Files
microsoft--generative-ai-fo…/docs/ENHANCED_FEATURES_ROADMAP.md
T
wehub-resource-sync 3fbbd7970c
Code Quality / Python Lint & Format (push) Has been cancelled
Code Quality / Python Tests (push) Has been cancelled
Code Quality / JavaScript/TypeScript Lint (advisory) (push) Has been cancelled
Security Scan / CodeQL Analysis (python) (push) Has been cancelled
Security Scan / Dependency Review (push) Has been cancelled
Security Scan / CodeQL Analysis (javascript-typescript) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:43:57 +08:00

12 KiB

Enhanced Features and Improvements Roadmap

This document outlines recommended enhancements and improvements for the Generative AI for Beginners curriculum, based on a comprehensive code review and analysis of industry best practices.

Executive Summary

The codebase has been analyzed for security, code quality, and educational effectiveness. This document provides recommendations for immediate fixes, near-term improvements, and future enhancements.


1. Security Enhancements (Priority: Critical)

1.1 Immediate Fixes (Completed)

Issue Files Affected Status
Hardcoded SECRET_KEY 05-advanced-prompts/python/aoai-solution.py Fixed
Missing env validation Multiple JS/TS files Fixed
Unsafe function calls 11-integrating-with-function-calling/js-githubmodels/app.js Fixed
File handle leaks 08-building-search-applications/scripts/ Fixed
Missing request timeouts 09-building-image-applications/python/ Fixed
  1. Rate Limiting Examples

    • Add example code showing how to implement rate limiting for API calls
    • Demonstrate exponential backoff patterns
  2. API Key Rotation

    • Add documentation on best practices for rotating API keys
    • Include examples of using Azure Key Vault or similar services
  3. Content Safety Integration

    • Add examples using Azure Content Safety API
    • Demonstrate input/output moderation patterns

2. Code Quality Improvements

2.1 Configuration Files Added

File Purpose
.eslintrc.json JavaScript/TypeScript linting rules
.prettierrc Code formatting standards
pyproject.toml Python tooling configuration (Black, Ruff, mypy)

2.2 Shared Utilities Created

New shared/python/ module with:

  • env_utils.py - Environment variable handling
  • input_validation.py - Input validation and sanitization
  • api_utils.py - Safe API request wrappers
  1. Type Hints Coverage

    • Add type hints to all Python files
    • Enable strict TypeScript mode in all TS projects
  2. Documentation Standards

    • Add docstrings to all Python functions
    • Add JSDoc comments to all JavaScript/TypeScript functions
  3. Testing Framework

    • Add pytest configuration and example tests (done: pytest config in pyproject.toml; example tests for the shared utilities in tests/ run in CI)
    • Add Jest configuration for JavaScript/TypeScript

3. Educational Enhancements

3.1 New Lesson Topics

  1. Security in AI Applications (Proposed Lesson 22)

    • Prompt injection attacks and defenses
    • API key management
    • Content moderation
    • Rate limiting and abuse prevention
  2. Production Deployment (Proposed Lesson 23)

    • Containerization with Docker
    • CI/CD pipelines
    • Monitoring and logging
    • Cost management
  3. Advanced RAG Techniques (Proposed Lesson 24)

    • Hybrid search (keyword + semantic)
    • Re-ranking strategies
    • Multi-modal RAG
    • Evaluation metrics

3.2 Existing Lesson Improvements

Lesson Recommended Improvement
06 - Text Generation Add streaming response examples
07 - Chat Applications Add conversation memory patterns
08 - Search Applications Add vector database comparison
09 - Image Generation Add image editing/variation examples
11 - Function Calling Add parallel function calling
15 - RAG Add chunking strategy comparison
17 - AI Agents Add multi-agent orchestration

4. API Modernization

4.1 Deprecated API Patterns (Migration Completed)

All Python and TypeScript chat samples have been migrated from the Chat Completions API to the Responses API (client.responses.create(...)response.output_text).

Old Pattern New Pattern Status
openai.api_type = "azure" / AzureOpenAI() (chat) OpenAI(base_url="<endpoint>/openai/v1/") (Responses API) Completed
openai.ChatCompletion.create() / client.chat.completions.create() client.responses.create(input=...)response.output_text Completed
@azure/openai OpenAIClient.getChatCompletions() (TypeScript) openai package client.responses.create()response.output_text Completed
df.append() (pandas) pd.concat() Completed

Note: Microsoft Foundry Models samples that use the azure-ai-inference / @azure-rest/ai-inference SDK (client.complete()) remain on the Model Inference API, which does not support the Responses API. AzureOpenAI() is intentionally retained where still valid (embeddings and image generation).

4.2 New API Features to Demonstrate

  1. Structured Outputs (OpenAI)

    • JSON mode
    • Function calling with strict schemas
  2. Vision Capabilities

    • Image analysis with GPT-4o (vision)
    • Multi-modal prompts
  3. Responses API Built-in Tools (supersedes the legacy Assistants API)

    • Code interpreter
    • File search
    • Web search and custom tools

5. Infrastructure Improvements

5.1 CI/CD Enhancements

Implemented in .github/workflows/code-quality.yml: Python linting/formatting (Ruff + Black) is enforced on the maintained shared/ utilities module and runs advisory across the rest of the curriculum, plus an advisory ESLint pass for JavaScript/TypeScript. The illustrative baseline was:

# .github/workflows/code-quality.yml
name: Code Quality

on: [push, pull_request]

jobs:
  python-lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.10'
      - run: pip install ruff black mypy
      - run: ruff check .
      - run: black --check .

  js-lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - run: npm ci
      - run: npx eslint .

5.2 Security Scanning

Implemented in .github/workflows/security.yml: CodeQL analysis for Python and JavaScript/TypeScript (on push, pull request, and a weekly schedule) plus a dependency review on pull requests. The illustrative baseline was:

# .github/workflows/security.yml
name: Security Scan

on: [push, pull_request]

jobs:
  codeql:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: github/codeql-action/init@v3
        with:
          languages: javascript, python
      - uses: github/codeql-action/analyze@v3

  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/dependency-review-action@v4

6. Developer Experience Improvements

6.1 DevContainer Enhancements

Implemented in .devcontainer/devcontainer.json and .devcontainer/post-create.sh: the container now ships Pylance, the Black formatter, Ruff, ESLint, Prettier, and Copilot extensions, enables format-on-save wired to the repo's Black/Prettier config, and installs the developer tooling (ruff, black, mypy, pytest) so the code-quality workflow can be reproduced locally. The mcr.microsoft.com/devcontainers/universal base image already bundles Python and Node, so no extra features are required. The illustrative baseline was:

{
  "name": "Generative AI for Beginners",
  "image": "mcr.microsoft.com/devcontainers/universal:2",
  "features": {
    "ghcr.io/devcontainers/features/python:1": {
      "version": "3.11"
    },
    "ghcr.io/devcontainers/features/node:1": {
      "version": "20"
    }
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "ms-python.python",
        "ms-python.vscode-pylance",
        "ms-toolsai.jupyter",
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode",
        "github.copilot"
      ],
      "settings": {
        "python.formatting.provider": "black",
        "editor.formatOnSave": true
      }
    }
  },
  "postCreateCommand": "pip install -e .[dev] && npm install"
}

6.2 Interactive Playground

Consider adding:

  • Jupyter notebooks with pre-filled API keys (via environment)
  • Gradio/Streamlit demos for visual learners
  • Interactive quizzes for knowledge assessment

7. Multi-Language Support

7.1 Current Language Coverage

Technology Lessons Covered Status
Python All Complete
TypeScript 06-09, 11 Partial
JavaScript 06-08, 11 Partial
.NET/C# Some Partial
  1. Go - Growing in AI/ML tooling
  2. Rust - Performance-critical applications
  3. Java/Kotlin - Enterprise applications

8. Performance Optimizations

8.1 Code-Level Optimizations

  1. Async/Await Patterns

    • Add async examples for batch processing
    • Demonstrate concurrent API calls
  2. Caching Strategies

    • Add embedding caching examples
    • Demonstrate response caching patterns
  3. Token Optimization

    • Add tiktoken usage examples
    • Demonstrate prompt compression techniques

8.2 Cost Optimization Examples

Add examples demonstrating:

  • Model selection based on task complexity
  • Prompt engineering for token efficiency
  • Batch processing for bulk operations

9. Accessibility and Internationalization

9.1 Current Translation Status

All translations are complete and generated automatically by the Azure Co-op Translator, which produces and keeps 50+ language versions of the curriculum in sync with the English source. Translated content lives under translations/ and localized images under translated_images/; the full list of available languages is published at the top of the repository README.

Aspect Status
Translation coverage Complete — 50+ languages, all lessons
Translation method Automated via Azure Co-op Translator
Kept in sync with English source Yes — regenerated automatically

9.2 Accessibility Improvements

  1. Add alt text to all images
  2. Ensure code samples have proper syntax highlighting
  3. Add video transcripts for all video content
  4. Ensure color contrast meets WCAG guidelines

10. Implementation Priority

Phase 1: Immediate (Week 1-2)

  • Fix critical security issues
  • Add code quality configuration
  • Create shared utilities
  • Document security guidelines

Phase 2: Short-term (Week 3-4)

  • Update deprecated API patterns (Chat Completions → Responses API, Python + TypeScript)
  • Add type hints to all Python files (done for the maintained shared/ module; lesson samples kept simple)
  • Add CI/CD workflows for code quality
  • Create security scanning workflow

Phase 3: Medium-term (Month 2-3)

  • Add new security lesson
  • Add production deployment lesson
  • Improve DevContainer setup
  • Add interactive demos

Phase 4: Long-term (Month 4+)

  • Add advanced RAG lesson
  • Expand language coverage
  • Add comprehensive test suite
  • Create certification program

Conclusion

This roadmap provides a structured approach to improving the Generative AI for Beginners curriculum. By addressing security concerns, modernizing APIs, and adding educational content, the course will better prepare students for real-world AI application development.

For questions or contributions, please open an issue on the GitHub repository.