Open
Conversation
Python 3.12, azure cli installed
… at the same time. This may not be desired, so may eventually choose to add argparse to implement passing names of which services to start.
… file with the option to run with uv
…ith different version
Fixed broken dependencies and added option to use uv instead of pip and venv
Fixed broken link and basic config of devcontainer
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Update image path in setup documentation
…ications/requests-2.32.4 Bump requests from 2.32.3 to 2.32.4 in /agentic_ai/applications
Small doc changes.
Updated link to the multi-tenant security design document.
Fix broken link for general MCP security document.
Updated environment variable handling for jobs based on event types and branch names.
Added commands to ensure key vault is reachable and update its networking settings.
Add checks for existing key vault before updating settings.
Updated Key Vault role assignment to use user assigned identity and added a user assigned managed identity resource for the backend container app.
Infrastructure Automation with Testing
…ION value and if it isn't there, fallback to SHA
There was a problem hiding this comment.
Pull request overview
Introduces an end-to-end DevOps and developer-experience setup: new GitHub Actions workflows for Azure infra/container orchestration, plus substantial additions to the Agentic AI demos (Fraud Detection workflow + new Vite-based React frontend).
Changes:
- Added multiple GitHub Actions workflows to build/push containers, deploy infra (Terraform/Bicep), orchestrate full deployments, and destroy environments.
- Added a Fraud Detection workflow demo with extensive documentation and a standalone React UI (with Docker support).
- Migrated/modernized the applications React frontend to Vite + new modular hooks/components, and added supporting Docker + tooling configs.
Reviewed changes
Copilot reviewed 104 out of 213 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| agentic_ai/workflow/fraud_detection/ui/index.html | Adds Vite/React UI entry HTML for fraud demo |
| agentic_ai/workflow/fraud_detection/ui/README.md | Documents fraud demo UI setup and usage |
| agentic_ai/workflow/fraud_detection/ui/Dockerfile | Containerizes fraud demo UI build/serve |
| agentic_ai/workflow/fraud_detection/ui/.vscode/extensions.json | Recommends editor extensions for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.prettierrc.cjs | Adds Prettier config for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.prettierignore | Adds Prettier ignore rules for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.gitignore | Adds Git ignore rules for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.eslintrc.cjs | Adds ESLint config for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.env.example | Adds example env vars for fraud UI |
| agentic_ai/workflow/fraud_detection/ui/.dockerignore | Adds Docker ignore rules for fraud UI |
| agentic_ai/workflow/fraud_detection/start_backend.bat | Adds Windows script to run fraud backend |
| agentic_ai/workflow/fraud_detection/scenario.md | Adds written scenario for fraud workflow |
| agentic_ai/workflow/fraud_detection/pyproject.toml | Adds Python deps/config for fraud workflow |
| agentic_ai/workflow/fraud_detection/README.md | Adds comprehensive fraud workflow docs |
| agentic_ai/workflow/fraud_detection/QUICKSTART.md | Adds quickstart guide for fraud workflow |
| agentic_ai/workflow/fraud_detection/IMPLEMENTATION.md | Adds implementation summary for fraud workflow |
| agentic_ai/workflow/fraud_detection/.env.sample | Adds sample env vars for fraud workflow |
| agentic_ai/workflow/README.md | Documents general workflow architecture + fraud demo entry |
| agentic_ai/applications/utils.py | Updates Cosmos state store + JSON serialization helpers |
| agentic_ai/applications/run_backend.bat | Adds Windows uv launch helper for backend |
| agentic_ai/applications/run_applications_uv.sh | Adds bash script to run MCP/backend/frontend via uv |
| agentic_ai/applications/run_application_uv.bat | Updates Windows uv launch script (OneDrive fixes) |
| agentic_ai/applications/react-frontend/vite.config.js | Adds Vite config for applications React frontend |
| agentic_ai/applications/react-frontend/src/utils/helpers.jsx | Adds UI helper utilities (icons, labels, headers, scroll) |
| agentic_ai/applications/react-frontend/src/theme/index.js | Adds central MUI theme + color constants |
| agentic_ai/applications/react-frontend/src/services/websocket.js | Adds WebSocket manager abstraction |
| agentic_ai/applications/react-frontend/src/services/api.js | Adds API client wrapper functions |
| agentic_ai/applications/react-frontend/src/main.jsx | Updates React entry point for Vite |
| agentic_ai/applications/react-frontend/src/hooks/useWebSocket.js | Adds dedicated WebSocket hook for state/events |
| agentic_ai/applications/react-frontend/src/hooks/useChat.js | Adds chat state hook (messages/processing) |
| agentic_ai/applications/react-frontend/src/hooks/useAuth.js | Adds MSAL auth hook + config bootstrap |
| agentic_ai/applications/react-frontend/src/hooks/useAgents.js | Adds agent selection hook (fetch/switch) |
| agentic_ai/applications/react-frontend/src/hooks/index.js | Adds barrel export for hooks |
| agentic_ai/applications/react-frontend/src/contexts/NotificationContext.jsx | Adds global notification context/provider |
| agentic_ai/applications/react-frontend/src/constants/index.js | Adds backend/WS URL resolution helpers |
| agentic_ai/applications/react-frontend/src/components/index.js | Adds barrel export for UI components |
| agentic_ai/applications/react-frontend/src/components/SignInPrompt.jsx | Adds full-screen sign-in prompt UI |
| agentic_ai/applications/react-frontend/src/components/OrchestratorEvent.jsx | Adds orchestrator event rendering card |
| agentic_ai/applications/react-frontend/src/components/NotificationSnackbar.jsx | Adds snackbar component for notifications |
| agentic_ai/applications/react-frontend/src/components/InternalProcessDrawer.jsx | Adds drawer for orchestrator/agent events |
| agentic_ai/applications/react-frontend/src/components/GlobalNotification.jsx | Adds notification rendering tied to context |
| agentic_ai/applications/react-frontend/src/components/ErrorBoundary.jsx | Adds global React error boundary |
| agentic_ai/applications/react-frontend/src/components/ChatMessage.jsx | Adds chat message rendering (markdown) |
| agentic_ai/applications/react-frontend/src/components/ChatInput.jsx | Adds chat input box + send button |
| agentic_ai/applications/react-frontend/src/components/AppHeader.jsx | Adds top bar with auth/agent/session controls |
| agentic_ai/applications/react-frontend/src/components/AgentSelector.jsx | Adds dropdown for active agent selection |
| agentic_ai/applications/react-frontend/src/components/AgentEvent.jsx | Adds per-agent event UI + tool call chips |
| agentic_ai/applications/react-frontend/src/App.jsx | Adds orchestrating app component composition |
| agentic_ai/applications/react-frontend/package.json | Migrates scripts/deps to Vite + React 19 |
| agentic_ai/applications/react-frontend/index.html | Adds Vite module script + updated head tags |
| agentic_ai/applications/react-frontend/eslint.config.js | Adds ESLint flat config for Vite/React |
| agentic_ai/applications/react-frontend/README.md | Updates docs for Vite-based frontend |
| agentic_ai/applications/react-frontend/Dockerfile | Adds Docker image for Vite build + serve |
| agentic_ai/applications/react-frontend/.prettierrc.cjs | Adds Prettier config for frontend |
| agentic_ai/applications/react-frontend/.prettierignore | Adds Prettier ignore rules for frontend |
| agentic_ai/applications/react-frontend/.gitignore | Adds Git ignore rules for frontend |
| agentic_ai/applications/react-frontend/.env.example | Adds env example for frontend |
| agentic_ai/applications/react-frontend/.dockerignore | Adds Docker ignore rules for frontend |
| agentic_ai/applications/pyproject.toml | Updates Python package metadata/dependencies |
| agentic_ai/applications/chainlit_app.py | Removes Chainlit app entrypoint |
| agentic_ai/applications/chainlit.md | Removes Chainlit welcome content |
| agentic_ai/applications/Dockerfile | Adds multi-stage Docker build (frontend + backend) |
| agentic_ai/applications/AGENT_SELECTION_FEATURE.md | Documents agent selection feature |
| agentic_ai/applications/.python-version | Pins Python version for applications |
| agentic_ai/applications/.gitignore | Adds ignore rules for Python app folder |
| agentic_ai/applications/.env.sample | Updates env sample to new AGENT_MODULES approach |
| agentic_ai/applications/.dockerignore | Adds Docker ignore rules for applications |
| agentic_ai/agents/agent_framework/multi_agent/test_reflection_workflow_agent.py | Adds test script for reflection workflow agent |
| agentic_ai/agents/agent_framework/multi_agent/WORKFLOW_REFLECTION_README.md | Adds comprehensive reflection workflow docs |
| agentic_ai/agents/agent_framework/multi_agent/WORKFLOW_DIAGRAMS.md | Adds Mermaid diagrams for reflection workflow |
| agentic_ai/agents/agent_framework/multi_agent/QUICK_REFERENCE.md | Adds quick reference guide for reflection workflow |
| agentic_ai/agents/agent_framework/README.md | Updates agent framework docs for Vite commands/env |
| agentic_ai/agents/init.py | Adds package marker for agents imports |
| agentic_ai/Dockerfile | Adds uv-based multi-stage Python container build |
| agentic_ai/.dockerignore | Adds ignore rules for agentic_ai container builds |
| SETUP_UV.md | Adds UV-based setup instructions |
| SETUP.md | Updates setup to use AGENT_MODULES |
| SCENARIO.md | Fixes scenario doc links/paths |
| README.md | Updates top-level README with workflow + deployment sections |
| DATA.md | Fixes data doc links/paths |
| AZD_DEPLOYMENT.md | Adds Azure Developer CLI deployment guide |
| .lycheeignore | Adds link checker ignore rules |
| .github/workflows/readme.md | Adds documentation for infra workflows requirements |
| .github/workflows/orchestrate.yml | Adds orchestration workflow to coordinate CI/CD jobs |
| .github/workflows/infrastructure.yml | Adds infra deployment/testing workflow (tf/bicep) |
| .github/workflows/docker-mcp.yml | Adds MCP Docker build/push workflow |
| .github/workflows/docker-fastapi.yml | Adds backend Docker build/push workflow |
| .github/workflows/destroy.yml | Adds infra destroy workflow |
| .devcontainer/devcontainer.json | Adds devcontainer for consistent dev tooling |
| .azdignore | Adds azd state ignore rules |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+25
to
+31
| from azure.identity import ClientSecretCredential, DefaultAzureCredential | ||
|
|
||
| # --------------------------------------------------------------------------- | ||
| # 3rd-party SDKs | ||
| # --------------------------------------------------------------------------- | ||
| try: | ||
| from azure.cosmos import ( | ||
| CosmosClient, | ||
| PartitionKey, | ||
| exceptions as cosmos_exceptions, | ||
| ) | ||
| except ImportError: | ||
| CosmosClient = None # type: ignore | ||
|
|
||
| try: | ||
| from azure.identity import ClientSecretCredential, DefaultAzureCredential | ||
| except ImportError: | ||
| ClientSecretCredential = DefaultAzureCredential = None # type: ignore | ||
| from azure.cosmos import ( | ||
| CosmosClient, | ||
| PartitionKey, | ||
| exceptions as cosmos_exceptions, | ||
| ) |
There was a problem hiding this comment.
These imports were changed to unconditional imports. This breaks environments where azure-cosmos / azure-identity are optional or not installed (previously guarded by try/except ImportError). Either restore the ImportError guards (and keep the runtime checks that raise helpful errors when Cosmos is actually used), or make these dependencies explicitly required across all supported runtimes.
Comment on lines
41
to
+55
| if isinstance(obj, dict): | ||
| return {k: make_json_serializable(v) for k, v in obj.items()} | ||
| elif isinstance(obj, list): | ||
| return [make_json_serializable(i) for i in obj] | ||
| elif isinstance(obj, datetime): | ||
| return obj.isoformat() | ||
| return obj.isoformat() | ||
| elif hasattr(obj, '__dict__'): | ||
| # Handle objects with __dict__ (like ChatMessage from Agent Framework) | ||
| return make_json_serializable(obj.__dict__) | ||
| elif hasattr(obj, 'model_dump'): | ||
| # Handle Pydantic v2 models | ||
| return obj.model_dump() | ||
| elif hasattr(obj, 'dict'): | ||
| # Handle Pydantic v1 models | ||
| return obj.dict() |
There was a problem hiding this comment.
The __dict__ branch runs before Pydantic serialization branches. Pydantic models typically have __dict__, so this may serialize internal/private fields (and potentially non-JSON-serializable values) instead of using model_dump() / dict(). Prefer checking model_dump/dict before __dict__, and consider excluding private attributes when dumping.
|
|
||
| endpoint = os.getenv("COSMOSDB_ENDPOINT") or os.getenv("COSMOS_DB_ENDPOINT") | ||
| endpoint = os.getenv("COSMOSDB_ENDPOINT") | ||
| print("endpoint ", endpoint) |
There was a problem hiding this comment.
Avoid printing environment-derived values from within library/state-store code; it can leak configuration details to logs/console and isn't controllable via log levels. Remove this print, or replace it with logging.debug(...) (ideally without printing the full endpoint).
Suggested change
| print("endpoint ", endpoint) | |
| logging.debug("COSMOSDB_ENDPOINT is %s", "set" if endpoint else "not set") |
Comment on lines
+195
to
199
| have_endpoint = os.getenv("COSMOSDB_ENDPOINT") | ||
| if have_endpoint: | ||
| logging.info("Using Cosmos DB state store (tenant_id + id partition)") | ||
| return CosmosDBStateStore() | ||
|
|
There was a problem hiding this comment.
This changes the selection logic from 'endpoint + (key or AAD creds)' to 'endpoint only', which can cause the app to attempt Cosmos auth even when no valid credentials are configured (and also drops support for the alternate COSMOS_DB_ENDPOINT env var previously accepted). Either restore the prior gating conditions (endpoint + auth config), or update the function/docs to match the new behavior and ensure failures are handled predictably.
Suggested change
| have_endpoint = os.getenv("COSMOSDB_ENDPOINT") | |
| if have_endpoint: | |
| logging.info("Using Cosmos DB state store (tenant_id + id partition)") | |
| return CosmosDBStateStore() | |
| # Support both current and legacy endpoint env vars | |
| endpoint = os.getenv("COSMOSDB_ENDPOINT") or os.getenv("COSMOS_DB_ENDPOINT") | |
| # Detect credential configuration | |
| have_key = os.getenv("COSMOSDB_KEY") | |
| have_aad_creds = ( | |
| os.getenv("AZURE_TENANT_ID") | |
| and os.getenv("AZURE_CLIENT_ID") | |
| and os.getenv("AZURE_CLIENT_SECRET") | |
| ) | |
| if endpoint and (have_key or have_aad_creds): | |
| logging.info("Using Cosmos DB state store (tenant_id + id partition)") | |
| return CosmosDBStateStore() | |
| if endpoint and not (have_key or have_aad_creds): | |
| logging.warning( | |
| "Cosmos DB endpoint configured but no credentials found " | |
| "(COSMOSDB_KEY or AAD env vars). Falling back to in-memory dict." | |
| ) |
Comment on lines
+6
to
+9
| target_env: | ||
| type: choice | ||
| description: Environment to deploy | ||
| options: [dev, test, prod] |
There was a problem hiding this comment.
The workflow defines target_env options as [dev, test, prod], but the environment resolution logic can select 'integration'. This creates an inconsistent environment set (and can cause runtime failures when GitHub Environments are enforced). Align the allowed options and the computed environment names (e.g., add integration to options or map int-agentic to test).
| COPY package*.json ./ | ||
|
|
||
| # Install dependencies with clean install for reproducible builds | ||
| RUN npm ci --only=production=false && \ |
There was a problem hiding this comment.
npm ci --only=production=false is non-standard and may not behave as intended across npm versions. For the build stage (which needs dev dependencies), prefer a plain npm ci; reserve --omit=dev (or similar) for production-only installs.
Suggested change
| RUN npm ci --only=production=false && \ | |
| RUN npm ci && \ |
|
|
||
| ### Summary | ||
|
|
||
| The infra plan and apply pipeline is a pipeline to deploy the infrastructure necessary for the Azure Open AI Workshop ot run. It is currently configured to do a workflow dispatch that expects you to choose whether you want bicep or terraform as well as a target environment. Terraform is currently tested. |
There was a problem hiding this comment.
Fix typo: 'ot' → 'to' in the workflow documentation.
Suggested change
| The infra plan and apply pipeline is a pipeline to deploy the infrastructure necessary for the Azure Open AI Workshop ot run. It is currently configured to do a workflow dispatch that expects you to choose whether you want bicep or terraform as well as a target environment. Terraform is currently tested. | |
| The infra plan and apply pipeline is a pipeline to deploy the infrastructure necessary for the Azure Open AI Workshop to run. It is currently configured to do a workflow dispatch that expects you to choose whether you want bicep or terraform as well as a target environment. Terraform is currently tested. |
|
|
||
| ## Documentation | ||
|
|
||
| - � **[Vite Migration Guide](VITE_MIGRATION.md)** - Complete migration details |
There was a problem hiding this comment.
There is a malformed/invalid character ('�') in the bulleted list which will render incorrectly. Replace it with the intended emoji/icon (e.g., '📚') or remove it.
Suggested change
| - � **[Vite Migration Guide](VITE_MIGRATION.md)** - Complete migration details | |
| - 📚 **[Vite Migration Guide](VITE_MIGRATION.md)** - Complete migration details |
| @@ -0,0 +1,25 @@ | |||
| [project] | |||
| name = "applications" | |||
There was a problem hiding this comment.
This project name is very generic and duplicates the name used in agentic_ai/applications/pyproject.toml, which can be confusing for tooling and packaging. Rename this to something domain-specific (e.g., fraud-detection-workflow) to avoid collisions.
Suggested change
| name = "applications" | |
| name = "fraud-detection-workflow" |
|
|
||
| - **Version**: 1.0.0 | ||
| - **Status**: ✅ Production Ready | ||
| - **Python**: 3.10+ |
There was a problem hiding this comment.
This quick reference states Python 3.10+, but the updated pyproject.toml requirements in this PR set Python to >=3.12. Update this line to match the actual supported/runtime requirement.
Suggested change
| - **Python**: 3.10+ | |
| - **Python**: >=3.12 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive DevOps setup for automated infrastructure management, container builds, and deployment workflows, primarily targeting Azure environments. It adds several GitHub Actions workflows for building and deploying Docker containers, managing infrastructure with Terraform and Bicep, orchestrating full deployments, and cleaning up resources. Additionally, it includes configuration for development containers and improved ignore files for local and CI tooling.
The most important changes are:
CI/CD Workflows and Automation:
.github/workflows/orchestrate.ymlto orchestrate the full deployment pipeline, coordinating container builds, infrastructure deployment, and destruction across different environments..github/workflows/infrastructure.ymlfor deploying infrastructure using either Terraform or Bicep, with outputs to support integration testing..github/workflows/destroy.ymlto automate the destruction of cloud resources for environment cleanup..github/workflows/docker-fastapi.yml) and MCP (.github/workflows/docker-mcp.yml). [1] [2]Development Environment and Documentation:
.devcontainer/devcontainer.jsonto define a reproducible development environment with Python, Azure CLI, Docker, Terraform, and GitHub CLI support..github/workflows/readme.mdto document the requirements and setup for the infrastructure workflows, including necessary environment variables and Azure prerequisites.Tooling and Ignore Files:
.azdignoreand.lycheeignoreto exclude local Azure state, dev servers, and known problematic files from version control and link checking. [1] [2]This pull request introduces comprehensive automation for building, deploying, testing, and destroying infrastructure and Docker containers for the Azure OpenAI Workshop project. It adds GitHub Actions workflows for orchestrating full deployments, container builds, infrastructure provisioning (with both Terraform and Bicep), integration testing, and destruction. Additionally, it improves developer experience with a new dev container configuration and updates ignore files for local and Azure-specific state.CI/CD Automation and Orchestration:
.github/workflows/orchestrate.ymlto orchestrate end-to-end deployment, including preflight resource checks, container builds, infrastructure deployment, and destruction, with environment selection logic for dev, test, and prod..github/workflows/infrastructure.ymlfor infrastructure provisioning and testing, supporting both Terraform and Bicep, and running integration tests after deployment..github/workflows/destroy.ymlfor automated teardown of workshop infrastructure, supporting both Terraform and Bicep workflows.Container Build Automation:
.github/workflows/docker-fastapi.ymland.github/workflows/docker-mcp.ymlfor building and pushing Docker images for the FastAPI backend and MCP services, including tagging and registry logic. [1] [2]Developer Experience and Documentation:
.devcontainer/devcontainer.jsonfor a ready-to-use VS Code dev container with Python, Azure CLI, Terraform, and other tools, plus support for secrets and extensions..github/workflows/readme.mddocumenting CI/CD requirements, environment variables, and Azure setup for infrastructure workflows.Ignore Files and Local State Management:
.azdignoreand.lycheeignoreto exclude Azure CLI local state,.azuredirectories, localhost URLs, and specific files from link checking and deployment. [1] [2]