swallowkit 1.0.0-beta.5 → 1.0.0-beta.6

package/dist/cli/commands/init.js

@@ -360,16 +360,16 @@ async function addSwallowKitFiles(projectDir, options, cicdChoice, azureConfig,
         fs.writeFileSync(tsconfigPath, JSON.stringify(tsconfig, null, 2));
     }
     // 3. Create SwallowKit config
-    const swallowkitConfig = `/** @type {import('swallowkit').SwallowKitConfig} */
-module.exports = {
-  functions: {
-    baseUrl: process.env.FUNCTIONS_BASE_URL || 'http://localhost:7071',
-  },
-  deployment: {
-    resourceGroup: process.env.AZURE_RESOURCE_GROUP || '',
-    swaName: process.env.AZURE_SWA_NAME || '',
-  },
-}
+    const swallowkitConfig = `/** @type {import('swallowkit').SwallowKitConfig} */
+module.exports = {
+  functions: {
+    baseUrl: process.env.FUNCTIONS_BASE_URL || 'http://localhost:7071',
+  },
+  deployment: {
+    resourceGroup: process.env.AZURE_RESOURCE_GROUP || '',
+    swaName: process.env.AZURE_SWA_NAME || '',
+  },
+}
 `;
     fs.writeFileSync(path.join(projectDir, 'swallowkit.config.js'), swallowkitConfig);
     // 4. Create shared workspace package for Zod models (Single Source of Truth)
@@ -380,191 +380,191 @@ module.exports = {
     const apiLibDir = path.join(libDir, 'api');
     fs.mkdirSync(apiLibDir, { recursive: true });
     // Create backend utility for calling Azure Functions
-    const backendUtilContent = `// Get Functions base URL at runtime (not at build time)
-function getFunctionsBaseUrl(): string {
-  return process.env.BACKEND_FUNCTIONS_BASE_URL || 'http://localhost:7071';
-}
-
-/**
- * Simple HTTP client for calling backend APIs
- * Use this to make requests to BFF API routes (which forward to Azure Functions)
- */
-async function request<T>(
-  endpoint: string,
-  method: 'GET' | 'POST' | 'PUT' | 'DELETE',
-  body?: any,
-  queryParams?: Record<string, string>
-): Promise<T> {
-  const functionsBaseUrl = getFunctionsBaseUrl();
-  let url = \`\${functionsBaseUrl}\${endpoint}\`;
-  if (queryParams) {
-    const params = new URLSearchParams(queryParams);
-    url += \`?\${params.toString()}\`;
-  }
-
-  try {
-    const response = await fetch(url, {
-      method,
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: body ? JSON.stringify(body) : undefined,
-    });
-
-    if (!response.ok) {
-      const text = await response.text();
-      let errorMessage = text || 'Failed to call backend function';
-      try {
-        const error = JSON.parse(text);
-        errorMessage = error.error || error.message || text;
-      } catch {
-        // If not JSON, use text as-is
-      }
-      throw new Error(errorMessage);
-    }
-
-    const contentType = response.headers.get('content-type');
-    if (!contentType?.includes('application/json')) {
-      const text = await response.text();
-      return text as T;
-    }
-
-    return await response.json();
-  } catch (error) {
-    console.error('Error calling backend:', error);
-    throw error;
-  }
-}
-
-/**
- * Generic API client for making HTTP requests
- * Simply calls endpoints - no DB dependencies, no schema validation
- * Validation happens on the backend (BFF/Functions)
- * 
- * @example
- * // Call custom endpoint
- * await api.get('/api/greet?name=World')
- * 
- * // Call scaffolded CRUD endpoints
- * await api.get('/api/todos')
- * await api.post('/api/todos', { title: 'New task' })
- * await api.put('/api/todos/123', { title: 'Updated' })
- * await api.delete('/api/todos/123')
- */
-export const api = {
-  /**
-   * Make a GET request
-   */
-  get: <T>(endpoint: string, params?: Record<string, string>): Promise<T> => {
-    return request<T>(endpoint, 'GET', undefined, params);
-  },
-
-  /**
-   * Make a POST request
-   */
-  post: <T>(endpoint: string, body?: any): Promise<T> => {
-    return request<T>(endpoint, 'POST', body);
-  },
-
-  /**
-   * Make a PUT request
-   */
-  put: <T>(endpoint: string, body?: any): Promise<T> => {
-    return request<T>(endpoint, 'PUT', body);
-  },
-
-  /**
-   * Make a DELETE request
-   */
-  delete: <T>(endpoint: string): Promise<T> => {
-    return request<T>(endpoint, 'DELETE');
-  },
-};
+    const backendUtilContent = `// Get Functions base URL at runtime (not at build time)
+function getFunctionsBaseUrl(): string {
+  return process.env.BACKEND_FUNCTIONS_BASE_URL || 'http://localhost:7071';
+}
+
+/**
+ * Simple HTTP client for calling backend APIs
+ * Use this to make requests to BFF API routes (which forward to Azure Functions)
+ */
+async function request<T>(
+  endpoint: string,
+  method: 'GET' | 'POST' | 'PUT' | 'DELETE',
+  body?: any,
+  queryParams?: Record<string, string>
+): Promise<T> {
+  const functionsBaseUrl = getFunctionsBaseUrl();
+  let url = \`\${functionsBaseUrl}\${endpoint}\`;
+  if (queryParams) {
+    const params = new URLSearchParams(queryParams);
+    url += \`?\${params.toString()}\`;
+  }
+
+  try {
+    const response = await fetch(url, {
+      method,
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: body ? JSON.stringify(body) : undefined,
+    });
+
+    if (!response.ok) {
+      const text = await response.text();
+      let errorMessage = text || 'Failed to call backend function';
+      try {
+        const error = JSON.parse(text);
+        errorMessage = error.error || error.message || text;
+      } catch {
+        // If not JSON, use text as-is
+      }
+      throw new Error(errorMessage);
+    }
+
+    const contentType = response.headers.get('content-type');
+    if (!contentType?.includes('application/json')) {
+      const text = await response.text();
+      return text as T;
+    }
+
+    return await response.json();
+  } catch (error) {
+    console.error('Error calling backend:', error);
+    throw error;
+  }
+}
+
+/**
+ * Generic API client for making HTTP requests
+ * Simply calls endpoints - no DB dependencies, no schema validation
+ * Validation happens on the backend (BFF/Functions)
+ * 
+ * @example
+ * // Call custom endpoint
+ * await api.get('/api/greet?name=World')
+ * 
+ * // Call scaffolded CRUD endpoints
+ * await api.get('/api/todos')
+ * await api.post('/api/todos', { title: 'New task' })
+ * await api.put('/api/todos/123', { title: 'Updated' })
+ * await api.delete('/api/todos/123')
+ */
+export const api = {
+  /**
+   * Make a GET request
+   */
+  get: <T>(endpoint: string, params?: Record<string, string>): Promise<T> => {
+    return request<T>(endpoint, 'GET', undefined, params);
+  },
+
+  /**
+   * Make a POST request
+   */
+  post: <T>(endpoint: string, body?: any): Promise<T> => {
+    return request<T>(endpoint, 'POST', body);
+  },
+
+  /**
+   * Make a PUT request
+   */
+  put: <T>(endpoint: string, body?: any): Promise<T> => {
+    return request<T>(endpoint, 'PUT', body);
+  },
+
+  /**
+   * Make a DELETE request
+   */
+  delete: <T>(endpoint: string): Promise<T> => {
+    return request<T>(endpoint, 'DELETE');
+  },
+};
 `;
     fs.writeFileSync(path.join(apiLibDir, 'backend.ts'), backendUtilContent);
     // 5. Create components directory
     const componentsDir = path.join(projectDir, 'components');
     fs.mkdirSync(componentsDir, { recursive: true });
     // 6. Create .env.example
-    const envExample = `# Azure Functions Backend URL
-FUNCTIONS_BASE_URL=http://localhost:7071
-
-# Azure Configuration
-AZURE_RESOURCE_GROUP=your-resource-group
-AZURE_SWA_NAME=your-static-web-app-name
+    const envExample = `# Azure Functions Backend URL
+FUNCTIONS_BASE_URL=http://localhost:7071
+
+# Azure Configuration
+AZURE_RESOURCE_GROUP=your-resource-group
+AZURE_SWA_NAME=your-static-web-app-name
 `;
     fs.writeFileSync(path.join(projectDir, '.env.example'), envExample);
     // 7. Create instrumentation.ts for Application Insights (Next.js official way)
-    const instrumentationContent = `// Application Insights instrumentation for Next.js
-// This file is automatically loaded by Next.js when instrumentationHook is enabled
-export async function register() {
-  if (process.env.NEXT_RUNTIME === 'nodejs') {
-    // Only run on server-side
-    const connectionString = process.env.APPLICATIONINSIGHTS_CONNECTION_STRING;
-    
-    if (connectionString) {
-      const appInsights = await import('applicationinsights');
-      
-      appInsights
-        .setup(connectionString)
-        .setAutoCollectConsole(true)
-        .setAutoCollectDependencies(true)
-        .setAutoCollectExceptions(true)
-        .setAutoCollectHeartbeat(true)
-        .setAutoCollectPerformance(true, true)
-        .setAutoCollectRequests(true)
-        .setAutoDependencyCorrelation(true)
-        .setDistributedTracingMode(appInsights.DistributedTracingModes.AI_AND_W3C)
-        .setSendLiveMetrics(true)
-        .setUseDiskRetryCaching(true);
-      
-      appInsights.defaultClient.setAutoPopulateAzureProperties();
-      appInsights.start();
-      
-      // Override console methods to send to Application Insights
-      const originalConsoleLog = console.log;
-      const originalConsoleError = console.error;
-      const originalConsoleWarn = console.warn;
-      
-      console.log = function(...args: any[]) {
-        originalConsoleLog.apply(console, args);
-        const message = args.map(arg => 
-          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
-        ).join(' ');
-        appInsights.defaultClient.trackTrace({
-          message: message,
-          severity: '1'
-        });
-      };
-      
-      console.error = function(...args: any[]) {
-        originalConsoleError.apply(console, args);
-        const message = args.map(arg => 
-          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
-        ).join(' ');
-        appInsights.defaultClient.trackTrace({
-          message: message,
-          severity: '3'
-        });
-      };
-      
-      console.warn = function(...args: any[]) {
-        originalConsoleWarn.apply(console, args);
-        const message = args.map(arg => 
-          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
-        ).join(' ');
-        appInsights.defaultClient.trackTrace({
-          message: message,
-          severity: '2'
-        });
-      };
-      
-      console.log('[App Insights] Initialized for Next.js server-side telemetry with console override');
-    } else {
-      console.log('[App Insights] Not configured (skipped in development mode)');
-    }
-  }
-}
+    const instrumentationContent = `// Application Insights instrumentation for Next.js
+// This file is automatically loaded by Next.js when instrumentationHook is enabled
+export async function register() {
+  if (process.env.NEXT_RUNTIME === 'nodejs') {
+    // Only run on server-side
+    const connectionString = process.env.APPLICATIONINSIGHTS_CONNECTION_STRING;
+    
+    if (connectionString) {
+      const appInsights = await import('applicationinsights');
+      
+      appInsights
+        .setup(connectionString)
+        .setAutoCollectConsole(true)
+        .setAutoCollectDependencies(true)
+        .setAutoCollectExceptions(true)
+        .setAutoCollectHeartbeat(true)
+        .setAutoCollectPerformance(true, true)
+        .setAutoCollectRequests(true)
+        .setAutoDependencyCorrelation(true)
+        .setDistributedTracingMode(appInsights.DistributedTracingModes.AI_AND_W3C)
+        .setSendLiveMetrics(true)
+        .setUseDiskRetryCaching(true);
+      
+      appInsights.defaultClient.setAutoPopulateAzureProperties();
+      appInsights.start();
+      
+      // Override console methods to send to Application Insights
+      const originalConsoleLog = console.log;
+      const originalConsoleError = console.error;
+      const originalConsoleWarn = console.warn;
+      
+      console.log = function(...args: any[]) {
+        originalConsoleLog.apply(console, args);
+        const message = args.map(arg => 
+          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
+        ).join(' ');
+        appInsights.defaultClient.trackTrace({
+          message: message,
+          severity: '1'
+        });
+      };
+      
+      console.error = function(...args: any[]) {
+        originalConsoleError.apply(console, args);
+        const message = args.map(arg => 
+          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
+        ).join(' ');
+        appInsights.defaultClient.trackTrace({
+          message: message,
+          severity: '3'
+        });
+      };
+      
+      console.warn = function(...args: any[]) {
+        originalConsoleWarn.apply(console, args);
+        const message = args.map(arg => 
+          typeof arg === 'object' ? JSON.stringify(arg) : String(arg)
+        ).join(' ');
+        appInsights.defaultClient.trackTrace({
+          message: message,
+          severity: '2'
+        });
+      };
+      
+      console.log('[App Insights] Initialized for Next.js server-side telemetry with console override');
+    } else {
+      console.log('[App Insights] Not configured (skipped in development mode)');
+    }
+  }
+}
 `;
     fs.writeFileSync(path.join(projectDir, 'instrumentation.ts'), instrumentationContent);
     // 8. Create .env.local for local development
@@ -607,6 +607,8 @@ export async function register() {
     console.log('✅ Project structure created\n');
     // 18. Create README.md
     createReadme(projectDir, projectName, cicdChoice, azureConfig, pm);
+    // 19. Create AI agent instruction files (AGENTS.md, CLAUDE.md, .github/copilot-instructions.md, etc.)
+    createAiAgentFiles(projectDir, projectName);
 }
 async function createSharedPackage(projectDir, projectName) {
     console.log('📦 Creating shared workspace package for Zod models...\n');
@@ -728,23 +730,23 @@ async function createAzureFunctionsProject(projectDir, pm = 'pnpm') {
     };
     fs.writeFileSync(path.join(functionsDir, 'host.json'), JSON.stringify(hostJson, null, 2));
     // Create .funcignore
-    const funcignore = `node_modules
-.git
-.vscode
-local.settings.json
-test
-tsconfig.json
-*.ts
-!dist/**/*.js
+    const funcignore = `node_modules
+.git
+.vscode
+local.settings.json
+test
+tsconfig.json
+*.ts
+!dist/**/*.js
 `;
     fs.writeFileSync(path.join(functionsDir, '.funcignore'), funcignore);
     // Create .gitignore for functions directory
-    const functionsGitignore = `node_modules
-dist
-local.settings.json
-*.log
-.vscode
-.DS_Store
+    const functionsGitignore = `node_modules
+dist
+local.settings.json
+*.log
+.vscode
+.DS_Store
 `;
     fs.writeFileSync(path.join(functionsDir, '.gitignore'), functionsGitignore);
     // Create local.settings.json
@@ -766,58 +768,58 @@ local.settings.json
     const srcDir = path.join(functionsDir, 'src');
     fs.mkdirSync(srcDir, { recursive: true });
     // Create greet function directly in src
-    const greetFunction = `import { app, HttpRequest, HttpResponseInit, InvocationContext } from '@azure/functions';
-import { z } from 'zod/v4';
-
-// Zod schema for request validation
-const greetRequestSchema = z.object({
-  name: z.string().min(1, 'Name is required').max(50, 'Name must be less than 50 characters'),
-});
-
-export async function greet(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> {
-  context.log('HTTP trigger function processed a request.');
-
-  try {
-    // Get name from query or body
-    const name = request.query.get('name') || (await request.text());
-    
-    // Validate with Zod
-    const result = greetRequestSchema.safeParse({ name });
-    
-    if (!result.success) {
-      return {
-        status: 400,
-        jsonBody: {
-          error: result.error.issues[0].message
-        }
-      };
-    }
-
-    const greeting = \`Hello, \${result.data.name}! This message is from Azure Functions.\`;
-    
-    return {
-      status: 200,
-      jsonBody: {
-        message: greeting,
-        timestamp: new Date().toISOString()
-      }
-    };
-  } catch (error) {
-    context.error('Error processing request:', error);
-    return {
-      status: 500,
-      jsonBody: {
-        error: 'Internal server error'
-      }
-    };
-  }
-}
-
-app.http('greet', {
-  methods: ['GET', 'POST'],
-  authLevel: 'anonymous',
-  handler: greet
-});
+    const greetFunction = `import { app, HttpRequest, HttpResponseInit, InvocationContext } from '@azure/functions';
+import { z } from 'zod/v4';
+
+// Zod schema for request validation
+const greetRequestSchema = z.object({
+  name: z.string().min(1, 'Name is required').max(50, 'Name must be less than 50 characters'),
+});
+
+export async function greet(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> {
+  context.log('HTTP trigger function processed a request.');
+
+  try {
+    // Get name from query or body
+    const name = request.query.get('name') || (await request.text());
+    
+    // Validate with Zod
+    const result = greetRequestSchema.safeParse({ name });
+    
+    if (!result.success) {
+      return {
+        status: 400,
+        jsonBody: {
+          error: result.error.issues[0].message
+        }
+      };
+    }
+
+    const greeting = \`Hello, \${result.data.name}! This message is from Azure Functions.\`;
+    
+    return {
+      status: 200,
+      jsonBody: {
+        message: greeting,
+        timestamp: new Date().toISOString()
+      }
+    };
+  } catch (error) {
+    context.error('Error processing request:', error);
+    return {
+      status: 500,
+      jsonBody: {
+        error: 'Internal server error'
+      }
+    };
+  }
+}
+
+app.http('greet', {
+  methods: ['GET', 'POST'],
+  authLevel: 'anonymous',
+  handler: greet
+});
 `;
     fs.writeFileSync(path.join(srcDir, 'greet.ts'), greetFunction);
     // Dependencies are installed via workspace root install
@@ -828,48 +830,48 @@ async function createBffApiRoute(projectDir) {
     const apiDir = path.join(projectDir, 'app', 'api', 'greet');
     fs.mkdirSync(apiDir, { recursive: true });
     // Create API route that calls Azure Functions using shared utility
-    const apiRoute = `import { NextRequest, NextResponse } from 'next/server';
-import { api } from '@/lib/api/backend';
-
-interface GreetResponse {
-  message: string;
-  timestamp: string;
-}
-
-export async function GET(request: NextRequest) {
-  try {
-    const { searchParams } = new URL(request.url);
-    const name = searchParams.get('name') || 'World';
-
-    const data = await api.get<GreetResponse>('/api/greet', { name });
-
-    return NextResponse.json(data);
-  } catch (error) {
-    console.error('Error calling Azure Functions:', error);
-    const errorMessage = error instanceof Error ? error.message : 'Failed to call backend function';
-    return NextResponse.json(
-      { error: errorMessage, details: 'Make sure Azure Functions is running on port 7071' },
-      { status: 500 }
-    );
-  }
-}
-
-export async function POST(request: NextRequest) {
-  try {
-    const body = await request.json();
-
-    const data = await api.post<GreetResponse>('/api/greet', body);
-
-    return NextResponse.json(data);
-  } catch (error) {
-    console.error('Error calling Azure Functions:', error);
-    const errorMessage = error instanceof Error ? error.message : 'Failed to call backend function';
-    return NextResponse.json(
-      { error: errorMessage, details: 'Make sure Azure Functions is running on port 7071' },
-      { status: 500 }
-    );
-  }
-}
+    const apiRoute = `import { NextRequest, NextResponse } from 'next/server';
+import { api } from '@/lib/api/backend';
+
+interface GreetResponse {
+  message: string;
+  timestamp: string;
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const name = searchParams.get('name') || 'World';
+
+    const data = await api.get<GreetResponse>('/api/greet', { name });
+
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Error calling Azure Functions:', error);
+    const errorMessage = error instanceof Error ? error.message : 'Failed to call backend function';
+    return NextResponse.json(
+      { error: errorMessage, details: 'Make sure Azure Functions is running on port 7071' },
+      { status: 500 }
+    );
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+
+    const data = await api.post<GreetResponse>('/api/greet', body);
+
+    return NextResponse.json(data);
+  } catch (error) {
+    console.error('Error calling Azure Functions:', error);
+    const errorMessage = error instanceof Error ? error.message : 'Failed to call backend function';
+    return NextResponse.json(
+      { error: errorMessage, details: 'Make sure Azure Functions is running on port 7071' },
+      { status: 500 }
+    );
+  }
+}
 `;
     fs.writeFileSync(path.join(apiDir, 'route.ts'), apiRoute);
     // Update .env.example to include FUNCTIONS_BASE_URL
@@ -891,111 +893,111 @@ export async function POST(request: NextRequest) {
 async function createHomePage(projectDir, pm = 'pnpm') {
     console.log('📦 Creating home page...\n');
     const pmCmd = (0, package_manager_1.getCommands)(pm);
-    const pageContent = `'use client'
-
-export const dynamic = 'force-dynamic';
-
-import { useState } from 'react';
-import { scaffoldConfig } from '@/lib/scaffold-config';
-
-export default function Home() {
-  const [greetingStatus, setGreetingStatus] = useState<'idle' | 'loading' | 'success' | 'error'>('idle');
-  const [message, setMessage] = useState('');
-
-  const testConnection = async () => {
-    setGreetingStatus('loading');
-    try {
-      const response = await fetch('/api/greet?name=SwallowKit');
-      const data = await response.json();
-      if (!response.ok) {
-        throw new Error(data.error || \`Server error: \${response.status}\`);
-      }
-      setMessage(data.message);
-      setGreetingStatus('success');
-    } catch (error) {
-      setMessage(error instanceof Error ? error.message : 'Failed to connect to Azure Functions');
-      setGreetingStatus('error');
-    }
-  };
-
-  return (
-    <div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-50 dark:from-gray-900 dark:to-gray-800">
-      <div className="container mx-auto px-4 py-12">
-        <header className="text-center mb-16">
-          <h1 className="text-5xl font-bold text-gray-800 dark:text-white mb-4">
-            Welcome to SwallowKit
-          </h1>
-          <p className="text-xl text-gray-600 dark:text-gray-400">
-            Next.js on Azure Static Web Apps + Functions + Cosmos DB — Zod schema sharing
-          </p>
-        </header>
-
-        {/* Connection Test */}
-        <section className="max-w-2xl mx-auto mb-12">
-          <div className="bg-white dark:bg-gray-800 rounded-xl p-8 border border-gray-200 dark:border-gray-700">
-            <h2 className="text-2xl font-semibold mb-4 text-gray-900 dark:text-gray-100">
-              Test BFF → Functions Connection
-            </h2>
-            <button
-              onClick={testConnection}
-              disabled={greetingStatus === 'loading'}
-              className="px-6 py-3 bg-blue-600 hover:bg-blue-700 disabled:bg-gray-400 text-white rounded-lg font-medium transition-colors"
-            >
-              {greetingStatus === 'loading' ? 'Testing...' : 'Test Connection'}
-            </button>
-            {greetingStatus === 'success' && (
-              <div className="mt-4 p-4 bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded-lg">
-                <p className="text-green-800 dark:text-green-200 font-medium">✅ Connection successful!</p>
-                <p className="text-green-700 dark:text-green-300 text-sm mt-1">{message}</p>
-              </div>
-            )}
-            {greetingStatus === 'error' && (
-              <div className="mt-4 p-4 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-lg">
-                <p className="text-red-800 dark:text-red-200 font-medium">❌ Connection failed</p>
-                <p className="text-red-700 dark:text-red-300 text-sm mt-1">{message}</p>
-              </div>
-            )}
-          </div>
-        </section>
-
-        {/* Scaffolded Models Menu */}
-        {scaffoldConfig.models.length > 0 ? (
-          <section className="max-w-6xl mx-auto">
-            <h2 className="text-3xl font-bold mb-8 text-gray-900 dark:text-gray-100">Your Models</h2>
-            <div className="grid gap-6 grid-cols-1 md:grid-cols-2 lg:grid-cols-3">
-              {scaffoldConfig.models.map((model) => (
-                <a
-                  key={model.name}
-                  href={model.path}
-                  className="block p-8 bg-white dark:bg-gray-800 border border-gray-200 dark:border-gray-700 rounded-xl hover:shadow-lg hover:border-blue-400 dark:hover:border-blue-600 transition-all"
-                >
-                  <h3 className="text-2xl font-semibold mb-2 text-gray-900 dark:text-gray-100">{model.label}</h3>
-                  <p className="text-gray-600 dark:text-gray-400">Manage {model.label.toLowerCase()}</p>
-                </a>
-              ))}
-            </div>
-          </section>
-        ) : (
-          <section className="max-w-2xl mx-auto text-center">
-            <div className="bg-white dark:bg-gray-800 rounded-xl p-12 border border-gray-200 dark:border-gray-700">
-              <h2 className="text-2xl font-semibold mb-4 text-gray-900 dark:text-gray-100">Get Started</h2>
-              <p className="text-gray-600 dark:text-gray-400 mb-6">
-                Create your first model with Zod and generate CRUD operations automatically.
-              </p>
-              <code className="block bg-gray-100 dark:bg-gray-900 p-4 rounded text-left text-sm">
-                ${pmCmd.dlx} swallowkit scaffold lib/models/your-model.ts
-              </code>
-            </div>
-          </section>
-        )}
-
-        <footer className="mt-16 text-center text-gray-600 dark:text-gray-400 text-sm">
-          <p>Built with SwallowKit</p>
-        </footer>
-      </div>
-    </div>
-  );
-}
+    const pageContent = `'use client'
+
+export const dynamic = 'force-dynamic';
+
+import { useState } from 'react';
+import { scaffoldConfig } from '@/lib/scaffold-config';
+
+export default function Home() {
+  const [greetingStatus, setGreetingStatus] = useState<'idle' | 'loading' | 'success' | 'error'>('idle');
+  const [message, setMessage] = useState('');
+
+  const testConnection = async () => {
+    setGreetingStatus('loading');
+    try {
+      const response = await fetch('/api/greet?name=SwallowKit');
+      const data = await response.json();
+      if (!response.ok) {
+        throw new Error(data.error || \`Server error: \${response.status}\`);
+      }
+      setMessage(data.message);
+      setGreetingStatus('success');
+    } catch (error) {
+      setMessage(error instanceof Error ? error.message : 'Failed to connect to Azure Functions');
+      setGreetingStatus('error');
+    }
+  };
+
+  return (
+    <div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-50 dark:from-gray-900 dark:to-gray-800">
+      <div className="container mx-auto px-4 py-12">
+        <header className="text-center mb-16">
+          <h1 className="text-5xl font-bold text-gray-800 dark:text-white mb-4">
+            Welcome to SwallowKit
+          </h1>
+          <p className="text-xl text-gray-600 dark:text-gray-400">
+            Next.js on Azure Static Web Apps + Functions + Cosmos DB — Zod schema sharing
+          </p>
+        </header>
+
+        {/* Connection Test */}
+        <section className="max-w-2xl mx-auto mb-12">
+          <div className="bg-white dark:bg-gray-800 rounded-xl p-8 border border-gray-200 dark:border-gray-700">
+            <h2 className="text-2xl font-semibold mb-4 text-gray-900 dark:text-gray-100">
+              Test BFF → Functions Connection
+            </h2>
+            <button
+              onClick={testConnection}
+              disabled={greetingStatus === 'loading'}
+              className="px-6 py-3 bg-blue-600 hover:bg-blue-700 disabled:bg-gray-400 text-white rounded-lg font-medium transition-colors"
+            >
+              {greetingStatus === 'loading' ? 'Testing...' : 'Test Connection'}
+            </button>
+            {greetingStatus === 'success' && (
+              <div className="mt-4 p-4 bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded-lg">
+                <p className="text-green-800 dark:text-green-200 font-medium">✅ Connection successful!</p>
+                <p className="text-green-700 dark:text-green-300 text-sm mt-1">{message}</p>
+              </div>
+            )}
+            {greetingStatus === 'error' && (
+              <div className="mt-4 p-4 bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 rounded-lg">
+                <p className="text-red-800 dark:text-red-200 font-medium">❌ Connection failed</p>
+                <p className="text-red-700 dark:text-red-300 text-sm mt-1">{message}</p>
+              </div>
+            )}
+          </div>
+        </section>
+
+        {/* Scaffolded Models Menu */}
+        {scaffoldConfig.models.length > 0 ? (
+          <section className="max-w-6xl mx-auto">
+            <h2 className="text-3xl font-bold mb-8 text-gray-900 dark:text-gray-100">Your Models</h2>
+            <div className="grid gap-6 grid-cols-1 md:grid-cols-2 lg:grid-cols-3">
+              {scaffoldConfig.models.map((model) => (
+                <a
+                  key={model.name}
+                  href={model.path}
+                  className="block p-8 bg-white dark:bg-gray-800 border border-gray-200 dark:border-gray-700 rounded-xl hover:shadow-lg hover:border-blue-400 dark:hover:border-blue-600 transition-all"
+                >
+                  <h3 className="text-2xl font-semibold mb-2 text-gray-900 dark:text-gray-100">{model.label}</h3>
+                  <p className="text-gray-600 dark:text-gray-400">Manage {model.label.toLowerCase()}</p>
+                </a>
+              ))}
+            </div>
+          </section>
+        ) : (
+          <section className="max-w-2xl mx-auto text-center">
+            <div className="bg-white dark:bg-gray-800 rounded-xl p-12 border border-gray-200 dark:border-gray-700">
+              <h2 className="text-2xl font-semibold mb-4 text-gray-900 dark:text-gray-100">Get Started</h2>
+              <p className="text-gray-600 dark:text-gray-400 mb-6">
+                Create your first model with Zod and generate CRUD operations automatically.
+              </p>
+              <code className="block bg-gray-100 dark:bg-gray-900 p-4 rounded text-left text-sm">
+                ${pmCmd.dlx} swallowkit scaffold lib/models/your-model.ts
+              </code>
+            </div>
+          </section>
+        )}
+
+        <footer className="mt-16 text-center text-gray-600 dark:text-gray-400 text-sm">
+          <p>Built with SwallowKit</p>
+        </footer>
+      </div>
+    </div>
+  );
+}
 `;
     fs.writeFileSync(path.join(projectDir, 'app', 'page.tsx'), pageContent);
     console.log('✅ Home page created\n');
@@ -1004,17 +1006,17 @@ export default function Home() {
     if (!fs.existsSync(scaffoldConfigDir)) {
         fs.mkdirSync(scaffoldConfigDir, { recursive: true });
     }
-    const scaffoldConfigContent = `export interface ScaffoldModel {
-  name: string;
-  path: string;
-  label: string;
-}
-
-export const scaffoldConfig = {
-  models: [
-    // Scaffolded models will be added here by 'swallowkit scaffold' command
-  ] as ScaffoldModel[]
-};
+    const scaffoldConfigContent = `export interface ScaffoldModel {
+  name: string;
+  path: string;
+  label: string;
+}
+
+export const scaffoldConfig = {
+  models: [
+    // Scaffolded models will be added here by 'swallowkit scaffold' command
+  ] as ScaffoldModel[]
+};
 `;
     fs.writeFileSync(path.join(scaffoldConfigDir, 'scaffold-config.ts'), scaffoldConfigContent);
     console.log('✅ Scaffold config created\n');
@@ -1026,215 +1028,618 @@ function createReadme(projectDir, projectName, cicdChoice, azureConfig, pm) {
     const cicdLabel = cicdChoice === 'github' ? 'GitHub Actions' : cicdChoice === 'azure' ? 'Azure Pipelines' : 'None';
     const vnetLabel = azureConfig.vnetOption === 'none' ? 'None (public endpoints)' :
         'Outbound VNet (Cosmos DB Private Endpoint)';
-    const readme = `# ${projectName}
-
-A full-stack application built with **SwallowKit** - Next.js on Azure Static Web Apps + Functions + Cosmos DB with Zod schema sharing.
-
-## 🚀 Tech Stack
-
-- **Frontend**: Next.js 15 (App Router), React, TypeScript, Tailwind CSS
-- **BFF (Backend for Frontend)**: Next.js API Routes
-- **Backend**: Azure Functions (TypeScript)
-- **Database**: Azure Cosmos DB
-- **Schema Validation**: Zod (shared between frontend and backend)
-- **Infrastructure**: Bicep (Infrastructure as Code)
-- **CI/CD**: ${cicdLabel}
-
-## 📋 Project Configuration
-
-This project was initialized with the following settings:
-
-- **Azure Functions Plan**: Flex Consumption
-- **Cosmos DB Mode**: ${cosmosDbModeLabel}
-- **Network Security**: ${vnetLabel}
-- **CI/CD**: ${cicdLabel}
-
-## ✅ Prerequisites
-
-Before you begin, ensure you have the following installed:
-
-1. **Node.js 18+**: [Download](https://nodejs.org/)${pm === 'pnpm' ? `\n2. **pnpm**: \`corepack enable\` or \`npm install -g pnpm\`` : ''}
-${pm === 'pnpm' ? '3' : '2'}. **Azure CLI**: Required for provisioning Azure resources
-   - Install: \`winget install Microsoft.AzureCLI\` (Windows)
-   - Or: [Download](https://aka.ms/installazurecliwindows)
-${pm === 'pnpm' ? '4' : '3'}. **Azure Cosmos DB Emulator**: Required for local development
-   - Windows: \`winget install Microsoft.Azure.CosmosEmulator\`
-   - Or: [Download](https://aka.ms/cosmosdb-emulator)
-   - Docker: \`docker pull mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator\`
-${pm === 'pnpm' ? '6' : '5'}. **Azure Functions Core Tools**: Automatically installed with project dependencies
-
-## 📁 Project Structure
-
-\`\`\`
-${projectName}/
-├── app/                    # Next.js App Router (frontend)
-│   ├── api/               # BFF API routes (proxy to Functions)
-│   └── page.tsx           # Home page
-├── functions/             # Azure Functions (backend)
-│   └── src/
-│       ├── models/        # Data models (copied from lib/models)
-│       └── hello.ts       # Sample function
-├── lib/
-│   ├── models/            # Shared Zod schemas
-│   └── api/               # API client utilities
-├── infra/                 # Bicep infrastructure files
-│   ├── main.bicep
-│   └── modules/           # Bicep modules for each resource
-└── .github/workflows/     # CI/CD workflows
-\`\`\`
-
-## 🏗️ Getting Started
-
-### 1. Create Your First Model
-
-Define your data model with Zod schema:
-
-\`\`\`bash
-${pmCmd.dlx} swallowkit create-model <model-name>
-\`\`\`
-
-This creates a model file in \`lib/models/<model-name>.ts\`. Edit it to define your schema.
-
-### 2. Generate CRUD Code
-
-Generate complete CRUD operations (Functions, API routes, UI):
-
-\`\`\`bash
-${pmCmd.dlx} swallowkit scaffold lib/models/<model-name>.ts
-\`\`\`
-
-This generates:
-- Azure Functions CRUD endpoints
-- Next.js BFF API routes
-- React UI components (list, detail, create, edit)
-- Navigation menu integration
-
-### 3. Start Development Servers
-
-\`\`\`bash
-${pmCmd.dlx} swallowkit dev
-\`\`\`
-
-This starts:
-- Next.js dev server (http://localhost:3000)
-- Azure Functions (http://localhost:7071)
-- Cosmos DB Emulator check (must be running separately)
-
-**Note**: You need to start Cosmos DB Emulator manually before running \`swallowkit dev\`.
-
-## ☁️ Deploy to Azure
-
-### Provision Azure Resources
-
-Create all required Azure resources using Bicep:
-
-\`\`\`bash
-${pmCmd.dlx} swallowkit provision --resource-group <rg-name>
-\`\`\`
-
-This creates:
-- Static Web App (\`swa-${projectName}\`)
-- Azure Functions (\`func-${projectName}\`)
-- Cosmos DB (\`cosmos-${projectName}\`)
-- Storage Account
-
-You will be prompted to select Azure regions:
-1. **Primary location**: For Functions and Cosmos DB (default: Japan East)
-2. **Static Web App location**: Limited availability (default: East Asia)
-
-### CI/CD Setup
-
-${cicdChoice === 'github' ? `#### GitHub Actions
-
-1. Get Static Web App deployment token:
-   \`\`\`bash
-   az staticwebapp secrets list --name swa-${projectName} --resource-group <rg-name> --query "properties.apiKey" -o tsv
-   \`\`\`
-
-2. Get Function App publish profile:
-   \`\`\`bash
-   az webapp deployment list-publishing-profiles --name func-${projectName} --resource-group <rg-name> --xml
-   \`\`\`
-
-3. Add secrets to GitHub repository:
-   - \`AZURE_STATIC_WEB_APPS_API_TOKEN\`: SWA deployment token (from step 1)
-   - \`AZURE_FUNCTIONAPP_NAME\`: \`func-${projectName}\`
-   - \`AZURE_FUNCTIONAPP_PUBLISH_PROFILE\`: Functions publish profile (from step 2)
-
-4. Push to \`main\` branch to trigger deployment (or use **Actions** → **Run workflow** for manual deployment)` : cicdChoice === 'azure' ? `#### Azure Pipelines
-
-1. Set up service connection in Azure DevOps
-2. Update \`azure-pipelines.yml\` with your resource names
-3. Configure pipeline variables:
-   - \`azureSubscription\`: Service connection name
-   - \`resourceGroupName\`: Resource group name
-4. Run pipeline to deploy` : `CI/CD is not configured. You can manually deploy:
-
-**Deploy Static Web App:**
-\`\`\`bash
-${pmCmd.run} build
-az staticwebapp deploy --name swa-${projectName} --resource-group <rg-name> --app-location ./
-\`\`\`
-
-**Deploy Functions:**
-\`\`\`bash
-cd functions
-${pmCmd.run} build
-func azure functionapp publish func-${projectName}
-\`\`\``}
-
-## 🔧 Available Commands
-
-- \`${pmCmd.dlx} swallowkit create-model <name>\` - Create a new data model
-- \`${pmCmd.dlx} swallowkit scaffold <model-file>\` - Generate CRUD code
-- \`${pmCmd.dlx} swallowkit dev\` - Start development servers
-- \`${pmCmd.dlx} swallowkit provision -g <rg-name>\` - Provision Azure resources
-${azureConfig.vnetOption !== 'none' ? `
-## 🔒 Network Security (VNet Configuration)
-
-This project is configured with **${vnetLabel}**.
-
-### Architecture
-
-\`\`\`
-Static Web App ──(public)──> Azure Functions ──(VNet/PE)──> Cosmos DB
-                                    │
-                              VNet Integration
-                              (outbound only)
-\`\`\`
-
-- **Functions → Cosmos DB**: Connected via Private Endpoint (private connection)
-- **SWA → Functions**: Connected via public endpoint (secured with CORS + IP restrictions)
-
-### VNet Resources
-
-| Resource | Purpose |
-|----------|---------|
-| \`vnet-${projectName}\` | Virtual Network (10.0.0.0/16) |
-| \`snet-functions\` | Functions subnet (10.0.1.0/24) |
-| \`snet-private-endpoints\` | Private Endpoints subnet (10.0.2.0/24) |
-| \`pe-cosmos-${projectName}\` | Cosmos DB Private Endpoint |
-
-### Private DNS Zones
-
-- \`privatelink.documents.azure.com\` (Cosmos DB)
-` : ''}
-## 📚 Learn More
-
-- [SwallowKit Documentation](https://github.com/himanago/swallowkit)
-- [Azure Static Web Apps](https://learn.microsoft.com/en-us/azure/static-web-apps/)
-- [Azure Functions](https://learn.microsoft.com/en-us/azure/azure-functions/)
-- [Azure Cosmos DB](https://learn.microsoft.com/en-us/azure/cosmos-db/)
-- [Next.js](https://nextjs.org/)
-- [Zod](https://zod.dev/)
-
-## 💭 Feedback
-
-This project was generated by SwallowKit. If you encounter any issues or have suggestions for improvements, please open an issue on the [SwallowKit repository](https://github.com/himanago/swallowkit).
+    const readme = `# ${projectName}
+
+A full-stack application built with **SwallowKit** - Next.js on Azure Static Web Apps + Functions + Cosmos DB with Zod schema sharing.
+
+## 🚀 Tech Stack
+
+- **Frontend**: Next.js 15 (App Router), React, TypeScript, Tailwind CSS
+- **BFF (Backend for Frontend)**: Next.js API Routes
+- **Backend**: Azure Functions (TypeScript)
+- **Database**: Azure Cosmos DB
+- **Schema Validation**: Zod (shared between frontend and backend)
+- **Infrastructure**: Bicep (Infrastructure as Code)
+- **CI/CD**: ${cicdLabel}
+
+## 📋 Project Configuration
+
+This project was initialized with the following settings:
+
+- **Azure Functions Plan**: Flex Consumption
+- **Cosmos DB Mode**: ${cosmosDbModeLabel}
+- **Network Security**: ${vnetLabel}
+- **CI/CD**: ${cicdLabel}
+
+## ✅ Prerequisites
+
+Before you begin, ensure you have the following installed:
+
+1. **Node.js 18+**: [Download](https://nodejs.org/)${pm === 'pnpm' ? `\n2. **pnpm**: \`corepack enable\` or \`npm install -g pnpm\`` : ''}
+${pm === 'pnpm' ? '3' : '2'}. **Azure CLI**: Required for provisioning Azure resources
+   - Install: \`winget install Microsoft.AzureCLI\` (Windows)
+   - Or: [Download](https://aka.ms/installazurecliwindows)
+${pm === 'pnpm' ? '4' : '3'}. **Azure Cosmos DB Emulator**: Required for local development
+   - Windows: \`winget install Microsoft.Azure.CosmosEmulator\`
+   - Or: [Download](https://aka.ms/cosmosdb-emulator)
+   - Docker: \`docker pull mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator\`
+${pm === 'pnpm' ? '6' : '5'}. **Azure Functions Core Tools**: Automatically installed with project dependencies
+
+## 📁 Project Structure
+
+\`\`\`
+${projectName}/
+├── app/                    # Next.js App Router (frontend)
+│   ├── api/               # BFF API routes (proxy to Functions)
+│   └── page.tsx           # Home page
+├── functions/             # Azure Functions (backend)
+│   └── src/
+│       ├── models/        # Data models (copied from lib/models)
+│       └── hello.ts       # Sample function
+├── lib/
+│   ├── models/            # Shared Zod schemas
+│   └── api/               # API client utilities
+├── infra/                 # Bicep infrastructure files
+│   ├── main.bicep
+│   └── modules/           # Bicep modules for each resource
+└── .github/workflows/     # CI/CD workflows
+\`\`\`
+
+## 🏗️ Getting Started
+
+### 1. Create Your First Model
+
+Define your data model with Zod schema:
+
+\`\`\`bash
+${pmCmd.dlx} swallowkit create-model <model-name>
+\`\`\`
+
+This creates a model file in \`lib/models/<model-name>.ts\`. Edit it to define your schema.
+
+### 2. Generate CRUD Code
+
+Generate complete CRUD operations (Functions, API routes, UI):
+
+\`\`\`bash
+${pmCmd.dlx} swallowkit scaffold lib/models/<model-name>.ts
+\`\`\`
+
+This generates:
+- Azure Functions CRUD endpoints
+- Next.js BFF API routes
+- React UI components (list, detail, create, edit)
+- Navigation menu integration
+
+### 3. Start Development Servers
+
+\`\`\`bash
+${pmCmd.dlx} swallowkit dev
+\`\`\`
+
+This starts:
+- Next.js dev server (http://localhost:3000)
+- Azure Functions (http://localhost:7071)
+- Cosmos DB Emulator check (must be running separately)
+
+**Note**: You need to start Cosmos DB Emulator manually before running \`swallowkit dev\`.
+
+## ☁️ Deploy to Azure
+
+### Provision Azure Resources
+
+Create all required Azure resources using Bicep:
+
+\`\`\`bash
+${pmCmd.dlx} swallowkit provision --resource-group <rg-name>
+\`\`\`
+
+This creates:
+- Static Web App (\`swa-${projectName}\`)
+- Azure Functions (\`func-${projectName}\`)
+- Cosmos DB (\`cosmos-${projectName}\`)
+- Storage Account
+
+You will be prompted to select Azure regions:
+1. **Primary location**: For Functions and Cosmos DB (default: Japan East)
+2. **Static Web App location**: Limited availability (default: East Asia)
+
+### CI/CD Setup
+
+${cicdChoice === 'github' ? `#### GitHub Actions
+
+1. Get Static Web App deployment token:
+   \`\`\`bash
+   az staticwebapp secrets list --name swa-${projectName} --resource-group <rg-name> --query "properties.apiKey" -o tsv
+   \`\`\`
+
+2. Get Function App publish profile:
+   \`\`\`bash
+   az webapp deployment list-publishing-profiles --name func-${projectName} --resource-group <rg-name> --xml
+   \`\`\`
+
+3. Add secrets to GitHub repository:
+   - \`AZURE_STATIC_WEB_APPS_API_TOKEN\`: SWA deployment token (from step 1)
+   - \`AZURE_FUNCTIONAPP_NAME\`: \`func-${projectName}\`
+   - \`AZURE_FUNCTIONAPP_PUBLISH_PROFILE\`: Functions publish profile (from step 2)
+
+4. Push to \`main\` branch to trigger deployment (or use **Actions** → **Run workflow** for manual deployment)` : cicdChoice === 'azure' ? `#### Azure Pipelines
+
+1. Set up service connection in Azure DevOps
+2. Update \`azure-pipelines.yml\` with your resource names
+3. Configure pipeline variables:
+   - \`azureSubscription\`: Service connection name
+   - \`resourceGroupName\`: Resource group name
+4. Run pipeline to deploy` : `CI/CD is not configured. You can manually deploy:
+
+**Deploy Static Web App:**
+\`\`\`bash
+${pmCmd.run} build
+az staticwebapp deploy --name swa-${projectName} --resource-group <rg-name> --app-location ./
+\`\`\`
+
+**Deploy Functions:**
+\`\`\`bash
+cd functions
+${pmCmd.run} build
+func azure functionapp publish func-${projectName}
+\`\`\``}
+
+## 🔧 Available Commands
+
+- \`${pmCmd.dlx} swallowkit create-model <name>\` - Create a new data model
+- \`${pmCmd.dlx} swallowkit scaffold <model-file>\` - Generate CRUD code
+- \`${pmCmd.dlx} swallowkit dev\` - Start development servers
+- \`${pmCmd.dlx} swallowkit provision -g <rg-name>\` - Provision Azure resources
+${azureConfig.vnetOption !== 'none' ? `
+## 🔒 Network Security (VNet Configuration)
+
+This project is configured with **${vnetLabel}**.
+
+### Architecture
+
+\`\`\`
+Static Web App ──(public)──> Azure Functions ──(VNet/PE)──> Cosmos DB
+                                    │
+                              VNet Integration
+                              (outbound only)
+\`\`\`
+
+- **Functions → Cosmos DB**: Connected via Private Endpoint (private connection)
+- **SWA → Functions**: Connected via public endpoint (secured with CORS + IP restrictions)
+
+### VNet Resources
+
+| Resource | Purpose |
+|----------|---------|
+| \`vnet-${projectName}\` | Virtual Network (10.0.0.0/16) |
+| \`snet-functions\` | Functions subnet (10.0.1.0/24) |
+| \`snet-private-endpoints\` | Private Endpoints subnet (10.0.2.0/24) |
+| \`pe-cosmos-${projectName}\` | Cosmos DB Private Endpoint |
+
+### Private DNS Zones
+
+- \`privatelink.documents.azure.com\` (Cosmos DB)
+` : ''}
+## 📚 Learn More
+
+- [SwallowKit Documentation](https://github.com/himanago/swallowkit)
+- [Azure Static Web Apps](https://learn.microsoft.com/en-us/azure/static-web-apps/)
+- [Azure Functions](https://learn.microsoft.com/en-us/azure/azure-functions/)
+- [Azure Cosmos DB](https://learn.microsoft.com/en-us/azure/cosmos-db/)
+- [Next.js](https://nextjs.org/)
+- [Zod](https://zod.dev/)
+
+## 💭 Feedback
+
+This project was generated by SwallowKit. If you encounter any issues or have suggestions for improvements, please open an issue on the [SwallowKit repository](https://github.com/himanago/swallowkit).
 `;
     fs.writeFileSync(path.join(projectDir, 'README.md'), readme);
     console.log('✅ README.md created\n');
 }
+function createAiAgentFiles(projectDir, projectName) {
+    console.log('🤖 Creating AI agent instruction files...\n');
+    // ── 1. AGENTS.md (Codex / generic agents) ──────────────────────────
+    const agentsMd = `# AGENTS.md
+
+This project was generated by **SwallowKit**.
+All coding agents **must** follow the architecture and conventions described below.
+
+## Architecture Overview
+
+This is a full-stack TypeScript application deployed on Azure with the following layers:
+
+\`\`\`
+Frontend (React / Next.js App Router)
+  ↓ fetch('/api/{model}', ...)
+BFF Layer (Next.js API Routes)
+  ↓ HTTP → Azure Functions
+Backend (Azure Functions with Cosmos DB bindings)
+  ↓
+Azure Cosmos DB (Document Database)
+\`\`\`
+
+### Project Structure
+
+\`\`\`
+${projectName}/
+├── app/                    # Next.js App Router
+│   ├── api/               # BFF API routes (proxy to Azure Functions)
+│   └── {model}/           # UI pages per model (list, detail, create, edit)
+├── functions/             # Azure Functions (backend)
+│   └── src/               # HTTP trigger handlers with Cosmos DB bindings
+├── shared/                # Shared workspace package
+│   ├── models/            # Zod schema definitions (single source of truth)
+│   └── index.ts           # Re-exports all models
+├── lib/
+│   └── api/               # API client utilities (backend.ts, call-function.ts)
+├── components/            # Shared React components
+├── infra/                 # Bicep infrastructure-as-code files
+│   ├── main.bicep
+│   └── modules/
+└── .github/workflows/     # CI/CD workflows (if configured)
+\`\`\`
+
+## Critical Design Principles
+
+### 1. Next.js API Routes Are Strictly a BFF (Backend for Frontend)
+
+- \`app/api/\` routes exist **only** to proxy requests to Azure Functions.
+- **Never** place business logic, database access, or direct Cosmos DB calls in Next.js API routes.
+- The BFF layer may validate input/output with Zod schemas before forwarding to Functions.
+- Use the \`callFunction\` helper (\`lib/api/call-function.ts\`) or the \`api\` client (\`lib/api/backend.ts\`) to call Azure Functions.
+
+Example BFF route pattern:
+
+\`\`\`typescript
+// app/api/{model}/route.ts
+import { callFunction } from '@/lib/api/call-function';
+import { ModelSchema } from '@${projectName}/shared';
+import { z } from 'zod/v4';
+
+export async function GET() {
+  return callFunction({
+    method: 'GET',
+    path: '/api/{model}',
+    responseSchema: z.array(ModelSchema),
+  });
+}
+
+export async function POST(request: NextRequest) {
+  const body = await request.json();
+  return callFunction({
+    method: 'POST',
+    path: '/api/{model}',
+    body,
+    inputSchema: ModelSchema.omit({ id: true, createdAt: true, updatedAt: true }),
+    responseSchema: ModelSchema,
+    successStatus: 201,
+  });
+}
+\`\`\`
+
+### 2. Zod Schemas Are the Single Source of Truth
+
+- All data models are defined **once** as Zod schemas in \`shared/models/\`.
+- TypeScript types are derived with \`z.infer<typeof Schema>\` — never define types separately.
+- The same schema is used in **all three layers**: frontend (validation), BFF (input/output validation), and Azure Functions (request/response validation + Cosmos DB documents).
+- The shared package (\`@${projectName}/shared\`) is consumed by both Next.js and Azure Functions as a workspace dependency.
+
+Model definition pattern:
+
+\`\`\`typescript
+// shared/models/{model}.ts
+import { z } from 'zod/v4';
+
+export const Todo = z.object({
+  id: z.string(),
+  name: z.string().min(1),
+  // ... your fields
+  createdAt: z.string().optional(),
+  updatedAt: z.string().optional(),
+});
+
+export type Todo = z.infer<typeof Todo>;
+export const displayName = 'Todo';
+\`\`\`
+
+Key rules:
+- Use the **Zod official pattern**: the schema constant and the TypeScript type share the same name.
+- \`id\`, \`createdAt\`, and \`updatedAt\` are auto-managed by the backend. Mark them as \`optional()\` in the schema.
+- Always re-export models from \`shared/index.ts\`.
+
+### 3. Azure Functions Own All Business Logic and Data Access
+
+- All CRUD operations and business logic live in \`functions/src/\`.
+- Use Azure Functions Cosmos DB **input/output bindings** (\`extraInputs\`/\`extraOutputs\`) for reads and writes.
+- Use the Cosmos DB SDK client directly **only** for delete operations (bindings do not support delete).
+- Validate all data against Zod schemas before writing to Cosmos DB.
+- The backend auto-generates \`id\` (UUID), \`createdAt\`, and \`updatedAt\` — never trust client-sent values for these fields.
+
+Azure Functions handler pattern:
+
+\`\`\`typescript
+// functions/src/{model}.ts
+import { app } from '@azure/functions';
+import { ModelSchema } from '@${projectName}/shared';
+
+const containerName = 'Models'; // PascalCase + 's'
+
+app.http('{model}-get-all', {
+  methods: ['GET'],
+  route: '{model}',
+  authLevel: 'anonymous',
+  extraInputs: [{ type: 'cosmosDB', name: 'cosmosInput', containerName, ... }],
+  handler: async (request, context) => {
+    const documents = context.extraInputs.get('cosmosInput');
+    const validated = z.array(ModelSchema).parse(documents);
+    return { status: 200, jsonBody: validated };
+  },
+});
+\`\`\`
+
+## Naming Conventions
+
+| Item | Convention | Example |
+|------|-----------|---------|
+| Model schema file | \`shared/models/{kebab-case}.ts\` | \`shared/models/todo.ts\` |
+| Schema/type name | PascalCase (same name for both) | \`export const Todo = z.object({...}); export type Todo = z.infer<typeof Todo>;\` |
+| Functions handler file | \`functions/src/{kebab-case}.ts\` | \`functions/src/todo.ts\` |
+| Functions handler name | \`{camelCase}-{operation}\` | \`todo-get-all\`, \`todo-create\` |
+| API route path | \`/api/{camelCase}\` | \`/api/todo\`, \`/api/todo/{id}\` |
+| BFF route file | \`app/api/{kebab-case}/route.ts\` | \`app/api/todo/route.ts\` |
+| BFF detail route | \`app/api/{kebab-case}/[id]/route.ts\` | \`app/api/todo/[id]/route.ts\` |
+| UI page directory | \`app/{kebab-case}/\` | \`app/todo/page.tsx\` |
+| React component | PascalCase | \`TodoForm.tsx\` |
+| Cosmos DB container | PascalCase + 's' | \`Todos\` |
+| Cosmos DB partition key | \`/id\` | Always \`/id\` |
+| Bicep container file | \`infra/containers/{kebab-case}-container.bicep\` | \`infra/containers/todo-container.bicep\` |
+
+## Adding New Models (SwallowKit CLI Skills)
+
+Use the SwallowKit CLI — do **not** manually create model files or CRUD boilerplate.
+
+### Skill: Create a new data model
+
+\`\`\`bash
+npx swallowkit create-model <name>
+# Multiple models at once:
+npx swallowkit create-model user post comment
+\`\`\`
+
+Creates \`shared/models/<name>.ts\` with a Zod schema template including \`id\`, \`createdAt\`, \`updatedAt\`.
+Edit the generated file to add your domain-specific fields, then run scaffold.
+
+### Skill: Generate full CRUD from a model
+
+\`\`\`bash
+npx swallowkit scaffold shared/models/<name>.ts
+\`\`\`
+
+Generates:
+- Azure Functions handlers (\`functions/src/<name>.ts\`)
+- BFF API routes (\`app/api/<name>/route.ts\`, \`app/api/<name>/[id]/route.ts\`)
+- UI pages (\`app/<name>/page.tsx\`, detail, create, edit pages)
+- Cosmos DB Bicep container config (\`infra/containers/<name>-container.bicep\`)
+
+### Skill: Start development servers
+
+\`\`\`bash
+npx swallowkit dev
+\`\`\`
+
+Runs Next.js (http://localhost:3000) and Azure Functions (http://localhost:7071) concurrently.
+Checks for Cosmos DB Emulator availability.
+
+### Skill: Provision Azure resources
+
+\`\`\`bash
+npx swallowkit provision --resource-group <name> --location <region>
+\`\`\`
+
+Deploys Bicep infrastructure: Static Web Apps, Functions, Cosmos DB, Storage, Managed Identity.
+
+### Typical workflow for "add a new feature/model"
+
+1. \`npx swallowkit create-model <name>\`
+2. Edit \`shared/models/<name>.ts\` — add fields
+3. \`npx swallowkit scaffold shared/models/<name>.ts\`
+4. \`npx swallowkit dev\` — verify at http://localhost:3000/<name>
+
+## Do NOT
+
+- **Do not** put business logic or database calls in \`app/api/\` routes. They are BFF only.
+- **Do not** define TypeScript interfaces/types separately from Zod schemas. Always derive types with \`z.infer<>\`.
+- **Do not** manually duplicate model definitions across layers. Use the shared package.
+- **Do not** manually create CRUD boilerplate. Use \`swallowkit scaffold\`.
+- **Do not** hardcode Cosmos DB connection strings. Use Managed Identity (\`CosmosDBConnection__accountEndpoint\`) in production and emulator settings locally.
+- **Do not** change the partition key strategy. All containers use \`/id\` as the partition key.
+
+## Technology Stack
+
+- **Frontend**: Next.js (App Router), React, TypeScript, Tailwind CSS
+- **BFF**: Next.js API Routes (proxy only)
+- **Backend**: Azure Functions (TypeScript, Node.js)
+- **Database**: Azure Cosmos DB (NoSQL)
+- **Schema**: Zod (shared across all layers via workspace package)
+- **Infrastructure**: Bicep (IaC)
+- **Hosting**: Azure Static Web Apps (frontend) + Azure Functions Flex Consumption (backend)
+- **Auth**: Azure Managed Identity (no connection strings in production)
+- **Monitoring**: Application Insights
+`;
+    fs.writeFileSync(path.join(projectDir, 'AGENTS.md'), agentsMd);
+    console.log('  ✅ AGENTS.md (Codex / generic agents)');
+    // ── 2. CLAUDE.md (Claude Code) ─────────────────────────────────────
+    const claudeMd = `# CLAUDE.md
+
+This file is for Claude Code. Read AGENTS.md in the project root for the full architecture, conventions, and rules.
+
+## Quick Reference
+
+- **Architecture**: Next.js (frontend) → BFF (API routes, proxy only) → Azure Functions (backend) → Cosmos DB
+- **Schema**: Zod schemas in \`shared/models/\` are the single source of truth. Never define types separately.
+- **BFF rule**: \`app/api/\` routes must ONLY proxy to Azure Functions via \`callFunction()\`. No business logic.
+- **Backend rule**: All business logic and Cosmos DB access lives in \`functions/src/\`.
+
+## SwallowKit CLI Commands
+
+| Task | Command |
+|------|---------|
+| Create model | \`npx swallowkit create-model <name>\` |
+| Generate CRUD | \`npx swallowkit scaffold shared/models/<name>.ts\` |
+| Dev servers | \`npx swallowkit dev\` |
+| Provision Azure | \`npx swallowkit provision --resource-group <rg> --location <region>\` |
+
+## Workflow: Add a new model
+
+1. \`npx swallowkit create-model <name>\`
+2. Edit \`shared/models/<name>.ts\` — add your fields
+3. \`npx swallowkit scaffold shared/models/<name>.ts\`
+4. \`npx swallowkit dev\` — verify at http://localhost:3000/<name>
+`;
+    fs.writeFileSync(path.join(projectDir, 'CLAUDE.md'), claudeMd);
+    console.log('  ✅ CLAUDE.md (Claude Code)');
+    // ── 3. .github/copilot-instructions.md (GitHub Copilot) ────────────
+    const ghDir = path.join(projectDir, '.github');
+    fs.mkdirSync(ghDir, { recursive: true });
+    const copilotInstructions = `# Copilot Instructions
+
+This project was generated by **SwallowKit**. See \`AGENTS.md\` in the project root for the full specification.
+
+## Architecture (3-layer)
+
+\`\`\`
+Frontend (Next.js App Router) → BFF (Next.js API Routes) → Backend (Azure Functions) → Cosmos DB
+\`\`\`
+
+## Key Rules
+
+1. **BFF is proxy only** — \`app/api/\` routes call Azure Functions via \`callFunction()\`. No business logic, no direct DB access.
+2. **Zod = single source of truth** — Models live in \`shared/models/\`. Types are derived with \`z.infer<>\`. Never define types separately.
+3. **Backend owns data** — All CRUD, business logic, and Cosmos DB access is in \`functions/src/\`.
+4. **Use the CLI** — Run \`npx swallowkit create-model <name>\` then \`npx swallowkit scaffold shared/models/<name>.ts\` to add models. Do not create boilerplate manually.
+
+## Naming
+
+- Schema/type: PascalCase, same name for both (\`export const Todo = z.object({...}); export type Todo = z.infer<typeof Todo>;\`)
+- Files: kebab-case (\`shared/models/todo.ts\`, \`functions/src/todo.ts\`)
+- Cosmos DB containers: PascalCase + 's' (\`Todos\`), partition key always \`/id\`
+
+## Managed Fields
+
+\`id\`, \`createdAt\`, \`updatedAt\` are auto-managed by the backend. Define them as \`optional()\` in schemas. Never trust client-sent values.
+`;
+    fs.writeFileSync(path.join(ghDir, 'copilot-instructions.md'), copilotInstructions);
+    console.log('  ✅ .github/copilot-instructions.md (GitHub Copilot)');
+    // ── 4. .github/instructions/*.instructions.md (Copilot layer-specific) ──
+    const instructionsDir = path.join(ghDir, 'instructions');
+    fs.mkdirSync(instructionsDir, { recursive: true });
+    // 4a. shared/models — Zod schema layer
+    const sharedModelsInstructions = `---
+applyTo: "shared/models/**"
+---
+
+# Shared Models — Zod Schema Rules
+
+Files in this directory are the **single source of truth** for data models across the entire application.
+
+## Rules
+
+- Define Zod schemas using \`zod/v4\` (\`import { z } from 'zod/v4'\`).
+- Use the **Zod official pattern**: the schema constant and the TypeScript type share the same name.
+  \`\`\`typescript
+  export const Todo = z.object({ ... });
+  export type Todo = z.infer<typeof Todo>;
+  \`\`\`
+- Always include \`id: z.string()\`, \`createdAt: z.string().optional()\`, \`updatedAt: z.string().optional()\`. These are managed by the backend.
+- Export a \`displayName\` string constant for UI display.
+- Re-export every model from \`shared/index.ts\`.
+- For relationships, use **nested schemas** (import and embed the related schema), not ID references.
+- After editing a model, run \`npx swallowkit scaffold shared/models/<name>.ts\` to regenerate CRUD code.
+`;
+    fs.writeFileSync(path.join(instructionsDir, 'shared-models.instructions.md'), sharedModelsInstructions);
+    // 4b. app/api — BFF layer
+    const bffInstructions = `---
+applyTo: "app/api/**"
+---
+
+# BFF API Routes — Rules
+
+Files in \`app/api/\` are the **BFF (Backend for Frontend)** layer. They exist solely to proxy requests to Azure Functions.
+
+## Rules
+
+- **Never** put business logic, database access, or direct Cosmos DB calls here.
+- Use \`callFunction()\` from \`@/lib/api/call-function\` to forward requests to Azure Functions.
+- You may validate input/output with Zod schemas before forwarding.
+- Import schemas from \`@${projectName}/shared\`.
+
+## Pattern
+
+\`\`\`typescript
+import { callFunction } from '@/lib/api/call-function';
+import { ModelSchema } from '@${projectName}/shared';
+import { z } from 'zod/v4';
+
+export async function GET() {
+  return callFunction({
+    method: 'GET',
+    path: '/api/{model}',
+    responseSchema: z.array(ModelSchema),
+  });
+}
+\`\`\`
+`;
+    fs.writeFileSync(path.join(instructionsDir, 'bff-routes.instructions.md'), bffInstructions);
+    // 4c. functions — Azure Functions backend layer
+    const functionsInstructions = `---
+applyTo: "functions/**"
+---
+
+# Azure Functions — Backend Rules
+
+Files in \`functions/src/\` contain all business logic and data access for this application.
+
+## Rules
+
+- Use Cosmos DB **input/output bindings** (\`extraInputs\`/\`extraOutputs\`) for reads and writes.
+- Use the Cosmos DB SDK client directly **only** for delete operations.
+- Validate all request data against Zod schemas from \`@${projectName}/shared\` before writing.
+- Auto-generate \`id\` (UUID), \`createdAt\`, and \`updatedAt\` on the backend. Never trust client-sent values.
+- Container names are PascalCase + 's' (e.g., \`Todos\`). Partition key is always \`/id\`.
+
+## Handler Pattern
+
+\`\`\`typescript
+import { app } from '@azure/functions';
+import { ModelSchema } from '@${projectName}/shared';
+
+app.http('{model}-get-all', {
+  methods: ['GET'],
+  route: '{model}',
+  authLevel: 'anonymous',
+  extraInputs: [cosmosInput],
+  handler: async (request, context) => {
+    const documents = context.extraInputs.get(cosmosInput);
+    const validated = z.array(ModelSchema).parse(documents);
+    return { status: 200, jsonBody: validated };
+  },
+});
+\`\`\`
+`;
+    fs.writeFileSync(path.join(instructionsDir, 'azure-functions.instructions.md'), functionsInstructions);
+    console.log('  ✅ .github/instructions/ (Copilot layer-specific instructions)');
+    console.log('     - shared-models.instructions.md');
+    console.log('     - bff-routes.instructions.md');
+    console.log('     - azure-functions.instructions.md');
+    console.log('\n✅ AI agent files created\n');
+    console.log('   Supported agents:');
+    console.log('   - OpenAI Codex          → AGENTS.md');
+    console.log('   - Claude Code           → CLAUDE.md (+ AGENTS.md)');
+    console.log('   - GitHub Copilot        → .github/copilot-instructions.md');
+    console.log('   - GitHub Copilot (edit) → .github/instructions/*.instructions.md');
+    console.log('');
+}
 async function createInfrastructure(projectDir, projectName, azureConfig) {
     console.log('📦 Creating infrastructure files (Bicep)...\n');
     const infraDir = path.join(projectDir, 'infra');
@@ -1242,762 +1647,762 @@ async function createInfrastructure(projectDir, projectName, azureConfig) {
     fs.mkdirSync(modulesDir, { recursive: true });
     const enableVNet = azureConfig.vnetOption !== 'none';
     // main.bicep
-    const mainBicep = `targetScope = 'resourceGroup'
-
-@description('Project name')
-param projectName string
-
-@description('Location for Functions and Cosmos DB')
-param location string = resourceGroup().location
-
-@description('Location for Static Web App (must be explicitly provided)')
-param swaLocation string
-
-@description('Cosmos DB mode')
-@allowed(['freetier', 'serverless'])
-param cosmosDbMode string = '${azureConfig.cosmosDbMode}'
-
-@description('Enable VNet integration')
-param enableVNet bool = ${enableVNet}
-
-// Shared Log Analytics Workspace (in Functions region for data residency)
-module logAnalytics 'modules/loganalytics.bicep' = {
-  name: 'logAnalytics'
-  params: {
-    name: 'log-\${projectName}'
-    location: location
-  }
-}
-
-// Application Insights for Static Web App (must be in same region as SWA)
-module appInsightsSwa 'modules/appinsights.bicep' = {
-  name: 'appInsightsSwa'
-  params: {
-    name: 'appi-\${projectName}-swa'
-    location: swaLocation
-    logAnalyticsWorkspaceId: logAnalytics.outputs.id
-  }
-}
-
-// Application Insights for Functions (in same region as Functions)
-module appInsightsFunctions 'modules/appinsights.bicep' = {
-  name: 'appInsightsFunctions'
-  params: {
-    name: 'appi-\${projectName}-func'
-    location: location
-    logAnalyticsWorkspaceId: logAnalytics.outputs.id
-  }
-}
-
-// Static Web App
-module staticWebApp 'modules/staticwebapp.bicep' = {
-  name: 'staticWebApp'
-  params: {
-    name: 'swa-\${projectName}'
-    location: swaLocation
-    sku: 'Standard'
-    appInsightsConnectionString: appInsightsSwa.outputs.connectionString
-  }
-}
-
-// VNet (conditional)
-module vnet 'modules/vnet.bicep' = if (enableVNet) {
-  name: 'vnet'
-  params: {
-    name: 'vnet-\${projectName}'
-    location: location
-  }
-}
-
-// Cosmos DB (conditional based on mode) - Deploy BEFORE Functions
-module cosmosDbFreeTier 'modules/cosmosdb-freetier.bicep' = if (cosmosDbMode == 'freetier') {
-  name: 'cosmosDb'
-  params: {
-    accountName: 'cosmos-\${projectName}'
-    databaseName: '\${projectName}Database'
-    location: location
-    publicNetworkAccess: enableVNet ? 'Disabled' : 'Enabled'
-  }
-}
-
-module cosmosDbServerless 'modules/cosmosdb-serverless.bicep' = if (cosmosDbMode == 'serverless') {
-  name: 'cosmosDb'
-  params: {
-    accountName: 'cosmos-\${projectName}'
-    databaseName: '\${projectName}Database'
-    location: location
-    publicNetworkAccess: enableVNet ? 'Disabled' : 'Enabled'
-  }
-}
-
-// Cosmos DB Private Endpoint (conditional)
-module cosmosPrivateEndpoint 'modules/private-endpoint-cosmos.bicep' = if (enableVNet) {
-  name: 'cosmosPrivateEndpoint'
-  params: {
-    name: 'pe-cosmos-\${projectName}'
-    location: location
-    cosmosAccountId: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.id : cosmosDbServerless.outputs.id
-    cosmosAccountName: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.accountName : cosmosDbServerless.outputs.accountName
-    subnetId: vnet.outputs.privateEndpointSubnetId
-    vnetId: vnet.outputs.id
-  }
-  dependsOn: [
-    cosmosDbFreeTier
-    cosmosDbServerless
-    vnet
-  ]
-}
-
-// Azure Functions (Flex Consumption) - Deploy AFTER Cosmos DB
-module functionsFlex 'modules/functions-flex.bicep' = {
-  name: 'functionsApp'
-  params: {
-    name: 'func-\${projectName}'
-    location: location
-    storageAccountName: 'stg\${uniqueString(resourceGroup().id, projectName)}'
-    appInsightsConnectionString: appInsightsFunctions.outputs.connectionString
-    swaDefaultHostname: staticWebApp.outputs.defaultHostname
-    cosmosDbEndpoint: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.endpoint : cosmosDbServerless.outputs.endpoint
-    cosmosDbDatabaseName: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.databaseName : cosmosDbServerless.outputs.databaseName
-    enableVNet: enableVNet
-    vnetSubnetId: enableVNet ? vnet.outputs.functionsSubnetId : ''
-  }
-  dependsOn: [
-    cosmosDbFreeTier
-    cosmosDbServerless
-    cosmosPrivateEndpoint
-  ]
-}
-
-// Cosmos DB role assignment for Functions (after Functions is created)
-module cosmosDbRoleAssignmentFreeTier 'modules/cosmosdb-role-assignment.bicep' = if (cosmosDbMode == 'freetier') {
-  name: 'cosmosDbRoleAssignment'
-  params: {
-    cosmosAccountName: cosmosDbFreeTier.outputs.accountName
-    functionsPrincipalId: functionsFlex.outputs.principalId
-  }
-  dependsOn: [
-    functionsFlex
-  ]
-}
-
-module cosmosDbRoleAssignmentServerless 'modules/cosmosdb-role-assignment.bicep' = if (cosmosDbMode == 'serverless') {
-  name: 'cosmosDbRoleAssignment'
-  params: {
-    cosmosAccountName: cosmosDbServerless.outputs.accountName
-    functionsPrincipalId: functionsFlex.outputs.principalId
-  }
-  dependsOn: [
-    functionsFlex
-  ]
-}
-
-// Update SWA config with Functions hostname (after Functions deployment)
-module staticWebAppConfig 'modules/staticwebapp-config.bicep' = {
-  name: 'staticWebAppConfig'
-  params: {
-    staticWebAppName: staticWebApp.outputs.name
-    functionsDefaultHostname: functionsFlex.outputs.defaultHostname
-    appInsightsConnectionString: appInsightsSwa.outputs.connectionString
-  }
-  dependsOn: [
-    functionsFlex
-  ]
-}
-
-output staticWebAppName string = staticWebApp.outputs.name
-output staticWebAppUrl string = staticWebApp.outputs.defaultHostname
-output functionsAppName string = functionsFlex.outputs.name
-output functionsAppUrl string = functionsFlex.outputs.defaultHostname
-output cosmosDbAccountName string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.accountName : cosmosDbServerless.outputs.accountName
-output cosmosDbEndpoint string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.endpoint : cosmosDbServerless.outputs.endpoint
-output cosmosDatabaseName string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.databaseName : cosmosDbServerless.outputs.databaseName
-output logAnalyticsWorkspaceName string = logAnalytics.outputs.name
-output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
-output appInsightsSwaName string = appInsightsSwa.outputs.name
-output appInsightsSwaConnectionString string = appInsightsSwa.outputs.connectionString
-output appInsightsFunctionsName string = appInsightsFunctions.outputs.name
-output appInsightsFunctionsConnectionString string = appInsightsFunctions.outputs.connectionString
-output vnetEnabled bool = enableVNet
-output vnetName string = enableVNet ? vnet.outputs.name : ''
+    const mainBicep = `targetScope = 'resourceGroup'
+
+@description('Project name')
+param projectName string
+
+@description('Location for Functions and Cosmos DB')
+param location string = resourceGroup().location
+
+@description('Location for Static Web App (must be explicitly provided)')
+param swaLocation string
+
+@description('Cosmos DB mode')
+@allowed(['freetier', 'serverless'])
+param cosmosDbMode string = '${azureConfig.cosmosDbMode}'
+
+@description('Enable VNet integration')
+param enableVNet bool = ${enableVNet}
+
+// Shared Log Analytics Workspace (in Functions region for data residency)
+module logAnalytics 'modules/loganalytics.bicep' = {
+  name: 'logAnalytics'
+  params: {
+    name: 'log-\${projectName}'
+    location: location
+  }
+}
+
+// Application Insights for Static Web App (must be in same region as SWA)
+module appInsightsSwa 'modules/appinsights.bicep' = {
+  name: 'appInsightsSwa'
+  params: {
+    name: 'appi-\${projectName}-swa'
+    location: swaLocation
+    logAnalyticsWorkspaceId: logAnalytics.outputs.id
+  }
+}
+
+// Application Insights for Functions (in same region as Functions)
+module appInsightsFunctions 'modules/appinsights.bicep' = {
+  name: 'appInsightsFunctions'
+  params: {
+    name: 'appi-\${projectName}-func'
+    location: location
+    logAnalyticsWorkspaceId: logAnalytics.outputs.id
+  }
+}
+
+// Static Web App
+module staticWebApp 'modules/staticwebapp.bicep' = {
+  name: 'staticWebApp'
+  params: {
+    name: 'swa-\${projectName}'
+    location: swaLocation
+    sku: 'Standard'
+    appInsightsConnectionString: appInsightsSwa.outputs.connectionString
+  }
+}
+
+// VNet (conditional)
+module vnet 'modules/vnet.bicep' = if (enableVNet) {
+  name: 'vnet'
+  params: {
+    name: 'vnet-\${projectName}'
+    location: location
+  }
+}
+
+// Cosmos DB (conditional based on mode) - Deploy BEFORE Functions
+module cosmosDbFreeTier 'modules/cosmosdb-freetier.bicep' = if (cosmosDbMode == 'freetier') {
+  name: 'cosmosDb'
+  params: {
+    accountName: 'cosmos-\${projectName}'
+    databaseName: '\${projectName}Database'
+    location: location
+    publicNetworkAccess: enableVNet ? 'Disabled' : 'Enabled'
+  }
+}
+
+module cosmosDbServerless 'modules/cosmosdb-serverless.bicep' = if (cosmosDbMode == 'serverless') {
+  name: 'cosmosDb'
+  params: {
+    accountName: 'cosmos-\${projectName}'
+    databaseName: '\${projectName}Database'
+    location: location
+    publicNetworkAccess: enableVNet ? 'Disabled' : 'Enabled'
+  }
+}
+
+// Cosmos DB Private Endpoint (conditional)
+module cosmosPrivateEndpoint 'modules/private-endpoint-cosmos.bicep' = if (enableVNet) {
+  name: 'cosmosPrivateEndpoint'
+  params: {
+    name: 'pe-cosmos-\${projectName}'
+    location: location
+    cosmosAccountId: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.id : cosmosDbServerless.outputs.id
+    cosmosAccountName: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.accountName : cosmosDbServerless.outputs.accountName
+    subnetId: vnet.outputs.privateEndpointSubnetId
+    vnetId: vnet.outputs.id
+  }
+  dependsOn: [
+    cosmosDbFreeTier
+    cosmosDbServerless
+    vnet
+  ]
+}
+
+// Azure Functions (Flex Consumption) - Deploy AFTER Cosmos DB
+module functionsFlex 'modules/functions-flex.bicep' = {
+  name: 'functionsApp'
+  params: {
+    name: 'func-\${projectName}'
+    location: location
+    storageAccountName: 'stg\${uniqueString(resourceGroup().id, projectName)}'
+    appInsightsConnectionString: appInsightsFunctions.outputs.connectionString
+    swaDefaultHostname: staticWebApp.outputs.defaultHostname
+    cosmosDbEndpoint: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.endpoint : cosmosDbServerless.outputs.endpoint
+    cosmosDbDatabaseName: cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.databaseName : cosmosDbServerless.outputs.databaseName
+    enableVNet: enableVNet
+    vnetSubnetId: enableVNet ? vnet.outputs.functionsSubnetId : ''
+  }
+  dependsOn: [
+    cosmosDbFreeTier
+    cosmosDbServerless
+    cosmosPrivateEndpoint
+  ]
+}
+
+// Cosmos DB role assignment for Functions (after Functions is created)
+module cosmosDbRoleAssignmentFreeTier 'modules/cosmosdb-role-assignment.bicep' = if (cosmosDbMode == 'freetier') {
+  name: 'cosmosDbRoleAssignment'
+  params: {
+    cosmosAccountName: cosmosDbFreeTier.outputs.accountName
+    functionsPrincipalId: functionsFlex.outputs.principalId
+  }
+  dependsOn: [
+    functionsFlex
+  ]
+}
+
+module cosmosDbRoleAssignmentServerless 'modules/cosmosdb-role-assignment.bicep' = if (cosmosDbMode == 'serverless') {
+  name: 'cosmosDbRoleAssignment'
+  params: {
+    cosmosAccountName: cosmosDbServerless.outputs.accountName
+    functionsPrincipalId: functionsFlex.outputs.principalId
+  }
+  dependsOn: [
+    functionsFlex
+  ]
+}
+
+// Update SWA config with Functions hostname (after Functions deployment)
+module staticWebAppConfig 'modules/staticwebapp-config.bicep' = {
+  name: 'staticWebAppConfig'
+  params: {
+    staticWebAppName: staticWebApp.outputs.name
+    functionsDefaultHostname: functionsFlex.outputs.defaultHostname
+    appInsightsConnectionString: appInsightsSwa.outputs.connectionString
+  }
+  dependsOn: [
+    functionsFlex
+  ]
+}
+
+output staticWebAppName string = staticWebApp.outputs.name
+output staticWebAppUrl string = staticWebApp.outputs.defaultHostname
+output functionsAppName string = functionsFlex.outputs.name
+output functionsAppUrl string = functionsFlex.outputs.defaultHostname
+output cosmosDbAccountName string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.accountName : cosmosDbServerless.outputs.accountName
+output cosmosDbEndpoint string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.endpoint : cosmosDbServerless.outputs.endpoint
+output cosmosDatabaseName string = cosmosDbMode == 'freetier' ? cosmosDbFreeTier.outputs.databaseName : cosmosDbServerless.outputs.databaseName
+output logAnalyticsWorkspaceName string = logAnalytics.outputs.name
+output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
+output appInsightsSwaName string = appInsightsSwa.outputs.name
+output appInsightsSwaConnectionString string = appInsightsSwa.outputs.connectionString
+output appInsightsFunctionsName string = appInsightsFunctions.outputs.name
+output appInsightsFunctionsConnectionString string = appInsightsFunctions.outputs.connectionString
+output vnetEnabled bool = enableVNet
+output vnetName string = enableVNet ? vnet.outputs.name : ''
 `;
     fs.writeFileSync(path.join(infraDir, 'main.bicep'), mainBicep);
     // main.parameters.json
-    const params = `{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "projectName": {
-      "value": "${projectName}"
-    },
-    "cosmosDbMode": {
-      "value": "${azureConfig.cosmosDbMode}"
-    },
-    "enableVNet": {
-      "value": ${enableVNet}
-    }
-  }
-}
+    const params = `{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "projectName": {
+      "value": "${projectName}"
+    },
+    "cosmosDbMode": {
+      "value": "${azureConfig.cosmosDbMode}"
+    },
+    "enableVNet": {
+      "value": ${enableVNet}
+    }
+  }
+}
 `;
     fs.writeFileSync(path.join(infraDir, 'main.parameters.json'), params);
     // modules/staticwebapp.bicep
-    const staticWebAppBicep = `@description('Static Web App name')
-param name string
-
-@description('Location for the Static Web App')
-param location string
-
-@description('SKU name (Free or Standard)')
-@allowed([
-  'Free'
-  'Standard'
-])
-param sku string = 'Standard'
-
-@description('Application Insights connection string')
-param appInsightsConnectionString string
-
-resource staticWebApp 'Microsoft.Web/staticSites@2023-01-01' = {
-  name: name
-  location: location
-  sku: {
-    name: sku
-    tier: sku
-  }
-  properties: {
-    buildProperties: {
-      skipGithubActionWorkflowGeneration: true
-    }
-  }
-}
-
-// Link Application Insights to Static Web App (for both client and server-side telemetry)
-resource staticWebAppConfig 'Microsoft.Web/staticSites/config@2023-01-01' = {
-  parent: staticWebApp
-  name: 'appsettings'
-  properties: {
-    APPLICATIONINSIGHTS_CONNECTION_STRING: appInsightsConnectionString
-    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
-  }
-}
-
-output id string = staticWebApp.id
-output name string = staticWebApp.name
-output defaultHostname string = staticWebApp.properties.defaultHostname
+    const staticWebAppBicep = `@description('Static Web App name')
+param name string
+
+@description('Location for the Static Web App')
+param location string
+
+@description('SKU name (Free or Standard)')
+@allowed([
+  'Free'
+  'Standard'
+])
+param sku string = 'Standard'
+
+@description('Application Insights connection string')
+param appInsightsConnectionString string
+
+resource staticWebApp 'Microsoft.Web/staticSites@2023-01-01' = {
+  name: name
+  location: location
+  sku: {
+    name: sku
+    tier: sku
+  }
+  properties: {
+    buildProperties: {
+      skipGithubActionWorkflowGeneration: true
+    }
+  }
+}
+
+// Link Application Insights to Static Web App (for both client and server-side telemetry)
+resource staticWebAppConfig 'Microsoft.Web/staticSites/config@2023-01-01' = {
+  parent: staticWebApp
+  name: 'appsettings'
+  properties: {
+    APPLICATIONINSIGHTS_CONNECTION_STRING: appInsightsConnectionString
+    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
+  }
+}
+
+output id string = staticWebApp.id
+output name string = staticWebApp.name
+output defaultHostname string = staticWebApp.properties.defaultHostname
 `;
     fs.writeFileSync(path.join(modulesDir, 'staticwebapp.bicep'), staticWebAppBicep);
     // modules/staticwebapp-config.bicep (for updating config after Functions deployment)
-    const staticWebAppConfigBicep = `@description('Static Web App name')
-param staticWebAppName string
-
-@description('Functions App default hostname for backend API calls')
-param functionsDefaultHostname string
-
-@description('Application Insights connection string for SWA')
-param appInsightsConnectionString string
-
-resource staticWebApp 'Microsoft.Web/staticSites@2023-01-01' existing = {
-  name: staticWebAppName
-}
-
-resource staticWebAppConfig 'Microsoft.Web/staticSites/config@2023-01-01' = {
-  parent: staticWebApp
-  name: 'appsettings'
-  properties: {
-    APPLICATIONINSIGHTS_CONNECTION_STRING: appInsightsConnectionString
-    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
-    BACKEND_FUNCTIONS_BASE_URL: 'https://\${functionsDefaultHostname}'
-  }
-}
-
-output configName string = staticWebAppConfig.name
+    const staticWebAppConfigBicep = `@description('Static Web App name')
+param staticWebAppName string
+
+@description('Functions App default hostname for backend API calls')
+param functionsDefaultHostname string
+
+@description('Application Insights connection string for SWA')
+param appInsightsConnectionString string
+
+resource staticWebApp 'Microsoft.Web/staticSites@2023-01-01' existing = {
+  name: staticWebAppName
+}
+
+resource staticWebAppConfig 'Microsoft.Web/staticSites/config@2023-01-01' = {
+  parent: staticWebApp
+  name: 'appsettings'
+  properties: {
+    APPLICATIONINSIGHTS_CONNECTION_STRING: appInsightsConnectionString
+    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
+    BACKEND_FUNCTIONS_BASE_URL: 'https://\${functionsDefaultHostname}'
+  }
+}
+
+output configName string = staticWebAppConfig.name
 `;
     fs.writeFileSync(path.join(modulesDir, 'staticwebapp-config.bicep'), staticWebAppConfigBicep);
     // modules/loganalytics.bicep (Shared Log Analytics Workspace)
-    const logAnalyticsBicep = `@description('Log Analytics workspace name')
-param name string
-
-@description('Location for Log Analytics workspace')
-param location string
-
-resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
-  name: name
-  location: location
-  properties: {
-    sku: {
-      name: 'PerGB2018'
-    }
-    retentionInDays: 30
-  }
-}
-
-output id string = logAnalytics.id
-output name string = logAnalytics.name
+    const logAnalyticsBicep = `@description('Log Analytics workspace name')
+param name string
+
+@description('Location for Log Analytics workspace')
+param location string
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
+  name: name
+  location: location
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+    retentionInDays: 30
+  }
+}
+
+output id string = logAnalytics.id
+output name string = logAnalytics.name
 `;
     fs.writeFileSync(path.join(modulesDir, 'loganalytics.bicep'), logAnalyticsBicep);
     // modules/appinsights.bicep (Application Insights only, connects to shared Log Analytics)
-    const appInsightsBicep = `@description('Application Insights name')
-param name string
-
-@description('Location for Application Insights')
-param location string
-
-@description('Log Analytics workspace resource ID')
-param logAnalyticsWorkspaceId string
-
-// Application Insights
-resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
-  name: name
-  location: location
-  kind: 'web'
-  properties: {
-    Application_Type: 'web'
-    WorkspaceResourceId: logAnalyticsWorkspaceId
-    RetentionInDays: 30
-  }
-}
-
-output id string = appInsights.id
-output name string = appInsights.name
-output connectionString string = appInsights.properties.ConnectionString
-output instrumentationKey string = appInsights.properties.InstrumentationKey
+    const appInsightsBicep = `@description('Application Insights name')
+param name string
+
+@description('Location for Application Insights')
+param location string
+
+@description('Log Analytics workspace resource ID')
+param logAnalyticsWorkspaceId string
+
+// Application Insights
+resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
+  name: name
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    WorkspaceResourceId: logAnalyticsWorkspaceId
+    RetentionInDays: 30
+  }
+}
+
+output id string = appInsights.id
+output name string = appInsights.name
+output connectionString string = appInsights.properties.ConnectionString
+output instrumentationKey string = appInsights.properties.InstrumentationKey
 `;
     fs.writeFileSync(path.join(modulesDir, 'appinsights.bicep'), appInsightsBicep);
     // modules/functions-flex.bicep (Flex Consumption)
-    const functionsFlexBicep = `@description('Functions App name')
-param name string
-
-@description('Location for the Functions App')
-param location string
-
-@description('Storage account name for Functions')
-param storageAccountName string
-
-@description('Application Insights connection string')
-param appInsightsConnectionString string
-
-@description('Static Web App default hostname for CORS')
-param swaDefaultHostname string
-
-@description('Cosmos DB endpoint')
-param cosmosDbEndpoint string
-
-@description('Cosmos DB database name')
-param cosmosDbDatabaseName string
-
-@description('Enable VNet integration')
-param enableVNet bool = false
-
-@description('VNet subnet ID for Functions (required if enableVNet is true)')
-param vnetSubnetId string = ''
-
-// Storage Account for Functions
-resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
-  name: storageAccountName
-  location: location
-  sku: {
-    name: 'Standard_LRS'
-  }
-  kind: 'StorageV2'
-  properties: {
-    supportsHttpsTrafficOnly: true
-    minimumTlsVersion: 'TLS1_2'
-  }
-}
-
-// Blob Service for deployment package container
-resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
-  parent: storageAccount
-  name: 'default'
-}
-
-// Deployment package container
-resource deploymentContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = {
-  parent: blobService
-  name: 'deploymentpackage'
-  properties: {
-    publicAccess: 'None'
-  }
-}
-
-// App Service Plan (Flex Consumption)
-resource hostingPlan 'Microsoft.Web/serverfarms@2023-12-01' = {
-  name: '\${name}-plan'
-  location: location
-  sku: {
-    name: 'FC1'
-    tier: 'FlexConsumption'
-  }
-  properties: {
-    reserved: true // Required for Linux
-  }
-}
-
-// Azure Functions App
-resource functionApp 'Microsoft.Web/sites@2023-12-01' = {
-  name: name
-  location: location
-  kind: 'functionapp,linux'
-  identity: {
-    type: 'SystemAssigned'
-  }
-  properties: {
-    serverFarmId: hostingPlan.id
-    reserved: true
-    virtualNetworkSubnetId: enableVNet ? vnetSubnetId : null
-    vnetContentShareEnabled: enableVNet
-    functionAppConfig: {
-      deployment: {
-        storage: {
-          type: 'blobContainer'
-          value: '\${storageAccount.properties.primaryEndpoints.blob}deploymentpackage'
-          authentication: {
-            type: 'SystemAssignedIdentity'
-          }
-        }
-      }
-      scaleAndConcurrency: {
-        maximumInstanceCount: 100
-        instanceMemoryMB: 2048
-      }
-      runtime: {
-        name: 'node'
-        version: '22'
-      }
-    }
-    siteConfig: {
-      appSettings: [
-        {
-          name: 'AzureWebJobsStorage__accountName'
-          value: storageAccount.name
-        }
-        {
-          name: 'FUNCTIONS_EXTENSION_VERSION'
-          value: '~4'
-        }
-        {
-          name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-          value: appInsightsConnectionString
-        }
-        {
-          name: 'CosmosDBConnection__accountEndpoint'
-          value: cosmosDbEndpoint
-        }
-        {
-          name: 'COSMOS_DB_DATABASE_NAME'
-          value: cosmosDbDatabaseName
-        }
-      ]
-      cors: {
-        allowedOrigins: [
-          'https://\${swaDefaultHostname}'
-        ]
-      }
-      ipSecurityRestrictions: [
-        {
-          action: 'Allow'
-          ipAddress: 'AzureCloud'
-          tag: 'ServiceTag'
-          priority: 100
-        }
-      ]
-    }
-    httpsOnly: true
-  }
-}
-
-// Role Assignment: Storage Blob Data Contributor
-resource blobDataContributorRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(functionApp.id, storageAccount.id, 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
-  scope: storageAccount
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
-    principalId: functionApp.identity.principalId
-    principalType: 'ServicePrincipal'
-  }
-}
-
-output id string = functionApp.id
-output name string = functionApp.name
-output defaultHostname string = functionApp.properties.defaultHostName
-output principalId string = functionApp.identity.principalId
+    const functionsFlexBicep = `@description('Functions App name')
+param name string
+
+@description('Location for the Functions App')
+param location string
+
+@description('Storage account name for Functions')
+param storageAccountName string
+
+@description('Application Insights connection string')
+param appInsightsConnectionString string
+
+@description('Static Web App default hostname for CORS')
+param swaDefaultHostname string
+
+@description('Cosmos DB endpoint')
+param cosmosDbEndpoint string
+
+@description('Cosmos DB database name')
+param cosmosDbDatabaseName string
+
+@description('Enable VNet integration')
+param enableVNet bool = false
+
+@description('VNet subnet ID for Functions (required if enableVNet is true)')
+param vnetSubnetId string = ''
+
+// Storage Account for Functions
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
+  name: storageAccountName
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties: {
+    supportsHttpsTrafficOnly: true
+    minimumTlsVersion: 'TLS1_2'
+  }
+}
+
+// Blob Service for deployment package container
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
+  parent: storageAccount
+  name: 'default'
+}
+
+// Deployment package container
+resource deploymentContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = {
+  parent: blobService
+  name: 'deploymentpackage'
+  properties: {
+    publicAccess: 'None'
+  }
+}
+
+// App Service Plan (Flex Consumption)
+resource hostingPlan 'Microsoft.Web/serverfarms@2023-12-01' = {
+  name: '\${name}-plan'
+  location: location
+  sku: {
+    name: 'FC1'
+    tier: 'FlexConsumption'
+  }
+  properties: {
+    reserved: true // Required for Linux
+  }
+}
+
+// Azure Functions App
+resource functionApp 'Microsoft.Web/sites@2023-12-01' = {
+  name: name
+  location: location
+  kind: 'functionapp,linux'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    serverFarmId: hostingPlan.id
+    reserved: true
+    virtualNetworkSubnetId: enableVNet ? vnetSubnetId : null
+    vnetContentShareEnabled: enableVNet
+    functionAppConfig: {
+      deployment: {
+        storage: {
+          type: 'blobContainer'
+          value: '\${storageAccount.properties.primaryEndpoints.blob}deploymentpackage'
+          authentication: {
+            type: 'SystemAssignedIdentity'
+          }
+        }
+      }
+      scaleAndConcurrency: {
+        maximumInstanceCount: 100
+        instanceMemoryMB: 2048
+      }
+      runtime: {
+        name: 'node'
+        version: '22'
+      }
+    }
+    siteConfig: {
+      appSettings: [
+        {
+          name: 'AzureWebJobsStorage__accountName'
+          value: storageAccount.name
+        }
+        {
+          name: 'FUNCTIONS_EXTENSION_VERSION'
+          value: '~4'
+        }
+        {
+          name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+          value: appInsightsConnectionString
+        }
+        {
+          name: 'CosmosDBConnection__accountEndpoint'
+          value: cosmosDbEndpoint
+        }
+        {
+          name: 'COSMOS_DB_DATABASE_NAME'
+          value: cosmosDbDatabaseName
+        }
+      ]
+      cors: {
+        allowedOrigins: [
+          'https://\${swaDefaultHostname}'
+        ]
+      }
+      ipSecurityRestrictions: [
+        {
+          action: 'Allow'
+          ipAddress: 'AzureCloud'
+          tag: 'ServiceTag'
+          priority: 100
+        }
+      ]
+    }
+    httpsOnly: true
+  }
+}
+
+// Role Assignment: Storage Blob Data Contributor
+resource blobDataContributorRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(functionApp.id, storageAccount.id, 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
+  scope: storageAccount
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
+    principalId: functionApp.identity.principalId
+    principalType: 'ServicePrincipal'
+  }
+}
+
+output id string = functionApp.id
+output name string = functionApp.name
+output defaultHostname string = functionApp.properties.defaultHostName
+output principalId string = functionApp.identity.principalId
 `;
     fs.writeFileSync(path.join(modulesDir, 'functions-flex.bicep'), functionsFlexBicep);
     // modules/cosmosdb-freetier.bicep (Free Tier)
-    const cosmosDbFreeTierBicep = `@description('Cosmos DB account name')
-param accountName string
-
-@description('Database name')
-param databaseName string
-
-@description('Location for Cosmos DB')
-param location string
-
-@description('Public network access')
-@allowed(['Enabled', 'Disabled'])
-param publicNetworkAccess string = 'Enabled'
-
-// Cosmos DB Account (Free Tier)
-resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
-  name: accountName
-  location: location
-  kind: 'GlobalDocumentDB'
-  properties: {
-    databaseAccountOfferType: 'Standard'
-    enableAutomaticFailover: false
-    enableFreeTier: true
-    publicNetworkAccess: publicNetworkAccess
-    disableLocalAuth: true
-    consistencyPolicy: {
-      defaultConsistencyLevel: 'Session'
-    }
-    locations: [
-      {
-        locationName: location
-        failoverPriority: 0
-        isZoneRedundant: false
-      }
-    ]
-    disableKeyBasedMetadataWriteAccess: true
-  }
-}
-
-// Cosmos DB Database
-resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2023-11-15' = {
-  parent: cosmosAccount
-  name: databaseName
-  properties: {
-    resource: {
-      id: databaseName
-    }
-    options: {
-      throughput: 1000
-    }
-  }
-}
-
-output id string = cosmosAccount.id
-output accountName string = cosmosAccount.name
-output endpoint string = cosmosAccount.properties.documentEndpoint
-output databaseName string = database.name
+    const cosmosDbFreeTierBicep = `@description('Cosmos DB account name')
+param accountName string
+
+@description('Database name')
+param databaseName string
+
+@description('Location for Cosmos DB')
+param location string
+
+@description('Public network access')
+@allowed(['Enabled', 'Disabled'])
+param publicNetworkAccess string = 'Enabled'
+
+// Cosmos DB Account (Free Tier)
+resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
+  name: accountName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    enableFreeTier: true
+    publicNetworkAccess: publicNetworkAccess
+    disableLocalAuth: true
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+    }
+    locations: [
+      {
+        locationName: location
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    disableKeyBasedMetadataWriteAccess: true
+  }
+}
+
+// Cosmos DB Database
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2023-11-15' = {
+  parent: cosmosAccount
+  name: databaseName
+  properties: {
+    resource: {
+      id: databaseName
+    }
+    options: {
+      throughput: 1000
+    }
+  }
+}
+
+output id string = cosmosAccount.id
+output accountName string = cosmosAccount.name
+output endpoint string = cosmosAccount.properties.documentEndpoint
+output databaseName string = database.name
 `;
     fs.writeFileSync(path.join(modulesDir, 'cosmosdb-freetier.bicep'), cosmosDbFreeTierBicep);
     // modules/cosmosdb-serverless.bicep (Serverless)
-    const cosmosDbServerlessBicep = `@description('Cosmos DB account name')
-param accountName string
-
-@description('Database name')
-param databaseName string
-
-@description('Location for Cosmos DB')
-param location string
-
-@description('Public network access')
-@allowed(['Enabled', 'Disabled'])
-param publicNetworkAccess string = 'Enabled'
-
-// Cosmos DB Account (Serverless)
-resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
-  name: accountName
-  location: location
-  kind: 'GlobalDocumentDB'
-  properties: {
-    databaseAccountOfferType: 'Standard'
-    enableAutomaticFailover: false
-    publicNetworkAccess: publicNetworkAccess
-    disableLocalAuth: true
-    consistencyPolicy: {
-      defaultConsistencyLevel: 'Session'
-    }
-    locations: [
-      {
-        locationName: location
-        failoverPriority: 0
-        isZoneRedundant: false
-      }
-    ]
-    capabilities: [
-      {
-        name: 'EnableServerless'
-      }
-    ]
-    disableKeyBasedMetadataWriteAccess: true
-  }
-}
-
-// Cosmos DB Database
-resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2023-11-15' = {
-  parent: cosmosAccount
-  name: databaseName
-  properties: {
-    resource: {
-      id: databaseName
-    }
-  }
-}
-
-output id string = cosmosAccount.id
-output accountName string = cosmosAccount.name
-output endpoint string = cosmosAccount.properties.documentEndpoint
-output databaseName string = database.name
+    const cosmosDbServerlessBicep = `@description('Cosmos DB account name')
+param accountName string
+
+@description('Database name')
+param databaseName string
+
+@description('Location for Cosmos DB')
+param location string
+
+@description('Public network access')
+@allowed(['Enabled', 'Disabled'])
+param publicNetworkAccess string = 'Enabled'
+
+// Cosmos DB Account (Serverless)
+resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
+  name: accountName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    publicNetworkAccess: publicNetworkAccess
+    disableLocalAuth: true
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+    }
+    locations: [
+      {
+        locationName: location
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    capabilities: [
+      {
+        name: 'EnableServerless'
+      }
+    ]
+    disableKeyBasedMetadataWriteAccess: true
+  }
+}
+
+// Cosmos DB Database
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2023-11-15' = {
+  parent: cosmosAccount
+  name: databaseName
+  properties: {
+    resource: {
+      id: databaseName
+    }
+  }
+}
+
+output id string = cosmosAccount.id
+output accountName string = cosmosAccount.name
+output endpoint string = cosmosAccount.properties.documentEndpoint
+output databaseName string = database.name
 `;
     fs.writeFileSync(path.join(modulesDir, 'cosmosdb-serverless.bicep'), cosmosDbServerlessBicep);
     // modules/cosmosdb-role-assignment.bicep (Role Assignment Module)
-    const cosmosDbRoleAssignmentBicep = `@description('Cosmos DB account name')
-param cosmosAccountName string
-
-@description('Functions App Managed Identity Principal ID')
-param functionsPrincipalId string
-
-resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' existing = {
-  name: cosmosAccountName
-}
-
-// Built-in Cosmos DB Data Contributor role definition
-var cosmosDbDataContributorRoleId = '00000000-0000-0000-0000-000000000002'
-
-// Role assignment for Functions to access Cosmos DB
-resource roleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2023-11-15' = {
-  parent: cosmosAccount
-  name: guid(cosmosAccount.id, functionsPrincipalId, cosmosDbDataContributorRoleId)
-  properties: {
-    roleDefinitionId: '\${cosmosAccount.id}/sqlRoleDefinitions/\${cosmosDbDataContributorRoleId}'
-    principalId: functionsPrincipalId
-    scope: cosmosAccount.id
-  }
-}
-
-output roleAssignmentId string = roleAssignment.id
+    const cosmosDbRoleAssignmentBicep = `@description('Cosmos DB account name')
+param cosmosAccountName string
+
+@description('Functions App Managed Identity Principal ID')
+param functionsPrincipalId string
+
+resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' existing = {
+  name: cosmosAccountName
+}
+
+// Built-in Cosmos DB Data Contributor role definition
+var cosmosDbDataContributorRoleId = '00000000-0000-0000-0000-000000000002'
+
+// Role assignment for Functions to access Cosmos DB
+resource roleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2023-11-15' = {
+  parent: cosmosAccount
+  name: guid(cosmosAccount.id, functionsPrincipalId, cosmosDbDataContributorRoleId)
+  properties: {
+    roleDefinitionId: '\${cosmosAccount.id}/sqlRoleDefinitions/\${cosmosDbDataContributorRoleId}'
+    principalId: functionsPrincipalId
+    scope: cosmosAccount.id
+  }
+}
+
+output roleAssignmentId string = roleAssignment.id
 `;
     fs.writeFileSync(path.join(modulesDir, 'cosmosdb-role-assignment.bicep'), cosmosDbRoleAssignmentBicep);
     // VNet modules (only generate if VNet is enabled)
     if (enableVNet) {
         // modules/vnet.bicep
-        const vnetBicep = `@description('VNet name')
-param name string
-
-@description('Location for VNet')
-param location string
-
-resource vnet 'Microsoft.Network/virtualNetworks@2023-09-01' = {
-  name: name
-  location: location
-  properties: {
-    addressSpace: {
-      addressPrefixes: [
-        '10.0.0.0/16'
-      ]
-    }
-    subnets: [
-      {
-        name: 'snet-functions'
-        properties: {
-          addressPrefix: '10.0.1.0/24'
-          delegations: [
-            {
-              name: 'delegation'
-              properties: {
-                serviceName: 'Microsoft.App/environments'
-              }
-            }
-          ]
-        }
-      }
-      {
-        name: 'snet-private-endpoints'
-        properties: {
-          addressPrefix: '10.0.2.0/24'
-          privateEndpointNetworkPolicies: 'Disabled'
-        }
-      }
-    ]
-  }
-}
-
-output id string = vnet.id
-output name string = vnet.name
-output functionsSubnetId string = vnet.properties.subnets[0].id
-output privateEndpointSubnetId string = vnet.properties.subnets[1].id
+        const vnetBicep = `@description('VNet name')
+param name string
+
+@description('Location for VNet')
+param location string
+
+resource vnet 'Microsoft.Network/virtualNetworks@2023-09-01' = {
+  name: name
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'snet-functions'
+        properties: {
+          addressPrefix: '10.0.1.0/24'
+          delegations: [
+            {
+              name: 'delegation'
+              properties: {
+                serviceName: 'Microsoft.App/environments'
+              }
+            }
+          ]
+        }
+      }
+      {
+        name: 'snet-private-endpoints'
+        properties: {
+          addressPrefix: '10.0.2.0/24'
+          privateEndpointNetworkPolicies: 'Disabled'
+        }
+      }
+    ]
+  }
+}
+
+output id string = vnet.id
+output name string = vnet.name
+output functionsSubnetId string = vnet.properties.subnets[0].id
+output privateEndpointSubnetId string = vnet.properties.subnets[1].id
 `;
         fs.writeFileSync(path.join(modulesDir, 'vnet.bicep'), vnetBicep);
         // modules/private-endpoint-cosmos.bicep
-        const cosmosPrivateEndpointBicep = `@description('Private endpoint name')
-param name string
-
-@description('Location')
-param location string
-
-@description('Cosmos DB account resource ID')
-param cosmosAccountId string
-
-@description('Cosmos DB account name')
-param cosmosAccountName string
-
-@description('Subnet ID for private endpoint')
-param subnetId string
-
-@description('VNet ID for DNS zone link')
-param vnetId string
-
-// Private DNS Zone for Cosmos DB
-resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
-  name: 'privatelink.documents.azure.com'
-  location: 'global'
-}
-
-// Link DNS Zone to VNet
-resource privateDnsZoneVnetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
-  parent: privateDnsZone
-  name: '\${cosmosAccountName}-vnet-link'
-  location: 'global'
-  properties: {
-    virtualNetwork: {
-      id: vnetId
-    }
-    registrationEnabled: false
-  }
-}
-
-// Private Endpoint for Cosmos DB
-resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-09-01' = {
-  name: name
-  location: location
-  properties: {
-    subnet: {
-      id: subnetId
-    }
-    privateLinkServiceConnections: [
-      {
-        name: '\${cosmosAccountName}-connection'
-        properties: {
-          privateLinkServiceId: cosmosAccountId
-          groupIds: [
-            'Sql'
-          ]
-        }
-      }
-    ]
-  }
-}
-
-// DNS Zone Group
-resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-09-01' = {
-  parent: privateEndpoint
-  name: 'default'
-  properties: {
-    privateDnsZoneConfigs: [
-      {
-        name: 'cosmos-dns-config'
-        properties: {
-          privateDnsZoneId: privateDnsZone.id
-        }
-      }
-    ]
-  }
-}
-
-output privateEndpointId string = privateEndpoint.id
-output privateDnsZoneId string = privateDnsZone.id
+        const cosmosPrivateEndpointBicep = `@description('Private endpoint name')
+param name string
+
+@description('Location')
+param location string
+
+@description('Cosmos DB account resource ID')
+param cosmosAccountId string
+
+@description('Cosmos DB account name')
+param cosmosAccountName string
+
+@description('Subnet ID for private endpoint')
+param subnetId string
+
+@description('VNet ID for DNS zone link')
+param vnetId string
+
+// Private DNS Zone for Cosmos DB
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+  name: 'privatelink.documents.azure.com'
+  location: 'global'
+}
+
+// Link DNS Zone to VNet
+resource privateDnsZoneVnetLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+  parent: privateDnsZone
+  name: '\${cosmosAccountName}-vnet-link'
+  location: 'global'
+  properties: {
+    virtualNetwork: {
+      id: vnetId
+    }
+    registrationEnabled: false
+  }
+}
+
+// Private Endpoint for Cosmos DB
+resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-09-01' = {
+  name: name
+  location: location
+  properties: {
+    subnet: {
+      id: subnetId
+    }
+    privateLinkServiceConnections: [
+      {
+        name: '\${cosmosAccountName}-connection'
+        properties: {
+          privateLinkServiceId: cosmosAccountId
+          groupIds: [
+            'Sql'
+          ]
+        }
+      }
+    ]
+  }
+}
+
+// DNS Zone Group
+resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-09-01' = {
+  parent: privateEndpoint
+  name: 'default'
+  properties: {
+    privateDnsZoneConfigs: [
+      {
+        name: 'cosmos-dns-config'
+        properties: {
+          privateDnsZoneId: privateDnsZone.id
+        }
+      }
+    ]
+  }
+}
+
+output privateEndpointId string = privateEndpoint.id
+output privateDnsZoneId string = privateDnsZone.id
 `;
         fs.writeFileSync(path.join(modulesDir, 'private-endpoint-cosmos.bicep'), cosmosPrivateEndpointBicep);
         console.log('✅ VNet modules created\n');
@@ -2011,123 +2416,123 @@ async function createGitHubActionsWorkflows(projectDir, azureConfig, pm) {
     const workflowsDir = path.join(projectDir, '.github', 'workflows');
     fs.mkdirSync(workflowsDir, { recursive: true });
     // deploy-swa.yml
-    const swaWorkflow = `name: Deploy Static Web App
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'app/**'
-      - 'components/**'
-      - 'lib/**'
-      - 'shared/**'
-      - 'public/**'
-      - 'package.json'
-      - 'next.config.js'
-      - 'next.config.ts'
-  workflow_dispatch:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'app/**'
-      - 'components/**'
-      - 'lib/**'
-      - 'shared/**'
-      - 'public/**'
-      - 'package.json'
-      - 'next.config.js'
-      - 'next.config.ts'
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    name: Build and Deploy Static Web App
-    
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: true
-      
-      - name: Deploy to Azure Static Web Apps
-        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
-        uses: Azure/static-web-apps-deploy@v1
-        with:
-          azure_static_web_apps_api_token: \${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }}
-          repo_token: \${{ secrets.GITHUB_TOKEN }}
-          action: 'upload'
-          app_location: '/'
-          api_location: ''
-          output_location: ''
-        env:
-          NEXT_TURBOPACK_EXPERIMENTAL_USE_SYSTEM_TLS_CERTS: '1'
+    const swaWorkflow = `name: Deploy Static Web App
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'app/**'
+      - 'components/**'
+      - 'lib/**'
+      - 'shared/**'
+      - 'public/**'
+      - 'package.json'
+      - 'next.config.js'
+      - 'next.config.ts'
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'app/**'
+      - 'components/**'
+      - 'lib/**'
+      - 'shared/**'
+      - 'public/**'
+      - 'package.json'
+      - 'next.config.js'
+      - 'next.config.ts'
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    name: Build and Deploy Static Web App
+    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      
+      - name: Deploy to Azure Static Web Apps
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: \${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }}
+          repo_token: \${{ secrets.GITHUB_TOKEN }}
+          action: 'upload'
+          app_location: '/'
+          api_location: ''
+          output_location: ''
+        env:
+          NEXT_TURBOPACK_EXPERIMENTAL_USE_SYSTEM_TLS_CERTS: '1'
 `;
     fs.writeFileSync(path.join(workflowsDir, 'deploy-swa.yml'), swaWorkflow);
     // deploy-functions.yml
-    const functionsWorkflow = `name: Deploy Azure Functions
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'functions/**'
-      - 'shared/**'
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'functions/**'
-      - 'shared/**'
-  workflow_dispatch:
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    name: Build and Deploy Functions
-    
-    steps:
-      - uses: actions/checkout@v4
-      
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-${pnpmSetupStep ? `\n${pnpmSetupStep}\n` : ''}
-      - name: Install dependencies
-        run: |
-          ${pmCmd.ci}
-      
-      - name: Build shared package
-        run: |
-          ${pmCmd.runFilter('shared')} build
-      
-      - name: Build Functions
-        run: |
-          ${pmCmd.runFilter('functions')} build
-      
-      - name: Prepare functions for deployment
-        run: |
-          SHARED_PKG_NAME=$(node -p "require('./shared/package.json').name")
-          mkdir -p /tmp/fn-deps
-          node -e "const p=JSON.parse(require('fs').readFileSync('./functions/package.json','utf8'));Object.keys(p.dependencies).filter(k=>k.endsWith('/shared')).forEach(k=>delete p.dependencies[k]);require('fs').writeFileSync('/tmp/fn-deps/package.json',JSON.stringify(p,null,2));"
-          cd /tmp/fn-deps && ${pmCmd.installProd} && cd -
-          rm -rf ./functions/node_modules
-          mv /tmp/fn-deps/node_modules ./functions/node_modules
-          SHARED_DEST="./functions/node_modules/$SHARED_PKG_NAME"
-          mkdir -p "$SHARED_DEST"
-          cp -r ./shared/dist "$SHARED_DEST/dist"
-          cp ./shared/package.json "$SHARED_DEST/package.json"
-      
-      - name: Deploy to Azure Functions
-        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
-        uses: Azure/functions-action@v1
-        with:
-          app-name: \${{ secrets.AZURE_FUNCTIONAPP_NAME }}
-          package: './functions'
-          publish-profile: \${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }}
-          sku: flexconsumption
+    const functionsWorkflow = `name: Deploy Azure Functions
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'functions/**'
+      - 'shared/**'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'functions/**'
+      - 'shared/**'
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    name: Build and Deploy Functions
+    
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+${pnpmSetupStep ? `\n${pnpmSetupStep}\n` : ''}
+      - name: Install dependencies
+        run: |
+          ${pmCmd.ci}
+      
+      - name: Build shared package
+        run: |
+          ${pmCmd.runFilter('shared')} build
+      
+      - name: Build Functions
+        run: |
+          ${pmCmd.runFilter('functions')} build
+      
+      - name: Prepare functions for deployment
+        run: |
+          SHARED_PKG_NAME=$(node -p "require('./shared/package.json').name")
+          mkdir -p /tmp/fn-deps
+          node -e "const p=JSON.parse(require('fs').readFileSync('./functions/package.json','utf8'));Object.keys(p.dependencies).filter(k=>k.endsWith('/shared')).forEach(k=>delete p.dependencies[k]);require('fs').writeFileSync('/tmp/fn-deps/package.json',JSON.stringify(p,null,2));"
+          cd /tmp/fn-deps && ${pmCmd.installProd} && cd -
+          rm -rf ./functions/node_modules
+          mv /tmp/fn-deps/node_modules ./functions/node_modules
+          SHARED_DEST="./functions/node_modules/$SHARED_PKG_NAME"
+          mkdir -p "$SHARED_DEST"
+          cp -r ./shared/dist "$SHARED_DEST/dist"
+          cp ./shared/package.json "$SHARED_DEST/package.json"
+      
+      - name: Deploy to Azure Functions
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
+        uses: Azure/functions-action@v1
+        with:
+          app-name: \${{ secrets.AZURE_FUNCTIONAPP_NAME }}
+          package: './functions'
+          publish-profile: \${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }}
+          sku: flexconsumption
 `;
     fs.writeFileSync(path.join(workflowsDir, 'deploy-functions.yml'), functionsWorkflow);
     console.log('✅ GitHub Actions workflows created\n');
@@ -2139,146 +2544,146 @@ async function createAzurePipelines(projectDir, pm) {
     const pipelinesDir = path.join(projectDir, 'pipelines');
     fs.mkdirSync(pipelinesDir, { recursive: true });
     // swa.yml
-    const swaPipeline = `trigger:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - app/**
-      - components/**
-      - lib/**
-      - shared/**
-      - public/**
-      - package.json
-      - next.config.js
-
-pr:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - app/**
-      - components/**
-      - lib/**
-      - shared/**
-      - public/**
-      - package.json
-      - next.config.js
-
-pool:
-  vmImage: 'ubuntu-latest'
-
-variables:
-  - group: azure-deployment
-
-steps:
-  - task: NodeTool@0
-    inputs:
-      versionSpec: '22.x'
-    displayName: 'Install Node.js'
-${azPipelinesSetup ? `\n${azPipelinesSetup}\n` : ''}
-  - script: |
-      ${pmCmd.ci}
-    displayName: 'Install dependencies'
-
-  - script: |
-      ${pmCmd.run} build
-    env:
-      NODE_ENV: production
-    displayName: 'Build Next.js app'
-
-  - task: AzureStaticWebApp@0
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    inputs:
-      app_location: '.'
-      output_location: '.next/standalone'
-      skip_app_build: true
-      azure_static_web_apps_api_token: $(AZURE_STATIC_WEB_APPS_API_TOKEN)
-    displayName: 'Deploy to Azure Static Web Apps'
+    const swaPipeline = `trigger:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - app/**
+      - components/**
+      - lib/**
+      - shared/**
+      - public/**
+      - package.json
+      - next.config.js
+
+pr:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - app/**
+      - components/**
+      - lib/**
+      - shared/**
+      - public/**
+      - package.json
+      - next.config.js
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+variables:
+  - group: azure-deployment
+
+steps:
+  - task: NodeTool@0
+    inputs:
+      versionSpec: '22.x'
+    displayName: 'Install Node.js'
+${azPipelinesSetup ? `\n${azPipelinesSetup}\n` : ''}
+  - script: |
+      ${pmCmd.ci}
+    displayName: 'Install dependencies'
+
+  - script: |
+      ${pmCmd.run} build
+    env:
+      NODE_ENV: production
+    displayName: 'Build Next.js app'
+
+  - task: AzureStaticWebApp@0
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    inputs:
+      app_location: '.'
+      output_location: '.next/standalone'
+      skip_app_build: true
+      azure_static_web_apps_api_token: $(AZURE_STATIC_WEB_APPS_API_TOKEN)
+    displayName: 'Deploy to Azure Static Web Apps'
 `;
     fs.writeFileSync(path.join(pipelinesDir, 'swa.yml'), swaPipeline);
     // functions.yml
-    const functionsPipeline = `trigger:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - functions/**
-      - shared/**
-
-pr:
-  branches:
-    include:
-      - main
-  paths:
-    include:
-      - functions/**
-      - shared/**
-
-pool:
-  vmImage: 'ubuntu-latest'
-
-variables:
-  - group: azure-deployment
-
-steps:
-  - task: NodeTool@0
-    inputs:
-      versionSpec: '22.x'
-    displayName: 'Install Node.js'
-${azPipelinesSetup ? `\n${azPipelinesSetup}\n` : ''}
-  - script: |
-      ${pmCmd.ci}
-    displayName: 'Install workspace dependencies'
-
-  - script: |
-      ${pmCmd.runFilter('shared')} build
-    displayName: 'Build shared package'
-
-  - script: |
-      ${pmCmd.runFilter('functions')} build
-    displayName: 'Build Functions'
-
-  - script: |
-      SHARED_PKG_NAME=$(node -p "require('./shared/package.json').name")
-      mkdir -p /tmp/fn-deps
-      node -e "const p=JSON.parse(require('fs').readFileSync('./functions/package.json','utf8'));Object.keys(p.dependencies).filter(k=>k.endsWith('/shared')).forEach(k=>delete p.dependencies[k]);require('fs').writeFileSync('/tmp/fn-deps/package.json',JSON.stringify(p,null,2));"
-      cd /tmp/fn-deps && ${pmCmd.installProd} && cd -
-      rm -rf ./functions/node_modules
-      mv /tmp/fn-deps/node_modules ./functions/node_modules
-      SHARED_DEST="./functions/node_modules/$SHARED_PKG_NAME"
-      mkdir -p "$SHARED_DEST"
-      cp -r ./shared/dist "$SHARED_DEST/dist"
-      cp ./shared/package.json "$SHARED_DEST/package.json"
-    displayName: 'Prepare functions for deployment'
-
-  - task: ArchiveFiles@2
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    inputs:
-      rootFolderOrFile: '$(System.DefaultWorkingDirectory)/functions'
-      includeRootFolder: false
-      archiveType: 'zip'
-      archiveFile: '$(Build.ArtifactStagingDirectory)/functions.zip'
-    displayName: 'Archive Functions'
-
-  - task: PublishBuildArtifacts@1
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    inputs:
-      PathtoPublish: '$(Build.ArtifactStagingDirectory)/functions.zip'
-      ArtifactName: 'functions'
-    displayName: 'Publish Functions artifact'
-
-  - task: AzureFunctionApp@2
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    inputs:
-      azureSubscription: '$(AZURE_SUBSCRIPTION)'
-      appType: 'functionAppLinux'
-      appName: '$(AZURE_FUNCTIONAPP_NAME)'
-      package: '$(Build.ArtifactStagingDirectory)/functions.zip'
-    displayName: 'Deploy to Azure Functions'
+    const functionsPipeline = `trigger:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - functions/**
+      - shared/**
+
+pr:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - functions/**
+      - shared/**
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+variables:
+  - group: azure-deployment
+
+steps:
+  - task: NodeTool@0
+    inputs:
+      versionSpec: '22.x'
+    displayName: 'Install Node.js'
+${azPipelinesSetup ? `\n${azPipelinesSetup}\n` : ''}
+  - script: |
+      ${pmCmd.ci}
+    displayName: 'Install workspace dependencies'
+
+  - script: |
+      ${pmCmd.runFilter('shared')} build
+    displayName: 'Build shared package'
+
+  - script: |
+      ${pmCmd.runFilter('functions')} build
+    displayName: 'Build Functions'
+
+  - script: |
+      SHARED_PKG_NAME=$(node -p "require('./shared/package.json').name")
+      mkdir -p /tmp/fn-deps
+      node -e "const p=JSON.parse(require('fs').readFileSync('./functions/package.json','utf8'));Object.keys(p.dependencies).filter(k=>k.endsWith('/shared')).forEach(k=>delete p.dependencies[k]);require('fs').writeFileSync('/tmp/fn-deps/package.json',JSON.stringify(p,null,2));"
+      cd /tmp/fn-deps && ${pmCmd.installProd} && cd -
+      rm -rf ./functions/node_modules
+      mv /tmp/fn-deps/node_modules ./functions/node_modules
+      SHARED_DEST="./functions/node_modules/$SHARED_PKG_NAME"
+      mkdir -p "$SHARED_DEST"
+      cp -r ./shared/dist "$SHARED_DEST/dist"
+      cp ./shared/package.json "$SHARED_DEST/package.json"
+    displayName: 'Prepare functions for deployment'
+
+  - task: ArchiveFiles@2
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    inputs:
+      rootFolderOrFile: '$(System.DefaultWorkingDirectory)/functions'
+      includeRootFolder: false
+      archiveType: 'zip'
+      archiveFile: '$(Build.ArtifactStagingDirectory)/functions.zip'
+    displayName: 'Archive Functions'
+
+  - task: PublishBuildArtifacts@1
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    inputs:
+      PathtoPublish: '$(Build.ArtifactStagingDirectory)/functions.zip'
+      ArtifactName: 'functions'
+    displayName: 'Publish Functions artifact'
+
+  - task: AzureFunctionApp@2
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    inputs:
+      azureSubscription: '$(AZURE_SUBSCRIPTION)'
+      appType: 'functionAppLinux'
+      appName: '$(AZURE_FUNCTIONAPP_NAME)'
+      package: '$(Build.ArtifactStagingDirectory)/functions.zip'
+    displayName: 'Deploy to Azure Functions'
 `;
     fs.writeFileSync(path.join(pipelinesDir, 'functions.yml'), functionsPipeline);
     console.log('✅ Azure Pipelines created\n');