- Prepend custom scope rules before defaults so overrides work (#1)
- Redact URL query params in ScopeDetectorError to prevent leaking secrets (#2)
- Add versioned User-Agent string, make configurable via ResilientClientOptions (#3)
- Set done=true on Collect truncation to prevent surprise continuation (#4)
- Add azdext SDK version constant (version.go)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

)

* feat(azdext): add P1 core extension primitives

Implements Azure#6944 core primitives for token provider, scope detection, resilient HTTP client, and pagination with tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): harden P1 primitives after quality review

Addresses MQ findings for Azure#6944: bounded response reads, nextLink SSRF protections, retry/body semantics, token-over-http guard, deterministic scope rules, and added regression tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: fix preflight blockers for PR1

Apply required gofmt and cspell updates so mage preflight passes for draft PR Azure#6954.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* security: harden core primitives against hack scan findings

- mcp_security: tighten input validation and error handling
- pagination: add bounds checking on page parameters
- resilient_http_client: strengthen TLS config and timeout enforcement
- resilient_http_client_test: add security-path test coverage

* fix: address profile review findings for stacked PR

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): satisfy lint and cspell checks

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): remediate hack findings

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address copilot review feedback on PR 6954

- block hostname redirects that resolve to private/loopback IPs\n- return explicit nil-client error in stdHTTPDoer path\n- honor MaxRetries=0 as no retries; use negative as default sentinel\n- update TokenProvider usage snippet to current API\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address follow-up Copilot feedback on PR 6954

- tighten backoff jitter upper bound\n- require absolute HTTPS nextLink\n- return explicit oversized page response error\n- align OnBlocked docs with implemented actions\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: retrigger CI for PR Azure#6954

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: retrigger CI for transient external failures

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): address actionable main PR review items

- remove mutable redirect lookup test hook via injected helper
- document scope detector servicebus ambiguity and ACR scope semantics
- use slices.Sort for deterministic custom rule ordering
- clarify TokenProvider usage guidance

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): address remaining maintainer review items

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore(agents): remove unrelated whitespace-only changes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): redact blocked URL details in policy callback path

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(azdext): add x-ms-client-request-id and align resilient headers

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address PR review feedback from wbreza

- Prepend custom scope rules before defaults so overrides work (#1)
- Redact URL query params in ScopeDetectorError to prevent leaking secrets (#2)
- Add versioned User-Agent string, make configurable via ResilientClientOptions (#3)
- Set done=true on Collect truncation to prevent surprise continuation (#4)
- Add azdext SDK version constant (version.go)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Use merged_at instead of merged for reliable merge detection (thread #1)
- Expand isDocOnlyPr to handle doc-adjacent assets (thread #2)
- Replace N+1 API calls with git.getTree for doc inventory (thread #3)
- Fix README trigger types to match actual workflow config (thread #5)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Pin actions to commit SHAs (actions/checkout, azure/login)
- Cap all_open/list mode to MAX_PRS_PER_RUN=20
- Cap AI output: MAX_REASON_LENGTH=200, MAX_SUMMARY_LENGTH=500
- Add MAX_IMPACTS=15 to limit AI-generated impact count
- Add MAX_CONTENT_SIZE_BYTES=50KB per doc file
- Sanitize doc manifest content (titles, topics, headings)
- Reject unknown repos from AI output (not just warn)
- Validate repo format with regex (owner/repo)
- Block path traversal in AI-returned paths
- Sanitize PR title in log output (strip control chars)
- Strip HTML from existing PR body in closeCompanionPrs
- Remove error messages from tracking comment (prevent data leak)
- Upper-bound PR number input to 999999
- Rename TRUSTED_DOC_INVENTORY to DOC_INVENTORY tag

Red team findings addressed: #2, #5, Azure#6, Azure#8, Azure#9, Azure#10, Azure#11
Admin items remaining: #1 (env gating), #3 (token scope), #4 (OIDC vars)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…er workflow (Azure#7424)

* Improve code coverage pipeline: Phase 1 tests, coverage tooling, and developer workflow

- Add 16 new test files for cmd/, middleware/, mcp/, and github packages
- Create local coverage orchestrator (Get-LocalCoverageReport.ps1) with
  -UnitOnly, -MergeWithCI hybrid mode, -Html report options
- Add generated code filter (Filter-GeneratedCoverage.ps1) for *.pb.go
- Integrate filter into CI pipeline (code-coverage-upload.yml)
- Raise CI coverage gate from 52% to 55% (release-cli.yml)
- Add Code Coverage section to CONTRIBUTING.md with 4-mode matrix
- Create cli/azd/docs/code-coverage-guide.md deep-dive reference
- Cross-reference all 4 coverage scripts to each other and guide

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Phase 2: Add coverage tests for auth, keyvault, pipeline, cosmosdb, sqldb, armmsi

- pkg/auth: 7 new test files, 54.2% -> 80.0% (+25.8pp)
  Covers CredentialForCurrentUser branches, loadClaims/saveClaims,
  Mode/SetBuiltInAuthMode, Logout cleanup, RemoteCredential, caches
- pkg/keyvault: ParseKeyVaultAppReference edge cases, validation, 37.8% -> 41.5%
- pkg/pipeline: Template rendering, provider lifecycle, pure logic, 27.8% -> 30.1%
- pkg/cosmosdb: New test file from 0% -> 86.7% (mock ARM client)
- pkg/sqldb: New test file from 0% -> 94.4% (mock ARM client)
- pkg/armmsi: New test file from 0% -> 76.7% (mock ARM client)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: fill documentation gaps for coverage scripts and guide

- Add missing .PARAMETER PipelineDefinitionId to Get-CICoverageReport.ps1 help
- Add working directory note to CONTRIBUTING.md Code Coverage section
- Add Scripts Reference table to code-coverage-guide.md listing all 7 scripts

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: resolve preflight issues (gofmt, unused types, line length)

- Run gofmt -s on all new test files
- Remove unused fakeHTTPClient from credential_providers_coverage_test.go
- Remove unused jwtTokenCredential from wave3_coverage_test.go
- Break long line in middleware_coverage2_test.go (lll)
- Fix trailing whitespace in pipeline_coverage_test.go

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat: add mage coverage targets and address review feedback

- Add Coverage namespace to magefile with 6 targets (unit, full, hybrid, ci, html, check)
- Update CONTRIBUTING.md and code-coverage-guide.md with mage target docs
- Fix stderr redirect in Get-LocalCoverageReport.ps1 token acquisition (review thread #1)
- Fix tautological sentinel test in keyvault_coverage_test.go (review thread #3)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: resolve CI failures - cspell words and gosec nolint for path traversal

Agent-Logs-Url: https://github.com/Azure/azure-dev/sessions/75a62821-a5d2-4f5b-8372-b3b8fe8d1802

Co-authored-by: jongio <2163001+jongio@users.noreply.github.com>

* fix: CI test failures — env var isolation and CI skip

- middleware_coverage2_test: skip TestLoginGuard_EnsureLogin_ConfirmError
  in CI where IsRunningOnCI() short-circuits before console Confirm
- manager_coverage_test: use t.Setenv+os.Unsetenv for proper env var
  isolation (code uses os.LookupEnv which distinguishes empty vs unset)
- Remove bare os.Unsetenv calls that mutated shared process state

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: lower coverage:check threshold to 50% for unit-only mode

The coverage:check mage target uses unit-only mode (52.7%) but was
defaulting to 55% threshold (designed for CI combined unit+integration).
Lower to 50% which is appropriate for unit-only, and update docs to
clarify the distinction.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: rebase onto main, update tests for fixableError API change

- Rebase onto latest main to pick up error.go refactor (PR Azure#7401)
- Replace classifyError/ErrorCategory tests with fixableError tests
- Fix ExtensionRunError struct fields (ExitCode -> ExtensionId+Err)
- Add COVERAGE_MIN override tip to CONTRIBUTING.md (reviewer feedback)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

- Route targetResource==nil through event-aware postprovisionK8sError
  so predeploy doesn't silently skip (thread #1, High)
- Add preDeployEvent constant replacing raw "predeploy" strings for
  consistency with postProvisionEvent (thread #2)
- Add console message assertions to graceful-skip tests verifying the
  warning was actually emitted (thread #3)
- Add predeploy failure tests for credential and namespace error paths
  confirming errors propagate for non-postprovision events (thread #4)
- Refactor createAksServiceTarget to delegate to
  createAksServiceTargetWithResourceManager, eliminating ~40 lines of
  duplication (thread #5)
- Add structured telemetry span (AksPostprovisionSkipEvent) to the
  graceful-skip path for production monitoring (thread Azure#6)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Route targetResource==nil through event-aware postprovisionK8sError
  so predeploy doesn't silently skip (thread #1, High)
- Add preDeployEvent constant replacing raw "predeploy" strings for
  consistency with postProvisionEvent (thread #2)
- Add console message assertions to graceful-skip tests verifying the
  warning was actually emitted (thread #3)
- Add predeploy failure tests for credential and namespace error paths
  confirming errors propagate for non-postprovision events (thread #4)
- Refactor createAksServiceTarget to delegate to
  createAksServiceTargetWithResourceManager, eliminating ~40 lines of
  duplication (thread #5)
- Add structured telemetry span (AksPostprovisionSkipEvent) to the
  graceful-skip path for production monitoring (thread Azure#6)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Route targetResource==nil through event-aware postprovisionK8sError
  so predeploy doesn't silently skip (thread #1, High)
- Add preDeployEvent constant replacing raw "predeploy" strings for
  consistency with postProvisionEvent (thread #2)
- Add console message assertions to graceful-skip tests verifying the
  warning was actually emitted (thread #3)
- Add predeploy failure tests for credential and namespace error paths
  confirming errors propagate for non-postprovision events (thread #4)
- Refactor createAksServiceTarget to delegate to
  createAksServiceTargetWithResourceManager, eliminating ~40 lines of
  duplication (thread #5)
- Add structured telemetry span (AksPostprovisionSkipEvent) to the
  graceful-skip path for production monitoring (thread Azure#6)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Remove || true from waza check/run steps so CI properly gates on
  compliance and eval failures (review threads #1, #2)
- Detect whether cwd is repo root or cli/azd/ before running
  mage preflight (review thread #4)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Remove || true from waza check/run steps so CI properly gates on
  compliance and eval failures (review threads #1, #2)
- Detect whether cwd is repo root or cli/azd/ before running
  mage preflight (review thread #4)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Remove || true from waza check/run steps so CI properly gates on
  compliance and eval failures (review threads #1, #2)
- Detect whether cwd is repo root or cli/azd/ before running
  mage preflight (review thread #4)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…zure#7566)

* Add azd-preflight and sensei Copilot skills with waza eval infrastructure

- Add azd-preflight skill: runs mage preflight and auto-fixes failures
  across all 8 checks (gofmt, go fix, copyright, lint, cspell, build,
  unit tests, playback tests) with iterative fix-then-rerun cycles
- Add sensei skill: evaluates and improves skill quality using waza
- Add waza eval suite for azd-preflight (8 test tasks: 3 happy-path,
  2 edge-case, 3 anti-trigger)
- Add skill-eval CI workflow for PR validation
- Update CONTRIBUTING.md and AGENTS.md with preflight skill references

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: gate CI on skill compliance and handle cwd detection

- Remove || true from waza check/run steps so CI properly gates on
  compliance and eval failures (review threads #1, #2)
- Detect whether cwd is repo root or cli/azd/ before running
  mage preflight (review thread #4)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: skip eval suite in CI when copilot CLI is unavailable

waza run requires the GitHub Copilot CLI to execute eval suites.
In CI environments where copilot is not installed, the step now
detects this and exits gracefully with a warning instead of failing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address PR review - remove eval suite and CI, condense skill descriptions

- Remove eval suite and CI workflow per reviewer recommendation
  to split evaluation infrastructure into a follow-up PR
- Condense SKILL.md descriptions to routing signals (not impl details)
- Clarify sensei scope to .github/skills/ boundary
- Add version strategy comments to both skills

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…zure#7501)

* fix: gracefully handle missing AKS cluster during postprovision hook

When infrastructure doesn't include AKS resources, the postprovision
lifecycle hook in the AKS service target fails fatally trying to set up
the Kubernetes context. This is expected in multi-phase provisioning
workflows where AKS gets provisioned later.

Modified setK8sContext() to detect the postprovision event and skip
gracefully (with a user-visible warning) instead of failing when:
- GetTargetResource returns an error (resource not found)
- Target resource has an empty name (SupportsDelayedProvisioning)
- Cluster credentials are unavailable (ensureClusterContext fails)
- Namespace creation fails (ensureNamespace fails)

The predeploy event path is unchanged and still fails fatally, ensuring
deployment-time errors are not masked.

Extracted skipPostprovisionK8sSetup() helper to eliminate repeated
warning/log/return-nil pattern across all four skip points.

Fixes Azure#3272

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* address review: propagate ctx cancellation, add namespace failure test

- skipPostprovisionK8sSetup now checks ctx.Err() before returning nil
  to avoid swallowing context cancellation/timeouts (Ctrl+C)
- Added Test_Postprovision_Skips_When_Namespace_Fails covering the
  ensureNamespace failure path during postprovision

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor: address MQ review — typed constant, DRY helper, ctx cancellation test

- Replace magic string 'postprovision' with typed postProvisionEvent constant
- Extract postprovisionK8sError() helper to eliminate 4 identical if-blocks
- Add nil-guard on targetResource before calling ResourceName()
- Fix log.Printf double newline and redundant .Error() call
- Add Test_Postprovision_Propagates_Context_Cancellation to cover
  the ctx.Err() safety valve in skipPostprovisionK8sSetup

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback — event guards, constants, test assertions

- Route targetResource==nil through event-aware postprovisionK8sError
  so predeploy doesn't silently skip (thread #1, High)
- Add preDeployEvent constant replacing raw "predeploy" strings for
  consistency with postProvisionEvent (thread #2)
- Add console message assertions to graceful-skip tests verifying the
  warning was actually emitted (thread #3)
- Add predeploy failure tests for credential and namespace error paths
  confirming errors propagate for non-postprovision events (thread #4)
- Refactor createAksServiceTarget to delegate to
  createAksServiceTargetWithResourceManager, eliminating ~40 lines of
  duplication (thread #5)
- Add structured telemetry span (AksPostprovisionSkipEvent) to the
  graceful-skip path for production monitoring (thread Azure#6)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address re-review - telemetry span, DRY assertions, ErrorContains

- Use span.End() with skip.reason attribute instead of EndWithStatus()
  to avoid marking intentional skips as errors in telemetry dashboards
- Extract assertSkipWarningEmitted helper to deduplicate console
  assertion blocks across two test functions
- Add ErrorContains assertion in Test_Predeploy_Fails_When_Credentials_Fail
  for consistency with sibling namespace test

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: narrow postprovision graceful skip to not-found only

Address @weikanglim's feedback: limit the graceful skip path to
the explicit delayed-provisioning case (empty ResourceName) only.
GetTargetResource, ensureClusterContext, and ensureNamespace errors
now propagate during postprovision — real failures are no longer masked.

Removed postprovisionK8sError helper. Fixed gofmt import ordering.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>