- Add bootstrap.ts as new entry point — resolves Key Vault secrets via
DefaultAzureCredential before config/index.ts is evaluated, so all
process.env reads pick up KV values (Azure CLI in dev, Managed Identity
in prod). Falls back to .env if AZURE_KEYVAULT_URL is not set.
- Define INVTTRDG_SECRETS mappings for Cosmos, Azure OpenAI, product-id
- Add AZURE_OPENAI_ENDPOINT / KEY / DEPLOYMENT to config
- aiClient: prefer AzureOpenAIProvider (AI Foundry) when Azure OpenAI
config is present; falls back to direct OpenAI if not configured
- Add @azure/identity, @azure/keyvault-secrets, @bytelyst/config deps
- Update dev/start scripts to use bootstrap.ts entry point
- Document AZURE_KEYVAULT_URL and Azure OpenAI vars in .env.example
Key Vault: https://kv-mywisprai.vault.azure.net/
Secrets prefix: invttrdg-*
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Import PerplexityProvider, OpenAIProvider, GeminiProvider from @bytelyst/llm
- Use createFallbackChain() instead of manual axios fallback loop
- Remove axios and @types/axios — no longer needed
- Preserve AIClient class interface (generateAnalysis, getProviderHealth) —
no changes required in apiServer.ts or AIAnalysisRule.ts
- Fallback order still driven by config.AI.FALLBACK_LIST
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
