Configure readme's (#8)

samgibsonmoj · web-flow · commit e0ecf781b870 · 2025-11-04T12:30:46.000Z
diff --git a/README.md b/README.md
@@ -1,14 +1,28 @@
 HMPPS CFO DMS
 =============
 
-
-HMPPS CFO DMS
-=============
-
 HMPPS Creating Future Opportunities (CFO) - Data Management System (DMS). It is intended for internal use only and is used to process PNOMIS and NDelius offender data to supply CATS (Case Assessment and Tracking System - also used by HMPPS CFO) with accurate offender movements and updates.
 
 # Queries
 
 Any queries, please contact andrew.grocott@justice.gov.uk or visit our slack channel. https://app.slack.com/client/T02DYEB3A/C011Z8PGWCU/details/
 
+# Development Setup and Execution Guide
+
+## Setup (development)
+1. From the **project root**, run the setup script. This will automatically create the required folder structure in your devices home directory:
+    ```sh
+    ./setup.sh
+    ```
+2. Configure secret(s) for applications in the *src* directory:
+    - *Visualiser.csproj* → Manage User Secrets
+        ```json
+        {
+            "AzureAd:ClientSecret": "<ENTRA_CLIENT_SECRET>"
+        }
+        ```
 
+## Running the apps
+The recommended way to run and debug these apps is using .NET Aspire.
+- **Using Visual Studio Code**: open the project and press `F5`, selecting the *Default Configuration*.
+- **Using Visual Studio or other IDEs**: From the debug configuration dropdown, select `Aspire.AppHost` and start the application.
diff --git a/src/Visualiser/README.md b/src/Visualiser/README.md
@@ -58,21 +58,11 @@ visit the #staff-identity-authentication-services channel in Slack and complete
 			- Admin consent display name: *Write to API*
 			- User consent display name: *Write to API*
 			- State: *Enabled*
-10. (optional) Add App Roles (for app-only / service-to-service)
-	- App registrations → your api → App roles → Create app role
-		- Display name: `Api.Read.All`
-		- Allowed member types: Applications
-		- Value: `Api.Read.All`
-		- Description: *Can read from the API*
-		- Do the same for `API.Write.All`
-11. Grant the web app access to the API
+10. Grant the web app access to the API
 	- App Registrations → API Permissions → Add a permission → My APIs → *your_api*
 		- **Delegated permissions**:
 			- [x] `api.read`
 			- [x] `api.write`
-		- **Application permissions** (optional):
-			- [x] `Api.Read.All`
-			- [x] `Api.Write.All`
 	- App registrations → *your_api* → Expose an API → Authorized client applications → Add a client application
 		- Client ID: *enter the Application (Client) ID of the web application*
 		- Authorized scopes: **select all**
