From 1d1535f4379ad950d3954386e3dd577cbe01a6fd Mon Sep 17 00:00:00 2001 From: hemarina Date: Mon, 2 Feb 2026 09:33:28 -0800 Subject: [PATCH 01/15] add mcp common tool --- cli/azd/cmd/mcp.go | 1 + cli/azd/cmd/middleware/error.go | 34 +++- .../mcp/tools/azd_provision_common_error.go | 40 ++++ .../prompts/azd_provision_common_error.md | 175 ++++++++++++++++++ cli/azd/internal/mcp/tools/prompts/prompts.go | 3 + 5 files changed, 247 insertions(+), 6 deletions(-) create mode 100644 cli/azd/internal/mcp/tools/azd_provision_common_error.go create mode 100644 cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md diff --git a/cli/azd/cmd/mcp.go b/cli/azd/cmd/mcp.go index 89c21236caf..857928d0469 100644 --- a/cli/azd/cmd/mcp.go +++ b/cli/azd/cmd/mcp.go @@ -237,6 +237,7 @@ func (a *mcpStartAction) Run(ctx context.Context) (*actions.ActionResult, error) tools.NewAzdProjectValidationTool(), tools.NewAzdYamlSchemaTool(), tools.NewAzdErrorTroubleShootingTool(), + tools.NewAzdProvisionCommonErrorTool(), } allTools := []server.ServerTool{} diff --git a/cli/azd/cmd/middleware/error.go b/cli/azd/cmd/middleware/error.go index f059845afec..b235c3f616a 100644 --- a/cli/azd/cmd/middleware/error.go +++ b/cli/azd/cmd/middleware/error.go @@ -213,8 +213,11 @@ func (e *ErrorMiddleware) Run(ctx context.Context, next NextFn) (*actions.Action previousError = originalError agentOutput, err := azdAgent.SendMessage(ctx, fmt.Sprintf( `Steps to follow: - 1. Use available tools to identify, explain and diagnose this error when running azd command and its root cause. - 2. Only return a JSON object in the following format: + 1. Check if the error is included in azd_provision_common_error tool. + If not, jump to step 2. + If so, jump to step 3 and only use the solution azd_provision_common_error provided. + 2. Use available tools to identify, explain and diagnose this error when running azd command and its root cause. + 3. Return ONLY the following JSON object as your final response. Do not add any text before or after. Do not use markdown code blocks. Return raw JSON only: { "analysis": "Brief explanation of the error and its root cause", "solutions": [ @@ -224,12 +227,19 @@ func (e *ErrorMiddleware) Run(ctx context.Context, next NextFn) (*actions.Action ] } Provide up to 3 solutions. Each solution must be concise (one sentence). + IMPORTANT: Your response must be ONLY the JSON object above, nothing else. Error details: %s`, errorInput)) // Extract solutions from agent output even if there's a parsing error // The agent may return valid content solutions := extractSuggestedSolutions(agentOutput) + // If no solutions found in output, try extracting from the error message + // LangChain may fail to parse but errors include the valid JSON + if len(solutions) == 0 && err != nil { + solutions = extractSuggestedSolutions(err.Error()) + } + // Only fail if we got an error AND couldn't extract any solutions if err != nil && len(solutions) == 0 { e.displayAgentResponse(ctx, agentOutput, AIDisclaimer) @@ -246,11 +256,14 @@ func (e *ErrorMiddleware) Run(ctx context.Context, next NextFn) (*actions.Action if continueWithFix { agentOutput, err := azdAgent.SendMessage(ctx, fmt.Sprintf( `Steps to follow: - 1. Use available tools to identify, explain and diagnose this error when running azd command and its root cause. - 2. Resolve the error by making the minimal, targeted change required to the code or configuration. + 1. Check if the error is included in azd_provision_common_error tool. + If so, jump to step 3 and only use the solution azd_provision_common_error provided. + If not, continue to step 2. + 2. Use available tools to identify, explain and diagnose this error when running azd command and its root cause. + 3. Resolve the error by making the minimal, targeted change required to the code or configuration. Avoid unnecessary modifications and focus only on what is essential to restore correct functionality. - 3. Remove any changes that were created solely for validation and are not part of the actual error fix. - 4. You are currently in the middle of executing '%s'. Never run this command. + 4. Remove any changes that were created solely for validation and are not part of the actual error fix. + 5. You are currently in the middle of executing '%s'. Never run this command. Error details: %s`, e.options.CommandPath, errorInput)) if err != nil { @@ -380,8 +393,17 @@ func promptForErrorHandlingConsent( // extractSuggestedSolutions extracts solutions from the LLM response. // It expects a JSON response with the structure: {"analysis": "...", "solutions": ["...", "...", "..."]} +// The response may be wrapped in a "text" field by the agent framework: {"text": "{\"analysis\": ..., \"solutions\": [...]}"} // If JSON parsing fails, it returns an empty slice. func extractSuggestedSolutions(llmResponse string) []string { + // First, check if response is wrapped in a "text" field (agent framework wrapper) + textResult := gjson.Get(llmResponse, "text") + if textResult.Exists() && textResult.Type == gjson.String { + // Unwrap the text field - it contains the actual JSON as a string + llmResponse = textResult.String() + } + + // Now extract solutions from the unwrapped response result := gjson.Get(llmResponse, "solutions") if !result.Exists() { return []string{} diff --git a/cli/azd/internal/mcp/tools/azd_provision_common_error.go b/cli/azd/internal/mcp/tools/azd_provision_common_error.go new file mode 100644 index 00000000000..fbb07c2bc7e --- /dev/null +++ b/cli/azd/internal/mcp/tools/azd_provision_common_error.go @@ -0,0 +1,40 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package tools + +import ( + "context" + + "github.com/azure/azure-dev/cli/azd/internal/mcp/tools/prompts" + "github.com/mark3labs/mcp-go/mcp" + "github.com/mark3labs/mcp-go/server" +) + +// NewAzdProvisionCommonErrorTool creates a new azd provision common error tool +func NewAzdProvisionCommonErrorTool() server.ServerTool { + return server.ServerTool{ + Tool: mcp.NewTool( + "provision_common_error", + mcp.WithReadOnlyHintAnnotation(true), + mcp.WithIdempotentHintAnnotation(true), + mcp.WithDestructiveHintAnnotation(false), + mcp.WithOpenWorldHintAnnotation(false), + mcp.WithDescription( + `Returns specific troubleshooting instructions for common Azure Developer CLI (azd) provisioning errors. + +Use this tool when azd commands fail with: +- Service unavailability errors (quota/capacity issues) +- Authorization failures for role assignments +- Role assignment conflicts (already exists) + +Provides step-by-step diagnostic instructions for the LLM agent to execute.`, + ), + ), + Handler: handleAzdProvisionCommonError, + } +} + +func handleAzdProvisionCommonError(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) { + return mcp.NewToolResultText(prompts.AzdProvisionCommonErrorPrompt), nil +} diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md new file mode 100644 index 00000000000..c47a5b3cb2c --- /dev/null +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -0,0 +1,175 @@ +# Azure Developer CLI - Common Provisioning Errors + +This document provides solutions for common errors encountered during `azd provision` based on telemetry data. + +## Azure Service Unavailable Error + +**Error Pattern:** +- Contains: `"code":"ServiceUnavailable"` +- Contains: `"Sorry, we are currently experiencing high demand in [region name] region for the zonal redundant (Availability Zones)"` +- May contain: `"cannot fulfill your request at this time"` +- May contain: `"To request region access for your subscription, please follow this link"` + +**LLM instructions:** + +When you encounter this error: + +1. **Identify the Problem:** + - Extract the Azure region from the error message (e.g., "East US") + - Confirm it's a provisioning failure due to regional capacity + +2. **Immediate Solutions:** + - Run `azd env set AZURE_LOCATION ` + - Recommended alternative regions based on user location + - Run `azd provision` again + +**Example Commands:** +```bash +# Change to a different region +azd env set AZURE_LOCATION westus + +# Check current environment settings +azd env get-values + +# Rerun provision command +azd provision +``` + +## Role Assignment Authorization Error + +**Error Pattern:** +- Contains: `"Authorization failed for template resource"` +- Contains: `"of type 'Microsoft.Authorization/roleAssignments'"` +- Contains: `"does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope"` +- May contain: `"The client"` followed by email or `"with object id"` followed by GUID +- Scope path may contains: `/subscriptions/[id]/resourceGroups/[name]/providers/[resource-provider]` + +**LLM Instructions:** + +When you encounter this error: + +1. **Check Current Permissions:** + ```bash + # Check your current role assignments + az role assignment list --assignee --output table + + # Check role assignments at subscription level + az role assignment list --scope /subscriptions/ --assignee --output table + ``` + +2. **Immediate Solutions:** + + **Request Owner or User Access Administrator Role:** + - Contact your Azure subscription administrator + - Request either: + - **Owner** role at the resource group or subscription level (full access including role assignments) + - **User Access Administrator** role (specifically for managing role assignments) + - Administrator can grant this using: + ```bash + # Grant Owner role at subscription level + az role assignment create --assignee --role Owner --scope /subscriptions/ + + # Or grant User Access Administrator role at subscription level + az role assignment create --assignee --role "User Access Administrator" --scope /subscriptions/ + ``` + +3. **Long-term Recommendations:** + - Document required permissions in your project README + - Consider using Azure Managed Identities where possible to reduce manual role assignments + +4. **Verify Permissions Before Deployment:** + ```bash + # Check Owner role at subscription level + az role assignment list --role Owner --assignee --scope /subscriptions/ + + # Or check User Access Administrator at subscription level + az role assignment list --role "User Access Administrator" --assignee --scope /subscriptions/ + ``` + If returned results is not empty array, then permissions are added successfully. + +**Example Commands:** +```bash +# Example 1: Admin grants Owner role at subscription level +az role assignment create \ + --assignee \ + --role Owner \ + --scope /subscriptions/ + +# Example 2: Admin grants User Access Administrator at subscription level +az role assignment create \ + --assignee \ + --role "User Access Administrator" \ + --scope /subscriptions/ + +# Example 3: Verify Owner role was granted successfully +az role assignment list \ + --role Owner \ + --assignee \ + --scope /subscriptions/ +# If result is not empty [], the role is assigned + +# Example 4: Verify User Access Administrator role was granted +az role assignment list \ + --role "User Access Administrator" \ + --assignee \ + --scope /subscriptions/ +# If result is not empty [], the role is assigned + +# Example 5: Check role assignments by object ID +az role assignment list \ + --assignee \ + --output table + +# Example 6: After getting permissions, provision the project +azd provision +``` + +## Role Assignment Already Exists Error + +**Error Pattern:** +- Contains: `"RoleAssignmentExists"` or `"The role assignment already exists"` +- Occurs during deployment when attempting to create a duplicate role assignment + +**LLM Instructions:** + +When you encounter this error: + +1. **Common Causes:** + - Manual role assignments created before running the template + - Infrastructure template generates duplicate role assignment GUIDs + +2. **Immediate Solutions:** + + **Step 1: Check Infrastructure Files for Duplicate Role Assignments** + + Search your `infra/` folder for duplicate role assignment definitions: + + ```bash + # Check Bicep files for role assignments + grep -r "Microsoft.Authorization/roleAssignments" infra/*.bicep infra/**/*.bicep + + # Look for duplicate guid() calls with same parameters + grep -r "guid(" infra/*.bicep infra/**/*.bicep | grep roleAssignment + ``` + + **Step 2: Fix Infrastructure Code (if duplicates found)** + + If you found duplicate role assignments in Step 1, remove one of the duplicated role assignments: + + ```bicep + // ❌ AVOID: Creating the same role assignment in multiple files + // File: infra/main.bicep + resource apiCosmosRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-05-15' = { + name: '${cosmosAccountName}/${guid(apiPrincipalId, cosmosAccountName, '00000000-0000-0000-0000-000000000002')}' + + // ... + } + + // File: infra/app/container.bicep (DUPLICATE!) + resource apiCosmosRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-05-15' = { + name: '${cosmosAccountName}/${guid(apiPrincipalId, cosmosAccountName, '00000000-0000-0000-0000-000000000002')}' // Same GUID! + // ... + } + ``` + + diff --git a/cli/azd/internal/mcp/tools/prompts/prompts.go b/cli/azd/internal/mcp/tools/prompts/prompts.go index d7eadbe7bde..0e68543fd5c 100644 --- a/cli/azd/internal/mcp/tools/prompts/prompts.go +++ b/cli/azd/internal/mcp/tools/prompts/prompts.go @@ -33,3 +33,6 @@ var AzdProjectValidationPrompt string //go:embed azd_error_troubleshooting.md var AzdErrorTroubleShootingPrompt string + +//go:embed azd_provision_common_error.md +var AzdProvisionCommonErrorPrompt string \ No newline at end of file From d725b466a9ca1260429a7305c1b032fc152f2ebf Mon Sep 17 00:00:00 2001 From: hemarina Date: Mon, 2 Feb 2026 22:51:00 -0800 Subject: [PATCH 02/15] add errors for 7 days --- .../prompts/azd_provision_common_error.md | 172 +++++++++++++++++- 1 file changed, 164 insertions(+), 8 deletions(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index c47a5b3cb2c..ae513b70f50 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -21,7 +21,6 @@ When you encounter this error: 2. **Immediate Solutions:** - Run `azd env set AZURE_LOCATION ` - Recommended alternative regions based on user location - - Run `azd provision` again **Example Commands:** ```bash @@ -30,9 +29,6 @@ azd env set AZURE_LOCATION westus # Check current environment settings azd env get-values - -# Rerun provision command -azd provision ``` ## Role Assignment Authorization Error @@ -119,9 +115,6 @@ az role assignment list \ az role assignment list \ --assignee \ --output table - -# Example 6: After getting permissions, provision the project -azd provision ``` ## Role Assignment Already Exists Error @@ -171,5 +164,168 @@ When you encounter this error: // ... } ``` - +## Location Offer Restricted Error for Postgres + +**Error Pattern:** +- Contains: `"code":"ResourceOperationFailure"` +- Contains: `"Subscriptions are restricted from provisioning in location"` +- May contain: `"Try again in a different location"` +- May contain: `"https://aka.ms/postgres-request-quota-increase"` or similar quota increase links +- May contain: `postgres` + +**LLM Instructions:** + +When you encounter this error: + +1. **Identify the Problem:** + - Extract the restricted Azure region from the error message (e.g., "eastus") + - Extract the resource type that is restricted (e.g., PostgreSQL Flexible Server) + - Confirm it's a subscription-level regional restriction + +2. **Immediate Solutions:** + + **Option 1: Use a Different Region if Available Region is Known** + + Change to an unrestricted region: + ```bash + # Set a different region + azd env set AZURE_LOCATION westus3 + + # Verify the change + azd env get-values + ``` + + **Option 2: Check Available Regions for the Resource Type** + + Verify if regions support the resource in your subscription: + ```bash + # For PostgreSQL Flexible Server + az postgres flexible-server list-skus --location westus3 + + # Check on offer restriction. Disabled means location can be used + az postgres flexible-server list-skus --location westus3 --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv + + # Check other locations + az account list-locations --output table + ``` + +3. **Long-term Solution (If you need the specific region):** + + **Request Quota Increase:** + - Open the link provided in the error message (e.g., https://aka.ms/postgres-request-quota-increase) + - Let user submit a support request to enable the region for your subscription + +4. **Verify Region Access Before Deployment:** + ```bash + # Check whether resource provider is registered + az provider show --namespace Microsoft.DBforPostgreSQL --query "registrationState" + + # List available regions of the provider + az provider show --namespace Microsoft.DBforPostgreSQL --query "resourceTypes[?resourceType=='flexibleServers'].locations" + + # Check whether location is available or not + az postgres flexible-server list-skus --location --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv + ``` + +**Example Commands:** +```bash +# Example 1: Change region +azd env set AZURE_LOCATION westus3 + +# Example 2: Check available skus in PostgreSQL regions +az postgres flexible-server list-skus --location westus3 --output table + +# Example 3: Check multiple regions for availability +az postgres flexible-server list-skus --location westus3 +az postgres flexible-server list-skus --location centralus +az postgres flexible-server list-skus --location westus + +# Example 4: View current environment configuration +azd env get-values + +# Example 5: Check resource provider registration +az provider show --namespace Microsoft.DBforPostgreSQL --query "registrationState" +az provider show --namespace Microsoft.DBforPostgreSQL --query "resourceTypes[?resourceType=='flexibleServers'].locations" +az postgres flexible-server list-skus --location westus3 --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv +``` + +## VM Quota Exceeded Error + +**Error Pattern:** +- Contains: `"code":"Unauthorized"` +- Contains: `"Operation cannot be completed without additional quota"` +- Contains: `"Current Limit"` and quota details for VM families (e.g., "Basic VMs", "Standard DSv3 Family vCPUs") +- May contain: `"Current Usage:"` and `"Amount required for this deployment"` +- May contain: `"New Limit that you should request to enable this deployment"` + +**LLM Instructions:** + +When you encounter this error: + +1. **Identify the Problem:** + - Extract the VM family/tier from the error message (e.g., "Basic VMs", "Standard DSv3 Family") + - Extract the region if available + - Note the current limit and required quota + - Confirm it's a VM quota limitation + +2. **Immediate Solutions:** + + **Option 1: Check Current Quota Usage and Use New Location** + + View your current quota limits and usage: + ```bash + # Check VM quota of a specific region + az vm list-usage --location --output table + + # Look about the specific VM family mentioned in the error + az vm list-usage --location --output table | grep -i + + # Set location to available regions + azd env set AZURE_LOCATION westus + + # Check current environment settings + azd env get-values + ``` + + **Option 2: Use a Different VM SKU (Quick Fix)** + + If the error is for Basic VMs or a restricted tier, modify your infrastructure to use available VM families: + + - Locate the VM/resource definition in your `infra/` files + - Change the SKU to an available tier (e.g., Standard_B2s, Standard_D2s_v3) + + ```bash + # Search for VM size/SKU definitions in your infrastructure + grep -r "sku\|vmSize" infra/*.bicep + ``` + + **Option 3: Request Quota Increase** + + If you need the specific VM family: + + - Open [Azure Portal](https://ms.portal.azure.com/) in browser + - Go to Azure Portal → Subscriptions → Usage + quotas + - Search for the VM family from the error message + - Click "Request increase" for the specific region + +3. **Verify Quota Before Deployment:** + ```bash + # Check specific VM family quota - standardDSv3Family is VM family and can be replaced + az vm list-usage --location --query "[?contains(name.value, 'standardDSv3Family')]" --output table + ``` + +**Example Commands:** +```bash +# Example 1: Check VM quota in a region (e.g eastus) +az vm list-usage --location eastus --output table + +# Example 2: Check available VM sizes in a region (e.g eastus) +az vm list-sizes --location eastus --output table + +# Example 3: Search for VM SKU in infrastructure files +grep -r "vmSize\|sku" infra/*.bicep infra/**/*.bicep + +# Example 4: Check quota for specific VM family (e.g standardDSv3Family) +az vm list-usage --location eastus --query "[?contains(name.value, 'standardDSv3Family')]" +``` From c546d0df068d026a9177fe45b7e9cee3a5688f2e Mon Sep 17 00:00:00 2001 From: hemarina Date: Mon, 2 Feb 2026 22:53:37 -0800 Subject: [PATCH 03/15] gofmt --- cli/azd/cmd/middleware/error.go | 6 ++++-- cli/azd/internal/mcp/tools/prompts/prompts.go | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cli/azd/cmd/middleware/error.go b/cli/azd/cmd/middleware/error.go index b235c3f616a..3b2731a99a5 100644 --- a/cli/azd/cmd/middleware/error.go +++ b/cli/azd/cmd/middleware/error.go @@ -217,7 +217,8 @@ func (e *ErrorMiddleware) Run(ctx context.Context, next NextFn) (*actions.Action If not, jump to step 2. If so, jump to step 3 and only use the solution azd_provision_common_error provided. 2. Use available tools to identify, explain and diagnose this error when running azd command and its root cause. - 3. Return ONLY the following JSON object as your final response. Do not add any text before or after. Do not use markdown code blocks. Return raw JSON only: + 3. Return ONLY the following JSON object as your final response. Do not add any text before or after. + Do not use markdown code blocks. Return raw JSON only: { "analysis": "Brief explanation of the error and its root cause", "solutions": [ @@ -393,7 +394,8 @@ func promptForErrorHandlingConsent( // extractSuggestedSolutions extracts solutions from the LLM response. // It expects a JSON response with the structure: {"analysis": "...", "solutions": ["...", "...", "..."]} -// The response may be wrapped in a "text" field by the agent framework: {"text": "{\"analysis\": ..., \"solutions\": [...]}"} +// The response may be wrapped in a "text" field by the agent framework: +// {"text": "{\"analysis\": ..., \"solutions\": [...]}"} // If JSON parsing fails, it returns an empty slice. func extractSuggestedSolutions(llmResponse string) []string { // First, check if response is wrapped in a "text" field (agent framework wrapper) diff --git a/cli/azd/internal/mcp/tools/prompts/prompts.go b/cli/azd/internal/mcp/tools/prompts/prompts.go index 0e68543fd5c..6329f30c7b3 100644 --- a/cli/azd/internal/mcp/tools/prompts/prompts.go +++ b/cli/azd/internal/mcp/tools/prompts/prompts.go @@ -35,4 +35,4 @@ var AzdProjectValidationPrompt string var AzdErrorTroubleShootingPrompt string //go:embed azd_provision_common_error.md -var AzdProvisionCommonErrorPrompt string \ No newline at end of file +var AzdProvisionCommonErrorPrompt string From 14cc198f6aec8377654bb1bc7bbb91e6c067324c Mon Sep 17 00:00:00 2001 From: hemarina Date: Mon, 2 Feb 2026 23:07:11 -0800 Subject: [PATCH 04/15] gofmt --- cli/azd/.vscode/cspell-azd-dictionary.txt | 1 + cli/azd/cmd/middleware/error.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cli/azd/.vscode/cspell-azd-dictionary.txt b/cli/azd/.vscode/cspell-azd-dictionary.txt index 91e9750b1bc..cfbaf63ed10 100644 --- a/cli/azd/.vscode/cspell-azd-dictionary.txt +++ b/cli/azd/.vscode/cspell-azd-dictionary.txt @@ -75,6 +75,7 @@ BUILDNUMBER buildpacks byoi callstack +centralus cflags charmbracelet circleci diff --git a/cli/azd/cmd/middleware/error.go b/cli/azd/cmd/middleware/error.go index 3b2731a99a5..6f983574871 100644 --- a/cli/azd/cmd/middleware/error.go +++ b/cli/azd/cmd/middleware/error.go @@ -394,7 +394,7 @@ func promptForErrorHandlingConsent( // extractSuggestedSolutions extracts solutions from the LLM response. // It expects a JSON response with the structure: {"analysis": "...", "solutions": ["...", "...", "..."]} -// The response may be wrapped in a "text" field by the agent framework: +// The response may be wrapped in a "text" field by the agent framework: // {"text": "{\"analysis\": ..., \"solutions\": [...]}"} // If JSON parsing fails, it returns an empty slice. func extractSuggestedSolutions(llmResponse string) []string { From 2c31a7312e25e7e3b36d2e5f5f199fa7c31cfc2b Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 09:45:02 -0800 Subject: [PATCH 05/15] common error --- .../prompts/azd_provision_common_error.md | 50 ++++++++++--------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index ae513b70f50..ac012e4b0fa 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -42,34 +42,36 @@ azd env get-values **LLM Instructions:** -When you encounter this error: +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following az commands - do not just display them to the user. -1. **Check Current Permissions:** - ```bash - # Check your current role assignments - az role assignment list --assignee --output table +1. **Check Current Permissions (USE TERMINAL TOOL TO EXECUTE):** - # Check role assignments at subscription level - az role assignment list --scope /subscriptions/ --assignee --output table - ``` + First, extract the user email/object-id and subscription-id from the error message. + Then USE YOUR TERMINAL TOOL to execute this command: + + `az role assignment list --assignee --output table` -2. **Immediate Solutions:** +2. **Attempt to Grant Permissions (USE TERMINAL TOOL TO EXECUTE):** + + USE YOUR TERMINAL TOOL to execute this command to grant Owner role: + + `az role assignment create --assignee --role Owner --scope /subscriptions/` + + If the above command fails with permission error, USE YOUR TERMINAL TOOL to try User Access Administrator: + + `az role assignment create --assignee --role "User Access Administrator" --scope /subscriptions/` + + If both commands fail with permission denied, inform the user they need to contact their Azure subscription administrator. + +3. **Verify Permissions (USE TERMINAL TOOL TO EXECUTE):** + + After granting, USE YOUR TERMINAL TOOL to verify: + + `az role assignment list --role Owner --assignee --scope /subscriptions/` + + If result is not empty [], permissions were granted successfully. - **Request Owner or User Access Administrator Role:** - - Contact your Azure subscription administrator - - Request either: - - **Owner** role at the resource group or subscription level (full access including role assignments) - - **User Access Administrator** role (specifically for managing role assignments) - - Administrator can grant this using: - ```bash - # Grant Owner role at subscription level - az role assignment create --assignee --role Owner --scope /subscriptions/ - - # Or grant User Access Administrator role at subscription level - az role assignment create --assignee --role "User Access Administrator" --scope /subscriptions/ - ``` - -3. **Long-term Recommendations:** +4. **Long-term Recommendations:** - Document required permissions in your project README - Consider using Azure Managed Identities where possible to reduce manual role assignments From fa9a531e7c436a6c4a55d4cab70e6018f151e3c0 Mon Sep 17 00:00:00 2001 From: hemarina <104857065+hemarina@users.noreply.github.com> Date: Tue, 3 Feb 2026 16:18:36 -0800 Subject: [PATCH 06/15] Update cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../internal/mcp/tools/prompts/azd_provision_common_error.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index ae513b70f50..dcb2761fec2 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -38,7 +38,7 @@ azd env get-values - Contains: `"of type 'Microsoft.Authorization/roleAssignments'"` - Contains: `"does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope"` - May contain: `"The client"` followed by email or `"with object id"` followed by GUID -- Scope path may contains: `/subscriptions/[id]/resourceGroups/[name]/providers/[resource-provider]` +- Scope path may contain: `/subscriptions/[id]/resourceGroups/[name]/providers/[resource-provider]` **LLM Instructions:** From 651e4b40d5b61010279b55e3b6121f66066750ac Mon Sep 17 00:00:00 2001 From: hemarina <104857065+hemarina@users.noreply.github.com> Date: Tue, 3 Feb 2026 16:18:47 -0800 Subject: [PATCH 07/15] Update cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../internal/mcp/tools/prompts/azd_provision_common_error.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index dcb2761fec2..c8329dcafda 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -278,7 +278,7 @@ When you encounter this error: # Check VM quota of a specific region az vm list-usage --location --output table - # Look about the specific VM family mentioned in the error + # Look for the specific VM family mentioned in the error az vm list-usage --location --output table | grep -i # Set location to available regions From ddfcf53609d4bfdcd6622e98fe81dad68801886e Mon Sep 17 00:00:00 2001 From: hemarina <104857065+hemarina@users.noreply.github.com> Date: Tue, 3 Feb 2026 16:19:17 -0800 Subject: [PATCH 08/15] Update cli/azd/internal/mcp/tools/azd_provision_common_error.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- cli/azd/internal/mcp/tools/azd_provision_common_error.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cli/azd/internal/mcp/tools/azd_provision_common_error.go b/cli/azd/internal/mcp/tools/azd_provision_common_error.go index fbb07c2bc7e..f959ad7d7a5 100644 --- a/cli/azd/internal/mcp/tools/azd_provision_common_error.go +++ b/cli/azd/internal/mcp/tools/azd_provision_common_error.go @@ -27,6 +27,8 @@ Use this tool when azd commands fail with: - Service unavailability errors (quota/capacity issues) - Authorization failures for role assignments - Role assignment conflicts (already exists) +- Location offer restricted errors for Azure Database for PostgreSQL +- VM quota exceeded errors when provisioning compute resources Provides step-by-step diagnostic instructions for the LLM agent to execute.`, ), From b0193efb39889caa560ef3fb0629335859a0952f Mon Sep 17 00:00:00 2001 From: hemarina <104857065+hemarina@users.noreply.github.com> Date: Tue, 3 Feb 2026 16:19:44 -0800 Subject: [PATCH 09/15] Update cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../internal/mcp/tools/prompts/azd_provision_common_error.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index c8329dcafda..9c4a6eec696 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -81,7 +81,7 @@ When you encounter this error: # Or check User Access Administrator at subscription level az role assignment list --role "User Access Administrator" --assignee --scope /subscriptions/ ``` - If returned results is not empty array, then permissions are added successfully. + If the returned result is not an empty array, then permissions are added successfully. **Example Commands:** ```bash From f2ab7da5609a90157e469a41205e9eaf47f970f1 Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 16:28:04 -0800 Subject: [PATCH 10/15] more clear instructions --- .../prompts/azd_provision_common_error.md | 133 +++++++++--------- 1 file changed, 69 insertions(+), 64 deletions(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index 7128d6bdb25..e690adc9cfb 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -10,17 +10,23 @@ This document provides solutions for common errors encountered during `azd provi - May contain: `"cannot fulfill your request at this time"` - May contain: `"To request region access for your subscription, please follow this link"` -**LLM instructions:** +**LLM Instructions:** -When you encounter this error: +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following commands - do not just display them to the user. 1. **Identify the Problem:** - Extract the Azure region from the error message (e.g., "East US") - Confirm it's a provisioning failure due to regional capacity -2. **Immediate Solutions:** - - Run `azd env set AZURE_LOCATION ` - - Recommended alternative regions based on user location +2. **Immediate Solutions (USE TERMINAL TOOL TO EXECUTE):** + + USE YOUR TERMINAL TOOL to change to a different region: + + `azd env set AZURE_LOCATION ` + + USE YOUR TERMINAL TOOL to verify the change: + + `azd env get-values` **Example Commands:** ```bash @@ -127,25 +133,23 @@ az role assignment list \ **LLM Instructions:** -When you encounter this error: +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following commands - do not just display them to the user. 1. **Common Causes:** - Manual role assignments created before running the template - Infrastructure template generates duplicate role assignment GUIDs -2. **Immediate Solutions:** +2. **Immediate Solutions (USE TERMINAL TOOL TO EXECUTE):** **Step 1: Check Infrastructure Files for Duplicate Role Assignments** - Search your `infra/` folder for duplicate role assignment definitions: + USE YOUR TERMINAL TOOL to search your `infra/` folder for duplicate role assignment definitions: - ```bash - # Check Bicep files for role assignments - grep -r "Microsoft.Authorization/roleAssignments" infra/*.bicep infra/**/*.bicep + `grep -r "Microsoft.Authorization/roleAssignments" infra/*.bicep infra/**/*.bicep` - # Look for duplicate guid() calls with same parameters - grep -r "guid(" infra/*.bicep infra/**/*.bicep | grep roleAssignment - ``` + USE YOUR TERMINAL TOOL to look for duplicate guid() calls with same parameters: + + `grep -r "guid(" infra/*.bicep infra/**/*.bicep | grep roleAssignment` **Step 2: Fix Infrastructure Code (if duplicates found)** @@ -178,39 +182,38 @@ When you encounter this error: **LLM Instructions:** -When you encounter this error: +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following commands - do not just display them to the user. 1. **Identify the Problem:** - Extract the restricted Azure region from the error message (e.g., "eastus") - Extract the resource type that is restricted (e.g., PostgreSQL Flexible Server) - Confirm it's a subscription-level regional restriction -2. **Immediate Solutions:** +2. **Immediate Solutions (USE TERMINAL TOOL TO EXECUTE):** **Option 1: Use a Different Region if Available Region is Known** - Change to an unrestricted region: - ```bash - # Set a different region - azd env set AZURE_LOCATION westus3 + USE YOUR TERMINAL TOOL to change to an unrestricted region: - # Verify the change - azd env get-values - ``` + `azd env set AZURE_LOCATION westus3` + + USE YOUR TERMINAL TOOL to verify the change: + + `azd env get-values` - **Option 2: Check Available Regions for the Resource Type** + **Option 2: Check Available Regions for the Resource Type (USE TERMINAL TOOL TO EXECUTE)** - Verify if regions support the resource in your subscription: - ```bash - # For PostgreSQL Flexible Server - az postgres flexible-server list-skus --location westus3 + USE YOUR TERMINAL TOOL to verify if regions support the resource in your subscription: + + `az postgres flexible-server list-skus --location westus3` - # Check on offer restriction. Disabled means location can be used - az postgres flexible-server list-skus --location westus3 --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv + USE YOUR TERMINAL TOOL to check on offer restriction (Disabled means location can be used): + + `az postgres flexible-server list-skus --location westus3 --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv` - # Check other locations - az account list-locations --output table - ``` + USE YOUR TERMINAL TOOL to check other available locations: + + `az account list-locations --output table` 3. **Long-term Solution (If you need the specific region):** @@ -218,17 +221,19 @@ When you encounter this error: - Open the link provided in the error message (e.g., https://aka.ms/postgres-request-quota-increase) - Let user submit a support request to enable the region for your subscription -4. **Verify Region Access Before Deployment:** - ```bash - # Check whether resource provider is registered - az provider show --namespace Microsoft.DBforPostgreSQL --query "registrationState" +4. **Verify Region Access Before Deployment (USE TERMINAL TOOL TO EXECUTE):** + + USE YOUR TERMINAL TOOL to check whether resource provider is registered: + + `az provider show --namespace Microsoft.DBforPostgreSQL --query "registrationState"` + + USE YOUR TERMINAL TOOL to list available regions of the provider: - # List available regions of the provider - az provider show --namespace Microsoft.DBforPostgreSQL --query "resourceTypes[?resourceType=='flexibleServers'].locations" + `az provider show --namespace Microsoft.DBforPostgreSQL --query "resourceTypes[?resourceType=='flexibleServers'].locations"` - # Check whether location is available or not - az postgres flexible-server list-skus --location --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv - ``` + USE YOUR TERMINAL TOOL to check whether location is available or not: + + `az postgres flexible-server list-skus --location --query "[0].supportedFeatures[?name=='OfferRestricted'].status" -o tsv` **Example Commands:** ```bash @@ -263,7 +268,7 @@ az postgres flexible-server list-skus --location westus3 --query "[0].supportedF **LLM Instructions:** -When you encounter this error: +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following commands - do not just display them to the user. 1. **Identify the Problem:** - Extract the VM family/tier from the error message (e.g., "Basic VMs", "Standard DSv3 Family") @@ -271,24 +276,25 @@ When you encounter this error: - Note the current limit and required quota - Confirm it's a VM quota limitation -2. **Immediate Solutions:** +2. **Immediate Solutions (USE TERMINAL TOOL TO EXECUTE):** **Option 1: Check Current Quota Usage and Use New Location** - View your current quota limits and usage: - ```bash - # Check VM quota of a specific region - az vm list-usage --location --output table + USE YOUR TERMINAL TOOL to check VM quota of a specific region: + + `az vm list-usage --location --output table` - # Look for the specific VM family mentioned in the error - az vm list-usage --location --output table | grep -i + USE YOUR TERMINAL TOOL to look for the specific VM family mentioned in the error: + + `az vm list-usage --location --output table | grep -i ` - # Set location to available regions - azd env set AZURE_LOCATION westus + USE YOUR TERMINAL TOOL to set location to available regions: + + `azd env set AZURE_LOCATION westus` - # Check current environment settings - azd env get-values - ``` + USE YOUR TERMINAL TOOL to check current environment settings: + + `azd env get-values` **Option 2: Use a Different VM SKU (Quick Fix)** @@ -297,10 +303,9 @@ When you encounter this error: - Locate the VM/resource definition in your `infra/` files - Change the SKU to an available tier (e.g., Standard_B2s, Standard_D2s_v3) - ```bash - # Search for VM size/SKU definitions in your infrastructure - grep -r "sku\|vmSize" infra/*.bicep - ``` + USE YOUR TERMINAL TOOL to search for VM size/SKU definitions in your infrastructure: + + `grep -r "sku\|vmSize" infra/*.bicep` **Option 3: Request Quota Increase** @@ -311,11 +316,11 @@ When you encounter this error: - Search for the VM family from the error message - Click "Request increase" for the specific region -3. **Verify Quota Before Deployment:** - ```bash - # Check specific VM family quota - standardDSv3Family is VM family and can be replaced - az vm list-usage --location --query "[?contains(name.value, 'standardDSv3Family')]" --output table - ``` +3. **Verify Quota Before Deployment (USE TERMINAL TOOL TO EXECUTE):** + + USE YOUR TERMINAL TOOL to check specific VM family quota (standardDSv3Family is VM family and can be replaced): + + `az vm list-usage --location --query "[?contains(name.value, 'standardDSv3Family')]" --output table` **Example Commands:** ```bash From 17ac63c0214ac2fb0f4492bdb228626a8688a6aa Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 16:30:51 -0800 Subject: [PATCH 11/15] add test --- cli/azd/cmd/middleware/error_test.go | 49 ++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/cli/azd/cmd/middleware/error_test.go b/cli/azd/cmd/middleware/error_test.go index 9c600e613ad..4b8f9697331 100644 --- a/cli/azd/cmd/middleware/error_test.go +++ b/cli/azd/cmd/middleware/error_test.go @@ -408,6 +408,55 @@ func Test_ExtractSuggestedSolutions(t *testing.T) { expectedCount: 2, expectedFirst: "Fix the multi-line\nconfiguration issue", }, + { + name: "Agent Framework Wrapped Response - Text Field with JSON String", + llmResponse: `{"text": "{\"analysis\": \"Error analysis\", \"solutions\": [\"Solution 1\", \"Solution 2\", \"Solution 3\"]}"}`, + expectedCount: 3, + expectedFirst: "Solution 1", + }, + { + name: "Agent Framework Wrapped Response - Text Field with Escaped JSON", + llmResponse: `{ + "text": "{\"analysis\": \"The deployment failed due to insufficient permissions\", \"solutions\": [\"Grant Owner role to the user\", \"Use User Access Administrator role\", \"Contact subscription admin\"]}" + }`, + expectedCount: 3, + expectedFirst: "Grant Owner role to the user", + }, + { + name: "Agent Framework Wrapped Response - Text Field with Single Solution", + llmResponse: `{"text": "{\"analysis\": \"Simple error\", \"solutions\": [\"Single fix\"]}"}`, + expectedCount: 1, + expectedFirst: "Single fix", + }, + { + name: "Agent Framework Wrapped Response - Text Field with Empty Solutions", + llmResponse: `{"text": "{\"analysis\": \"Error with no solutions\", \"solutions\": []}"}`, + expectedCount: 0, + }, + { + name: "Agent Framework Wrapped Response - Text Field Not a String", + llmResponse: `{"text": 12345}`, + expectedCount: 0, + }, + { + name: "Agent Framework Wrapped Response - Text Field is Object Not String", + llmResponse: `{"text": {"analysis": "nested", "solutions": ["should not extract"]}}`, + expectedCount: 0, + }, + { + name: "Agent Framework Wrapped Response - Text Field with Invalid Inner JSON", + llmResponse: `{"text": "this is not valid json inside"}`, + expectedCount: 0, + }, + { + name: "Direct JSON Takes Precedence When Text Field Missing", + llmResponse: `{ + "analysis": "Direct analysis", + "solutions": ["Direct solution 1", "Direct solution 2"] + }`, + expectedCount: 2, + expectedFirst: "Direct solution 1", + }, } for _, tt := range tests { From 83820ea631dd61cf20a75e98becc83886d3cd131 Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 16:55:10 -0800 Subject: [PATCH 12/15] add cognitive service account error --- .../prompts/azd_provision_common_error.md | 81 ++++++++++++++++++- 1 file changed, 78 insertions(+), 3 deletions(-) diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index e690adc9cfb..ce2da548bb6 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -5,7 +5,7 @@ This document provides solutions for common errors encountered during `azd provi ## Azure Service Unavailable Error **Error Pattern:** -- Contains: `"code":"ServiceUnavailable"` +- May contain: `ServiceUnavailable` - Contains: `"Sorry, we are currently experiencing high demand in [region name] region for the zonal redundant (Availability Zones)"` - May contain: `"cannot fulfill your request at this time"` - May contain: `"To request region access for your subscription, please follow this link"` @@ -174,7 +174,7 @@ When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the fo ## Location Offer Restricted Error for Postgres **Error Pattern:** -- Contains: `"code":"ResourceOperationFailure"` +- May contain: `ResourceOperationFailure` - Contains: `"Subscriptions are restricted from provisioning in location"` - May contain: `"Try again in a different location"` - May contain: `"https://aka.ms/postgres-request-quota-increase"` or similar quota increase links @@ -260,7 +260,7 @@ az postgres flexible-server list-skus --location westus3 --query "[0].supportedF ## VM Quota Exceeded Error **Error Pattern:** -- Contains: `"code":"Unauthorized"` +- May contain: `Unauthorized` - Contains: `"Operation cannot be completed without additional quota"` - Contains: `"Current Limit"` and quota details for VM families (e.g., "Basic VMs", "Standard DSv3 Family vCPUs") - May contain: `"Current Usage:"` and `"Amount required for this deployment"` @@ -336,3 +336,78 @@ grep -r "vmSize\|sku" infra/*.bicep infra/**/*.bicep # Example 4: Check quota for specific VM family (e.g standardDSv3Family) az vm list-usage --location eastus --query "[?contains(name.value, 'standardDSv3Family')]" ``` +## Cognitive Services Account Provisioning State Invalid Error + +**Error Pattern:** +- May contain: `AccountProvisioningStateInvalid` +- Contains: `"Call to Microsoft.CognitiveServices/accounts failed"` +- May contain: `"Account"` followed by resource path `"/subscriptions/.../resourceGroups/.../providers/Microsoft.CognitiveServices/accounts/..."` +- May contain: `"in state Accepted"` + +**LLM Instructions:** + +When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the following commands - do not just display them to the user. + +1. **Identify the Problem:** + - Extract the Cognitive Services account name from the error message + - Extract the resource group name from the error message + - Note the current provisioning state (e.g., "Accepted") + - This error occurs when a dependent operation is attempted before the Cognitive Services account finishes provisioning + +2. **Immediate Solutions (USE TERMINAL TOOL TO EXECUTE):** + + **Step 1: Check Current Provisioning State** + + USE YOUR TERMINAL TOOL to check the current provisioning state of the account: + + `az cognitiveservices account show --name --resource-group --query "properties.provisioningState" -o tsv` + + **Step 2: Wait for Provisioning to Complete** + + If the state is "Accepted", "Creating", or "Updating", the account is still being provisioned. + + USE YOUR TERMINAL TOOL to wait and poll for the provisioning state to become "Succeeded": + + `az cognitiveservices account show --name --resource-group --query "properties.provisioningState" -o tsv` + + Repeat this command every 60 seconds until the state changes to "Succeeded". Max retry is 3 times. + After 3 times, if the state is the same, tell users to retry after a couple minutes. + +3. **Infrastructure Fix for Future Deployments:** + + If this error occurs repeatedly, consider adding explicit dependencies in your Bicep/ARM templates to ensure dependent resources wait for the Cognitive Services account to be fully provisioned: + + ```bicep + // ✅ RECOMMENDED: Add explicit dependsOn to ensure proper ordering + resource cognitiveServicesAccount 'Microsoft.CognitiveServices/accounts@2023-10-01-preview' = { + name: accountName + location: location + kind: 'OpenAI' + sku: { + name: 'S0' + } + properties: { + // ... + } + } + + resource dependentResource 'Microsoft.SomeProvider/someResource@2023-01-01' = { + name: dependentResourceName + // ... + dependsOn: [ + cognitiveServicesAccount // Explicit dependency + ] + } + ``` + +**Example Commands:** +```bash +# Example 1: Check provisioning state of Cognitive Services account +az cognitiveservices account show --name --resource-group --query "properties.provisioningState" -o tsv + +# Example 2: Get full account details +az cognitiveservices account show --name --resource-group + +# Example 3: List all Cognitive Services accounts in a resource group +az cognitiveservices account list --resource-group --output table +``` \ No newline at end of file From c89705e677b0f486b243db8ee14ff2ce80e141a5 Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 17:02:53 -0800 Subject: [PATCH 13/15] lll --- cli/azd/cmd/middleware/error_test.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/cli/azd/cmd/middleware/error_test.go b/cli/azd/cmd/middleware/error_test.go index 4b8f9697331..3cbd470a425 100644 --- a/cli/azd/cmd/middleware/error_test.go +++ b/cli/azd/cmd/middleware/error_test.go @@ -410,14 +410,16 @@ func Test_ExtractSuggestedSolutions(t *testing.T) { }, { name: "Agent Framework Wrapped Response - Text Field with JSON String", - llmResponse: `{"text": "{\"analysis\": \"Error analysis\", \"solutions\": [\"Solution 1\", \"Solution 2\", \"Solution 3\"]}"}`, + llmResponse: `{"text": "{\"analysis\": \"Error analysis\", \"solutions\": [\"S1\", \"S2\", \"S3\"]}"}`, expectedCount: 3, - expectedFirst: "Solution 1", + expectedFirst: "S1", }, { name: "Agent Framework Wrapped Response - Text Field with Escaped JSON", llmResponse: `{ - "text": "{\"analysis\": \"The deployment failed due to insufficient permissions\", \"solutions\": [\"Grant Owner role to the user\", \"Use User Access Administrator role\", \"Contact subscription admin\"]}" + "text": "{\"analysis\": \"The deployment failed due to insufficient permissions\", + \"solutions\": [\"Grant Owner role to the user\", \"Use User Access Administrator role\", + \"Contact subscription admin\"]}" }`, expectedCount: 3, expectedFirst: "Grant Owner role to the user", From e9ae52d11ddc078519c5102999e1c2a1d48b70f6 Mon Sep 17 00:00:00 2001 From: hemarina Date: Tue, 3 Feb 2026 17:24:04 -0800 Subject: [PATCH 14/15] fix error --- cli/azd/cmd/middleware/error_test.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cli/azd/cmd/middleware/error_test.go b/cli/azd/cmd/middleware/error_test.go index 3cbd470a425..9faa44ba108 100644 --- a/cli/azd/cmd/middleware/error_test.go +++ b/cli/azd/cmd/middleware/error_test.go @@ -416,11 +416,9 @@ func Test_ExtractSuggestedSolutions(t *testing.T) { }, { name: "Agent Framework Wrapped Response - Text Field with Escaped JSON", - llmResponse: `{ - "text": "{\"analysis\": \"The deployment failed due to insufficient permissions\", - \"solutions\": [\"Grant Owner role to the user\", \"Use User Access Administrator role\", - \"Contact subscription admin\"]}" - }`, + llmResponse: `{"text": "{\"analysis\": \"The deployment failed due to insufficient permissions\", ` + + `\"solutions\": [\"Grant Owner role to the user\", \"Use User Access Administrator role\", ` + + `\"Contact subscription admin\"]}"}`, expectedCount: 3, expectedFirst: "Grant Owner role to the user", }, From 63d48c83e8dbaecf842ff599c7153a12db941809 Mon Sep 17 00:00:00 2001 From: hemarina Date: Wed, 4 Feb 2026 10:52:20 -0800 Subject: [PATCH 15/15] minor number update --- cli/azd/internal/mcp/tools/azd_provision_common_error.go | 1 + .../internal/mcp/tools/prompts/azd_provision_common_error.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cli/azd/internal/mcp/tools/azd_provision_common_error.go b/cli/azd/internal/mcp/tools/azd_provision_common_error.go index f959ad7d7a5..e54e80c2541 100644 --- a/cli/azd/internal/mcp/tools/azd_provision_common_error.go +++ b/cli/azd/internal/mcp/tools/azd_provision_common_error.go @@ -29,6 +29,7 @@ Use this tool when azd commands fail with: - Role assignment conflicts (already exists) - Location offer restricted errors for Azure Database for PostgreSQL - VM quota exceeded errors when provisioning compute resources +- Cognitive Services account provisioning state invalid errors Provides step-by-step diagnostic instructions for the LLM agent to execute.`, ), diff --git a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md index ce2da548bb6..6526f3ef0e3 100644 --- a/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md +++ b/cli/azd/internal/mcp/tools/prompts/azd_provision_common_error.md @@ -81,7 +81,7 @@ When you encounter this error, YOU MUST USE YOUR TERMINAL TOOL TO EXECUTE the fo - Document required permissions in your project README - Consider using Azure Managed Identities where possible to reduce manual role assignments -4. **Verify Permissions Before Deployment:** +5. **Verify Permissions Before Deployment:** ```bash # Check Owner role at subscription level az role assignment list --role Owner --assignee --scope /subscriptions/