bytelyst/learning_ai_invt_trdg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(azure): add infrastructure audit doc for invttrdg Azure resources

Browse Source 
Records Cosmos DB setup (12 containers), Azure OpenAI deployments (gpt-4o,
gpt-4o-mini), Key Vault secrets, and pending work items.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Saravana Achu Mac 2026-04-05 13:18:38 -07:00
parent c3651f5696
commit bb59b918d6
1 changed files with 156 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
docs/AZURE_INFRASTRUCTURE.md Normal file
View File

@ -0,0 +1,156 @@
# Azure Infrastructure — invttrdg (ByteLyst Trading)
Audit trail of all Azure resources, secrets, and configuration for the trading platform.
---
## Subscription
| Field | Value |
|---|---|
| Subscription | Azure subscription 1 |
| Subscription ID | `0e0ceaea-2677-4097-9401-1102707db826` |
| Tenant ID | `ab33246e-c9c9-4cb9-9a87-3616bb4920f0` |
---
## Resource Group
**`rg-mywisprai`** — `eastus` — all trading resources share this group. No new resource groups were created.
---
## Azure Cosmos DB
| Field | Value |
|---|---|
| Account | `cosmos-mywisprai` |
| Location | `westus2` |
| Kind | `GlobalDocumentDB` (Serverless) |
| Consistency | Session |
| Endpoint | `https://cosmos-mywisprai.documents.azure.com:443/` |
| **Database** | **`invttrdg`** (created 2026-04-05) |
### Containers (all created 2026-04-05, partition key `/productId`)
| Container | Purpose |
|---|---|
| `trade_profiles` | Per-user trading strategy profiles |
| `trading_users` | User accounts + exchange API keys |
| `capital_ledgers` | Per-profile capital allocation tracking |
| `trade_orders` | Live runtime order state |
| `trade_history` | Completed trade ledger |
| `manual_entries` | Dashboard manual trade entries |
| `reconciliation_backfill_audit` | Exit backfill evidence audit log |
| `dynamic_config` | Runtime key-value config overrides |
| `trading_controls` | Kill-switch + trading behaviour controls |
| `bot_state_snapshots` | Bot state snapshots for recovery |
| `runtime_locks` | Distributed locks (prevent concurrent edits) |
| `strategy_presets` | Pre-built strategy templates |
### Key Vault secret names
- `invttrdg-cosmos-endpoint`
- `invttrdg-cosmos-key`
- `invttrdg-cosmos-database`
---
## Azure OpenAI (AI Foundry)
| Field | Value |
|---|---|
| Account | `mywisprai-openai-sweden` |
| Location | `swedencentral` |
| Endpoint | `https://swedencentral.api.cognitive.microsoft.com/` |
| SKU | S0 Standard |
### Deployments
| Deployment Name | Model | Version | SKU | Capacity | Created |
|---|---|---|---|---|---|
| `gpt-4o-mini` | `gpt-4.1-mini` | 2025-04-14 | Standard | 1 | pre-existing |
| `gpt-4o` | `gpt-4o` | 2024-11-20 | GlobalStandard | 10 | 2026-04-05 |
**Default deployment for trading:** `gpt-4o` (stored in Key Vault as `invttrdg-azure-openai-deployment`)
**Fallback deployment:** `gpt-4o-mini` (stored as `invttrdg-azure-openai-deployment-gpt4o`)
### Key Vault secret names
- `invttrdg-azure-openai-endpoint`
- `invttrdg-azure-openai-key`
- `invttrdg-azure-openai-deployment``gpt-4o`
- `invttrdg-azure-openai-deployment-gpt4o``gpt-4o`
---
## Azure Key Vault
| Field | Value |
|---|---|
| Name | `kv-mywisprai` |
| Location | `eastus` |
| URI | `https://kv-mywisprai.vault.azure.net/` |
### All `invttrdg-*` secrets (set 2026-04-05)
| Secret Name | Value (description) |
|---|---|
| `invttrdg-product-id` | `invttrdg` |
| `invttrdg-cosmos-endpoint` | `https://cosmos-mywisprai.documents.azure.com:443/` |
| `invttrdg-cosmos-key` | Cosmos DB primary master key |
| `invttrdg-cosmos-database` | `invttrdg` |
| `invttrdg-azure-openai-endpoint` | `https://swedencentral.api.cognitive.microsoft.com/` |
| `invttrdg-azure-openai-key` | Azure OpenAI API key |
| `invttrdg-azure-openai-deployment` | `gpt-4o` |
| `invttrdg-azure-openai-deployment-gpt4o` | `gpt-4o` |
---
## Other Shared Azure Resources
These exist in `rg-mywisprai` and are shared across the ecosystem (not trading-specific):
| Resource | Type | Notes |
|---|---|---|
| `bytelystblobs` | Storage Account (`westus2`) | Blob storage, shared |
| `bytelyst-appinsights` | Application Insights (`eastus`) | Shared telemetry |
| `mywisprai-speech` | Cognitive Services Speech (`eastus`) | Not used by trading |
---
## Application Configuration
Set these in your `.env` (pull from Key Vault for production):
```env
# Cosmos DB
COSMOS_ENDPOINT=https://cosmos-mywisprai.documents.azure.com:443/
COSMOS_KEY=<from kv-mywisprai / invttrdg-cosmos-key>
COSMOS_DATABASE=invttrdg
# Azure OpenAI (use instead of direct OpenAI for production)
AZURE_OPENAI_ENDPOINT=https://swedencentral.api.cognitive.microsoft.com/
AZURE_OPENAI_KEY=<from kv-mywisprai / invttrdg-azure-openai-key>
AZURE_OPENAI_DEPLOYMENT=gpt-4o
LLM_PROVIDER=azure
```
---
## Pending Work
- [ ] Wire Key Vault secret retrieval at app startup (replace static `.env` for production)
- [ ] Switch `aiClient.ts` to use `AzureOpenAIProvider` from `@bytelyst/llm` (set `LLM_PROVIDER=azure`)
- [ ] Configure Managed Identity on the backend app service to access Key Vault without a connection string
- [ ] Set up TTL policy on `runtime_locks` container (e.g. 3600s) to auto-expire stale locks
- [ ] Enable Cosmos DB diagnostic logs to Log Analytics workspace
---
## Change Log
| Date | Action | By |
|---|---|---|
| 2026-04-05 | Created `invttrdg` database in `cosmos-mywisprai` | Claude Code / CLI |
| 2026-04-05 | Created 12 containers in `invttrdg` (all `/productId` partition key) | Claude Code / CLI |
| 2026-04-05 | Deployed `gpt-4o` (2024-11-20) to `mywisprai-openai-sweden` | Claude Code / CLI |
| 2026-04-05 | Stored 8 `invttrdg-*` secrets in `kv-mywisprai` | Claude Code / CLI |