🔧(deps): Bump dotenv from 16.5.0 to 17.2.1

.claude/settings.local.json

@@ -0,0 +1,35 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(find:*)",
+      "Bash(rm:*)",
+      "Bash(mv:*)",
+      "Bash(ls:*)",
+      "Bash(mkdir:*)",
+      "Bash(true)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(git push:*)",
+      "Bash(chmod:*)",
+      "Bash(gh auth:*)",
+      "Bash(pip install:*)",
+      "Bash(python3 -m pip install:*)",
+      "Bash(python3:*)",
+      "Bash(apt-get:*)",
+      "Bash(apt-get install:*)",
+      "Bash(pip3 install:*)",
+      "Bash(sudo apt-get:*)",
+      "Bash(sudo apt-get install:*)",
+      "Bash(cp:*)",
+      "Bash(git reset:*)",
+      "Bash(git config:*)",
+      "Bash(git lfs:*)",
+      "Bash(npm install:*)",
+      "Bash(npm test:*)",
+      "Bash(node:*)",
+      "Bash(npm run test:unit:*)",
+      "Bash(npx jest:*)"
+    ],
+    "deny": []
+  }
+}

.copilotignore

@@ -1,38 +1,38 @@
-# Ignore patterns for GitHub Copilot
-
-# Ignore sensitive data
-.env
-*.pem
-*.key
-*.cer
-*.pfx
-*.p12
-
-# Ignore large binary files
-*.zip
-*.tar.gz
-*.iso
-*.mp4
-*.mov
-*.avi
-
-# Ignore data files
-*.csv
-*.json
-*.xml
-*.xlsx
-*.xls
-*.db
-*.sqlite
-
-# Ignore specific directories
-node_modules/
-venv/
-__pycache__/
-.vscode/
-.idea/
-
-# Ignore specific files
-credentials.json
-config.json
+# Ignore patterns for GitHub Copilot
+
+# Ignore sensitive data
+.env
+*.pem
+*.key
+*.cer
+*.pfx
+*.p12
+
+# Ignore large binary files
+*.zip
+*.tar.gz
+*.iso
+*.mp4
+*.mov
+*.avi
+
+# Ignore data files
+*.csv
+*.json
+*.xml
+*.xlsx
+*.xls
+*.db
+*.sqlite
+
+# Ignore specific directories
+node_modules/
+venv/
+__pycache__/
+.vscode/
+.idea/
+
+# Ignore specific files
+credentials.json
+config.json
 secrets.json 

.cursorignore

@@ -0,0 +1 @@
+# Add directories or file patterns to ignore during indexing (e.g. foo/ or *.csv)

.env.example

@@ -0,0 +1,45 @@
+# =============================================================================
+# Azure AI Services Configuration for AI-900 Demos and Tests
+# =============================================================================
+
+# Multi-service key for Computer Vision, Language, and other cognitive capabilities
+AI_SERVICES_KEY=your_multi_service_key_here
+AI_SERVICES_ENDPOINT=https://your-region.api.cognitive.microsoft.com
+
+# Analyzes images for objects, faces, text recognition, and scene understanding
+COMPUTER_VISION_KEY=your_computer_vision_key_here
+COMPUTER_VISION_ENDPOINT=https://your-computervision-service.cognitiveservices.azure.com
+
+# Processes text for sentiment analysis, language detection, and key phrase extraction
+LANGUAGE_SERVICE_KEY=your_language_service_key_here
+LANGUAGE_SERVICE_ENDPOINT=https://your-language-service.cognitiveservices.azure.com
+
+# Extracts structured data from forms, receipts, invoices, and business documents
+DOCUMENT_INTELLIGENCE_KEY=your_form_recognizer_key_here
+DOCUMENT_INTELLIGENCE_ENDPOINT=https://your-formrecognizer-service.cognitiveservices.azure.com
+
+# Provides access to GPT models for chat completions and text generation
+AZURE_OPENAI_KEY=your_azure_openai_key_here
+AZURE_OPENAI_ENDPOINT=https://your-openai-service.openai.azure.com
+AZURE_OPENAI_DEPLOYMENT_NAME=gpt-35-turbo
+
+# Converts speech to text, text to speech, and provides real-time translation
+SPEECH_SERVICE_KEY=your_speech_service_key_here
+SPEECH_SERVICE_ENDPOINT=https://your-speech-service.cognitiveservices.azure.com
+SPEECH_SERVICE_REGION=your_region_here
+
+# Enables full-text search, semantic search, and AI-powered search suggestions
+SEARCH_SERVICE_KEY=your_search_admin_key_here
+SEARCH_SERVICE_ENDPOINT=https://your-search-service.search.windows.net
+SEARCH_INDEX_NAME=your_search_index_name
+
+# Detects harmful content, adult material, hate speech, and violence in text/images
+CONTENT_SAFETY_KEY=your_content_safety_key_here
+CONTENT_SAFETY_ENDPOINT=https://your-contentsafety-service.cognitiveservices.azure.com
+
+# Custom image classification and object detection models
+CUSTOM_VISION_PREDICTION_KEY=your_prediction_key_here
+CUSTOM_VISION_TRAINING_KEY=your_training_key_here
+CUSTOM_VISION_ENDPOINT=https://your-customvision-service.cognitiveservices.azure.com
+CUSTOM_VISION_PROJECT_ID=your_project_id_here
+CUSTOM_VISION_PUBLISHED_NAME=your_published_iteration_name

.github/dependabot.yml

@@ -0,0 +1,64 @@
+version: 2
+updates:
+  # Node.js dependencies
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    assignees:
+      - "timothywarner"
+    reviewers:
+      - "timothywarner"
+    labels:
+      - "dependencies"
+      - "security"
+      - "ai-900"
+    commit-message:
+      prefix: "🔧"
+      include: "scope"
+    groups:
+      # Group Azure AI SDK updates
+      azure-ai:
+        patterns:
+          - "@azure/*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group development dependencies
+      dev-dependencies:
+        patterns:
+          - "nodemon"
+          - "morgan"
+          - "winston"
+          - "debug"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group UI dependencies
+      ui-dependencies:
+        patterns:
+          - "chalk"
+          - "figlet"
+          - "inquirer"
+        update-types:
+          - "minor"
+          - "patch"
+    # Enable version updates and security updates
+    open-pull-requests-limit: 10
+    target-branch: "main"
+
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "github-actions"
+      - "security"
+    commit-message:
+      prefix: "🔧 CI:"
+
+# Configuration to minimize noise from sample code
+# Setting open-pull-requests-limit: 0 effectively disables updates for those paths

.github/security.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Scope
+
+This repository contains educational materials and demo code for the Microsoft Azure AI Fundamentals (AI-900) certification course. 
+
+### Production Code
+- Root directory dependencies only
+- GitHub Actions workflows
+- Main documentation
+
+### Demo/Sample Code (Not Production)
+The following directories contain demo and sample code for educational purposes only and are NOT intended for production use:
+- `/apps/` - Demo applications
+- `/demos/` - Course demonstrations
+- `/docs/archive/lessons/` - Archived lesson materials
+- `/assets/` - Sample data files
+
+## Reporting Security Vulnerabilities
+
+For vulnerabilities in:
+- **Root dependencies**: Please report immediately
+- **Demo/sample code**: These are educational examples only and vulnerabilities are expected in older samples
+
+## Dependabot Configuration
+
+Dependabot is configured to:
+- Monitor root directory dependencies only
+- Ignore all demo and sample code subdirectories
+- Create PRs only for direct production dependencies
+
+To bulk dismiss alerts for demo code, maintainers can use GitHub's security tab to dismiss alerts in bulk by selecting multiple alerts and choosing "Dismiss" with reason "Used in tests" or "No bandwidth to fix".

.github/workflows/codeql.yml

@@ -0,0 +1,115 @@
+name: 🛡️ CodeQL Security Analysis
+
+on:
+  push:
+    branches: ["main", "develop"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    # Run CodeQL analysis every Monday at 9 AM UTC
+    - cron: "0 9 * * 1"
+
+jobs:
+  analyze:
+    name: 🛡️ CodeQL Analysis
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+
+    permissions:
+      # Required for CodeQL to access the repository
+      actions: read
+      contents: read
+      security-events: write
+      # Required for GitHub to comment on PRs
+      pull-requests: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Only scan JavaScript for this AI-900 Node.js project
+        language: ["javascript"]
+
+    steps:
+      - name: 📥 Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: 🔧 Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+          cache: "npm"
+
+      - name: 📦 Install Dependencies
+        run: |
+          npm ci --only=production
+          # Don't install dev dependencies for security scanning
+
+      - name: 🏗️ Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          # Custom queries for AI/ML and web application security
+          queries: security-extended,security-and-quality
+          # Focus on AI-900 relevant security issues
+          config-file: ./.github/codeql/codeql-config.yml
+
+      - name: 🔍 Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
+          # Upload results even if there are findings
+          upload: always
+
+      - name: 📊 Upload SARIF Results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: ${{ runner.workspace }}/results
+          category: codeql-javascript
+
+  # Additional job for AI-specific security checks
+  ai-security-check:
+    name: 🤖 AI Security Assessment
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: 🔍 Check for Hardcoded AI Keys
+        run: |
+          echo "🔍 Scanning for hardcoded API keys and secrets..."
+
+          # Check for common AI service key patterns
+          if grep -r "sk-" --include="*.js" --include="*.json" --exclude-dir=node_modules .; then
+            echo "❌ Potential OpenAI API key found!"
+            exit 1
+          fi
+
+          if grep -r "AKIA" --include="*.js" --include="*.json" --exclude-dir=node_modules .; then
+            echo "❌ Potential AWS key found!"
+            exit 1
+          fi
+
+          if grep -r "AIza" --include="*.js" --include="*.json" --exclude-dir=node_modules .; then
+            echo "❌ Potential Google API key found!"
+            exit 1
+          fi
+
+          echo "✅ No hardcoded API keys detected"
+
+      - name: 🛡️ Check AI Model Security
+        run: |
+          echo "🤖 Checking for AI security best practices..."
+
+          # Check for input validation in AI endpoints
+          if ! grep -r "validation\|sanitize\|escape" --include="*.js" .; then
+            echo "⚠️ Consider adding input validation for AI endpoints"
+          fi
+
+          # Check for rate limiting
+          if ! grep -r "rate.*limit\|throttle" --include="*.js" .; then
+            echo "⚠️ Consider adding rate limiting for AI API calls"
+          fi
+
+          echo "✅ AI security checks completed"