Merge branch 'main' into AVM_WAF_Integration

Author: alguadam

.azdo/pipelines/azure-dev.yml

@@ -2,8 +2,6 @@
 # Set this to the mainline branch you are using
 trigger:
   - main
-  - master
-  - feature/azd-semantickernel
 
 # Azure Pipelines workflow to deploy to Azure using azd
 # To configure required secrets and service connection for connecting to Azure, simply run `azd pipeline config --provider azdo`

.devcontainer/setupEnv.sh

@@ -1,5 +1,5 @@
 [flake8]
 max-line-length = 88
 extend-ignore = E501
-exclude = .venv, frontend
+exclude = .venv, frontend, src/backend/tests
 ignore = E203, W503, G004, G200, E402

.flake8

@@ -2,9 +2,7 @@ name: Azure Template Validation
 on:
   push:
     branches:
-      - dev
       - main
-      - feature/azd-semantickernel
   workflow_dispatch:
 
 permissions:
@@ -15,69 +13,19 @@ permissions:
 jobs:
   template_validation_job:
     runs-on: ubuntu-latest
-    name: Template validation
+    name: template validation
     steps:
-      # Step 1: Checkout the code from your repository
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-      # Step 2: Set up Python
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.9"
-
-      # Step 3: Create and populate the virtual environment
-      - name: Create virtual environment and install dependencies
-        run: |
-          python -m venv .venv
-          source .venv/bin/activate
-          python -m pip install --upgrade pip
-          pip install azure-mgmt-resource azure-identity azure-core azure-mgmt-subscription azure-cli-core
-          # Install any other dependencies that might be needed
-          pip freeze > requirements-installed.txt
-          echo "Virtual environment created with these packages:"
-          cat requirements-installed.txt
-
-      # Step 4: Create azd directory if it doesn't exist
-      - name: Create azd directory
-        run: |
-          mkdir -p ./.azd || true
-          touch ./.azd/.env || true
-
-      # Step 5: Validate the Azure template
-      - name: Validate Azure Template
-        uses: microsoft/[email protected]
+      - uses: microsoft/template-validation-action@Latest
         id: validation
         env:
-          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }}
-          AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
+          AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+          AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      # Step 6: Debug output in case of failure
-      - name: Debug on failure
-        if: failure()
-        run: |
-          echo "Validation failed. Checking environment:"
-          ls -la
-          if [ -d ".venv" ]; then
-            echo ".venv directory exists"
-            ls -la .venv/bin/
-          else
-            echo ".venv directory does not exist"
-          fi
-          if [ -d "tva_*" ]; then
-            echo "TVA directory exists:"
-            find . -name "tva_*" -type d
-            ls -la $(find . -name "tva_*" -type d)
-          else
-            echo "No TVA directory found"
-          fi
-
-      # Step 7: Print the result of the validation
-      - name: Print result
-        if: success()
+      - name: print result
         run: cat ${{ steps.validation.outputs.resultFile }}

.github/workflows/azure-dev.yml

@@ -18,7 +18,7 @@ on:
       - dev
       - demo
       - hotfix
-  workflow_dispatch: 
+  workflow_dispatch:
 
 jobs:
   build-and-push:
@@ -32,14 +32,24 @@ jobs:
         uses: docker/setup-buildx-action@v1
 
       - name: Log in to Azure Container Registry
-        if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix') }}
+        if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' }}
         uses: azure/docker-login@v2
         with:
           login-server: ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
 
-      - name: Set Docker image tag
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+      
+      - name: Get registry
+        id: registry
+        run: |
+          echo "ext_registry=${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io'}}" >> $GITHUB_OUTPUT
+
+      - name: Determine Tag Name Based on Branch
+        id: determine_tag
         run: |
           if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
             echo "TAG=latest" >> $GITHUB_ENV
@@ -52,24 +62,30 @@ jobs:
           else
             echo "TAG=pullrequest-ignore" >> $GITHUB_ENV
           fi
-          
-      - name: Build and push Docker images optionally
+
+      - name: Set Historical Tag
         run: |
-          cd src/backend
-          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \
-          if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix"  ]]; then
-            docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} && \
-            echo "Backend image built and pushed successfully."
-          else
-            echo "Skipping Docker push for backend with tag: ${{ env.TAG }}"
-          fi
-          cd ../frontend
-          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \
-          if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix"  ]]; then
-            docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} && \
-            echo "Frontend image built and pushed successfully."
-          else
-            echo "Skipping Docker push for frontend with tag: ${{ env.TAG }}"
-          fi
+          DATE_TAG=$(date +'%Y-%m-%d')
+          RUN_ID=${{ github.run_number }}
+          # Create historical tag using TAG, DATE_TAG, and RUN_ID
+          echo "HISTORICAL_TAG=${{ env.TAG }}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV
 
-          
+      - name: Build and optionally push Backend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./src/backend
+          file: ./src/backend/Dockerfile
+          push: ${{ env.TAG != 'pullrequest-ignore' }}
+          tags: |
+            ${{ steps.registry.outputs.ext_registry }}/macaebackend:${{ env.TAG }}
+            ${{ steps.registry.outputs.ext_registry }}/macaebackend:${{ env.HISTORICAL_TAG }}
+  
+      - name: Build and optionally push Frontend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./src/frontend
+          file: ./src/frontend/Dockerfile
+          push: ${{ env.TAG != 'pullrequest-ignore' }}
+          tags: |
+            ${{ steps.registry.outputs.ext_registry }}/macaefrontend:${{ env.TAG }}
+            ${{ steps.registry.outputs.ext_registry }}/macaefrontend:${{ env.HISTORICAL_TAG }}

.github/workflows/docker-build-and-push.yml

@@ -25,9 +25,7 @@ The solution leverages Azure OpenAI Service, Azure Container Apps, Azure Cosmos
 |![image](./documentation/images/readme/macae-architecture.png)|
 |---|
 
-### Application interface
-|![image](./documentation/images/readme/macae-application.png)|
-|---|
+
 
 ### How to customize
 If you'd like to customize the solution accelerator, here are some common areas to start:
@@ -199,6 +197,6 @@ You must also comply with all domestic and international export laws and regulat
 
 You acknowledge that the Software and Microsoft Products and Services (1) are not designed, intended or made available as a medical device(s), and (2) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment. Customer is solely responsible for displaying and/or obtaining appropriate consents, warnings, disclaimers, and acknowledgements to end users of Customer's implementation of the Online Services. 
 
-You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgement of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.  
+You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgment of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.  
 
-BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, "HIGH-RISK USE"), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK. 
+BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, "HIGH-RISK USE"), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK. 

README.md

@@ -53,6 +53,6 @@
 ![Web](./images/azure-app-service-auth-setup/Web.png)
 
 8. Enter the `web app URL` (Provide the app service name in place of XXXX) and Save. Then go back to [Step 1](#step-1-add-authentication-in-azure-app-service-configuration) and follow from _Point 4_ choose `Pick an existing app registration in this directory` from the Add an Identity Provider page and provide the newly registered App Name.
-E.g. https://appservicename.azurewebsites.net/.auth/login/aad/callback
+E.g. <<https://<< appservicename >>.azurewebsites.net/.auth/login/aad/callback>>
 
 ![Add Details](./images/azure-app-service-auth-setup/WebAppURL.png)

docs/azure_app_service_auth_setup.md

@@ -1,3 +1,18 @@
+# Table of Contents
+
+- [Table of Contents](#table-of-contents)
+  - [Accelerating your own Multi-Agent - Custom Automation Engine MVP](#accelerating-your-own-multi-agent---custom-automation-engine-mvp)
+    - [Technical Overview](#technical-overview)
+    - [Adding a New Agent to the Multi-Agent System](#adding-a-new-agent-to-the-multi-agent-system)
+    - [API Reference](#api-reference)
+    - [Models and Datatypes](#models-and-datatypes)
+    - [Application Flow](#application-flow)
+    - [Agents Overview](#agents-overview)
+    - [Persistent Storage with Cosmos DB](#persistent-storage-with-cosmos-db)
+    - [Utilities](#utilities)
+    - [Summary](#summary)
+
+
 # Accelerating your own Multi-Agent - Custom Automation Engine MVP
 
 As the name suggests, this project is designed to accelerate development of Multi-Agent solutions in your environment.  The example solution presented shows how such a solution would be implemented and provides example agent definitions along with stubs for possible tools those agents could use to accomplish tasks.  You will want to implement real functions in your own environment, to be used by agents customized around your own use cases. Users can choose the LLM that is optimized for responsible use. The default LLM is GPT-4o which inherits the existing responsible AI mechanisms and filters from the LLM provider. We encourage developers to review [OpenAI’s Usage policies](https://openai.com/policies/usage-policies/) and [Azure OpenAI’s Code of Conduct](https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct) when using GPT-4o. This document is designed to provide the in-depth technical information to allow you to add these customizations. Once the agents and tools have been developed, you will likely want to implement your own real world front end solution to replace the example in this accelerator.
@@ -15,21 +30,6 @@ This application is an AI-driven orchestration system that manages a group of AI
 This code has not been tested as an end-to-end, reliable production application- it is a foundation to help accelerate building out multi-agent systems. You are encouraged to add your own data and functions to the agents, and then you must apply your own performance and safety evaluation testing frameworks to this system before deploying it.
 
 Below, we'll dive into the details of each component, focusing on the endpoints, data types, and the flow of information through the system.
-# Table of Contents
-
-- [Table of Contents](#table-of-contents)
-  - [Accelerating your own Multi-Agent - Custom Automation Engine MVP](#accelerating-your-own-multi-agent---custom-automation-engine-mvp)
-    - [Technical Overview](#technical-overview)
-    - [Adding a New Agent to the Multi-Agent System](#adding-a-new-agent-to-the-multi-agent-system)
-    - [API Reference](#api-reference)
-    - [Models and Datatypes](#models-and-datatypes)
-    - [Application Flow](#application-flow)
-    - [Agents Overview](#agents-overview)
-    - [Persistent Storage with Cosmos DB](#persistent-storage-with-cosmos-db)
-    - [Utilities](#utilities)
-    - [Summary](#summary)
-
-
 ## Adding a New Agent to the Multi-Agent System
 
 This guide details the steps required to add a new agent to the Multi-Agent Custom Automation Engine. The process includes registering the agent, defining its capabilities through tools, and ensuring the PlannerAgent includes the new agent when generating activity plans.

documentation/CustomizeSolution.md

@@ -282,7 +282,7 @@ The files for the dev container are located in `/.devcontainer/` folder.
 
 4. **Deploy the Bicep template:**
 
-   - You can use the Bicep extension for VSCode (Right-click the `.bicep` file, then select "Show deployment plane") or use the Azure CLI:
+   - You can use the Bicep extension for VSCode (Right-click the `.bicep` file, then select "Show  deployment plan") or use the Azure CLI:
      ```bash
      az deployment group create -g <resource-group-name> -f deploy/macae-dev.bicep --query 'properties.outputs'
      ```

documentation/DeploymentGuide.md

@@ -18,7 +18,7 @@
 
 ![Add Provider](./images/azure-app-service-auth-setup/AppAuthIdentityProviderAdd.png)
 
-5. Accept the default values and click on `Add` button to go back to the previous page with the idenity provider added.
+5. Accept the default values and click on `Add` button to go back to the previous page with the identity provider added.
 
 ![Add Provider](./images/azure-app-service-auth-setup/AppAuthIdentityProviderAdded.png)
 
@@ -40,7 +40,7 @@
 
 ![Add Details](./images/azure-app-service-auth-setup/AddDetails.png)
 
-5. After application is created sucessfully, then click on `Add a Redirect URL`.
+5. After application is created successfully, then click on `Add a Redirect URL`.
 
 ![Redirect URL](./images/azure-app-service-auth-setup/AddRedirectURL.png)
 
@@ -53,6 +53,6 @@
 ![Web](./images/azure-app-service-auth-setup/Web.png)
 
 8. Enter the `web app URL` (Provide the app service name in place of XXXX) and Save. Then go back to [Step 1](#step-1-add-authentication-in-azure-app-service-configuration) and follow from _Point 4_ choose `Pick an existing app registration in this directory` from the Add an Identity Provider page and provide the newly registered App Name.
-E.g. https://appservicename.azurewebsites.net/.auth/login/aad/callback
+E.g. <<https://<< appservicename >>.azurewebsites.net/.auth/login/aad/callback>>
 
 ![Add Details](./images/azure-app-service-auth-setup/WebAppURL.png)