Skip to content

Major upgrades for AI & Custom Apps samples (runtimes + framework majors)#254

Open
dluces wants to merge 10 commits into
mainfrom
user/dluces/update_all_apps
Open

Major upgrades for AI & Custom Apps samples (runtimes + framework majors)#254
dluces wants to merge 10 commits into
mainfrom
user/dluces/update_all_apps

Conversation

@dluces

@dluces dluces commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Major upgrades for AI & Custom Apps samples (runtimes + framework majors)

Follow-up to the recent minor/vulnerability-only pass, this PR applies the deferred major upgrades across all eight runnable sample apps under AI/ and Custom Apps/. The goal was to move each sample onto current runtimes (Node 22 LTS, .NET 10) and framework majors (Express 5, React 19, Vite, MSAL/MGT v4) — making code changes where the majors required them — while keeping every app building and running. Each app has a validate-sample.ps1 that was run after every change; the final results and validation artifacts are below.

Per-app upgrades

App Before → After Key package majors Notable code changes
Custom Apps/webhook Node → Node 22; Express 4 → 5 express 4→5 Replaced body-parser with built-in express.json(); engines.node >= 22
AI/mcp-server Node → Node 22; Express 4 → 5 express 4→5, @types/express 4→5 engines.node >= 22; Dockerfile node:20-alpinenode:22-alpine
Custom Apps/project-management React 18 → 19; Vite 5 → 8 react 18→19, vite 5→8, plugin-react-swc 3→4, next-themes 0.3→0.4, vaul 0.9→1.1 React 19 types; .npmrc (legacy-peer-deps) for shadcn transitive peers
Custom Apps/legal-docs React 18 → 19 (Vite 8) react 18→19, next-themes 0.3→0.4, vaul 0.9→1.1 React 19 types; .npmrc (legacy-peer-deps)
Custom Apps/boilerplate-aspnet-webservice .NET 8 → .NET 10 net8.0→net10.0, EF Core 8→10, ASP.NET auth 8→10, CodeGeneration.Design 8→10 Target framework + package majors; Microsoft.Graph kept at 4.31.0 (see exceptions)
AI/ocr CRA → Vite; React 18 → 19 react 18→19, msal-browser 3→4, msal-node 2→3, mgt 3.1→4.6, typescript 5.1→5.8 Added Vite entry/config; MSAL initialize(); require → ESM import; React 19 JSX typing
Custom Apps/boilerplate-typescript-react CRA → Vite; React 18 → 19 react 18→19 (client), typescript 4→5 + @types/node 18→22 + msal-node 2→3 (function-api) Vite migration; REACT_APP_*import.meta.env.VITE_*; Azure Functions v4 kept
Custom Apps/boilerplate-react-azurefunction CRA → Vite; React 17 → 19 react 17→19, msal-browser 2→4, mgt 2→4 Vite migration; .js.jsx; createRoot; MSAL initialize() fix; REACT_APP_*VITE_*

Final validation results

Run each with pwsh -NoProfile -File "<app>/validate-sample.ps1" from the repo root.

App VALIDATION_RESULT
webhook ✅ PASS — listener startup + validation-token echo
mcp-server ✅ PASS — build + /health runtime smoke
project-management ✅ PASS — build + preview + browser smoke (screenshot)
legal-docs ✅ PASS — build + preview + browser smoke (screenshot)
boilerplate-aspnet-webservice ⚠️ SKIP_CONFIG — restore + build PASS on .NET 10; runtime smoke skipped (no tenant/SQL/appsettings)
ocr ✅ PASS — backend build + frontend Vite build + backend echo + frontend preview smoke (screenshot + HTTP)
boilerplate-typescript-react ✅ PASS — client Vite build + function-api build + client screenshot; Functions runtime skipped (func not installed)
boilerplate-react-azurefunction ✅ PASS — client Vite build + client screenshot; Functions runtime skipped (func not installed)

Validation artifacts — HTTP transcripts (background/API samples)

webhook — POST /webhook?validationToken=…:

### HTTP Validation Artifact
Timestamp: 2026-07-09T22:40:08.9669851-07:00

--- REQUEST ---
POST http://127.0.0.1:3000/webhook?validationToken=sample-validation-token
Content-Type: application/json

{}

--- RESPONSE ---
Status: 200 OK
X-Powered-By: Express
ETag: W/"17-KN84R6DU5QHNj8kxihVQjZAz6s8"
Date: Fri, 10 Jul 2026 05:40:08 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Type: text/html; charset=utf-8
Content-Length: 23

sample-validation-token

mcp-server — GET /health:

### HTTP Validation Artifact
Timestamp: 2026-07-09T22:40:14.3965420-07:00

--- REQUEST ---
GET http://localhost:3100/health

--- RESPONSE ---
Status: 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE
Access-Control-Allow-Headers: Authorization, Content-Type, Accept, Mcp-Session-Id
Access-Control-Expose-Headers: Mcp-Session-Id
ETag: W/"3c-CDaes8+jWpg3lrBBQmUTiSguFRg"
Date: Fri, 10 Jul 2026 05:40:14 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Type: application/json; charset=utf-8
Content-Length: 60

{"status":"ok","service":"spe-mcp-server","version":"1.0.0"}

AI/ocr — backend GET /api/echo:

### HTTP Validation Artifact
Timestamp: 2026-07-09T22:40:55.6505981-07:00

--- REQUEST ---
GET http://127.0.0.1:3001/api/echo

--- RESPONSE ---
Status: 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: undefined
Access-Control-Allow-Headers: undefined
Access-Control-Allow-Credentials: true
ETag: W/"11-azw1zJBltjPezSAaqv24mUM6F4o"
Date: Fri, 10 Jul 2026 05:40:55 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Type: text/html; charset=utf-8
Content-Length: 17

server is running

Validation artifacts — screenshots (UI samples)

Per the upgrade plan, no validation assets are committed to the repo (everything under .validation/ is git-ignored). Screenshots were captured during the final validation run for each UI app and are staged uncommitted in the working tree under each app's .validation/screenshots/ (curated copies under .validation/_pr-assets/<app>/screenshot.png):

  • project-management — Contoso project-management SPA shell renders (#root mounted, no console errors).
  • legal-docs — legal-docs SPA shell renders.
  • AI/ocr — OCR frontend renders after Vite migration.
  • boilerplate-typescript-react — react-client shell renders after Vite migration.
  • boilerplate-react-azurefunction — client-app shell renders after Vite migration (React 17 → 19).

legal-docs
screenshot

AI/ocr
screenshot

project-management
screenshot

boilerplate-react-azurefunction
screenshot

boilerplate-typescript-react
screenshot

How to reproduce

`pwsh

from repo root, per app:

pwsh -NoProfile -File "/validate-sample.ps1"
`

  • Node samples require Node.js 22 LTS; the .NET sample requires the .NET 10 SDK.
  • Set VALIDATION_NODE_COMMAND to override the node binary if needed.
  • The two Azure Functions samples need Azure Functions Core Tools (func) to exercise the Functions runtime; without it, builds/typechecks still run and the Functions runtime portion reports SKIP_CONFIG.

Documented exceptions

  • Microsoft.Graph kept at 4.31.0 (aspnet-webservice): Graph SDK v5 is a large fluent-API rewrite (~18 call sites across MSGraphService.cs + interface + controllers). 4.31.0 has no known vulnerability and builds on .NET 10. Because the aspnet runtime can't be verified here (no tenant/SQL), the Graph major was deferred as a documented follow-up while the .NET 10 / EF Core 10 / Auth 10 upgrade landed.
  • Azure Functions runtime SKIP (boilerplate-typescript-react, boilerplate-react-azurefunction): func Core Tools is not installed in the validation environment, so the Functions host isn't started. Builds/typechecks still pass.
  • Legacy net461 Functions project (boilerplate-react-azurefunction): the authoritative Functions implementation is the JavaScript package (function.json + index.js); the legacy RaaSSampleFunctionApi.csproj (net461) is retained for a follow-up migration and is not built here.
  • Docker image not built (mcp-server): Docker daemon unavailable in the environment; the Dockerfile base image was bumped to node:22-alpine but the image build was not exercised.

Risk & rollback notes

  • Each app was upgraded and committed independently, so any single app can be reverted in isolation.
  • React 19 peer conflicts in the two shadcn-based apps (project-management, legal-docs) are resolved by bumping next-themes/vaul to their React-19 releases plus a committed .npmrc (legacy-peer-deps=true) so clean installs are deterministic.
  • No secrets, .env, local.settings.json, appsettings.json, tenant identifiers, or validation assets are committed. HTTP transcripts above were reviewed and contain no tokens or tenant data.

dilucesr and others added 10 commits July 9, 2026 17:03
…acts tooling

- webhook: express 4->5, replace body-parser with express.json(), engines node>=22
- shared tooling: browser-smoke --screenshot, Save-HttpArtifact helper

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- express 4->5, @types/express 4->5, engines node>=22
- Dockerfile base node:20-alpine -> node:22-alpine
- validate-sample: capture /health HTTP artifact
- Routes use fixed paths; Express 5 compatible; tsc build clean

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- vite 5->8, @vitejs/plugin-react-swc 3->4
- react/react-dom 18->19, @types/react(-dom) 19
- validate-sample: capture render screenshot
- build + lint + preview + browser smoke pass

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- react/react-dom 18->19, @types/react(-dom) 19 on existing Vite 8
- validate-sample: capture render screenshot
- build + lint + preview + browser smoke pass

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- TargetFramework net8.0 -> net10.0
- EF Core (SqlServer/Design/Tools) + Extensions.Caching.SqlServer 8.0.16 -> 10.0.0
- AspNetCore.Authentication.Certificate/JwtBearer/OpenIdConnect 8.0.16 -> 10.0.0
- VS.Web.CodeGeneration.Design 8.0.7 -> 10.0.0
- Microsoft.Graph kept at 4.31.0 (no known vuln; v5 is a large runtime-unverifiable rewrite without tenant/SQL config) - documented exception
- validate-sample: capture landing HTTP artifact when appsettings present
- Build succeeds on net10; runtime remains SKIP_CONFIG (no tenant/SQL)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…AL v3, TS 5

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… MSAL v4, MGT v4

Also fixes MSAL v4 requirement to call initialize() before token acquisition. Legacy net461 Functions csproj documented as follow-up; authoritative Functions impl is JS.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bump next-themes 0.3->0.4 and vaul 0.9->1.1 (React 19 support); add .npmrc legacy-peer-deps=true so clean npm install resolves remaining shadcn transitive peers (react-day-picker@8). Regenerated lockfiles. Both validate-sample.ps1 now PASS from a clean install.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…lidation artifacts)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant