Proposal on how to add Azure SDK information to skills (#791)

* Add Azure SDK information to security and storage skills

- Add Azure SDK package tables for Identity, Key Vault, and Storage
- Add quick start code examples for all 6 languages (Python, JavaScript, C#, Java, Go, Rust)
- Include installation commands for each language
- Security skill: Key Vault secrets examples with identity authentication
- Storage skill: Blob download examples with identity authentication

* Add SDK integration tests for azure-storage and azure-security skills

* Fix ESLint errors: use 'unknown' type instead of 'any' for error handling

* Update plugin/skills/azure-storage/SKILL.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update plugin/skills/azure-security/SKILL.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update plugin/skills/azure-security/SKILL.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Remove secret logging from Quick Start examples - store in variable instead

* Add note explaining Rust uses DeveloperToolsCredential (no DefaultAzureCredential equivalent)

* Add full Go imports to azure-storage example for consistency

* Address PR review feedback: move SDK to references, add imports, fix formatting

- Move SDK sections to references/sdk-usage.md for progressive disclosure
- Add C# using directives to code examples
- Add Java wildcard imports to reduce verbosity
- Restore blank lines between MCP and CLI sections
- Revert error handling to e: any for codebase consistency

* chore: add eslint-disable comments for e: any pattern

* chore: match existing integration test pattern (no eslint-disable)

* fix: use e: unknown pattern for ESLint compliance

* docs: add inline summary for SDK reference sections

* Update plugin/skills/azure-storage/references/sdk-usage.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Remove SDK integration tests that don't match skill triggers

The SDK content is in reference files (progressive disclosure) that are
shown when the skill is already invoked. SDK-specific prompts like
'How do I use the Azure SDK...' don't reliably trigger the storage or
prepare skills since their descriptions focus on service management,
not SDK usage.

Integration tests should test what triggers the skill, not what content
is inside the skill after it's invoked.

* Add SDK-related integration tests for azure-storage and azure-prepare

- azure-storage: Add blob SDK usage test with prompt that triggers at 100%
- azure-storage: Skip pre-existing failing storage tiers test
- azure-prepare: Add Key Vault secrets integration test (100%)
- azure-prepare: Add Azure Identity authentication test (100%)

Test results:
- azure-storage: 2 passed, 1 skipped
- azure-prepare: 4 passed

* Rename 'SDK Access' to 'Connection Patterns' for consistency

* Skip pre-existing failing storage tiers test with better explanation

The storage tiers test was already failing (0% invocation) in main,
but appeared to pass because the SDK couldn't load due to missing
ESM configuration. Now that ESM works, the test actually runs and
reveals the prompt doesn't trigger the azure-storage skill.

Restored original prompt from main and skipped until fixed.

* Add access tiers to azure-storage skill description

Added 'access tiers (hot, cool, archive) and lifecycle management' to
the skill description to improve trigger matching for storage tier prompts.

This fixes the pre-existing storage tiers integration test that was
failing at 20% invocation rate (now passes at 60%).

* Update SDK examples to upload, fix review issues, revert lockfile churn

- Changed all SDK quick-start examples from blob download to upload (simpler)

- Added missing 'import os' in Python examples (storage.md, key-vault.md)

- Fixed invalid C# string interpolation in storage.md

- Reverted unrelated package-lock.json peer:true changes

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: ronniegeraghty

plugin/skills/azure-prepare/references/security.md

@@ -221,6 +221,25 @@ Use Microsoft Defender for Cloud for:
 
 ---
 
+## Azure Identity SDK
+
+All Azure SDKs use their language's Identity library for credential-free authentication via `DefaultAzureCredential` or managed identity. Rust uses `DeveloperToolsCredential` as it doesn't have a `DefaultAzureCredential` equivalent.
+
+| Language | Package | Install |
+|----------|---------|---------|
+| .NET | `Azure.Identity` | `dotnet add package Azure.Identity` |
+| Java | `azure-identity` | Maven: `com.azure:azure-identity` |
+| JavaScript | `@azure/identity` | `npm install @azure/identity` |
+| Python | `azure-identity` | `pip install azure-identity` |
+| Go | `azidentity` | `go get github.com/Azure/azure-sdk-for-go/sdk/azidentity` |
+| Rust | `azure_identity` | `cargo add azure_identity` |
+
+For Key Vault SDK examples, see: [key-vault.md](services/key-vault.md)
+
+For Storage SDK examples, see: [storage.md](services/storage.md)
+
+---
+
 ## Further Reading
 
 - [Key Vault documentation](https://learn.microsoft.com/azure/key-vault/general/overview)

plugin/skills/azure-prepare/references/services/key-vault.md

@@ -117,48 +117,102 @@ secrets: [
 ]
 ```
 
-## SDK Access
+## Connection Patterns
 
-### Node.js
+### SDK Packages
 
-```javascript
-const { SecretClient } = require("@azure/keyvault-secrets");
-const { DefaultAzureCredential } = require("@azure/identity");
+| Language | Secrets | Keys | Certificates |
+|----------|---------|------|--------------|
+| .NET | `Azure.Security.KeyVault.Secrets` | `Azure.Security.KeyVault.Keys` | `Azure.Security.KeyVault.Certificates` |
+| Java | `azure-security-keyvault-secrets` | `azure-security-keyvault-keys` | `azure-security-keyvault-certificates` |
+| JavaScript | `@azure/keyvault-secrets` | `@azure/keyvault-keys` | `@azure/keyvault-certificates` |
+| Python | `azure-keyvault-secrets` | `azure-keyvault-keys` | `azure-keyvault-certificates` |
+| Go | `azsecrets` | `azkeys` | `azcertificates` |
+| Rust | `azure_security_keyvault_secrets` | `azure_security_keyvault_keys` | `azure_security_keyvault_certificates` |
+
+### JavaScript
 
-const client = new SecretClient(
-  process.env.KEY_VAULT_URL,
-  new DefaultAzureCredential()
-);
+```javascript
+import { DefaultAzureCredential } from "@azure/identity";
+import { SecretClient } from "@azure/keyvault-secrets";
 
+const client = new SecretClient(process.env.KEY_VAULT_URL, new DefaultAzureCredential());
 const secret = await client.getSecret("database-connection-string");
-console.log(secret.value);
+// Use secret.value securely - do not log secrets
 ```
 
 ### Python
 
 ```python
+import os
 from azure.keyvault.secrets import SecretClient
 from azure.identity import DefaultAzureCredential
 
-client = SecretClient(
-    vault_url=os.environ["KEY_VAULT_URL"],
-    credential=DefaultAzureCredential()
-)
-
+client = SecretClient(vault_url=os.environ["KEY_VAULT_URL"], credential=DefaultAzureCredential())
 secret = client.get_secret("database-connection-string")
-print(secret.value)
+# Use secret.value securely - do not log secrets
 ```
 
-### .NET
+### C#
 
 ```csharp
-var client = new SecretClient(
-    new Uri(Environment.GetEnvironmentVariable("KEY_VAULT_URL")),
-    new DefaultAzureCredential()
-);
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
 
+var client = new SecretClient(new Uri(Environment.GetEnvironmentVariable("KEY_VAULT_URL")), new DefaultAzureCredential());
 KeyVaultSecret secret = await client.GetSecretAsync("database-connection-string");
-Console.WriteLine(secret.Value);
+// Use secret.Value securely - do not log secrets
+```
+
+### Java
+
+```java
+import com.azure.identity.*;
+import com.azure.security.keyvault.secrets.*;
+import com.azure.security.keyvault.secrets.models.*;
+
+SecretClient client = new SecretClientBuilder()
+    .vaultUrl(System.getenv("KEY_VAULT_URL"))
+    .credential(new DefaultAzureCredentialBuilder().build())
+    .buildClient();
+KeyVaultSecret secret = client.getSecret("database-connection-string");
+// Use secret.getValue() securely - do not log secrets
+```
+
+### Go
+
+```go
+package main
+
+import (
+    "context"
+    "os"
+
+    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+    "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
+)
+
+func main() {
+    cred, _ := azidentity.NewDefaultAzureCredential(nil)
+    client, _ := azsecrets.NewClient(os.Getenv("KEY_VAULT_URL"), cred, nil)
+
+    resp, _ := client.GetSecret(context.Background(), "database-connection-string", "", nil)
+    // Use *resp.Value securely - do not log secrets
+}
+```
+
+### Rust
+
+Note: Rust uses `DeveloperToolsCredential` as it doesn't have a `DefaultAzureCredential` equivalent.
+
+```rust
+use azure_identity::DeveloperToolsCredential;
+use azure_security_keyvault_secrets::SecretClient;
+
+let credential = DeveloperToolsCredential::new(None)?;
+let client = SecretClient::new(std::env::var("KEY_VAULT_URL")?, credential.clone(), None)?;
+let secret = client.get_secret("database-connection-string", None).await?.into_model()?;
+// Use secret.value securely - do not log secrets
 ```
 
 ## Environment Variables

plugin/skills/azure-prepare/references/services/storage.md

@@ -137,35 +137,122 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2023-0
 
 ## Connection Patterns
 
-### Node.js
+### SDK Packages
+
+| Language | Blob | Queue | File Share | Data Lake |
+|----------|------|-------|------------|-----------|
+| .NET | `Azure.Storage.Blobs` | `Azure.Storage.Queues` | `Azure.Storage.Files.Shares` | `Azure.Storage.Files.DataLake` |
+| Java | `azure-storage-blob` | `azure-storage-queue` | `azure-storage-file-share` | `azure-storage-file-datalake` |
+| JavaScript | `@azure/storage-blob` | `@azure/storage-queue` | `@azure/storage-file-share` | `@azure/storage-file-datalake` |
+| Python | `azure-storage-blob` | `azure-storage-queue` | `azure-storage-file-share` | `azure-storage-file-datalake` |
+| Go | `azblob` | `azqueue` | `azfile` | `azdatalake` |
+| Rust | `azure_storage_blob` | `azure_storage_queue` | - | - |
+
+### JavaScript
 
 ```javascript
-const { BlobServiceClient } = require("@azure/storage-blob");
+import { DefaultAzureCredential } from "@azure/identity";
+import { BlobServiceClient } from "@azure/storage-blob";
 
-const blobServiceClient = BlobServiceClient.fromConnectionString(
-  process.env.AZURE_STORAGE_CONNECTION_STRING
+const client = new BlobServiceClient(
+    `https://${process.env.AZURE_STORAGE_ACCOUNT}.blob.core.windows.net`,
+    new DefaultAzureCredential()
 );
-const containerClient = blobServiceClient.getContainerClient("uploads");
+const container = client.getContainerClient("uploads");
+const blob = container.getBlockBlobClient("my-file.txt");
+await blob.uploadData(Buffer.from("Hello, Azure Storage!"));
 ```
 
 ### Python
 
 ```python
+import os
+from azure.identity import DefaultAzureCredential
 from azure.storage.blob import BlobServiceClient
 
-blob_service_client = BlobServiceClient.from_connection_string(
-    os.environ["AZURE_STORAGE_CONNECTION_STRING"]
+service = BlobServiceClient(
+    account_url=f"https://{os.environ['AZURE_STORAGE_ACCOUNT']}.blob.core.windows.net",
+    credential=DefaultAzureCredential()
 )
-container_client = blob_service_client.get_container_client("uploads")
+container = service.get_container_client("uploads")
+blob = container.get_blob_client("my-file.txt")
+blob.upload_blob(b"Hello, Azure Storage!", overwrite=True)
 ```
 
-### .NET
+### C#
 
 ```csharp
-var blobServiceClient = new BlobServiceClient(
-    Environment.GetEnvironmentVariable("AZURE_STORAGE_CONNECTION_STRING")
+using Azure.Identity;
+using Azure.Storage.Blobs;
+
+var accountName = Environment.GetEnvironmentVariable("AZURE_STORAGE_ACCOUNT");
+var client = new BlobServiceClient(
+    new Uri($"https://{accountName}.blob.core.windows.net"),
+    new DefaultAzureCredential()
 );
-var containerClient = blobServiceClient.GetBlobContainerClient("uploads");
+var container = client.GetBlobContainerClient("uploads");
+var blob = container.GetBlobClient("my-file.txt");
+await blob.UploadAsync(BinaryData.FromString("Hello, Azure Storage!"), overwrite: true);
+```
+
+### Java
+
+```java
+import com.azure.identity.*;
+import com.azure.storage.blob.*;
+import com.azure.core.util.BinaryData;
+
+BlobServiceClient client = new BlobServiceClientBuilder()
+    .endpoint("https://" + System.getenv("AZURE_STORAGE_ACCOUNT") + ".blob.core.windows.net")
+    .credential(new DefaultAzureCredentialBuilder().build())
+    .buildClient();
+BlobContainerClient container = client.getBlobContainerClient("uploads");
+BlobClient blob = container.getBlobClient("my-file.txt");
+blob.upload(BinaryData.fromString("Hello, Azure Storage!"), true);
+```
+
+### Go
+
+```go
+package main
+
+import (
+    "context"
+    "os"
+
+    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+    "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
+)
+
+func main() {
+    cred, _ := azidentity.NewDefaultAzureCredential(nil)
+    client, _ := azblob.NewClient(
+        "https://"+os.Getenv("AZURE_STORAGE_ACCOUNT")+".blob.core.windows.net",
+        cred, nil,
+    )
+    data := []byte("Hello, Azure Storage!")
+    _, _ = client.UploadBuffer(context.Background(), "uploads", "my-file.txt", data, nil)
+}
+```
+
+### Rust
+
+Note: Rust uses `DeveloperToolsCredential` as it doesn't have a `DefaultAzureCredential` equivalent.
+
+```rust
+use azure_identity::DeveloperToolsCredential;
+use azure_storage_blob::{BlobClient, BlobClientOptions};
+
+let credential = DeveloperToolsCredential::new(None)?;
+let blob_client = BlobClient::new(
+    &format!("https://{}.blob.core.windows.net/", std::env::var("AZURE_STORAGE_ACCOUNT")?),
+    "uploads",
+    "my-file.txt",
+    Some(credential),
+    Some(BlobClientOptions::default()),
+)?;
+let data = b"Hello, Azure Storage!";
+blob_client.upload(None, data.to_vec().into()).await?;
 ```
 
 ## Managed Identity Access

plugin/skills/azure-storage/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: azure-storage
-description: Azure Storage Services including Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake. Provides object storage, SMB file shares, async messaging, NoSQL key-value, and big data analytics capabilities.
+description: Azure Storage Services including Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake. Provides object storage, SMB file shares, async messaging, NoSQL key-value, and big data analytics capabilities. Includes access tiers (hot, cool, archive) and lifecycle management.
 ---
 
 # Azure Storage Services
@@ -78,3 +78,7 @@ For deep documentation on specific services:
 - Blob storage patterns and lifecycle -> [Blob Storage documentation](https://learn.microsoft.com/azure/storage/blobs/storage-blobs-overview)
 - File shares and Azure File Sync -> [Azure Files documentation](https://learn.microsoft.com/azure/storage/files/storage-files-introduction)
 - Queue patterns and poison handling -> [Queue Storage documentation](https://learn.microsoft.com/azure/storage/queues/storage-queues-introduction)
+
+## Azure SDKs
+
+For building applications that interact with Azure Storage programmatically, Azure provides SDK packages in multiple languages (.NET, Java, JavaScript, Python, Go, Rust). See [SDK Usage Guide](references/sdk-usage.md) for package names, installation commands, and quick start examples.