@azure/functions-skills
v0.0.5-preview
Published
AI assistant plugins for Azure Functions — one-command setup for GitHub Copilot, Claude Code, and Codex
Readme
Azure Functions Skills
Azure Functions context for your coding agent. One command sets up guided workflows (create, deploy, diagnose, review) for GitHub Copilot CLI, Claude Code, and Codex. The doctor command catches configuration and code issues before you deploy.
Latest E2E status: HTML report
What & why
Azure Functions Skills equips your coding agent with Functions-specific knowledge — trigger/binding patterns, language anti-patterns, runtime versions, deployment best practices — so the agent gives accurate guidance instead of generic advice.
It is focused on Azure Functions. For deployment of any Azure resource (Functions or otherwise), it delegates to Azure Skills via the azure-functions-deploy skill. The two packages complement each other — see docs/skills-vs-azure-skills.md for the role split.
Prerequisites
Node.js 18+ is the only thing you need to install yourself. Everything else (Azure CLI, Core Tools, language runtimes) is checked and guided by the azure-functions-setup skill the first time you run chat.
Quick Start
1. Install the plugin
npx @azure/functions-skills install --agent ghcpnpx @azure/functions-skills install --agent claudenpx @azure/functions-skills install --agent codexInstalls at user scope (available to every project on this machine). Prefer to scope the skills to the current project only? Add
--localto install them under the working directory instead.
2. Open the agent
npx @azure/functions-skills chatThe first time, the agent greets you with a welcome message, shows the available skills, and suggests the next workflow based on your project state.
More options? See CLI Reference for every command, flag, and headless example.
Skills
For contributor guidance on the product boundary between Azure Skills and Azure Functions Skills, see Azure Skills and Azure Functions Skills Boundary.
| Skill | Purpose |
| --- | --- |
| azure-functions-setup | Verify local prerequisites (Azure CLI, Core Tools, runtimes, Azure Skills) |
| azure-functions-create | Create new Functions projects or add functions via Azure MCP templates |
| azure-functions-agents | Build Azure Functions hosted AI agent apps, scheduled agents, connector-triggered agents, and chat/API agents |
| azure-functions-deploy | Prepare, validate, and deploy via Azure Skills with Functions-specific guidance |
| azure-functions-best-practices | Production-readiness review (config, security, reliability) |
| azure-functions-diagnostics | Investigate deployment, runtime, trigger, binding, logging issues |
| azure-functions-health-status | Collect current health, metrics, logs, Resource Health, Activity Log |
| azure-functions-inventory | Collect app specification and configuration inventory |
| azure-functions-doctor | Pre-deployment validation (used by the doctor CLI command) |
| azure-functions-common | Shared language, trigger, binding, extension, routing references |
| azure-functions-feedback | Turn session findings into previewed issues or pull requests |
The functions-copilot agent routes user requests to the right skill and suggests the next step after each workflow.
Doctor — pre-deployment validation
Catch configuration mistakes, deprecated settings, and semantic code issues (missing error handling, blocking I/O, hardcoded secrets, durable-orchestrator non-determinism) before you deploy. The LLM semantic analysis is the value — doctor ships it as both a local CLI command and a GitHub Actions step.
Local — LLM analysis + visual HTML report
npx @azure/functions-skills doctor --dir . \
--deep --accept-deep-risk \
--agent github-copilot \
--format html --output doctor-report.html--accept-deep-risk acknowledges that the agent runs with elevated permissions (file write, shell execution) — only use on trusted workspaces. Skip the LLM with --no-deep for fast deterministic checks only.
Open doctor-report.html in a browser:
GitHub Actions — pre-deploy gate with deep analysis
Trigger on push: main (post-merge), not on pull requests — --deep refuses to run on pull-request workspaces because PR code is untrusted (it can prompt-inject the agent). See docs/doctor-guide.md#security-model.
on:
push:
branches: [main]
jobs:
deep-doctor:
runs-on: ubuntu-latest
environment: trusted-deep-analysis # GitHub Environment for approval + scoped secret
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
- name: Install GitHub Copilot CLI
run: npm install -g @github/copilot
- name: Run Azure Functions doctor
env:
GITHUB_TOKEN: ${{ secrets.COPILOT_TOKEN }}
run: |
npx @azure/functions-skills doctor \
--deep --accept-deep-risk \
--agent github-copilot \
--format markdown --output doctor.md \
--severity high
- name: Publish summary
if: always()
run: cat doctor.md >> $GITHUB_STEP_SUMMARYExit code is 1 if any finding is at or above --severity (default high), gating downstream deploy steps. For PR validation, use the same command with --no-deep (Tier 1 only) on pull_request events.
Doctor walkthrough? See docs/doctor-guide.md for Tier 1 vs Tier 2 details, output formats, deep mode security, and bad-app fixtures.
Doctor also includes supply-chain security checks (lifecycle scripts, unpinned production dependencies, missing lockfile, tracked .env files, install-script deps, plus Tier 2 semantic checks for import-time side effects, fetch-then-execute, and credential exfiltration patterns) — informed by recent npm and PyPI compromises. See SECURITY.md for the threat model.
Contributing
We welcome contributions. The canonical source for skills, agents, hooks, and MCP definitions lives under templates/ — edit there, then npm run build:plugin-payload to regenerate the published plugin payload.
Read CONTRIBUTING.md for the full guide.
Security
Report vulnerabilities to [email protected]. See SECURITY.md for the threat model and our defense layers.