sync with Development branch

.github/workflows/python-syntax-check.yml

@@ -0,0 +1,51 @@
+name: Python Syntax Check
+
+on:
+  pull_request:
+    branches:
+      - main
+      - Development
+    paths:
+      - 'application/single_app/**.py'
+      - '.github/workflows/python-syntax-check.yml'
+
+jobs:
+  syntax-check:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Run Python compilation check
+      run: |
+        cd application/single_app
+        echo "🔍 Running Python compilation checks on all .py files..."
+        failed_files=()
+
+        for file in *.py; do
+          echo ""
+          echo "=== Compiling $file ==="
+          if python -m py_compile "$file" 2>&1; then
+            echo "✓ $file - OK"
+          else
+            echo "✗ $file - FAILED"
+            failed_files+=("$file")
+          fi
+        done
+
+        echo ""
+        echo "================================"
+        if [ ${#failed_files[@]} -eq 0 ]; then
+          echo "✅ All Python files compiled successfully!"
+          exit 0
+        else
+          echo "❌ ${#failed_files[@]} file(s) failed compilation:"
+          printf '  - %s\n' "${failed_files[@]}"
+          exit 1
+        fi

README.md

@@ -14,10 +14,111 @@ The application utilizes **Azure Cosmos DB** for storing conversations, metadata
 
 ## Quick Deploy
 
-Use azd up [MORE DETAILS TO COME]
+[Detailed deployment Guide](./deployers/bicep/README.md)
 
+### Pre-Configuration:
+
+The following procedure must be completed with a user that has permissions to create an application registration in the users Entra tenant. 
+
+#### Create the application registration:
+
+```powershell
+cd ./deployers
+```
+
+Define your application name and your environment:
+
+```
+appName = 
+```
+
+```
+environment = 
+```
+
+The following script will create an Entra Enterprise Application, with an App Registration named *\<appName\>*-*\<environment\>*-ar for the web service called *\<appName\>*-*\<environment\>*-app.  
+
+> [!TIP]
+>
+> The web service name may be overriden with the `-AppServceName` parameter. 
+
+> [!TIP]
+>
+> A different expiration date for the secret which defaults to 180 days with the `-SecretExpirationDays` parameter.
+
+```powershell
+.\Initialize-EntraApplication.ps1 -AppName "<appName>" -Environment "<environment>"  -AppRolesJsonPath "./azurecli/appRegistrationRoles.json"
 ```
-azd up
+
+> [!NOTE]
+>
+> Be sure to save this information as it will not be available after the window is closed.*
+
+```========================================
+App Registration Created Successfully!
+Application Name:       <registered application name>
+Client ID:              <clientID>
+Tenant ID:              <tenantID>
+Service Principal ID:   <servicePrincipalId>
+Client Secret:          <clientSecret>
+Secret Expiration:      <yyyy-mm-dd>
+```
+
+In addition, the script will note additional steps that must be taken for the app registration step to be completed.
+
+1.  Grant Admin Consent for API Permissions:
+
+    - Navigate to Azure Portal > Entra ID > App registrations
+    - Find app: *\<registered application name\>*
+    - Go to API permissions
+    - Click 'Grant admin consent for [Tenant]'
+
+2.  Assign Users/Groups to Enterprise Application:
+    - Navigate to Azure Portal > Entra ID > Enterprise applications
+    - Find app: *\<registered application name\>*
+    - Go to Users and groups
+    - Add user/group assignments with appropriate app roles
+
+3.  Store the Client Secret Securely:
+    - Save the client secret in Azure Key Vault or secure credential store
+    - The secret value is shown above and will not be displayed again
+
+#### Configure AZD Environment
+
+Using the bash terminal in Visual Studio Code
+
+```powershell
+cd ./deployers
+```
+
+If you work with other Azure clouds, you may need to update your cloud like `azd config set cloud.name AzureUSGovernment` - more information here - [Use Azure Developer CLI in sovereign clouds | Microsoft Learn](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/sovereign-clouds)
+
+```powershell
+azd config set cloud.name AzureCloud
+```
+
+This will open a browser window that the user with Owner level permissions to the target subscription will need to authenticate with.
+
+```powershell
+azd auth login
+```
+
+Use the same value for the \<environment\> that was used in the application registration.
+
+```powershell
+azd env new <environment>
+```
+
+Select the new environment
+
+```powershell
+azd env select <environment>
+```
+
+This step will begin the deployment process.  
+
+```powershell
+Use azd up 
 ```
 
 ## Architecture
@@ -27,50 +128,27 @@ azd up
 ## Features
 
 - **Chat with AI**: Interact with an AI model based on Azure OpenAI’s GPT and Thinking models.
-
 - **RAG with Hybrid Search**: Upload documents and perform hybrid searches (vector + keyword), retrieving relevant information from your files to augment AI responses.
-
 - **Document Management**: Upload, store, and manage multiple versions of documents—personal ("Your Workspace") or group-level ("Group Workspaces").
-
 - **Group Management**: Create and join groups to share access to group-specific documents, enabling collaboration with Role-Based Access Control (RBAC).
-
 - **Ephemeral (Single-Convo) Documents**: Upload temporary documents available only during the current chat session, without persistent storage in Azure AI Search.
-
 - **Conversation Archiving (Optional)**: Retain copies of user conversations—even after deletion from the UI—in a dedicated Cosmos DB container for audit, compliance, or legal requirements.
-
 - **Content Safety (Optional)**: Integrate Azure AI Content Safety to review every user message *before* it reaches AI models, search indexes, or image generation services. Enforce custom filters and compliance policies, with an optional `SafetyAdmin` role for viewing violations.
-
 - **Feedback System (Optional)**: Allow users to rate AI responses (thumbs up/down) and provide contextual comments on negative feedback. Includes user and admin dashboards, governed by an optional `FeedbackAdmin` role.
-
 - **Bing Web Search (Optional)**: Augment AI responses with live Bing search results, providing up-to-date information. Configurable via Admin Settings.
-
 - **Image Generation (Optional)**: Enable on-demand image creation using Azure OpenAI's DALL-E models, controlled via Admin Settings.
-
 - **Video Extraction (Optional)**: Utilize Azure Video Indexer to transcribe speech and perform Optical Character Recognition (OCR) on video frames. Segments are timestamp-chunked for precise retrieval and enhanced citations linking back to the video timecode.
-
 - **Audio Extraction (Optional)**: Leverage Azure Speech Service to transcribe audio files into timestamped text chunks, making audio content searchable and enabling enhanced citations linked to audio timecodes.
-
 - **Document Classification (Optional)**: Admins define custom classification types and associated colors. Users tag uploaded documents with these labels, which flow through to AI conversations, providing lineage and insight into data sensitivity or type.
-
 - **Enhanced Citation (Optional)**: Store processed, chunked files in Azure Storage (organized into user- and document-scoped folders). Display interactive citations in the UI—showing page numbers or timestamps—that link directly to the source document preview.
-
 - **Metadata Extraction (Optional)**: Apply an AI model (configurable GPT model via Admin Settings) to automatically generate keywords, two-sentence summaries, and infer author/date for uploaded documents. Allows manual override for richer search context.
-
 - **File Processing Logs (Optional)**: Enable verbose logging for all ingestion pipelines (workspaces and ephemeral chat uploads) to aid in debugging, monitoring, and auditing file processing steps.
-
 - **Redis Cache (Optional)**: Integrate Azure Cache for Redis to provide a distributed, high-performance session store. This enables true horizontal scaling and high availability by decoupling user sessions from individual app instances.
-
 - **Authentication & RBAC**: Secure access via Azure Active Directory (Entra ID) using MSAL. Supports Managed Identities for Azure service authentication, group-based controls, and custom application roles (`Admin`, `User`, `CreateGroup`, `SafetyAdmin`, `FeedbackAdmin`).
-
 - **Supported File Types**:
 
-  -   Text: `txt`, `md`, `html`, `json`
-
-  *   Documents: `pdf`, `docx`, `pptx`, `xlsx`, `xlsm`, `xls`, `csv`
-  *   Images: `jpg`, `jpeg`, `png`, `bmp`, `tiff`, `tif`, `heif`
-  *   Video: `mp4`, `mov`, `avi`, `wmv`, `mkv`, `webm`
-  *   Audio: `mp3`, `wav`, `ogg`, `aac`, `flac`, `m4a`
-
-## Demos
-
-ADD DEMOS HERE
+  -   **Text**: `txt`, `md`, `html`, `json`, `xml`, `yaml`, `yml`, `log`
+  -   **Documents**: `pdf`, `doc`, `docm`, `docx`, `pptx`, `xlsx`, `xlsm`, `xls`, `csv`
+  -   **Images**: `jpg`, `jpeg`, `png`, `bmp`, `tiff`, `tif`, `heif`
+  -   **Video**: `mp4`, `mov`, `avi`, `wmv`, `mkv`, `flv`, `mxf`, `gxf`, `ts`, `ps`, `3gp`, `3gpp`, `mpg`, `asf`, `m4v`, `isma`, `ismv`, `dvr-ms`
+  -   **Audio**: `wav`, `m4a`