What to build
Stand up internal/azurex — thin adapters over the Azure SDK for the read paths every subsequent slice will need — and ship jotsmith doctor in its read-only form (no --repair, no --json yet). This is the first slice that actually talks to Azure, so it earns its keep by exercising credential resolution, control-plane reads, data-plane blob reads, and Key Vault reads in one go.
Read-only by design: no Azure writes happen in this slice. Repair and JSON output are deferred to a later slice so this one can ship without committing to repair semantics.
Acceptance criteria
Blocked by
Originally created in OpenCode session ID: ses_17ca8efd8ffexLcFSysAMDVNBQ
What to build
Stand up
internal/azurex— thin adapters over the Azure SDK for the read paths every subsequent slice will need — and shipjotsmith doctorin its read-only form (no--repair, no--jsonyet). This is the first slice that actually talks to Azure, so it earns its keep by exercising credential resolution, control-plane reads, data-plane blob reads, and Key Vault reads in one go.Read-only by design: no Azure writes happen in this slice. Repair and JSON output are deferred to a later slice so this one can ship without committing to repair semantics.
Acceptance criteria
internal/azurexexposes adapters for:DefaultAzureCredentialresolution (with diagnostic detail on which chain step matched)Get(ARM)Get(ARM) and static-website status readGetfor$web/<discovery_path>and$web/<jwks_path>Get(to check RBAC mode)GetKeycontext.Contextand return typed errors that wrap underlying SDK errors with the Azure resource identity being operated onjotsmith doctorruns every check from PRD §6.6, printing[PASS]/[WARN]/[FAIL]+ a brief reason to stderr per checkPrimaryEndpoints.Weband configissuer— FAIL with both URLs in the messageCreate*/Upload*/Set*/Update*SDK calls//go:build integrationdocuments required env vars and minimum RBAC in the package doc commentBlocked by
configpackage andconfig showOriginally created in OpenCode session ID: ses_17ca8efd8ffexLcFSysAMDVNBQ