[DO NOT MERGE] Working Branch for Cleanup

.devcontainer/devcontainer.json

@@ -1,68 +1,67 @@
-{
-    "name": "Azure Developer CLI",
-    "image": "mcr.microsoft.com/devcontainers/go:1.4.1-bullseye",
-    "features": {
-        // terraform and az (required for auth) are installed by default
-        // See https://containers.dev/features for list of features
-        "ghcr.io/devcontainers/features/python:1" : {},
-        "ghcr.io/devcontainers/features/powershell:1": {},
-        "ghcr.io/devcontainers/features/azure-cli:1": {},
-        "ghcr.io/devcontainers/features/github-cli:1": {},
-        "ghcr.io/devcontainers/features/docker-in-docker:2": {},
-        "ghcr.io/devcontainers/features/terraform:1": {
-            "installTFsec": true
-        },
-        "ghcr.io/devcontainers/features/dotnet:2": {
-            "version": "8.0"
-        },
-        "ghcr.io/azure/azure-dev/azd:latest": {
-            "version": "1.18.1"
-        },
-        "./features/dev-tools": {}
-    },
-    "customizations": {
-        "vscode": {
-            "extensions": [
-                "GitHub.vscode-github-actions",
-                "hashicorp.terraform",
-                "ms-azuretools.azure-dev",
-                "ms-azuretools.vscode-docker",
-                "GitHub.copilot",  
-                "GitHub.copilot-chat",
-                "ms-vscode.makefile-tools",  
-                "DavidAnson.vscode-markdownlint",
-                "golang.go",
-                "azapi-vscode.azapi",
-                "ms-azuretools.vscode-azureterraform",
-                "terraform-linters.tflint-vscode",
-                "microsoft-IsvExpTools.powerplatform-vscode",
-                "ms-vscode.azurecli",
-                "bierner.markdown-mermaid",
-                "ms-dotnettools.csharp",
-                "ms-dotnettools.vscode-dotnet-runtime"
-                // Include other VSCode extensions if needed
-                // Right click on an extension inside VSCode to add directly to devcontainer.json, or copy the extension ID
-            ],
-            "settings": {
-                "terraform.languageServer.enable":true,
-                "tflint.enable": true,
-                "tflint.validateOnSave": true
-            }
-        }
-    },
-    "forwardPorts": [
-        // Forward ports if needed for local development
-    ],
-    "containerEnv": {
-        "POWER_PLATFORM_USE_CLI": "true",
-        "DOTNET_CLI_TELEMETRY_OPTOUT": "1"
-    },
-    "remoteEnv": {
-        "PATH": "${containerEnv:PATH}:/home/vscode/.local/bin"
-    },
-    "postCreateCommand": "sh .devcontainer/postCreate.sh",
-    "remoteUser": "vscode",
-    "hostRequirements": {
-        "memory": "8gb"
-    }
-}
+{
+    "name": "Azure Developer CLI",
+    "image": "mcr.microsoft.com/devcontainers/go:1.4.1-bullseye",
+    "features": {
+        // terraform and az (required for auth) are installed by default
+        // See https://containers.dev/features for list of features
+        "ghcr.io/devcontainers/features/python:1" : {},
+        "ghcr.io/devcontainers/features/powershell:1": {},
+        "ghcr.io/devcontainers/features/azure-cli:1": {},
+        "ghcr.io/devcontainers/features/github-cli:1": {},
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+        "ghcr.io/devcontainers/features/terraform:1": {
+            "installTFsec": true
+        },
+        "ghcr.io/devcontainers/features/dotnet:2": {
+            "version": "9.0"
+        },
+        "ghcr.io/azure/azure-dev/azd:latest": {
+            "version": "1.18.1"
+        },
+        "./features/dev-tools": {}
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "GitHub.vscode-github-actions",
+                "hashicorp.terraform",
+                "ms-azuretools.azure-dev",
+                "ms-azuretools.vscode-docker",
+                "GitHub.copilot",  
+                "GitHub.copilot-chat",
+                "ms-vscode.makefile-tools",  
+                "DavidAnson.vscode-markdownlint",
+                "golang.go",
+                "ms-azuretools.vscode-azureterraform",
+                "terraform-linters.tflint-vscode",
+                "ms-vscode.azurecli",
+                "bierner.markdown-mermaid",
+                "ms-dotnettools.csharp",
+                "ms-dotnettools.vscode-dotnet-runtime"
+
+                // Include other VSCode extensions if needed. Right click on an extension inside VSCode
+                // to add directly to devcontainer.json, or copy the extension ID
+            ],
+            "settings": {
+                "terraform.languageServer.enable":true,
+                "tflint.enable": true,
+                "tflint.validateOnSave": true
+            }
+        }
+    },
+    "forwardPorts": [
+        // Forward ports if needed for local development
+    ],
+    "containerEnv": {
+        "POWER_PLATFORM_USE_CLI": "true",
+        "DOTNET_CLI_TELEMETRY_OPTOUT": "1"
+    },
+    "remoteEnv": {
+        "PATH": "${containerEnv:PATH}:/home/vscode/.local/bin"
+    },
+    "postCreateCommand": "sh .devcontainer/postCreate.sh",
+    "remoteUser": "vscode",
+    "hostRequirements": {
+        "memory": "8gb"
+    }
+}

.devcontainer/postCreate.sh

@@ -10,21 +10,14 @@ tflint --init
 
 # Install PowerApps CLI (Microsoft.PowerApps.CLI.Tool)
 echo "Installing PowerApps CLI..."
-dotnet tool install --global Microsoft.PowerApps.CLI.Tool --version 1.43.6
+dotnet tool install --global Microsoft.PowerApps.CLI.Tool --version 1.49.3
 
 # Restore .NET packages including Microsoft.Agents.CopilotStudio.Client
-echo "Restoring .NET packages..."
-if [ -f "Directory.Build.props" ]; then
-    dotnet restore
-    echo ".NET packages restored successfully!"
+if [ -f "tests/Copilot/CopilotTests.csproj" ]; then
+    dotnet restore tests/Copilot/CopilotTests.csproj
+    echo "Copilot project packages restored successfully!"
 else
-    # Fallback to individual project restore
-    if [ -f "tests/Copilot/CopilotTests.csproj" ]; then
-        dotnet restore tests/Copilot/CopilotTests.csproj
-        echo "Copilot project packages restored successfully!"
-    else
-        echo "No .NET projects found, skipping package restore"
-    fi
+    echo "No .NET projects found, skipping package restore"
 fi
 
 echo "Post-create setup completed successfully!"

.github/workflows/azure-dev.yml

@@ -123,6 +123,7 @@ jobs:
           RS_RESOURCE_GROUP: ${{ vars.RS_RESOURCE_GROUP }}
 
           RESOURCE_SHARE_USER: ${{ vars.RESOURCE_SHARE_USER }}
+          RESOURCE_TAGS: ${{ vars.RESOURCE_TAGS }}
 
           GITHUB_PAT: ${{ secrets.MCS_RUNNER }}
           GITHUB_REPO_OWNER: ${{ github.repository_owner }}
@@ -135,6 +136,7 @@ jobs:
           azd config set auth.useAzCliAuth "true"
           azd env new "$AZURE_ENV_NAME" --location "$AZURE_LOCATION" --no-prompt
           azd env set RESOURCE_SHARE_USER "$RESOURCE_SHARE_USER"
+          azd env set RESOURCE_TAGS "$RESOURCE_TAGS"
 
           azd env set RS_STORAGE_ACCOUNT "$RS_STORAGE_ACCOUNT"
           azd env set RS_CONTAINER_NAME "$RS_CONTAINER_NAME"

Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+  <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <LangVersion>latest</LangVersion>

docs/app_registration_setup.md

@@ -7,7 +7,7 @@ To enable secure automation and integration with Azure and Power Platform, you n
 1. Login to your Power Platform:
 
       ```shell
-      pac auth create
+      pac auth create --deviceCode
       ```
 
 1. Create new **App Registration**:

docs/troubleshooting.md

@@ -0,0 +1,13 @@
+# Troubleshooting tips
+
+## Quota error during deployment
+
+If you see an InsufficientQuota error mentioning "Tokens Per Minute", the requested `scale.capacity` (thousands of TPM) exceeds your subscription's available quota — lower `scale.capacity` in TFVARS or request a quota increase in the Azure portal.
+
+## Private endpoint fails with AccountProvisioningStateInvalid
+
+This occurs when Terraform tries to create the private endpoint before the Azure OpenAI (Cognitive Services) account leaves the `Accepted` state; wait until the resource shows `Succeeded` (portal or `az resource show`) and re-run the provisioning (`azd provision`).
+
+## Use GitHub Copilot to help troubleshoot
+
+If you're unsure how to fix a deployment error, open the relevant files in VS Code and use GitHub Copilot for suggestions. Copilot can propose TFVARS overrides, sample values, terraform plan snippets, or concise support-request wording; always review and test generated suggestions before applying them.

global.json

@@ -1,5 +1,5 @@
 {
   "sdk": {
-    "version": "8.0.412"
+    "version": "9.0.305"
   }
 }

infra/main.app_insights.tf

@@ -1,5 +1,17 @@
 resource "random_uuid" "uid" {}
 
+resource "azurerm_log_analytics_workspace" "monitoring" {
+  count = var.include_log_analytics ? 1 : 0
+
+  daily_quota_gb      = -1
+  location            = local.primary_azure_region
+  name                = azurecaf_name.main_names.results["azurerm_log_analytics_workspace"]
+  resource_group_name = local.resource_group_name
+  retention_in_days   = var.log_analytics_retention_in_days
+  sku                 = "PerGB2018"
+  tags                = var.tags
+}
+
 resource "azurerm_application_insights" "insights" {
   count = var.include_app_insights ? 1 : 0
 

infra/main.naming.tf

@@ -4,6 +4,7 @@ locals {
   # Organization suffixes and prefixes are optional, and we need to form an array of non-empty values only
   org_prefix = compact([var.org_naming.org_prefix])
   org_suffix = compact([var.org_naming.org_environment, var.org_naming.org_suffix])
+  azd_env_seed = parseint(substr(md5(var.azd_environment_name), 0, 8), 16)
 }
 
 # Generate unique names for primary resources
@@ -14,6 +15,7 @@ resource "azurecaf_name" "main_names" {
     "azurerm_storage_account",
     "azurerm_search_service",
     "azurerm_cognitive_account",
+    "azurerm_log_analytics_workspace",
     "azurerm_virtual_network",
     "azurerm_network_security_group",
     "azurerm_virtual_network_gateway",
@@ -22,6 +24,7 @@ resource "azurecaf_name" "main_names" {
   prefixes      = local.org_prefix
   suffixes      = local.org_suffix
   random_length = 4
+  random_seed = local.azd_env_seed
   # use_slug = false
   clean_input = true
 }

infra/main.network.tf

@@ -479,6 +479,19 @@ resource "azurerm_network_security_group" "deployment_script_nsg" {
     destination_address_prefix = "Storage"
   }
 
+  # Allow Azure Files SMB access for script volume mounts
+  security_rule {
+    name                       = "Allow-Storage-SMB-Outbound"
+    priority                   = 112
+    direction                  = "Outbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "445"
+    source_address_prefixes    = var.deployment_script_subnet_address_spaces
+    destination_address_prefix = "Storage"
+  }
+
   # Allow Azure AI Search access (via private endpoint)
   security_rule {
     name                         = "Allow-AISearch-Outbound"

infra/main.resource_group.tf

@@ -0,0 +1,23 @@
+# Resource Group Configuration and Management
+# This file contains resource group resources and related diagnostic settings
+
+# Resource group logic - use existing or create new
+locals {
+  use_existing_resource_group = var.resource_group_name != null && var.resource_group_name != ""
+  resource_group_name         = local.use_existing_resource_group ? var.resource_group_name : azurerm_resource_group.this[0].name
+  resource_group_id           = local.use_existing_resource_group ? data.azurerm_resource_group.existing[0].id : azurerm_resource_group.this[0].id
+}
+
+# Data source to validate existing resource group exists
+data "azurerm_resource_group" "existing" {
+  count = local.use_existing_resource_group ? 1 : 0
+  name  = var.resource_group_name
+}
+
+# The Resource Group that will contain the resources managed by this module (only created if not using existing)
+resource "azurerm_resource_group" "this" {
+  count    = local.use_existing_resource_group ? 0 : 1
+  location = local.primary_azure_region
+  name     = azurecaf_name.main_names.results["azurerm_resource_group"]
+  tags     = merge(var.tags, local.env_tags)
+}