcommand.cs

@@ -463,7 +463,7 @@ await SetupHelpers.EnsureResourcePermissionsAsync(
                 graphService,
                 blueprintService,
                 setupConfig,
-                MosConstants.PowerPlatformApiResourceAppId,
+                PowerPlatformConstants.PowerPlatformApiResourceAppId,
                 "Power Platform API",
                 new[] { "Connectivity.Connections.Read" },
                 logger,
@@ -514,7 +514,7 @@ private static async Task RemoveStaleCustomPermissionsAsync(
             ConfigConstants.GetAgent365ToolsResourceAppId(setupConfig.Environment),
             ConfigConstants.MessagingBotApiAppId,
             ConfigConstants.ObservabilityApiAppId,
-            MosConstants.PowerPlatformApiResourceAppId,
+            PowerPlatformConstants.PowerPlatformApiResourceAppId,
             AuthenticationConstants.MicrosoftGraphResourceAppId,
         };
 

src/Microsoft.Agents.A365.DevTools.Cli/Constants/ErrorMessages.cs

@@ -182,48 +182,5 @@ public static List<string> GetMosServicePrincipalMitigation(string appId)
         };
     }
 
-    /// <summary>
-    /// Gets mitigation steps for first-party client app service principal creation.
-    /// </summary>
-    public static List<string> GetFirstPartyClientAppServicePrincipalMitigation()
-    {
-        return new List<string>
-        {
-            "Insufficient privileges to create service principal for Microsoft first-party client app.",
-            "This app is required for MOS token acquisition.",
-            "Required role: Application Administrator, Cloud Application Administrator, or Global Administrator.",
-            $"Ask your tenant administrator to run: az ad sp create --id {MosConstants.TpsAppServicesClientAppId}"
-        };
-    }
-
-    /// <summary>
-    /// Gets mitigation steps for all MOS resource app service principals.
-    /// </summary>
-    public static List<string> GetMosResourceAppsServicePrincipalMitigation()
-    {
-        return new List<string>
-        {
-            "Insufficient privileges to create service principals for MOS resource applications.",
-            "Required role: Application Administrator, Cloud Application Administrator, or Global Administrator.",
-            "Ask your tenant administrator to run:",
-            "  az ad sp create --id 6ec511af-06dc-4fe2-b493-63a37bc397b1",
-            "  az ad sp create --id 8578e004-a5c6-46e7-913e-12f58912df43",
-            "  az ad sp create --id e8be65d6-d430-4289-a665-51bf2a194bda"
-        };
-    }
-
-    /// <summary>
-    /// Gets mitigation steps for MOS admin consent issues.
-    /// </summary>
-    public static List<string> GetMosAdminConsentMitigation(string clientAppId)
-    {
-        return new List<string>
-        {
-            "Admin consent required for MOS API permissions.",
-            $"Grant consent at: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/CallAnAPI/appId/{clientAppId}",
-            "Click 'Grant admin consent for [Your Organization]' and wait 1-2 minutes for propagation."
-        };
-    }
-
     #endregion
 }

src/Microsoft.Agents.A365.DevTools.Cli/Constants/PowerPlatformConstants.cs

@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+namespace Microsoft.Agents.A365.DevTools.Cli.Constants;
+
+/// <summary>
+/// Constants for Microsoft Power Platform API authentication and permissions
+/// </summary>
+public static class PowerPlatformConstants
+{
+    /// <summary>
+    /// Power Platform API resource app ID
+    /// </summary>
+    public const string PowerPlatformApiResourceAppId = "8578e004-a5c6-46e7-913e-12f58912df43";
+
+    /// <summary>
+    /// Delegated permission scope names for resource applications.
+    /// </summary>
+    public static class PermissionNames
+    {
+        /// <summary>
+        /// Power Platform API - CopilotStudio.Copilots.Invoke permission scope name
+        /// </summary>
+        public const string PowerPlatformCopilotStudioInvoke = "CopilotStudio.Copilots.Invoke";
+    }
+}