agentops-accelerator 0.3.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (142) hide show
  1. agentops/__init__.py +10 -0
  2. agentops/__main__.py +6 -0
  3. agentops/agent/__init__.py +12 -0
  4. agentops/agent/_legacy_ids.py +92 -0
  5. agentops/agent/analyzer.py +207 -0
  6. agentops/agent/checks/__init__.py +1 -0
  7. agentops/agent/checks/catalog.py +880 -0
  8. agentops/agent/checks/errors.py +279 -0
  9. agentops/agent/checks/foundry_config.py +75 -0
  10. agentops/agent/checks/latency.py +84 -0
  11. agentops/agent/checks/opex.py +157 -0
  12. agentops/agent/checks/opex_workspace.py +874 -0
  13. agentops/agent/checks/posture.py +36 -0
  14. agentops/agent/checks/posture_rules/__init__.py +53 -0
  15. agentops/agent/checks/posture_rules/content_filter.py +59 -0
  16. agentops/agent/checks/posture_rules/diagnostics.py +74 -0
  17. agentops/agent/checks/posture_rules/local_auth.py +55 -0
  18. agentops/agent/checks/posture_rules/managed_identity.py +59 -0
  19. agentops/agent/checks/posture_rules/network.py +68 -0
  20. agentops/agent/checks/regression.py +78 -0
  21. agentops/agent/checks/release_readiness.py +182 -0
  22. agentops/agent/checks/safety.py +247 -0
  23. agentops/agent/checks/spec_conformance.py +375 -0
  24. agentops/agent/cockpit.py +5159 -0
  25. agentops/agent/config.py +240 -0
  26. agentops/agent/findings.py +113 -0
  27. agentops/agent/history.py +142 -0
  28. agentops/agent/knowledge/__init__.py +182 -0
  29. agentops/agent/knowledge/waf-checklist.csv +39 -0
  30. agentops/agent/llm_assist/__init__.py +16 -0
  31. agentops/agent/llm_assist/_base.py +124 -0
  32. agentops/agent/llm_assist/_bundle_rule.py +154 -0
  33. agentops/agent/llm_assist/_client.py +347 -0
  34. agentops/agent/llm_assist/_dataset_rules.py +191 -0
  35. agentops/agent/llm_assist/_engine.py +106 -0
  36. agentops/agent/llm_assist/_prompt_rules.py +291 -0
  37. agentops/agent/llm_assist/_spec_rules.py +235 -0
  38. agentops/agent/production_telemetry.py +430 -0
  39. agentops/agent/report.py +207 -0
  40. agentops/agent/server/__init__.py +1 -0
  41. agentops/agent/server/app.py +84 -0
  42. agentops/agent/server/auth.py +94 -0
  43. agentops/agent/server/chat.py +44 -0
  44. agentops/agent/server/protocol.py +72 -0
  45. agentops/agent/sources/__init__.py +1 -0
  46. agentops/agent/sources/azure_monitor.py +523 -0
  47. agentops/agent/sources/azure_resources.py +602 -0
  48. agentops/agent/sources/foundry_control.py +174 -0
  49. agentops/agent/sources/results_history.py +494 -0
  50. agentops/agent/sources/spec_detectors/__init__.py +42 -0
  51. agentops/agent/sources/spec_detectors/_base.py +58 -0
  52. agentops/agent/sources/spec_detectors/agents_md.py +75 -0
  53. agentops/agent/sources/spec_detectors/spec_kit.py +172 -0
  54. agentops/agent/time_range.py +117 -0
  55. agentops/cli/__init__.py +1 -0
  56. agentops/cli/app.py +4823 -0
  57. agentops/core/__init__.py +1 -0
  58. agentops/core/agentops_config.py +592 -0
  59. agentops/core/config_loader.py +22 -0
  60. agentops/core/evaluators.py +480 -0
  61. agentops/core/release_evidence.py +56 -0
  62. agentops/core/results.py +117 -0
  63. agentops/mcp/__init__.py +10 -0
  64. agentops/mcp/server.py +232 -0
  65. agentops/pipeline/__init__.py +8 -0
  66. agentops/pipeline/cloud_results.py +189 -0
  67. agentops/pipeline/cloud_runner.py +901 -0
  68. agentops/pipeline/comparison.py +108 -0
  69. agentops/pipeline/diagnostics.py +51 -0
  70. agentops/pipeline/invocations.py +535 -0
  71. agentops/pipeline/official_eval.py +414 -0
  72. agentops/pipeline/orchestrator.py +775 -0
  73. agentops/pipeline/prompt_deploy.py +377 -0
  74. agentops/pipeline/publisher.py +121 -0
  75. agentops/pipeline/reporter.py +202 -0
  76. agentops/pipeline/runtime.py +409 -0
  77. agentops/pipeline/thresholds.py +84 -0
  78. agentops/services/__init__.py +1 -0
  79. agentops/services/cicd.py +720 -0
  80. agentops/services/eval_analysis.py +848 -0
  81. agentops/services/evidence_pack.py +757 -0
  82. agentops/services/initializer.py +86 -0
  83. agentops/services/preflight.py +470 -0
  84. agentops/services/setup_wizard.py +709 -0
  85. agentops/services/skills.py +643 -0
  86. agentops/services/trace_promotion.py +300 -0
  87. agentops/services/workflow_analysis.py +1129 -0
  88. agentops/templates/.gitignore +15 -0
  89. agentops/templates/__init__.py +1 -0
  90. agentops/templates/agent-server/Dockerfile +23 -0
  91. agentops/templates/agent-server/README.md +61 -0
  92. agentops/templates/agent-server/main.bicep +94 -0
  93. agentops/templates/agent.yaml +87 -0
  94. agentops/templates/agentops.yaml +58 -0
  95. agentops/templates/foundry.svg +71 -0
  96. agentops/templates/icon.png +0 -0
  97. agentops/templates/pipelines/azuredevops/agentops-deploy-dev-azd.yml +118 -0
  98. agentops/templates/pipelines/azuredevops/agentops-deploy-dev.yml +73 -0
  99. agentops/templates/pipelines/azuredevops/agentops-deploy-prod-azd.yml +141 -0
  100. agentops/templates/pipelines/azuredevops/agentops-deploy-prod.yml +94 -0
  101. agentops/templates/pipelines/azuredevops/agentops-deploy-prompt-agent.yml +167 -0
  102. agentops/templates/pipelines/azuredevops/agentops-deploy-qa-azd.yml +118 -0
  103. agentops/templates/pipelines/azuredevops/agentops-deploy-qa.yml +68 -0
  104. agentops/templates/pipelines/azuredevops/agentops-pr-prompt-agent.yml +210 -0
  105. agentops/templates/pipelines/azuredevops/agentops-pr.yml +155 -0
  106. agentops/templates/pipelines/azuredevops/agentops-watchdog.yml +106 -0
  107. agentops/templates/project.gitignore +36 -0
  108. agentops/templates/sample-traces.jsonl +3 -0
  109. agentops/templates/skills/agentops-agent/SKILL.md +137 -0
  110. agentops/templates/skills/agentops-config/SKILL.md +113 -0
  111. agentops/templates/skills/agentops-dataset/SKILL.md +84 -0
  112. agentops/templates/skills/agentops-eval/SKILL.md +189 -0
  113. agentops/templates/skills/agentops-report/SKILL.md +71 -0
  114. agentops/templates/skills/agentops-workflow/SKILL.md +471 -0
  115. agentops/templates/smoke.jsonl +3 -0
  116. agentops/templates/waf-checklist.README.md +84 -0
  117. agentops/templates/waf-checklist.csv +22 -0
  118. agentops/templates/workflows/agentops-deploy-dev-azd.yml +166 -0
  119. agentops/templates/workflows/agentops-deploy-dev.yml +187 -0
  120. agentops/templates/workflows/agentops-deploy-prod-azd.yml +183 -0
  121. agentops/templates/workflows/agentops-deploy-prod.yml +171 -0
  122. agentops/templates/workflows/agentops-deploy-prompt-agent.yml +197 -0
  123. agentops/templates/workflows/agentops-deploy-qa-azd.yml +156 -0
  124. agentops/templates/workflows/agentops-deploy-qa.yml +145 -0
  125. agentops/templates/workflows/agentops-pr-prompt-agent.yml +210 -0
  126. agentops/templates/workflows/agentops-pr.yml +148 -0
  127. agentops/templates/workflows/agentops-watchdog.yml +122 -0
  128. agentops/utils/__init__.py +1 -0
  129. agentops/utils/azd_env.py +435 -0
  130. agentops/utils/azure_endpoints.py +62 -0
  131. agentops/utils/colors.py +47 -0
  132. agentops/utils/dotenv_loader.py +105 -0
  133. agentops/utils/foundry_discovery.py +229 -0
  134. agentops/utils/logging.py +59 -0
  135. agentops/utils/telemetry.py +554 -0
  136. agentops/utils/yaml.py +36 -0
  137. agentops_accelerator-0.3.0.dist-info/METADATA +278 -0
  138. agentops_accelerator-0.3.0.dist-info/RECORD +142 -0
  139. agentops_accelerator-0.3.0.dist-info/WHEEL +5 -0
  140. agentops_accelerator-0.3.0.dist-info/entry_points.txt +2 -0
  141. agentops_accelerator-0.3.0.dist-info/licenses/LICENSE +21 -0
  142. agentops_accelerator-0.3.0.dist-info/top_level.txt +1 -0
@@ -0,0 +1,166 @@
1
+ # AgentOps - Deploy to DEV with azd
2
+ #
3
+ # agentops:deploy-mode=azd
4
+ #
5
+ # Runs on push to develop. Delegates infrastructure and app deployment to
6
+ # Azure Developer CLI. AgentOps only gates quality; azd owns provision,
7
+ # deployment packaging, and any hooks declared in azure.yaml.
8
+ #
9
+ # Generated by `agentops workflow generate --deploy-mode azd`.
10
+
11
+ name: AgentOps Deploy (DEV)
12
+
13
+ on:
14
+ push:
15
+ branches:
16
+ - develop
17
+ workflow_dispatch:
18
+ inputs:
19
+ config:
20
+ description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
21
+ required: false
22
+ default: "agentops.yaml"
23
+ provision:
24
+ description: "Run azd provision before deploy"
25
+ required: false
26
+ type: boolean
27
+ default: true
28
+
29
+ permissions:
30
+ contents: read
31
+ id-token: write
32
+ packages: write
33
+
34
+ concurrency:
35
+ group: agentops-deploy-dev-${{ github.ref }}
36
+ cancel-in-progress: false
37
+
38
+ jobs:
39
+ provision:
40
+ name: azd provision (DEV)
41
+ runs-on: ubuntu-latest
42
+ environment: dev
43
+ timeout-minutes: 45
44
+ steps:
45
+ - name: Checkout
46
+ uses: actions/checkout@v6
47
+
48
+ - name: Set up azd
49
+ uses: Azure/setup-azd@v2
50
+
51
+ - name: Azure login (OIDC)
52
+ uses: azure/login@v3
53
+ with:
54
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
55
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
56
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
57
+
58
+ - name: Prepare azd environment
59
+ env:
60
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
61
+ AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
62
+ run: |
63
+ test -f azure.yaml || {
64
+ echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
65
+ exit 1
66
+ }
67
+ azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
68
+ || azd env select "$AZURE_ENV_NAME"
69
+ azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
70
+ if [ -n "$AZURE_LOCATION" ]; then
71
+ azd env set AZURE_LOCATION "$AZURE_LOCATION"
72
+ fi
73
+
74
+ - name: Run azd provision
75
+ env:
76
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
77
+ run: |
78
+ SHOULD_PROVISION="true"
79
+ if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
80
+ SHOULD_PROVISION="${{ inputs.provision }}"
81
+ fi
82
+ if [ "$SHOULD_PROVISION" = "true" ]; then
83
+ __AILZ_PREFLIGHT_COMMAND__
84
+ azd provision --no-prompt
85
+ else
86
+ echo "Skipping azd provision by workflow input."
87
+ fi
88
+
89
+ eval:
90
+ name: Eval (gate)
91
+ needs: provision
92
+ runs-on: ubuntu-latest
93
+ timeout-minutes: 30
94
+ steps:
95
+ - name: Checkout
96
+ uses: actions/checkout@v6
97
+
98
+ - name: Azure login (OIDC)
99
+ uses: azure/login@v3
100
+ with:
101
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
102
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
103
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
104
+
105
+ - name: Set up Python
106
+ uses: actions/setup-python@v6
107
+ with:
108
+ python-version: "3.11"
109
+
110
+ - name: Install uv
111
+ uses: astral-sh/setup-uv@v7
112
+ with:
113
+ enable-cache: false
114
+
115
+ - name: Install AgentOps Toolkit
116
+ run: |
117
+ uv pip install --system "agentops-accelerator[foundry] @ git+https://github.com/Azure/agentops.git@main"
118
+
119
+ __EVAL_STEPS__
120
+
121
+ - name: Upload AgentOps results
122
+ if: always()
123
+ uses: actions/upload-artifact@v7
124
+ with:
125
+ name: agentops-dev-results
126
+ path: |
127
+ __EVAL_ARTIFACT_PATHS__
128
+ if-no-files-found: warn
129
+
130
+ deploy:
131
+ name: azd deploy (DEV)
132
+ needs: eval
133
+ runs-on: ubuntu-latest
134
+ environment: dev
135
+ timeout-minutes: 45
136
+ steps:
137
+ - name: Checkout
138
+ uses: actions/checkout@v6
139
+
140
+ - name: Set up azd
141
+ uses: Azure/setup-azd@v2
142
+
143
+ - name: Azure login (OIDC)
144
+ uses: azure/login@v3
145
+ with:
146
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
147
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
148
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
149
+
150
+ - name: Run azd deploy
151
+ env:
152
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
153
+ AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
154
+ run: |
155
+ test -f azure.yaml || {
156
+ echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
157
+ exit 1
158
+ }
159
+ azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
160
+ || azd env select "$AZURE_ENV_NAME"
161
+ azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
162
+ if [ -n "$AZURE_LOCATION" ]; then
163
+ azd env set AZURE_LOCATION "$AZURE_LOCATION"
164
+ fi
165
+ azd env refresh "$AZURE_ENV_NAME" --no-prompt
166
+ azd deploy --no-prompt
@@ -0,0 +1,187 @@
1
+ # AgentOps — Deploy to DEV
2
+ #
3
+ # Triggers on every push to `develop`. Runs the AgentOps eval as a
4
+ # quality gate, then builds and deploys to the `dev` GitHub Environment.
5
+ #
6
+ # To finish wiring this for your project:
7
+ # 1. Configure the `dev` GitHub Environment (Settings -> Environments).
8
+ # Add any environment-specific variables/secrets there.
9
+ # 2. Fill in the `Build` and `Deploy` steps below to match your stack
10
+ # (see commented examples).
11
+ # 3. Make sure the AgentOps eval passes locally first:
12
+ # agentops eval run
13
+ #
14
+ # Generated by `agentops workflow generate`.
15
+
16
+ name: AgentOps Deploy (DEV)
17
+
18
+ on:
19
+ push:
20
+ branches:
21
+ - develop
22
+ workflow_dispatch:
23
+ inputs:
24
+ config:
25
+ description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
26
+ required: false
27
+ default: "agentops.yaml"
28
+
29
+ permissions:
30
+ contents: read
31
+ id-token: write
32
+ packages: write
33
+
34
+ concurrency:
35
+ group: agentops-deploy-dev-${{ github.ref }}
36
+ cancel-in-progress: false
37
+
38
+ jobs:
39
+ eval:
40
+ name: Eval (gate)
41
+ runs-on: ubuntu-latest
42
+ timeout-minutes: 30
43
+ steps:
44
+ - name: Checkout
45
+ uses: actions/checkout@v6
46
+
47
+ - name: Azure login (OIDC)
48
+ uses: azure/login@v3
49
+ with:
50
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
51
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
52
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
53
+
54
+ - name: Set up Python
55
+ uses: actions/setup-python@v6
56
+ with:
57
+ python-version: "3.11"
58
+
59
+ # uv is ~5-10x faster than pip on cold installs; the AgentOps stack
60
+ # (azure-* + opentelemetry-instrumentation-*) pulls dozens of small
61
+ # wheels so the speed-up is very visible in CI.
62
+ - name: Install uv
63
+ uses: astral-sh/setup-uv@v7
64
+ with:
65
+ enable-cache: false
66
+
67
+ - name: Install AgentOps Toolkit
68
+ run: |
69
+ # NOTE: pinned to GitHub main until the next package release includes this flow.
70
+ # Switch to `uv pip install --system "agentops-accelerator[foundry]"` after release.
71
+ uv pip install --system "agentops-accelerator[foundry] @ git+https://github.com/Azure/agentops.git@main"
72
+
73
+ __EVAL_STEPS__
74
+
75
+ - name: Upload AgentOps results
76
+ if: always()
77
+ uses: actions/upload-artifact@v7
78
+ with:
79
+ name: agentops-dev-results
80
+ path: |
81
+ __EVAL_ARTIFACT_PATHS__
82
+ if-no-files-found: warn
83
+
84
+ - name: Step summary
85
+ if: always()
86
+ run: |
87
+ {
88
+ echo "## AgentOps Eval (DEV gate)"
89
+ echo
90
+ if [ -f .agentops/results/latest/report.md ]; then
91
+ cat .agentops/results/latest/report.md
92
+ fi
93
+ } >> "$GITHUB_STEP_SUMMARY"
94
+
95
+ build:
96
+ name: Build
97
+ needs: eval
98
+ runs-on: ubuntu-latest
99
+ timeout-minutes: 30
100
+ steps:
101
+ - name: Checkout
102
+ uses: actions/checkout@v6
103
+
104
+ - name: Azure login (OIDC)
105
+ uses: azure/login@v3
106
+ with:
107
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
108
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
109
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
110
+
111
+ # ---------------------------------------------------------------
112
+ # TODO: replace this placeholder with your build step.
113
+ #
114
+ # Examples (uncomment one):
115
+ #
116
+ # # Python wheel:
117
+ # - uses: actions/setup-python@v6
118
+ # with: { python-version: "3.11" }
119
+ # - run: pip install build && python -m build
120
+ #
121
+ # # Docker image to ACR (server-side build):
122
+ # - run: |
123
+ # az acr build \
124
+ # --registry "${{ vars.ACR_NAME }}" \
125
+ # --image "myapp:${{ github.sha }}" \
126
+ # .
127
+ #
128
+ # # azd package:
129
+ # - uses: Azure/setup-azd@v2
130
+ # - run: azd package --no-prompt
131
+ # ---------------------------------------------------------------
132
+ - name: Build (placeholder)
133
+ run: |
134
+ echo "TODO: replace this step with your build."
135
+ echo "See the commented examples in this workflow."
136
+
137
+ deploy:
138
+ name: Deploy to DEV
139
+ needs: build
140
+ runs-on: ubuntu-latest
141
+ environment: dev
142
+ timeout-minutes: 30
143
+ steps:
144
+ - name: Checkout
145
+ uses: actions/checkout@v6
146
+
147
+ - name: Azure login (OIDC)
148
+ uses: azure/login@v3
149
+ with:
150
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
151
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
152
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
153
+
154
+ # ---------------------------------------------------------------
155
+ # TODO: replace this placeholder with your deploy step.
156
+ #
157
+ # Examples (uncomment one):
158
+ #
159
+ # # Azure Container Apps:
160
+ # - run: |
161
+ # az containerapp update \
162
+ # --name "${{ vars.ACA_APP_NAME }}" \
163
+ # --resource-group "${{ vars.AZURE_RESOURCE_GROUP }}" \
164
+ # --image "${{ vars.ACR_NAME }}.azurecr.io/myapp:${{ github.sha }}"
165
+ #
166
+ # # Azure App Service:
167
+ # - uses: azure/webapps-deploy@v3
168
+ # with:
169
+ # app-name: ${{ vars.WEBAPP_NAME }}
170
+ # package: ./dist
171
+ #
172
+ # # Foundry prompt agent:
173
+ # # Prefer regenerating this workflow with:
174
+ # # agentops workflow generate --deploy-mode prompt-agent --force
175
+ # # That path creates a candidate Foundry version from prompt_file,
176
+ # # evaluates that exact version, then records it as deployed.
177
+ #
178
+ # # azd up / deploy:
179
+ # - uses: Azure/setup-azd@v2
180
+ # - run: azd deploy --no-prompt
181
+ # env:
182
+ # AZURE_ENV_NAME: dev
183
+ # ---------------------------------------------------------------
184
+ - name: Deploy (placeholder)
185
+ run: |
186
+ echo "TODO: replace this step with your deploy."
187
+ echo "Target environment: dev"
@@ -0,0 +1,183 @@
1
+ # AgentOps - Deploy to PRODUCTION with azd
2
+ #
3
+ # agentops:deploy-mode=azd
4
+ #
5
+ # Runs on push to main. Production should have required reviewers in the
6
+ # GitHub Environment. azd provision is opt-in for production; app deploy
7
+ # only runs after the AgentOps safety/quality gate passes.
8
+ #
9
+ # Generated by `agentops workflow generate --deploy-mode azd`.
10
+
11
+ name: AgentOps Deploy (PROD)
12
+
13
+ on:
14
+ push:
15
+ branches:
16
+ - main
17
+ workflow_dispatch:
18
+ inputs:
19
+ config:
20
+ description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
21
+ required: false
22
+ default: "agentops.yaml"
23
+ provision:
24
+ description: "Run azd provision before deploy"
25
+ required: false
26
+ type: boolean
27
+ default: false
28
+
29
+ permissions:
30
+ contents: read
31
+ id-token: write
32
+ packages: write
33
+
34
+ concurrency:
35
+ group: agentops-deploy-prod-${{ github.ref }}
36
+ cancel-in-progress: false
37
+
38
+ jobs:
39
+ provision:
40
+ name: azd environment (PROD)
41
+ runs-on: ubuntu-latest
42
+ environment: production
43
+ timeout-minutes: 45
44
+ steps:
45
+ - name: Checkout
46
+ uses: actions/checkout@v6
47
+ - name: Set up azd
48
+ uses: Azure/setup-azd@v2
49
+ - name: Azure login (OIDC)
50
+ uses: azure/login@v3
51
+ with:
52
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
53
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
54
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
55
+ - name: Prepare azd environment
56
+ env:
57
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
58
+ AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
59
+ run: |
60
+ test -f azure.yaml || {
61
+ echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
62
+ exit 1
63
+ }
64
+ azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
65
+ || azd env select "$AZURE_ENV_NAME"
66
+ azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
67
+ if [ -n "$AZURE_LOCATION" ]; then
68
+ azd env set AZURE_LOCATION "$AZURE_LOCATION"
69
+ fi
70
+ - name: Run azd provision when requested
71
+ env:
72
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
73
+ run: |
74
+ SHOULD_PROVISION="false"
75
+ if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
76
+ SHOULD_PROVISION="${{ inputs.provision }}"
77
+ fi
78
+ if [ "$SHOULD_PROVISION" = "true" ]; then
79
+ __AILZ_PREFLIGHT_COMMAND__
80
+ azd provision --no-prompt
81
+ else
82
+ echo "Skipping azd provision for PROD. Use workflow_dispatch with provision=true for reviewed infra changes."
83
+ fi
84
+
85
+ safety-eval:
86
+ name: Safety eval (gate)
87
+ needs: provision
88
+ runs-on: ubuntu-latest
89
+ timeout-minutes: 30
90
+ steps:
91
+ - name: Checkout
92
+ uses: actions/checkout@v6
93
+ - name: Azure login (OIDC)
94
+ uses: azure/login@v3
95
+ with:
96
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
97
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
98
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
99
+ - name: Set up Python
100
+ uses: actions/setup-python@v6
101
+ with:
102
+ python-version: "3.11"
103
+ - name: Install uv
104
+ uses: astral-sh/setup-uv@v7
105
+ with:
106
+ enable-cache: false
107
+
108
+ - name: Install AgentOps Toolkit
109
+ run: uv pip install --system "agentops-accelerator[foundry,agent] @ git+https://github.com/Azure/agentops.git@main"
110
+ __EVAL_STEPS__
111
+ - name: Generate release evidence
112
+ if: always()
113
+ env:
114
+ AZURE_AI_FOUNDRY_PROJECT_ENDPOINT: ${{ vars.AZURE_AI_FOUNDRY_PROJECT_ENDPOINT }}
115
+ AZURE_OPENAI_ENDPOINT: ${{ vars.AZURE_OPENAI_ENDPOINT }}
116
+ AZURE_OPENAI_DEPLOYMENT: ${{ vars.AZURE_OPENAI_DEPLOYMENT }}
117
+ APPLICATIONINSIGHTS_CONNECTION_STRING: ${{ secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || vars.APPLICATIONINSIGHTS_CONNECTION_STRING }}
118
+ run: |
119
+ agentops doctor --workspace . --out .agentops/agent/report.md \
120
+ --severity-fail critical --evidence-pack
121
+ - name: Upload AgentOps results
122
+ if: always()
123
+ uses: actions/upload-artifact@v7
124
+ with:
125
+ name: agentops-prod-results
126
+ path: |
127
+ __EVAL_ARTIFACT_PATHS__
128
+ .agentops/agent/report.md
129
+ .agentops/release/latest/evidence.json
130
+ .agentops/release/latest/evidence.md
131
+ if-no-files-found: warn
132
+
133
+ - name: Step summary
134
+ if: always()
135
+ run: |
136
+ {
137
+ echo "## AgentOps Safety Eval (PROD gate)"
138
+ echo
139
+ if [ -f .agentops/results/latest/report.md ]; then
140
+ cat .agentops/results/latest/report.md
141
+ fi
142
+ if [ -f .agentops/release/latest/evidence.md ]; then
143
+ echo
144
+ echo "---"
145
+ echo
146
+ cat .agentops/release/latest/evidence.md
147
+ fi
148
+ } >> "$GITHUB_STEP_SUMMARY"
149
+
150
+ deploy:
151
+ name: azd deploy (PROD)
152
+ needs: safety-eval
153
+ runs-on: ubuntu-latest
154
+ environment: production
155
+ timeout-minutes: 45
156
+ steps:
157
+ - name: Checkout
158
+ uses: actions/checkout@v6
159
+ - name: Set up azd
160
+ uses: Azure/setup-azd@v2
161
+ - name: Azure login (OIDC)
162
+ uses: azure/login@v3
163
+ with:
164
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
165
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
166
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
167
+ - name: Run azd deploy
168
+ env:
169
+ AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
170
+ AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
171
+ run: |
172
+ test -f azure.yaml || {
173
+ echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
174
+ exit 1
175
+ }
176
+ azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
177
+ || azd env select "$AZURE_ENV_NAME"
178
+ azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
179
+ if [ -n "$AZURE_LOCATION" ]; then
180
+ azd env set AZURE_LOCATION "$AZURE_LOCATION"
181
+ fi
182
+ azd env refresh "$AZURE_ENV_NAME" --no-prompt
183
+ azd deploy --no-prompt
@@ -0,0 +1,171 @@
1
+ # AgentOps — Deploy to PRODUCTION
2
+ #
3
+ # Triggers on every push to `main` (typically the merge of a release
4
+ # branch). Runs a safety/quality eval, builds, and deploys to the
5
+ # `production` GitHub Environment.
6
+ #
7
+ # IMPORTANT: configure the `production` environment with REQUIRED
8
+ # REVIEWERS so a deploy to prod always needs human approval:
9
+ # Repo Settings -> Environments -> production
10
+ # -> Required reviewers (add at least one)
11
+ # -> (optional) Wait timer
12
+ # -> (optional) Deployment branches: only `main`
13
+ #
14
+ # To finish wiring this for your project:
15
+ # 1. Configure the `production` environment as described above.
16
+ # 2. Optionally point the eval step at a hardened safety bundle
17
+ # (e.g. `.agentops/runs/safety.yaml`).
18
+ # 3. Fill in the `Build` and `Deploy` steps below to match your stack
19
+ # (see commented examples in agentops-deploy-dev.yml).
20
+ #
21
+ # Generated by `agentops workflow generate`.
22
+
23
+ name: AgentOps Deploy (PROD)
24
+
25
+ on:
26
+ push:
27
+ branches:
28
+ - main
29
+ workflow_dispatch:
30
+ inputs:
31
+ config:
32
+ description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
33
+ required: false
34
+ default: "agentops.yaml"
35
+
36
+ permissions:
37
+ contents: read
38
+ id-token: write
39
+ packages: write
40
+
41
+ concurrency:
42
+ group: agentops-deploy-prod-${{ github.ref }}
43
+ cancel-in-progress: false
44
+
45
+ jobs:
46
+ safety-eval:
47
+ name: Safety eval (gate)
48
+ runs-on: ubuntu-latest
49
+ timeout-minutes: 30
50
+ steps:
51
+ - name: Checkout
52
+ uses: actions/checkout@v6
53
+
54
+ - name: Azure login (OIDC)
55
+ uses: azure/login@v3
56
+ with:
57
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
58
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
59
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
60
+
61
+ - name: Set up Python
62
+ uses: actions/setup-python@v6
63
+ with:
64
+ python-version: "3.11"
65
+
66
+ # uv is ~5-10x faster than pip on cold installs; the AgentOps stack
67
+ # (azure-* + opentelemetry-instrumentation-*) pulls dozens of small
68
+ # wheels so the speed-up is very visible in CI.
69
+ - name: Install uv
70
+ uses: astral-sh/setup-uv@v7
71
+ with:
72
+ enable-cache: false
73
+
74
+ - name: Install AgentOps Toolkit
75
+ run: |
76
+ # NOTE: pinned to GitHub main until the next package release includes this flow.
77
+ # Switch to `uv pip install --system "agentops-accelerator[foundry,agent]"` after release.
78
+ uv pip install --system "agentops-accelerator[foundry,agent] @ git+https://github.com/Azure/agentops.git@main"
79
+
80
+ __EVAL_STEPS__
81
+
82
+ - name: Generate release evidence
83
+ if: always()
84
+ env:
85
+ AZURE_AI_FOUNDRY_PROJECT_ENDPOINT: ${{ vars.AZURE_AI_FOUNDRY_PROJECT_ENDPOINT }}
86
+ AZURE_OPENAI_ENDPOINT: ${{ vars.AZURE_OPENAI_ENDPOINT }}
87
+ AZURE_OPENAI_DEPLOYMENT: ${{ vars.AZURE_OPENAI_DEPLOYMENT }}
88
+ APPLICATIONINSIGHTS_CONNECTION_STRING: ${{ secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || vars.APPLICATIONINSIGHTS_CONNECTION_STRING }}
89
+ run: |
90
+ agentops doctor --workspace . --out .agentops/agent/report.md \
91
+ --severity-fail critical --evidence-pack
92
+
93
+ - name: Upload AgentOps results
94
+ if: always()
95
+ uses: actions/upload-artifact@v7
96
+ with:
97
+ name: agentops-prod-results
98
+ path: |
99
+ __EVAL_ARTIFACT_PATHS__
100
+ .agentops/agent/report.md
101
+ .agentops/release/latest/evidence.json
102
+ .agentops/release/latest/evidence.md
103
+ if-no-files-found: warn
104
+
105
+ - name: Step summary
106
+ if: always()
107
+ run: |
108
+ {
109
+ echo "## AgentOps Safety Eval (PROD gate)"
110
+ echo
111
+ if [ -f .agentops/results/latest/report.md ]; then
112
+ cat .agentops/results/latest/report.md
113
+ fi
114
+ if [ -f .agentops/release/latest/evidence.md ]; then
115
+ echo
116
+ echo "---"
117
+ echo
118
+ cat .agentops/release/latest/evidence.md
119
+ fi
120
+ } >> "$GITHUB_STEP_SUMMARY"
121
+
122
+ build:
123
+ name: Build
124
+ needs: safety-eval
125
+ runs-on: ubuntu-latest
126
+ timeout-minutes: 30
127
+ steps:
128
+ - name: Checkout
129
+ uses: actions/checkout@v6
130
+
131
+ - name: Azure login (OIDC)
132
+ uses: azure/login@v3
133
+ with:
134
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
135
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
136
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
137
+
138
+ # ---------------------------------------------------------------
139
+ # TODO: replace this placeholder with your build step.
140
+ # See agentops-deploy-dev.yml for example snippets.
141
+ # ---------------------------------------------------------------
142
+ - name: Build (placeholder)
143
+ run: |
144
+ echo "TODO: replace this step with your build."
145
+
146
+ deploy:
147
+ name: Deploy to PROD
148
+ needs: build
149
+ runs-on: ubuntu-latest
150
+ environment: production
151
+ timeout-minutes: 30
152
+ steps:
153
+ - name: Checkout
154
+ uses: actions/checkout@v6
155
+
156
+ - name: Azure login (OIDC)
157
+ uses: azure/login@v3
158
+ with:
159
+ client-id: ${{ vars.AZURE_CLIENT_ID }}
160
+ tenant-id: ${{ vars.AZURE_TENANT_ID }}
161
+ subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
162
+
163
+ # ---------------------------------------------------------------
164
+ # TODO: replace this placeholder with your deploy step.
165
+ # See agentops-deploy-dev.yml for example snippets (ACA, App
166
+ # Service, Foundry hosted agent, azd deploy).
167
+ # ---------------------------------------------------------------
168
+ - name: Deploy (placeholder)
169
+ run: |
170
+ echo "TODO: replace this step with your deploy."
171
+ echo "Target environment: production"