Workflow Prompts¶
The Agentic InfraOps workflow follows eight steps (including Step 3.5 Governance). Use the InfraOps Conductor to run all steps end-to-end, or invoke individual agents directly.
End-to-End (Conductor)¶
Select the InfraOps Conductor agent in Copilot Chat, then describe your project:
Best Results
Include business context, team size, compliance needs, and expected scale in your initial prompt. The more context you provide, the better the output.
I need Azure infrastructure for a patient portal web application.
The company is a mid-size healthcare provider (500 staff, 50k patients).
We need HIPAA compliance and expect 10k daily active users.
The Conductor delegates to each agent in sequence with approval gates between steps.
Resume the workflow from where we left off. Check agent-output/patient-portal/
for existing artifacts.
Step 1: Requirements — 📜 Scribe¶
Select the Requirements agent. Start with business context, not technical specs.
We're a fintech startup building a payment processing gateway.
30 developers, Series B, launching in 3 months.
Must be PCI-DSS compliant. Expect 1M transactions/month at launch.
We're migrating an on-premises .NET ERP system to Azure.
Currently running on 12 VMware VMs with SQL Server 2019.
300 concurrent users, 99.9% uptime SLA required.
The agent guides you through 5 discovery phases (business, technical, compliance,
operational, budget) using interactive questions, then generates
agent-output/{project}/01-requirements.md.
Step 2: Architecture — 🏛️ Oracle¶
Select the Architect agent. It reads the requirements and produces a WAF assessment with cost estimates.
Review the requirements in agent-output/payment-gateway/01-requirements.md
and create a comprehensive architecture assessment.
Compare SKU options for the App Service plan — we need to understand
the cost difference between P1v3 and P2v3 for our expected load.
Deep dive into the Security pillar. Our CISO wants to know
specifically how we handle data encryption at rest and in transit.
Step 3: Design — 🎨 Artisan (Optional)¶
Select the Design agent. This step is optional — skip to Step 4 if you do not need diagrams or ADRs.
Architecture diagram:
Generate a Python architecture diagram for the payment gateway.
Include all Azure resources from the architecture assessment,
network topology, and data flow paths.
Architecture Decision Record:
Create an ADR documenting the decision to use Azure Container Apps
instead of AKS. Include WAF trade-offs from the assessment.
Cost estimate (delegates to Architect):
Generate a detailed cost estimate using Azure Pricing MCP tools.
Include monthly and yearly totals for each resource.
Step 4: Planning — 📐 Strategist¶
Select the Bicep Planner or Terraform Planner agent depending on your IaC tool preference. Both discover governance constraints and create a machine-readable implementation plan.
Re-query Azure Resource Graph for updated policy assignments.
Our platform team added new policies last week.
The agent runs governance discovery (Azure Policy via REST API), checks AVM module
availability, then asks you to choose a deployment strategy (phased vs. single)
before generating 04-implementation-plan.md.
Step 5: Implementation — ⚒️ Forge¶
Select the Bicep CodeGen or Terraform CodeGen agent. It reads the plan and generates production-ready templates.
The agent runs a preflight check, generates templates with AVM modules, applies
security baseline and required tags, then validates with the appropriate tool
(bicep build / terraform validate).
Step 6: Deployment — 🚀 Envoy¶
Select the Bicep Deploy or Terraform Deploy agent. Both run preflight validation, preview changes, and deploy with approval gates.
The agent always presents a change summary (what-if or plan output) and waits for your explicit approval before deploying. For phased deployments, it pauses between each phase.
Step 7: Documentation — 📚 Chronicler¶
After deployment, the As-Built agent generates comprehensive workload documentation:
This produces documentation files in agent-output/{project}/07-*.md:
design document, operations runbook, cost estimate, compliance matrix,
backup/DR plan, and resource inventory.
Standalone Agents¶
InfraOps Conductor — 🎼 Maestro¶
Use the Conductor for end-to-end projects where you want the full 8-step workflow with approval gates.
Review all generated artifacts in agent-output/my-project/
and provide a summary of current project state.
Diagnose — 🔍 Sentinel¶
Use Diagnose for troubleshooting deployed Azure resources. It works outside the 8-step workflow.
My App Service is returning 503 errors. The resource is
app-payment-api-prod in resource group rg-payment-gateway-prod.
Help me diagnose the issue.
Expand the diagnostic scope to include resources connected to
my App Service (Key Vault, SQL Database, Storage).
Challenger — ⚔️ Adversary¶
Use Challenger to stress-test plans and architectures before implementation. It finds untested assumptions, governance gaps, and WAF blind spots.