feat: Enhanced setup script with quick deploy and Azure infrastructur…

.env.example

@@ -9,8 +9,15 @@
 ############################################
 # GitHub OAuth / API Authentication (REQUIRED for Azure deployment)
 ############################################
+# Development OAuth App (for local development on localhost:3000)
 GITHUB_CLIENT_ID=                          # OAuth app client ID (create at github.com/settings/developers)
-GITHUB_CLIENT_SECRET=                      # OAuth app client secret  
+GITHUB_CLIENT_SECRET=                      # OAuth app client secret
+
+# Production OAuth App (for Azure deployment - falls back to dev credentials if not set)
+GITHUB_CLIENT_ID_PROD=                     # Production OAuth app client ID (optional - uses GITHUB_CLIENT_ID if not set)
+GITHUB_CLIENT_SECRET_PROD=                 # Production OAuth app client secret (optional - uses GITHUB_CLIENT_SECRET if not set)
+
+# GitHub API Tokens
 GITHUB_TOKEN=                              # Personal Access Token (scopes: repo, workflow, read:org)
 GH_WORKFLOW_TOKEN=                         # Workflow dispatch token (can be same as GITHUB_TOKEN)
 

infra/database.bicep

@@ -3,6 +3,7 @@
 
 param location string = resourceGroup().location
 param environmentName string
+param logAnalyticsWorkspaceId string
 
 // Generate unique resource name
 var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
@@ -79,32 +80,21 @@ resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-pr
   name: 'cosmos-diagnostics'
   scope: cosmosAccount
   properties: {
+    workspaceId: logAnalyticsWorkspaceId
     logs: [
       {
         category: 'MongoRequests'
         enabled: true
-        retentionPolicy: {
-          enabled: true
-          days: 30
-        }
       }
       {
         category: 'QueryRuntimeStatistics'
         enabled: true
-        retentionPolicy: {
-          enabled: true
-          days: 30
-        }
       }
     ]
     metrics: [
       {
         category: 'Requests'
         enabled: true
-        retentionPolicy: {
-          enabled: true
-          days: 30
-        }
       }
     ]
   }

infra/main.bicep

@@ -56,7 +56,11 @@ module cosmos './database.bicep' = {
   params: {
     location: location
     environmentName: environmentName
+    logAnalyticsWorkspaceId: containerAppsEnvironment.outputs.logAnalyticsWorkspaceId
   }
+  dependsOn: [
+    containerAppsEnvironment
+  ]
 }
 
 // Container Apps Environment

package.json

@@ -1,6 +1,6 @@
 {
   "name": "template-doctor",
-  "version": "1.0.0",
+  "version": "2.2.0",
   "description": "An Azure template analysis and healing app",
   "main": "bin/cli.js",
   "private": true,

packages/server/src/shared/env.ts

@@ -11,15 +11,43 @@ export interface AppEnv {
 
 let cached: AppEnv | null = null;
 
+/**
+ * Determine which GitHub OAuth credentials to use based on environment.
+ * In production (NODE_ENV=production or Azure), prefer *_PROD variables.
+ * Falls back to standard GITHUB_CLIENT_ID/SECRET if _PROD variants not set.
+ */
+function getOAuthCredentials(): { clientId?: string; clientSecret?: string } {
+  const isProduction =
+    process.env.NODE_ENV === 'production' ||
+    process.env.WEBSITE_INSTANCE_ID || // Azure App Service
+    process.env.CONTAINER_APP_NAME; // Azure Container Apps
+
+  if (isProduction) {
+    // Production: use _PROD if available, fall back to dev
+    const clientId = process.env.GITHUB_CLIENT_ID_PROD || process.env.GITHUB_CLIENT_ID;
+    const clientSecret = process.env.GITHUB_CLIENT_SECRET_PROD || process.env.GITHUB_CLIENT_SECRET;
+    return { clientId, clientSecret };
+  } else {
+    // Development: use standard variables
+    return {
+      clientId: process.env.GITHUB_CLIENT_ID,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET,
+    };
+  }
+}
+
 export function loadEnv(): AppEnv {
   if (cached) return cached;
+
+  const { clientId, clientSecret } = getOAuthCredentials();
+
   const required: Array<[keyof AppEnv, boolean]> = [
     ['GITHUB_CLIENT_ID', false], // not all endpoints need both at cold start
     ['GITHUB_CLIENT_SECRET', false],
   ];
   const env: AppEnv = {
-    GITHUB_CLIENT_ID: process.env.GITHUB_CLIENT_ID,
-    GITHUB_CLIENT_SECRET: process.env.GITHUB_CLIENT_SECRET,
+    GITHUB_CLIENT_ID: clientId,
+    GITHUB_CLIENT_SECRET: clientSecret,
     GH_WORKFLOW_TOKEN: process.env.GH_WORKFLOW_TOKEN,
     // Include common dev ports (4000 Vite primary, 5173 Vite default fallback) plus legacy 8080 for backward compatibility
     GITHUB_OAUTH_ALLOWED_ORIGINS: (