12 KiB
Enhanced Features and Improvements Roadmap
This document outlines recommended enhancements and improvements for the Generative AI for Beginners curriculum, based on a comprehensive code review and analysis of industry best practices.
Executive Summary
The codebase has been analyzed for security, code quality, and educational effectiveness. This document provides recommendations for immediate fixes, near-term improvements, and future enhancements.
1. Security Enhancements (Priority: Critical)
1.1 Immediate Fixes (Completed)
| Issue | Files Affected | Status |
|---|---|---|
| Hardcoded SECRET_KEY | 05-advanced-prompts/python/aoai-solution.py |
Fixed |
| Missing env validation | Multiple JS/TS files | Fixed |
| Unsafe function calls | 11-integrating-with-function-calling/js-githubmodels/app.js |
Fixed |
| File handle leaks | 08-building-search-applications/scripts/ |
Fixed |
| Missing request timeouts | 09-building-image-applications/python/ |
Fixed |
1.2 Recommended Additional Security Features
-
Rate Limiting Examples
- Add example code showing how to implement rate limiting for API calls
- Demonstrate exponential backoff patterns
-
API Key Rotation
- Add documentation on best practices for rotating API keys
- Include examples of using Azure Key Vault or similar services
-
Content Safety Integration
- Add examples using Azure Content Safety API
- Demonstrate input/output moderation patterns
2. Code Quality Improvements
2.1 Configuration Files Added
| File | Purpose |
|---|---|
.eslintrc.json |
JavaScript/TypeScript linting rules |
.prettierrc |
Code formatting standards |
pyproject.toml |
Python tooling configuration (Black, Ruff, mypy) |
2.2 Shared Utilities Created
New shared/python/ module with:
env_utils.py- Environment variable handlinginput_validation.py- Input validation and sanitizationapi_utils.py- Safe API request wrappers
2.3 Recommended Code Improvements
-
Type Hints Coverage
- Add type hints to all Python files
- Enable strict TypeScript mode in all TS projects
-
Documentation Standards
- Add docstrings to all Python functions
- Add JSDoc comments to all JavaScript/TypeScript functions
-
Testing Framework
- Add pytest configuration and example tests (done: pytest config in
pyproject.toml; example tests for the shared utilities intests/run in CI) - Add Jest configuration for JavaScript/TypeScript
- Add pytest configuration and example tests (done: pytest config in
3. Educational Enhancements
3.1 New Lesson Topics
-
Security in AI Applications (Proposed Lesson 22)
- Prompt injection attacks and defenses
- API key management
- Content moderation
- Rate limiting and abuse prevention
-
Production Deployment (Proposed Lesson 23)
- Containerization with Docker
- CI/CD pipelines
- Monitoring and logging
- Cost management
-
Advanced RAG Techniques (Proposed Lesson 24)
- Hybrid search (keyword + semantic)
- Re-ranking strategies
- Multi-modal RAG
- Evaluation metrics
3.2 Existing Lesson Improvements
| Lesson | Recommended Improvement |
|---|---|
| 06 - Text Generation | Add streaming response examples |
| 07 - Chat Applications | Add conversation memory patterns |
| 08 - Search Applications | Add vector database comparison |
| 09 - Image Generation | Add image editing/variation examples |
| 11 - Function Calling | Add parallel function calling |
| 15 - RAG | Add chunking strategy comparison |
| 17 - AI Agents | Add multi-agent orchestration |
4. API Modernization
4.1 Deprecated API Patterns (Migration Completed)
All Python and TypeScript chat samples have been migrated from the Chat Completions API to the Responses API (client.responses.create(...) → response.output_text).
| Old Pattern | New Pattern | Status |
|---|---|---|
openai.api_type = "azure" / AzureOpenAI() (chat) |
OpenAI(base_url="<endpoint>/openai/v1/") (Responses API) |
Completed |
openai.ChatCompletion.create() / client.chat.completions.create() |
client.responses.create(input=...) → response.output_text |
Completed |
@azure/openai OpenAIClient.getChatCompletions() (TypeScript) |
openai package client.responses.create() → response.output_text |
Completed |
df.append() (pandas) |
pd.concat() |
Completed |
Note: Microsoft Foundry Models samples that use the
azure-ai-inference/@azure-rest/ai-inferenceSDK (client.complete()) remain on the Model Inference API, which does not support the Responses API.AzureOpenAI()is intentionally retained where still valid (embeddings and image generation).
4.2 New API Features to Demonstrate
-
Structured Outputs (OpenAI)
- JSON mode
- Function calling with strict schemas
-
Vision Capabilities
- Image analysis with GPT-4o (vision)
- Multi-modal prompts
-
Responses API Built-in Tools (supersedes the legacy Assistants API)
- Code interpreter
- File search
- Web search and custom tools
5. Infrastructure Improvements
5.1 CI/CD Enhancements
Implemented in .github/workflows/code-quality.yml: Python linting/formatting (Ruff + Black) is enforced on the maintained shared/ utilities module and runs advisory across the rest of the curriculum, plus an advisory ESLint pass for JavaScript/TypeScript. The illustrative baseline was:
# .github/workflows/code-quality.yml
name: Code Quality
on: [push, pull_request]
jobs:
python-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.10'
- run: pip install ruff black mypy
- run: ruff check .
- run: black --check .
js-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
- run: npx eslint .
5.2 Security Scanning
Implemented in .github/workflows/security.yml: CodeQL analysis for Python and JavaScript/TypeScript (on push, pull request, and a weekly schedule) plus a dependency review on pull requests. The illustrative baseline was:
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
codeql:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: javascript, python
- uses: github/codeql-action/analyze@v3
dependency-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/dependency-review-action@v4
6. Developer Experience Improvements
6.1 DevContainer Enhancements
Implemented in .devcontainer/devcontainer.json and .devcontainer/post-create.sh: the container now ships Pylance, the Black formatter, Ruff, ESLint, Prettier, and Copilot extensions, enables format-on-save wired to the repo's Black/Prettier config, and installs the developer tooling (ruff, black, mypy, pytest) so the code-quality workflow can be reproduced locally. The mcr.microsoft.com/devcontainers/universal base image already bundles Python and Node, so no extra features are required. The illustrative baseline was:
{
"name": "Generative AI for Beginners",
"image": "mcr.microsoft.com/devcontainers/universal:2",
"features": {
"ghcr.io/devcontainers/features/python:1": {
"version": "3.11"
},
"ghcr.io/devcontainers/features/node:1": {
"version": "20"
}
},
"customizations": {
"vscode": {
"extensions": [
"ms-python.python",
"ms-python.vscode-pylance",
"ms-toolsai.jupyter",
"dbaeumer.vscode-eslint",
"esbenp.prettier-vscode",
"github.copilot"
],
"settings": {
"python.formatting.provider": "black",
"editor.formatOnSave": true
}
}
},
"postCreateCommand": "pip install -e .[dev] && npm install"
}
6.2 Interactive Playground
Consider adding:
- Jupyter notebooks with pre-filled API keys (via environment)
- Gradio/Streamlit demos for visual learners
- Interactive quizzes for knowledge assessment
7. Multi-Language Support
7.1 Current Language Coverage
| Technology | Lessons Covered | Status |
|---|---|---|
| Python | All | Complete |
| TypeScript | 06-09, 11 | Partial |
| JavaScript | 06-08, 11 | Partial |
| .NET/C# | Some | Partial |
7.2 Recommended Additions
- Go - Growing in AI/ML tooling
- Rust - Performance-critical applications
- Java/Kotlin - Enterprise applications
8. Performance Optimizations
8.1 Code-Level Optimizations
-
Async/Await Patterns
- Add async examples for batch processing
- Demonstrate concurrent API calls
-
Caching Strategies
- Add embedding caching examples
- Demonstrate response caching patterns
-
Token Optimization
- Add tiktoken usage examples
- Demonstrate prompt compression techniques
8.2 Cost Optimization Examples
Add examples demonstrating:
- Model selection based on task complexity
- Prompt engineering for token efficiency
- Batch processing for bulk operations
9. Accessibility and Internationalization
9.1 Current Translation Status
All translations are complete and generated automatically by the Azure Co-op Translator, which produces and keeps 50+ language versions of the curriculum in sync with the English source. Translated content lives under translations/ and localized images under translated_images/; the full list of available languages is published at the top of the repository README.
| Aspect | Status |
|---|---|
| Translation coverage | Complete — 50+ languages, all lessons |
| Translation method | Automated via Azure Co-op Translator |
| Kept in sync with English source | Yes — regenerated automatically |
9.2 Accessibility Improvements
- Add alt text to all images
- Ensure code samples have proper syntax highlighting
- Add video transcripts for all video content
- Ensure color contrast meets WCAG guidelines
10. Implementation Priority
Phase 1: Immediate (Week 1-2)
- Fix critical security issues
- Add code quality configuration
- Create shared utilities
- Document security guidelines
Phase 2: Short-term (Week 3-4)
- Update deprecated API patterns (Chat Completions → Responses API, Python + TypeScript)
- Add type hints to all Python files (done for the maintained
shared/module; lesson samples kept simple) - Add CI/CD workflows for code quality
- Create security scanning workflow
Phase 3: Medium-term (Month 2-3)
- Add new security lesson
- Add production deployment lesson
- Improve DevContainer setup
- Add interactive demos
Phase 4: Long-term (Month 4+)
- Add advanced RAG lesson
- Expand language coverage
- Add comprehensive test suite
- Create certification program
Conclusion
This roadmap provides a structured approach to improving the Generative AI for Beginners curriculum. By addressing security concerns, modernizing APIs, and adding educational content, the course will better prepare students for real-world AI application development.
For questions or contributions, please open an issue on the GitHub repository.