docs: technical design spec for unifying Foundry config in azure.yaml#8590
docs: technical design spec for unifying Foundry config in azure.yaml#8590huimiu wants to merge 14 commits into
Conversation
…yaml Engineering design that backs the unified azure.yaml product brief. Covers the end to end command experience and the technical design (schema composition, config binding, the microsoft.foundry service target, ref includes, templating, init rework, reconciliation), plus a provision dependency callout and new open questions.
huimiu
requested review from
JeffreyCA,
RickWinter,
hemarina,
tg-msft and
vhvb1989
as code owners
There was a problem hiding this comment.
Pull request overview
Adds an engineering technical design spec documenting the proposed unified azure.yaml shape and lifecycle for Foundry projects/agents, including schema composition, config binding, $ref includes, templating, lifecycle fan-out, migration/deprecation, and open questions. This lives under docs/specs/ and introduces no product code changes.
Changes:
- Add a new design spec at
docs/specs/unify-azure-yaml/spec.mdcovering end-to-end CLI flows and detailed technical design. - Document proposed schema composition for
host: microsoft.foundryand extension wiring/rollout considerations. - Define
$refinclude/overlay behavior, templating coexistence (${VAR}vs${{...}}), and reconciliation/idempotency approach.
📋 Prioritization NoteThanks for the contribution! The linked issue isn't in the current milestone yet. |
huimiu
force-pushed
the
hui/unify-azure-yaml
branch
from
e1dc707 to
f38e2d4
Compare
Align $ref path handling with FileRef.json (accept absolute paths and URLs), document path rebasing and instruction/prompt file loading, model agent-level tools, scope deploy-mode validation to hosted agents, order routine reconciliation after agents, add a sibling-extension schema-ownership section (Option A), and merge Parts 3 and 4 into a single flat Open questions section. Trim the summary to deltas on the brief.
Remove the built-in Bicep, idempotency, and per-agent CLI items from the open questions list, since the brief raises each with a recommended option (opt-in in-memory Bicep, Bicep-like reconciliation semantics, and 3a per-agent build). Fold the #8349/#8350 references into the 2.8 reconciliation section and note where the brief leaves instructions-format and routines open.
John's brief already raises skill instructions format (open question 5) and routines ownership and triggers (open question 6). The instructions item also contradicted section 2.4, which already decides both inline and file forms. Remove both echoes; open questions now list only items this design adds.
FileRef.json states absolute paths and URLs are accepted and that sibling properties act as overlay overrides, and the brief recommends Option A (azure.ai.agents owns schema and reconciliation). That settles ref ownership, overlay rules, and absolute/remote paths, so remove both from open questions and fold the accepted-paths decision into section 2.4. Open questions now list only items the brief leaves open.
Issue 8587's preferred fix is deploy-time reconciliation of toolboxes and connections, which the design already does (folded into 2.8). Issue 8165's stated minimum, reusing an existing account, is the endpoint design (folded into 1.4). Split-file validation is already decided in 2.4. Remove all three from open questions, leaving only items with no settled direction: agent versioning (8066), gRPC config size, and composition surface naming (8049).
|
I'm not seeing a new skill added for design-spec. |
🔗 Linked Issue RequiredThanks for the contribution! Please link a GitHub issue to this PR by adding |
@glharper Sorry, wrong content removed |
| creating one. This is the path for teams that provision infrastructure on their own, and | ||
| for reusing a shared or private network bound account, which is the minimum issue | ||
| [#8165](https://github.com/Azure/azure-dev/issues/8165) asks for. Provisioning a new | ||
| network bound account from scratch is part of the separate built-in Bicep work, not this |
There was a problem hiding this comment.
I understand why this is this way - just making a note that we will need to ensure there is a path to create and customize network settings in the bicep work.
What we are saying here is that in order to do that, you'd need to immediately eject to Bicep and customize it to get VNET settings, etc.
We don't expose the Account resource as a service here, and the network settings are on the account not the Foundry Project.
| explicit and runs through `azd down` or the per resource `azd ai` commands. | ||
|
|
||
| `azd down` removes the Foundry project that azd provisioned. If the service used an | ||
| `endpoint:` to point at an existing project, `azd down` does not delete that project, |
There was a problem hiding this comment.
This is correct - and I think AZD down might already have logic for this so we may not need to build anything custom, but double-check.
|
|
||
| - `${VAR}` is an azd environment value, resolved on the client before anything is sent | ||
| to Foundry. Example: a connection secret read from the azd environment. | ||
| - `${{...}}` is resolved by Foundry on the server, for example |
There was a problem hiding this comment.
This is just treated as a string value, no resolution needed. Its a special syntax for Foundry.
|
|
||
| ### 2.8 State reconciliation and idempotency | ||
|
|
||
| Deploy compares the declared state in `azure.yaml` against the live state in Foundry and |
There was a problem hiding this comment.
I dont expect the extensions to query state and do a compare - that seems very complex to manage.
Instead, I expected we could just do a CreateOrUpdate type API call and the service would handle it.
| Following the brief, v1 takes **Option A**: the `azure.ai.agents` extension owns the full | ||
| schema and reconciles every slice (deployments, connections, toolboxes, skills, routines, | ||
| agents), while the sibling extensions keep their imperative CLIs unchanged. The | ||
| alternative, Option B, has the meta-package own the schema and each sibling register a |
There was a problem hiding this comment.
Now that we have the meta package, it makes sense to me it would live there but confirm that doesnt have other consequences.
… templating in the unify-azure-yaml spec
…e unify-azure-yaml spec
…B) in the unify-azure-yaml spec
|
Thanks for the review! Here's what got updated based on your feedback:
|
Summary
azure.yamlatdocs/specs/unify-azure-yaml/spec.mdDetails
Design spec (
docs/specs/unify-azure-yaml/spec.md)The spec is the engineering counterpart to the product brief. It covers two areas the brief does not address:
azd ai agent init,provision,deploy,up, andazd down; a Foundry service next to a normal service viauses:; connecting to an existing project viaendpoint:; migration fromhost: azure.ai.agentand separateagent.yaml/agent.manifest.yamlfiles; partial deploy failure and safe re-run behavior.AdditionalPropertiesand gRPC, wiringhost: microsoft.foundryto a new service target, JSON Schema composition at the service level,$reffile includes and overlay overrides,${VAR}vs${{...}}templating, service target lifecycle with per-agent fan-out,initrework, state reconciliation, sibling-extension schema ownership, and telemetry and errors.