feat: Add GCC government cloud support#136
Open
aaronba wants to merge 1 commit intomicrosoft:mainfrom
Open
Conversation
Add --cloud parameter (public|gcc|gcchigh) and CPS_CLOUD env var to manage-agent and chat-with-agent scripts, enabling all operations in Government Community Cloud environments. manage-agent.js: - Add CLOUD_ENDPOINTS config mapping cloud to BAP host, token scopes, login authority, and Island API cluster category - Add detectCloud() for auto-detection from Dataverse URL - Add getDefaultClientId() to select the right first-party client ID per resource principal in government clouds - Thread cloud parameter through all token acquisition and API calls chat-with-agent.js: - Add CLOUD_CONFIG with per-cloud Power Platform scope and endpoints - Fix PowerPlatformCloud enum: Gov (not Gcc), High (not UsGovHigh) - Add PAC CLI client ID (9cee029c) as default for GCC SDK chat, as it is pre-authorized for CopilotStudio.Copilots.Invoke Tested against live GCC environment - all 7 operations pass: list-agents, list-envs, clone, pull, push, chat-with-agent, publish Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
aaronba
force-pushed
the
feature/gcc-cloud-support
branch
from
9ad2b19 to
100c4d4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds support for GCC (Government Community Cloud) environments to the Copilot Studio CLI skills. Previously, all endpoints were hardcoded to the commercial (public) cloud, making the tools unusable for government customers.
Changes
scripts/src/shared-auth.js— Shared authentication (builds on #133 refactor):AZURE_PS_CLIENT_IDandPAC_CLI_CLIENT_IDconstants alongside existingVSCODE_CLIENT_IDgetDefaultClientId(cloud, scope)— scope-based client ID routing for government cloudsgetLoginAuthority(cloud, tenantId)— returns cloud-appropriate login authoritycreateMsalApp(),getOrAcquireToken(),getOrAcquireIslandToken(), and all token acquisition functions to accept and thread acloudparameterscripts/src/manage-agent.js— Clone, push, pull, list, and publish operations:--cloudCLI parameter (public|gcc|gcchigh) andCPS_CLOUDenvironment variableCLOUD_ENDPOINTSconfiguration mapping cloud → BAP host, token scopes, login authority, and Island API cluster categorydetectCloud()— auto-detects cloud from Dataverse URL (crm9.dynamics.com→ GCC)scripts/src/chat-with-agent.js— Chat/test operations:--cloudCLI parameter andCPS_CLOUDenvironment variableCLOUD_CONFIGwith per-cloud Power Platform scope, login authority, and environment API domainPowerPlatformCloudenum mapping:Gov(notGcc) to match the@microsoft/agents-copilotstudio-clientSDK9cee029c...) as default for SDK chat in all clouds — it is pre-authorized forCopilotStudio.Copilots.Invoke(bonus: commercial SSO agents no longer require--client-id)Cloud endpoint mapping
api.bap.microsoft.comgov.api.bap.microsoft.usservice.powerapps.comgov.service.powerapps.usapi.powerplatform.comapi.gov.powerplatform.microsoft.uslogin.microsoftonline.comlogin.microsoftonline.comClient ID discovery
Government clouds require specific client IDs because not all first-party apps are pre-authorized for all resource principals:
51f81489...1950a258...9cee029c...The implementation uses scope-based selection in GCC:
*.dynamics.com/.default): VS Code client ID (unchanged)api://.../.default): Azure PowerShell client IDAuto-detection
When
--cloudis not specified, the cloud is auto-detected from the Dataverse environment URL:*.crm9.dynamics.com→ GCCTesting
All 14 operations tested against live GCC and Commercial environments:
crm9.dynamics.com)crm.dynamics.com)list-envslist-agentsclonepullpushpublishchat-with-agentBreaking changes
None. The default cloud is
public, preserving existing behavior. The--cloudparameter andCPS_CLOUDenv var are additive.