Draft
Conversation
weikanglim
pushed a commit
that referenced
this pull request
Oct 24, 2024
Fix typo by changing "DbMysql" to "DbMySql"
weikanglim
pushed a commit
that referenced
this pull request
Mar 9, 2026
) * feat(azdext): add P1 core extension primitives Implements Azure#6944 core primitives for token provider, scope detection, resilient HTTP client, and pagination with tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): harden P1 primitives after quality review Addresses MQ findings for Azure#6944: bounded response reads, nextLink SSRF protections, retry/body semantics, token-over-http guard, deterministic scope rules, and added regression tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: fix preflight blockers for PR1 Apply required gofmt and cspell updates so mage preflight passes for draft PR Azure#6954. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * security: harden core primitives against hack scan findings - mcp_security: tighten input validation and error handling - pagination: add bounds checking on page parameters - resilient_http_client: strengthen TLS config and timeout enforcement - resilient_http_client_test: add security-path test coverage * fix: address profile review findings for stacked PR Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): satisfy lint and cspell checks Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): remediate hack findings Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address copilot review feedback on PR 6954 - block hostname redirects that resolve to private/loopback IPs\n- return explicit nil-client error in stdHTTPDoer path\n- honor MaxRetries=0 as no retries; use negative as default sentinel\n- update TokenProvider usage snippet to current API\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address follow-up Copilot feedback on PR 6954 - tighten backoff jitter upper bound\n- require absolute HTTPS nextLink\n- return explicit oversized page response error\n- align OnBlocked docs with implemented actions\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: retrigger CI for PR Azure#6954 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: retrigger CI for transient external failures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): address actionable main PR review items - remove mutable redirect lookup test hook via injected helper - document scope detector servicebus ambiguity and ACR scope semantics - use slices.Sort for deterministic custom rule ordering - clarify TokenProvider usage guidance Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): address remaining maintainer review items Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(agents): remove unrelated whitespace-only changes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): redact blocked URL details in policy callback path Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(azdext): add x-ms-client-request-id and align resilient headers Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review feedback from wbreza - Prepend custom scope rules before defaults so overrides work (#1) - Redact URL query params in ScopeDetectorError to prevent leaking secrets (#2) - Add versioned User-Agent string, make configurable via ResilientClientOptions (#3) - Set done=true on Collect truncation to prevent surprise continuation (#4) - Add azdext SDK version constant (version.go) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
weikanglim
pushed a commit
that referenced
this pull request
Mar 26, 2026
* Add auth pre-flight validation for agents (Azure#7234) Add --check flag to 'azd auth token' for lightweight auth validation. Agents can call 'azd auth token --check' to validate authentication state with exit code 0 (valid) or non-zero (invalid) without producing standard output. This prevents costly retry loops where agents speculatively call auth token and parse errors. Enhance 'azd auth status --output json' to include expiresOn field, giving agents machine-readable token expiry information for proactive re-authentication. Improve LoginGuardMiddleware to wrap ErrNoCurrentUser with actionable ErrorWithSuggestion guidance, while preserving original error types for cancellations and transient failures. Changes: - cmd/auth_token.go: Add --check flag with early-exit validation - cmd/auth_token_test.go: Add 3 test cases (check success/failure/not-logged-in) - cmd/auth_status.go: Populate ExpiresOn from token validation - pkg/contracts/auth.go: Add ExpiresOn field to StatusResult - cmd/middleware/login_guard.go: Wrap ErrNoCurrentUser with suggestion Fixes Azure#7234 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: remove redundant branches, add expiresOn tests - Remove redundant 'if a.flags.check' branches in auth_token.go that duplicated the same return (Copilot review comment #2) - Add StatusResult JSON serialization tests verifying expiresOn is present when authenticated and omitted when unauthenticated (Copilot review comment #3) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor: replace auth token --check with auth status exit code (Azure#7234) Instead of adding a --check flag to the hidden 'auth token' command, make the existing 'auth status --output json' command agent-friendly: - Exit non-zero when unauthenticated in machine-readable mode, so agents can rely on exit code without parsing output - expiresOn field already added to StatusResult in this PR - Remove --check flag and its tests (net -90 lines) Agents can now validate auth with: azd auth status --output json # exit 0 + JSON with expiresOn = valid # exit 1 + JSON with status:unauthenticated = invalid This is more discoverable than a hidden flag on a hidden command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove tmp/ from tracking, add to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert "Remove tmp/ from tracking, add to .gitignore" This reverts commit 7253f21. * Remove tmp/ files from PR (not part of Azure#7234) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review: exit non-zero in both modes, fix double output Per @JeffreyCA feedback: - Return auth.ErrNoCurrentUser when unauthenticated in both JSON and interactive modes (exit non-zero in all cases) - In JSON mode, format output before returning error to avoid double-print - In interactive mode, show status UX then exit non-zero Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert non-zero exit for unauthenticated status Per @vhvb1989 feedback: unauthenticated is a valid result, not a command failure. Non-zero exit should only be for unexpected errors. The expiresOn and LoginGuardMiddleware improvements remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
weikanglim
pushed a commit
that referenced
this pull request
Apr 13, 2026
…zure#7566) * Add azd-preflight and sensei Copilot skills with waza eval infrastructure - Add azd-preflight skill: runs mage preflight and auto-fixes failures across all 8 checks (gofmt, go fix, copyright, lint, cspell, build, unit tests, playback tests) with iterative fix-then-rerun cycles - Add sensei skill: evaluates and improves skill quality using waza - Add waza eval suite for azd-preflight (8 test tasks: 3 happy-path, 2 edge-case, 3 anti-trigger) - Add skill-eval CI workflow for PR validation - Update CONTRIBUTING.md and AGENTS.md with preflight skill references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: gate CI on skill compliance and handle cwd detection - Remove || true from waza check/run steps so CI properly gates on compliance and eval failures (review threads #1, #2) - Detect whether cwd is repo root or cli/azd/ before running mage preflight (review thread #4) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: skip eval suite in CI when copilot CLI is unavailable waza run requires the GitHub Copilot CLI to execute eval suites. In CI environments where copilot is not installed, the step now detects this and exits gracefully with a warning instead of failing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review - remove eval suite and CI, condense skill descriptions - Remove eval suite and CI workflow per reviewer recommendation to split evaluation infrastructure into a follow-up PR - Condense SKILL.md descriptions to routing signals (not impl details) - Clarify sensei scope to .github/skills/ boundary - Add version strategy comments to both skills Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
weikanglim
pushed a commit
that referenced
this pull request
Apr 13, 2026
…zure#7501) * fix: gracefully handle missing AKS cluster during postprovision hook When infrastructure doesn't include AKS resources, the postprovision lifecycle hook in the AKS service target fails fatally trying to set up the Kubernetes context. This is expected in multi-phase provisioning workflows where AKS gets provisioned later. Modified setK8sContext() to detect the postprovision event and skip gracefully (with a user-visible warning) instead of failing when: - GetTargetResource returns an error (resource not found) - Target resource has an empty name (SupportsDelayedProvisioning) - Cluster credentials are unavailable (ensureClusterContext fails) - Namespace creation fails (ensureNamespace fails) The predeploy event path is unchanged and still fails fatally, ensuring deployment-time errors are not masked. Extracted skipPostprovisionK8sSetup() helper to eliminate repeated warning/log/return-nil pattern across all four skip points. Fixes Azure#3272 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * address review: propagate ctx cancellation, add namespace failure test - skipPostprovisionK8sSetup now checks ctx.Err() before returning nil to avoid swallowing context cancellation/timeouts (Ctrl+C) - Added Test_Postprovision_Skips_When_Namespace_Fails covering the ensureNamespace failure path during postprovision Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * refactor: address MQ review — typed constant, DRY helper, ctx cancellation test - Replace magic string 'postprovision' with typed postProvisionEvent constant - Extract postprovisionK8sError() helper to eliminate 4 identical if-blocks - Add nil-guard on targetResource before calling ResourceName() - Fix log.Printf double newline and redundant .Error() call - Add Test_Postprovision_Propagates_Context_Cancellation to cover the ctx.Err() safety valve in skipPostprovisionK8sSetup Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address review feedback — event guards, constants, test assertions - Route targetResource==nil through event-aware postprovisionK8sError so predeploy doesn't silently skip (thread #1, High) - Add preDeployEvent constant replacing raw "predeploy" strings for consistency with postProvisionEvent (thread #2) - Add console message assertions to graceful-skip tests verifying the warning was actually emitted (thread #3) - Add predeploy failure tests for credential and namespace error paths confirming errors propagate for non-postprovision events (thread #4) - Refactor createAksServiceTarget to delegate to createAksServiceTargetWithResourceManager, eliminating ~40 lines of duplication (thread #5) - Add structured telemetry span (AksPostprovisionSkipEvent) to the graceful-skip path for production monitoring (thread #6) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address re-review - telemetry span, DRY assertions, ErrorContains - Use span.End() with skip.reason attribute instead of EndWithStatus() to avoid marking intentional skips as errors in telemetry dashboards - Extract assertSkipWarningEmitted helper to deduplicate console assertion blocks across two test functions - Add ErrorContains assertion in Test_Predeploy_Fails_When_Credentials_Fail for consistency with sibling namespace test Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: narrow postprovision graceful skip to not-found only Address @weikanglim's feedback: limit the graceful skip path to the explicit delayed-provisioning case (empty ResourceName) only. GetTargetResource, ensureClusterContext, and ensureNamespace errors now propagate during postprovision — real failures are no longer masked. Removed postprovisionK8sError helper. Fixed gofmt import ordering. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.