You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Capability 43's locked Step 2 of the BPMN flow: /deploy/configure. After selecting agents, the user signs in with Entra ID (no GitHub account), then picks a target subscription (dropdown), resource group name (auto-validated), and location (filtered to regions with Foundry capacity). Optional: bring-your-own Foundry endpoint, otherwise the deployment provisions one.
Acceptance criteria
Page at /deploy/configure under the (deploy) route group.
After sign-in, subscription dropdown populated from https://management.azure.com/subscriptions?api-version=2020-01-01 against the user's home tenant.
Resource group name input with validation: lowercase alphanumeric + hyphen, max 90 chars, uniqueness check against the chosen subscription via ARM list.
Location dropdown filtered to regions where Foundry has capacity (queried from a static-but-refreshable list, or the Foundry capacity API where available).
Optional: "Bring your own Foundry endpoint" toggle; when on, accept endpoint URI + auth method.
Single-tenant for v1 — the user's home tenant only. Cross-tenant flow explicitly disabled with copy "Cross-tenant deploys are coming; v1 supports your home tenant only."
No GitHub account required; only Entra ID.
"Continue to pre-flight" CTA preserves selections through to /deploy/preflight.
Selections persisted in session storage (not Cosmos) until pre-flight starts.
Risks and dependencies
Risk
Mitigation
Cross-tenant request without governance creates a privilege footgun.
v1 single-tenant only. Cross-tenant deferred to a separate ADR.
RG name uniqueness check rate-limits the user.
Debounce input; cache results client-side; surface API rate-limit errors with friendly retry copy.
Foundry capacity dropdown goes stale.
Region list refreshed weekly via a build-time job; UI shows "Last verified …" timestamp.
Subscription dropdown leaks subs the user does not actually have access to (rare ARM permission edge cases).
List exposes only the subs the OBO call returns — no caching across users.
May produce a follow-up ADR for cross-tenant deploys (out of v1 scope).
Branch
feature/<this-issue-id>-deploy-configure-page per ADR-018.
BPMN process
%%{init: {'theme':'base', 'themeVariables': {
'primaryColor':'#FFB3BA',
'primaryTextColor':'#000',
'primaryBorderColor':'#FF8B94',
'lineColor':'#BAE1FF',
'secondaryColor':'#BAE1FF',
'tertiaryColor':'#FFFFFF'
}}}%%
flowchart LR
A[Analyze Current Code] --> B[Design Change]
B --> C[Implement on Issue Branch]
C --> D[Open PR]
D --> E[Validation and Fixes]
E --> F[Merge to Main]
F --> G[Monitor Workflows]
G --> H[Close Issue and Cleanup]
Problem statement
Capability 43's locked Step 2 of the BPMN flow:
/deploy/configure. After selecting agents, the user signs in with Entra ID (no GitHub account), then picks a target subscription (dropdown), resource group name (auto-validated), and location (filtered to regions with Foundry capacity). Optional: bring-your-own Foundry endpoint, otherwise the deployment provisions one.Acceptance criteria
/deploy/configureunder the(deploy)route group.User.Readonly — incremental consent forhttps://management.azure.com/user_impersonationhappens in pre-flight per issue C5 feat(deploy,infra,security): OBO OAuth flow + ARM deployment kickoff #1031).https://management.azure.com/subscriptions?api-version=2020-01-01against the user's home tenant./deploy/preflight.Risks and dependencies
Blocked by: epic 41 #1020; C1 #1027 (infra); C2 #1028 (catalog precedes configure); C5 #1031 (Entra MSAL setup partial); R2 epic #1008; R1 epic #990.
Evidence links
ADR impact
Branch
feature/<this-issue-id>-deploy-configure-pageper ADR-018.BPMN process
%%{init: {'theme':'base', 'themeVariables': { 'primaryColor':'#FFB3BA', 'primaryTextColor':'#000', 'primaryBorderColor':'#FF8B94', 'lineColor':'#BAE1FF', 'secondaryColor':'#BAE1FF', 'tertiaryColor':'#FFFFFF' }}}%% flowchart LR A[Analyze Current Code] --> B[Design Change] B --> C[Implement on Issue Branch] C --> D[Open PR] D --> E[Validation and Fixes] E --> F[Merge to Main] F --> G[Monitor Workflows] G --> H[Close Issue and Cleanup]