latest updates

.devcontainer/devcontainer.json

@@ -5,12 +5,20 @@
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
 	"image": "mcr.microsoft.com/devcontainers/python:0-3.11",
 	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {
+			"version": "latest"
+		},
 		"ghcr.io/devcontainers/features/python:1": {},
 		"ghcr.io/devcontainers-extra/features/black:2": {},
-		"ghcr.io/devcontainers/features/azure-cli:1": {},
+		"ghcr.io/devcontainers/features/azure-cli:1": {
+			"installBicep": true,
+			"installUsingPython": true,
+			"version": "2.72.0",
+			"bicepVersion": "latest"			
+		},
 		"ghcr.io/devcontainers/features/terraform:1": {},
-		"ghcr.io/devcontainers/features/powershell:1": {}
-		"ghcr.io/devcontainers-extra/features/black:2": {}
+		"ghcr.io/devcontainers/features/powershell:1": {},
+		"ghcr.io/azure/azure-dev/azd:latest": {}
 	},
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},

.github/copilot-instructions.md

@@ -1,3 +1,7 @@
+---
+applyTo: '**'
+---
+
 # REPO SPECIFIC INSTRUCTIONS
 
 ---

.github/instructions/javascript-lang.instructions.md

@@ -0,0 +1,21 @@
+---
+applyTo: '**/*.js'
+---
+
+# JavaScript Language Guide
+
+- Files should start with a comment of the file name. Ex: `// functions_personal_agents.js`
+
+- Imports should be grouped at the top of the document after the module docstring, unless otherwise indicated by the user or for performance reasons in which case the import should be as close as possible to the usage with a documented note as to why the import is not at the top of the file.
+
+- Use 4 spaces per indentation level. No tabs.
+
+- Code and definitions should occur after the imports block.
+
+- Use camelCase for variable and function names. Ex: `myVariable`, `getUserData()`
+
+- Use PascalCase for class names. Ex: `MyClass`
+
+- Do not use display:none. Instead add and remove the d-none class when hiding or showing elements.
+
+- Prefer inline html notifications or toast messages using Bootstrap alert classes over browser alert() calls.

.github/instructions/location_of_feature_documentation.instructions.md

@@ -7,7 +7,7 @@ applyTo: '**'
 ## Documentation Directory
 All new feature documentation should be placed in:
 ```
-..\docs\features\
+..\docs\explanation\features\
 ```
 
 ## File Naming Convention

.github/instructions/location_of_fix_documentation.instructions.md

@@ -7,7 +7,7 @@ applyTo: '**'
 ## Documentation Directory
 All bug fixes and issue resolution documentation should be placed in:
 ```
-..\docs\fixes\
+..\docs\explanation\fixes\
 ```
 
 ## File Naming Convention

.github/instructions/python-lang.instructions.md

@@ -0,0 +1,15 @@
+---
+applyTo: '**/*.py'
+---
+
+# Python Language Guide
+
+- Files should start with a comment of the file name. Ex: `# functions_personal_agents.py`
+
+- Imports should be grouped at the top of the document after the module docstring, unless otherwise indicated by the user or for performance reasons in which case the import should be as close as possible to the usage with a documented note as to why the import is not at the top of the file.
+
+- Use 4 spaces per indentation level. No tabs.
+
+- Code and definitions should occur after the imports block.
+
+- Prefer log_event from functions_appinsights.py for logging activites.

.github/instructions/santize_settings_for_frontend_routes.instructions.md

@@ -0,0 +1,143 @@
+---
+applyTo: '**'
+---
+
+# Security: Sanitize Settings for Frontend Routes
+
+## Critical Security Requirement
+
+**NEVER send raw settings or configuration data directly to the frontend without sanitization.**
+
+## Rule: Always Sanitize Settings Before Sending to Browser
+
+When building or working with Python frontend routes (Flask routes that render templates or return JSON to the browser), **ALL settings data MUST be sanitized** before being sent to prevent exposure of:
+- API keys
+- Connection strings
+- Secrets and passwords
+- Internal configuration details
+- Database credentials
+- Any other sensitive information
+
+## Required Pattern
+
+### Exception: Admin Routes should NEVER be sanitized as it breaks many admin features.
+
+### ✅ CORRECT - Sanitize Before Sending
+```python
+from functions_settings import get_settings, sanitize_settings_for_user
+
+@app.route('/some-page')
+def some_page():
+    # Get raw settings
+    settings = get_settings()
+
+    # Sanitize before sending to frontend
+    public_settings = sanitize_settings_for_user(settings)
+
+    # Use sanitized settings in template
+    return render_template('some_page.html', 
+                         app_settings=public_settings,
+                         settings=public_settings)
+```
+
+### ❌ INCORRECT - Never Send Raw Settings
+```python
+# DANGEROUS - Exposes secrets to browser!
+@app.route('/some-page')
+def some_page():
+    settings = get_settings()
+    return render_template('some_page.html', 
+                         app_settings=settings)  # ❌ NEVER DO THIS
+```
+
+## When This Rule Applies
+
+Apply this rule for:
+- **Any route** that renders an HTML template (`render_template()`)
+- **Any API endpoint** that returns JSON data containing settings (`jsonify()`)
+- **Any frontend route** that passes configuration data to JavaScript
+- **Dashboard/admin pages** that display configuration information
+- **Settings/configuration pages** where users view system settings
+
+## Implementation Checklist
+
+When creating or modifying frontend routes:
+1. ✅ Import `sanitize_settings_for_user` from `functions_settings`
+2. ✅ Call `get_settings()` to retrieve raw settings
+3. ✅ Call `sanitize_settings_for_user(settings)` to create safe version
+4. ✅ Pass only the sanitized version to `render_template()` or `jsonify()`
+5. ✅ Verify no raw settings objects bypass sanitization
+
+## Examples from Codebase
+
+### Control Center Route
+```python
+from functions_settings import get_settings, sanitize_settings_for_user
+
+@app.route('/admin/control-center', methods=['GET'])
+@login_required
+@admin_required
+def control_center():
+    # Get settings for configuration data
+    settings = get_settings()
+    public_settings = sanitize_settings_for_user(settings)
+
+    # Get statistics
+    stats = get_control_center_statistics()
+
+    # Send only sanitized settings to frontend
+    return render_template('control_center.html', 
+                         app_settings=public_settings, 
+                         settings=public_settings,
+                         statistics=stats)
+```
+
+### API Endpoint Pattern
+```python
+@app.route('/api/get-config', methods=['GET'])
+@login_required
+def get_config():
+    settings = get_settings()
+    public_settings = sanitize_settings_for_user(settings)
+
+    return jsonify({
+        'success': True,
+        'config': public_settings
+    })
+```
+
+## What Gets Sanitized
+
+The `sanitize_settings_for_user()` function removes or masks:
+- Azure OpenAI API keys
+- Cosmos DB connection strings
+- Azure Search admin keys
+- Document Intelligence keys
+- Authentication secrets
+- Internal endpoint URLs
+- Database credentials
+- Any field containing 'key', 'secret', 'password', 'connection', etc.
+
+## Security Impact
+
+**Failure to sanitize settings can result in:**
+- 🚨 Exposure of API keys in browser DevTools/Network tab
+- 🚨 Secrets visible in HTML source code
+- 🚨 Credentials leaked in JavaScript variables
+- 🚨 Potential unauthorized access to Azure resources
+- 🚨 Security vulnerabilities and data breaches
+
+## Code Review Checklist
+
+When reviewing code, verify:
+- [ ] No `get_settings()` result is sent directly to frontend
+- [ ] `sanitize_settings_for_user()` is called before rendering
+- [ ] Template variables receiving settings use sanitized version
+- [ ] API responses containing config use sanitized data
+- [ ] No raw config objects in `render_template()` or `jsonify()` calls
+
+## Related Functions
+
+- `get_settings()` - Returns raw settings (DO NOT send to frontend)
+- `sanitize_settings_for_user(settings)` - Returns safe settings (OK to send to frontend)
+- Location: `functions_settings.py`

.github/instructions/update_release_notes.instructions.md

@@ -0,0 +1,90 @@
+---
+applyTo: '**'
+---
+
+# Release Notes Update Instructions
+
+## When to Update Release Notes
+
+After completing a code change (bug fix, new feature, enhancement, or breaking change), always ask the user:
+
+**"Would you like me to update the release notes in `docs/explanation/release_notes.md`?"**
+
+## If the User Confirms Yes
+
+Update the release notes file following these guidelines:
+
+### 1. Location
+Release notes are located at: `docs/explanation/release_notes.md`
+
+### 2. Version Placement
+- Add new entries under the **current version** from `config.py`
+- If the version has changed, create a new version section at the TOP of the file
+- Format: `### **(vX.XXX.XXX)**`
+
+### 3. Entry Categories
+
+Organize entries under the appropriate category:
+
+#### New Features
+```markdown
+#### New Features
+
+*   **Feature Name**
+    *   Brief description of what the feature does and its benefits.
+    *   Additional details about functionality or configuration.
+    *   (Ref: relevant files, components, or concepts)
+```
+
+#### Bug Fixes
+```markdown
+#### Bug Fixes
+
+*   **Fix Name**
+    *   Description of what was broken and how it was fixed.
+    *   Impact or affected areas.
+    *   (Ref: relevant files, functions, or components)
+```
+
+#### User Interface Enhancements
+```markdown
+#### User Interface Enhancements
+
+*   **Enhancement Name**
+    *   Description of UI/UX improvements.
+    *   (Ref: relevant templates, CSS, or JavaScript files)
+```
+
+#### Breaking Changes
+```markdown
+#### Breaking Changes
+
+*   **Change Name**
+    *   Description of what changed and why.
+    *   **Migration**: Steps users need to take (if any).
+```
+
+### 4. Entry Format Guidelines
+
+- **Bold the title** of each entry
+- Use bullet points for details
+- Include a `(Ref: ...)` line with relevant file names, functions, or concepts
+- Keep descriptions concise but informative
+- Focus on user-facing impact, not implementation details
+
+### 5. Example Entry
+
+```markdown
+*   **Custom Logo Display Fix**
+    *   Fixed issue where custom logos uploaded via Admin Settings would only display on the admin page but not on other pages (chat, sidebar, landing page).
+    *   Root cause was overly aggressive sanitization removing logo URLs from public settings.
+    *   (Ref: logo display, settings sanitization, template conditionals)
+```
+
+### 6. Checklist Before Updating
+
+- [ ] Confirm the current version in `config.py`
+- [ ] Determine the correct category (New Feature, Bug Fix, Enhancement, Breaking Change)
+- [ ] Write a clear, user-focused description
+- [ ] Include relevant file/component references
+- [ ] Place entry under the correct version section

.github/workflows/docker_image_publish.yml

@@ -1,4 +1,3 @@
-
 name: SimpleChat Docker Image Publish
 
 on:
@@ -8,36 +7,33 @@ on:
   workflow_dispatch:
 
 jobs:
-
   build:
-
     runs-on: ubuntu-latest
 
     steps:
     - name: Azure Container Registry Login
       uses: Azure/docker-login@v2
       with:
         # Container registry username
-        username: ${{ secrets.ACR_USERNAME }}
+        username: ${{ secrets.MAIN_ACR_USERNAME }}
         # Container registry password
-        password: ${{ secrets.ACR_PASSWORD }}
+        password: ${{ secrets.MAIN_ACR_PASSWORD }}
         # Container registry server url
-        login-server: ${{ secrets.ACR_LOGIN_SERVER }}
+        login-server: ${{ secrets.MAIN_ACR_LOGIN_SERVER }}
+    - name: Normalize branch name for tag
+      run: |
+        REF="${GITHUB_REF_NAME}"
+        SAFE=$(echo "$REF" \
+          | tr '[:upper:]' '[:lower:]' \
+          | sed 's#[^a-z0-9._-]#-#g' \
+          | sed 's/^-*//;s/-*$//' \
+          | cut -c1-128)
+        echo "BRANCH_TAG=$SAFE" >> "$GITHUB_ENV"
 
     - uses: actions/checkout@v3
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: 20
-    - name: Install Ajv
-      run: npm install ajv@^8.0.0 ajv-cli@^5.0.0
-    - name: Install Ajv
-      run: npm install ajv@^8.0.0 ajv-formats
-    - name: Generate standalone JSON schema validators
-      run: node scripts/generate-validators.mjs
     - name: Build the Docker image
       run:         
-        docker build . --file application/single_app/Dockerfile --tag ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_$GITHUB_RUN_NUMBER;
-        docker tag ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_$GITHUB_RUN_NUMBER ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:latest;
-        docker push ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_$GITHUB_RUN_NUMBER;
-        docker push ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:latest;
+        docker build . --file application/single_app/Dockerfile --tag ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_${BRANCH_TAG}_$GITHUB_RUN_NUMBER;
+        docker tag ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_${BRANCH_TAG}_$GITHUB_RUN_NUMBER ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:latest;
+        docker push ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:$(date +'%Y-%m-%d')_${BRANCH_TAG}_$GITHUB_RUN_NUMBER;
+        docker push ${{ secrets.ACR_LOGIN_SERVER }}/simple-chat:latest;