From 42f29723cbd3dc8f42db3aad9ad7e7af43ba124d Mon Sep 17 00:00:00 2001 From: Marcos Salamanca Date: Fri, 19 Dec 2025 13:52:06 -0600 Subject: [PATCH 1/5] add azure role selector skills --- skills/azure-role-selector/SKILL.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 skills/azure-role-selector/SKILL.md diff --git a/skills/azure-role-selector/SKILL.md b/skills/azure-role-selector/SKILL.md new file mode 100644 index 00000000..c4e11663 --- /dev/null +++ b/skills/azure-role-selector/SKILL.md @@ -0,0 +1,6 @@ +--- +name: azure-role-selector +description: When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. +allowed-tools: ['Azure MCP/documentation', 'Azure MCP/bicepschema', 'Azure MCP/extension_cli_generate', 'Azure MCP/get_bestpractices'] +--- +Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity(If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment. From 4670d47c22f9da99038ceb7039e4572c344a77c8 Mon Sep 17 00:00:00 2001 From: Marcos Salamanca Date: Fri, 19 Dec 2025 15:05:05 -0600 Subject: [PATCH 2/5] add license file and update readme --- docs/README.skills.md | 1 + skills/azure-role-selector/LICENSE.txt | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 skills/azure-role-selector/LICENSE.txt diff --git a/docs/README.skills.md b/docs/README.skills.md index 8c287652..e4a977e2 100644 --- a/docs/README.skills.md +++ b/docs/README.skills.md @@ -23,3 +23,4 @@ Skills differ from other primitives by supporting bundled assets (scripts, code | Name | Description | Bundled Assets | | ---- | ----------- | -------------- | | [webapp-testing](../skills/webapp-testing/SKILL.md) | Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs. | `test-helper.js` | +| [azure-role-selector](../skills/azure-role-selector/SKILL.md) | Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity(If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment. | `LICENSE.txt` | diff --git a/skills/azure-role-selector/LICENSE.txt b/skills/azure-role-selector/LICENSE.txt new file mode 100644 index 00000000..8dfb11f8 --- /dev/null +++ b/skills/azure-role-selector/LICENSE.txt @@ -0,0 +1,21 @@ +MIT License + +Copyright 2025 (c) Microsoft Corporation. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE From 78e0b5a91662a97b6355ab3921a8678ff032b7ac Mon Sep 17 00:00:00 2001 From: Tom Meschter Date: Mon, 5 Jan 2026 11:31:06 -0800 Subject: [PATCH 3/5] Update skills/azure-role-selector/SKILL.md Add a missing space. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- skills/azure-role-selector/SKILL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/skills/azure-role-selector/SKILL.md b/skills/azure-role-selector/SKILL.md index c4e11663..8662d924 100644 --- a/skills/azure-role-selector/SKILL.md +++ b/skills/azure-role-selector/SKILL.md @@ -3,4 +3,4 @@ name: azure-role-selector description: When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. allowed-tools: ['Azure MCP/documentation', 'Azure MCP/bicepschema', 'Azure MCP/extension_cli_generate', 'Azure MCP/get_bestpractices'] --- -Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity(If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment. +Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity (If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment. From 473d203f4644ede9930deff96aa339e9ac9f1dce Mon Sep 17 00:00:00 2001 From: Tom Meschter Date: Mon, 5 Jan 2026 11:31:38 -0800 Subject: [PATCH 4/5] Update docs/README.skills.md Shorten skill description. Co-authored-by: msalaman --- docs/README.skills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.skills.md b/docs/README.skills.md index e4a977e2..23005d88 100644 --- a/docs/README.skills.md +++ b/docs/README.skills.md @@ -23,4 +23,4 @@ Skills differ from other primitives by supporting bundled assets (scripts, code | Name | Description | Bundled Assets | | ---- | ----------- | -------------- | | [webapp-testing](../skills/webapp-testing/SKILL.md) | Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs. | `test-helper.js` | -| [azure-role-selector](../skills/azure-role-selector/SKILL.md) | Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity(If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment. | `LICENSE.txt` | +| [azure-role-selector](../skills/azure-role-selector/SKILL.md) | When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. | `LICENSE.txt` | From c7938622af1962b4fa023740862741b3f8dfebba Mon Sep 17 00:00:00 2001 From: "Tom Meschter (from Dev Box)" Date: Mon, 5 Jan 2026 11:33:44 -0800 Subject: [PATCH 5/5] Update generated README with normalized path separators --- docs/README.skills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.skills.md b/docs/README.skills.md index 23005d88..b52792c3 100644 --- a/docs/README.skills.md +++ b/docs/README.skills.md @@ -22,5 +22,5 @@ Skills differ from other primitives by supporting bundled assets (scripts, code | Name | Description | Bundled Assets | | ---- | ----------- | -------------- | -| [webapp-testing](../skills/webapp-testing/SKILL.md) | Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs. | `test-helper.js` | | [azure-role-selector](../skills/azure-role-selector/SKILL.md) | When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. | `LICENSE.txt` | +| [webapp-testing](../skills/webapp-testing/SKILL.md) | Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs. | `test-helper.js` |