azure-resources
**ANALYSIS SKILL** — List, find, and visualize Azure resources via Resource Graph or Mermaid. WHEN: 'list resources', 'list VMs', 'find orphaned resources', 'resource inventory', 'cross-subscription query', 'visualize Azure resources', 'diagram my resources'. DO NOT USE FOR: deploys (azure-deploy), cost (azure-cost-optimization), security (azure-compliance), troubleshooting (azure-diagnostics).
git clone --depth 1 https://github.com/jonathan-vella/apex /tmp/azure-resources && cp -r /tmp/azure-resources/.github/skills/azure-resources ~/.claude/skills/azure-resourcesSKILL.md
# Azure Resources Discover, inventory, and visualize existing Azure resources. Combines two related capabilities: - **Lookup mode** — query and list resources (single type or cross-cutting via Azure Resource Graph). Replaces the legacy `azure-resource-lookup` skill. - **Visualize mode** — analyze a resource group and generate a detailed Mermaid architecture diagram. Replaces the legacy `azure-resource-visualizer` skill. Both modes share `references/azure-resource-graph.md` for KQL patterns. --- # Mode A: Lookup Use this mode when the user wants to **list / find / show** Azure resources. ## When to Use Lookup - **List resources** of any type (VMs, web apps, storage accounts, container apps, databases, etc.) - **Show resources** in a specific subscription or resource group - Query resources **across multiple subscriptions** or resource types - Find **orphaned resources** (unattached disks, unused NICs, idle IPs) - Discover resources **missing required tags** or configurations - Get a **resource inventory** spanning multiple types - Find resources in a **specific state** (unhealthy, failed provisioning, stopped) - Answer "**what resources do I have?**" or "**show me my Azure resources**" > 💡 **Tip:** For single-resource-type queries, first check if a dedicated MCP > tool can handle it (see routing table below). If none exists, use Azure > Resource Graph (ARG). ## Quick Reference | Property | Value | | ------------------ | ---------------------------------------------------------- | | **Query Language** | KQL (Kusto Query Language subset) | | **CLI Command** | `az graph query -q "<KQL>" -o table` | | **Extension** | `az extension add --name resource-graph` | | **MCP Tool** | `extension_cli_generate` with intent for `az graph query` | | **Best For** | Cross-subscription queries, orphaned resources, tag audits | ## MCP Tools | Tool | Purpose | When to Use | | --------------------------------- | ---------------------------------- | ----------------------------------------------- | | `extension_cli_generate` | Generate `az graph query` commands | Primary — generate ARG queries from user intent | | `mcp_azure-mcp_subscription_list` | List available subscriptions | Discover subscription scope before querying | | `mcp_azure-mcp_group_list` | List resource groups | Narrow query scope | ## Rules - **Prefer dedicated MCP tools** for single-resource-type queries (`compute`, `storage`, `cosmos`, etc.) before falling back to Azure Resource Graph - **Use ARG for cross-cutting queries** — cross-subscription, cross-type, orphaned resources, tag audits - **Generate queries via `extension_cli_generate`** — do not hand-author KQL when intent-based generation is available - **Shape output with `--query` JMESPath** for tabular display; do not load raw JSON dumps into context - **Mode A is read-only** — lookup never modifies resources; remediation is out of scope (use `azure-deploy`) - **Mode B (Visualize) is for documentation** — emit Mermaid only when the user explicitly asks for a diagram; do not auto-visualize lookup results - **Out of scope**: deploying resources (use `azure-deploy`), cost optimization (use `azure-cost-optimization`), security scanning (use `azure-compliance`), troubleshooting (use `azure-diagnostics`) ## Lookup Workflow Three-step procedure: (1) check for a dedicated MCP tool by resource type (`compute` / `storage` / `cosmos` / `keyvault` / `sql` / `acr` / `aks` / `appservice` / `eventhubs` / `servicebus`); (2) if no full-coverage tool, generate an Azure Resource Graph query via `extension_cli_generate`; (3) execute with `--query` JMESPath shaping. Full per-resource-type tool table and example commands in [`references/lookup-workflow.md`](references/lookup-workflow.md). ## Lookup Constraints - ✅ **Always** use `=~` for case-insensitive type matching (types are lowercase) - ✅ **Always** scope queries with `--subscriptions` or `--first` for large tenants - ✅ **Prefer** dedicated MCP tools for single-resource-type queries - ❌ **Never** use ARG for real-time monitoring (data has slight delay) - ❌ **Never** attempt mutations through ARG (read-only) ## Lookup Error Handling | Error | Cause | Fix | | ------------------------------------ | ------------------------------------ | -------------------------------------------------------------- | | `resource-graph extension not found` | Extension not installed | `az extension add --name resource-graph` | | `AuthorizationFailed` | No read access to subscription | Check RBAC — need Reader role | | `BadRequest` on query | Invalid KQL syntax | Verify table/column names; use `=~` for case-insensitive match | | Empty results | No matching resources or wrong scope | Check `--subscriptions` flag; verify resource type spelling | --- # Mode B: Visualize Use this mode when the user asks for a **diagram** of a resource group, or to understand how individual resources fit together. ## When to Use Visualize The user wants to: - Create an architecture diagram of an existing resource group - See how resources connect (VNets, private endpoints, identities, app settings) - Document deployed infrastructure with embedded Mermaid For the full Visualize-mode procedure (resource discovery, diagram construction, file creation, quality standards, constraints, edge cases, and output format), load **[references/visualize.md](references/visualize.md)**. --- ## Reference Index
Guidance for instrumenting webapps with Azure Application Insights. Provides telemetry patterns, SDK setup, and configuration references. WHEN: how to instrument app, App Insights SDK, telemetry patterns, what is App Insights, Application Insights guidance, instrumentation examples, APM best practices.
Use for Azure AI: Search, Speech, OpenAI, Document Intelligence. Helps with search, vector/hybrid search, speech-to-text, text-to-speech, transcription, OCR. WHEN: AI Search, query search, vector search, hybrid search, semantic search, speech-to-text, text-to-speech, transcribe, OCR, convert text to speech.
Configure Azure API Management as an AI Gateway for AI models, MCP tools, and agents. WHEN: semantic caching, token limit, content safety, load balancing, AI model governance, MCP rate limiting, jailbreak detection, add Azure OpenAI backend, add AI Foundry model, test AI gateway, LLM policies, configure AI backend, token metrics, AI cost control, convert API to MCP, import OpenAPI to gateway.
ROUTING SKILL — delegates to specialized diagram skills. USE FOR: any diagram request when the caller does not know which tool to use. Routes to drawio, python-diagrams, or mermaid based on diagram type.
Build and deploy GitHub Copilot SDK apps to Azure. WHEN: build copilot app, create copilot app, copilot SDK, @github/copilot-sdk, scaffold copilot project, copilot-powered app, deploy copilot app, host on azure, azure model, BYOM, bring your own model, use my own model, azure openai model, DefaultAzureCredential, self-hosted model, copilot SDK service, chat app with copilot, copilot-sdk-service template, azd init copilot, CopilotClient, createSession, sendAndWait, GitHub Models API.
Troubleshoot and resolve issues with Azure Messaging SDKs for Event Hubs and Service Bus. Covers connection failures, authentication errors, message processing issues, and SDK configuration problems. WHEN: event hub SDK error, service bus SDK issue, messaging connection failure, AMQP error, event processor host issue, message lock lost, send timeout, receiver disconnected, SDK troubleshooting, azure messaging SDK, event hub consumer, service bus queue issue, topic subscription error, enable logging event hub, service bus logging, eventhub python, servicebus java, eventhub javascript, servicebus dotnet, event hub checkpoint, event hub not receiving messages, service bus dead letter.
Authoritative reference for VS Code Copilot customization mechanisms: instructions, prompt files, custom agents, agent skills, MCP servers, hooks, and plugins. Use when deciding which customization type to use, creating new .instructions.md/.prompt.md/.agent.md/SKILL.md/mcp.json files from scratch, or debugging why a customization is not loading. DO NOT USE FOR: routine file edits where the format is already known.
Provides canonical entity counts from count-manifest.json. Use when agents need to reference how many agents, skills, instructions, or validators exist. Prevents hard-coded counts. WHEN: agent count, skill count, how many agents, how many skills, entity inventory, project statistics.