Improve CLI Command Separation and Developer-to-Admin Handover Instructions #143
Description
Review the current a365 CLI commands and documentation to provide a clearer separation between developer and admin responsibilities. The CLI should:
Check the user’s roles and perform only the steps allowed for that role.
Print out the next steps in the a365 setup and a365 publish outputs, so developers know what actions require admin intervention and what can be performed next.
Current role requirements:
a365 setup all:
Azure infrastructure (resource group, plan, web app, MSI) → Requires subscription rights (Owner/Contributor), no Agent ID roles needed
Blueprint creation (CreateAgentBlueprintAsync in A365SetupRunner) → Agent ID Developer
Permissions/identity wiring (MCP OAuth2 grants, inheritable permissions) → Global Admin
Messaging Bot API OAuth2 grant + inheritable permissions with admin consent → Global Admin
a365 publish:
Local manifest updates & packaging → Agent ID Developer
MOS Titles upload + allow-all-users → Global Admin
Graph publish steps (FIC + app role) → Global Admin
Update instructions so developers can hand over necessary steps to admins efficiently and resume tasks after admin actions.