# Azure Infrastructure — invttrdg (ByteLyst Trading) Audit trail of all Azure resources, secrets, and configuration for the trading platform. --- ## Subscription | Field | Value | |---|---| | Subscription | Azure subscription 1 | | Subscription ID | `0e0ceaea-2677-4097-9401-1102707db826` | | Tenant ID | `ab33246e-c9c9-4cb9-9a87-3616bb4920f0` | --- ## Resource Group **`rg-mywisprai`** — `eastus` — all trading resources share this group. No new resource groups were created. --- ## Azure Cosmos DB | Field | Value | |---|---| | Account | `cosmos-mywisprai` | | Location | `westus2` | | Kind | `GlobalDocumentDB` (Serverless) | | Consistency | Session | | Endpoint | `https://cosmos-mywisprai.documents.azure.com:443/` | | **Database** | **`invttrdg`** (created 2026-04-05) | ### Containers (all created 2026-04-05, partition key `/productId`) | Container | Purpose | |---|---| | `trade_profiles` | Per-user trading strategy profiles | | `trading_users` | User accounts + exchange API keys | | `capital_ledgers` | Per-profile capital allocation tracking | | `trade_orders` | Live runtime order state | | `trade_history` | Completed trade ledger | | `manual_entries` | Dashboard manual trade entries | | `reconciliation_backfill_audit` | Exit backfill evidence audit log | | `dynamic_config` | Runtime key-value config overrides | | `trading_controls` | Kill-switch + trading behaviour controls | | `bot_state_snapshots` | Bot state snapshots for recovery | | `runtime_locks` | Distributed locks (prevent concurrent edits) | | `strategy_presets` | Pre-built strategy templates | | `audit-events` | Trade audit event log (90-day TTL) — activate: partition key `/productId`, TTL 7776000 s | ### Key Vault secret names - `invttrdg-cosmos-endpoint` - `invttrdg-cosmos-key` - `invttrdg-cosmos-database` --- ## Azure OpenAI (AI Foundry) | Field | Value | |---|---| | Account | `mywisprai-openai-sweden` | | Location | `swedencentral` | | Endpoint | `https://swedencentral.api.cognitive.microsoft.com/` | | SKU | S0 Standard | ### Deployments | Deployment Name | Model | Version | SKU | Capacity | Created | |---|---|---|---|---|---| | `gpt-4o-mini` | `gpt-4.1-mini` | 2025-04-14 | Standard | 1 | pre-existing | | `gpt-4o` | `gpt-4o` | 2024-11-20 | GlobalStandard | 10 | 2026-04-05 | **Default deployment for trading:** `gpt-4o` (stored in Key Vault as `invttrdg-azure-openai-deployment`) **Fallback deployment:** `gpt-4o-mini` (stored as `invttrdg-azure-openai-deployment-gpt4o`) ### Key Vault secret names - `invttrdg-azure-openai-endpoint` - `invttrdg-azure-openai-key` - `invttrdg-azure-openai-deployment` → `gpt-4o` - `invttrdg-azure-openai-deployment-gpt4o` → `gpt-4o` --- ## Azure Key Vault | Field | Value | |---|---| | Name | `kv-mywisprai` | | Location | `eastus` | | URI | `https://kv-mywisprai.vault.azure.net/` | ### All `invttrdg-*` secrets (set 2026-04-05) | Secret Name | Value (description) | |---|---| | `invttrdg-product-id` | `invttrdg` | | `invttrdg-cosmos-endpoint` | `https://cosmos-mywisprai.documents.azure.com:443/` | | `invttrdg-cosmos-key` | Cosmos DB primary master key | | `invttrdg-cosmos-database` | `invttrdg` | | `invttrdg-azure-openai-endpoint` | `https://swedencentral.api.cognitive.microsoft.com/` | | `invttrdg-azure-openai-key` | Azure OpenAI API key | | `invttrdg-azure-openai-deployment` | `gpt-4o` | | `invttrdg-azure-openai-deployment-gpt4o` | `gpt-4o` | --- ## Other Shared Azure Resources These exist in `rg-mywisprai` and are shared across the ecosystem (not trading-specific): | Resource | Type | Notes | |---|---|---| | `bytelystblobs` | Storage Account (`westus2`) | Blob storage, shared | | `bytelyst-appinsights` | Application Insights (`eastus`) | Shared telemetry | | `mywisprai-speech` | Cognitive Services Speech (`eastus`) | Not used by trading | --- ## Application Configuration Set these in your `.env` (pull from Key Vault for production): ```env # Cosmos DB COSMOS_ENDPOINT=https://cosmos-mywisprai.documents.azure.com:443/ COSMOS_KEY= COSMOS_DATABASE=invttrdg # Azure OpenAI (use instead of direct OpenAI for production) AZURE_OPENAI_ENDPOINT=https://swedencentral.api.cognitive.microsoft.com/ AZURE_OPENAI_KEY= AZURE_OPENAI_DEPLOYMENT=gpt-4o LLM_PROVIDER=azure ``` --- ## Pending Work - [x] Wire Key Vault secret resolution at app startup — `bootstrap.ts` uses `@bytelyst/config` `resolveSecrets()` with `DefaultAzureCredential` (2026-04-05) - [x] Switch `aiClient.ts` to use `AzureOpenAIProvider` when Azure config is present — auto-detected from `AZURE_OPENAI_ENDPOINT` + `AZURE_OPENAI_KEY` + `AZURE_OPENAI_DEPLOYMENT` (2026-04-05) - [ ] Configure Managed Identity on the backend app service to access Key Vault without a connection string - [ ] Set up TTL policy on `runtime_locks` container (e.g. 3600s) to auto-expire stale locks - [ ] Enable Cosmos DB diagnostic logs to Log Analytics workspace --- ## Change Log | Date | Action | By | |---|---|---| | 2026-04-05 | Created `invttrdg` database in `cosmos-mywisprai` | Claude Code / CLI | | 2026-04-05 | Created 12 containers in `invttrdg` (all `/productId` partition key) | Claude Code / CLI | | 2026-04-05 | Deployed `gpt-4o` (2024-11-20) to `mywisprai-openai-sweden` | Claude Code / CLI | | 2026-04-05 | Stored 8 `invttrdg-*` secrets in `kv-mywisprai` | Claude Code / CLI | | 2026-04-05 | Added `bootstrap.ts` — Key Vault secret resolution at startup via `DefaultAzureCredential` | Claude Code | | 2026-04-05 | `aiClient.ts` auto-selects `AzureOpenAIProvider` when Azure OpenAI env vars are set | Claude Code |