From a2565714802f617fb470bf2eea9042a0e9f9cef0 Mon Sep 17 00:00:00 2001 From: Saravana Achu Mac Date: Sun, 5 Apr 2026 18:29:13 -0700 Subject: [PATCH] docs(azure): mark KV wiring and AzureOpenAI items complete in audit log Co-Authored-By: Claude Sonnet 4.6 --- docs/AZURE_INFRASTRUCTURE.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/AZURE_INFRASTRUCTURE.md b/docs/AZURE_INFRASTRUCTURE.md index 2b293f5..65cb605 100644 --- a/docs/AZURE_INFRASTRUCTURE.md +++ b/docs/AZURE_INFRASTRUCTURE.md @@ -138,8 +138,8 @@ LLM_PROVIDER=azure ## Pending Work -- [ ] Wire Key Vault secret retrieval at app startup (replace static `.env` for production) -- [ ] Switch `aiClient.ts` to use `AzureOpenAIProvider` from `@bytelyst/llm` (set `LLM_PROVIDER=azure`) +- [x] Wire Key Vault secret resolution at app startup — `bootstrap.ts` uses `@bytelyst/config` `resolveSecrets()` with `DefaultAzureCredential` (2026-04-05) +- [x] Switch `aiClient.ts` to use `AzureOpenAIProvider` when Azure config is present — auto-detected from `AZURE_OPENAI_ENDPOINT` + `AZURE_OPENAI_KEY` + `AZURE_OPENAI_DEPLOYMENT` (2026-04-05) - [ ] Configure Managed Identity on the backend app service to access Key Vault without a connection string - [ ] Set up TTL policy on `runtime_locks` container (e.g. 3600s) to auto-expire stale locks - [ ] Enable Cosmos DB diagnostic logs to Log Analytics workspace @@ -154,3 +154,5 @@ LLM_PROVIDER=azure | 2026-04-05 | Created 12 containers in `invttrdg` (all `/productId` partition key) | Claude Code / CLI | | 2026-04-05 | Deployed `gpt-4o` (2024-11-20) to `mywisprai-openai-sweden` | Claude Code / CLI | | 2026-04-05 | Stored 8 `invttrdg-*` secrets in `kv-mywisprai` | Claude Code / CLI | +| 2026-04-05 | Added `bootstrap.ts` — Key Vault secret resolution at startup via `DefaultAzureCredential` | Claude Code | +| 2026-04-05 | `aiClient.ts` auto-selects `AzureOpenAIProvider` when Azure OpenAI env vars are set | Claude Code |