Claude IT Support Agent — End-to-End System Workflow

Runtime request flow  ·  Application internals  ·  Deployment pipeline  ·  Host: claude-it-agent.whitestone-6cbe99bc.eastus.azurecontainerapps.io
Owner: Manuel Tucker
Version 1.0
Repo: losangeleno/claude-it-agent
// RUNTIME REQUEST FLOW
End User
Browser / mobile
Any device, any network
Bitly Short Link
bit.ly/mt-it-agent
302 redirect → Azure FQDN
Azure Ingress
HTTPS · TLS 1.2+
Envoy front / Container Apps
Container App
claude-it-agent
Replicas: 1-N (auto) · East US
app.js Handler
Node.js raw http server
listen PORT (8080)
Rate Limiter
Per-IP sliding window
in-memory Map (dropped if exceeded ~429)
Route Dispatcher
HTML page / JSON stream
back to user's browser
// ROUTES
GET /
DEMO_HTML (landing)
Public, no gate
GET /chat
Gate + access code check
CHAT_HTML (full UI)
GET /public
PUBLIC_HTML
Demo-only, no gate
GET /health
200 OK · probe target
for Container App liveness
GET /workflow
This diagram
System architecture
POST /api/chat
JSON body: {message, level}
Streams Claude response back
Static (inlined)
CSS + JS embedded
in HTML templates
// AI PROCESSING
L1–L4 Tier Selector
window.currentLevel (pill buttons)
L1: helpdesk · L2: support
L3: engineer · L4: senior/architect
Prompt Builder
System prompt (tier-specific)
+ User message
+ KB context (if search_kb hit)
IT Knowledge Base
SharePoint site (read-only)
claudeitagent.sharepoint.com
/sites/ITKnowledgeBase
Runbooks · FAQs · Scripts
Anthropic Claude API
POST /v1/messages
Model: claude-sonnet / opus
Bearer ANTHROPIC_API_KEY
stream: true
Stream to Client
Server-Sent Events / chunked
JS updates bubble in DOM
Markdown → live in chat
User sees answer
Rendered in /chat or /public
Tier badge shown (L1–L4)
Can ask follow-up or reset
// APPLICATION INTERNALS
HTML Template Chain
DEMO_HTML (source of truth)
.replace() → gate + code
CHAT_HTML
.replace() → Claude API call
PUBLIC_HTML
one edit propagates everywhere
Rate Limiter
Map<ip, number[]>
Sliding window (e.g. 60s)
Prune old timestamps
Count ≥ limit → 429
Per-replica (not shared)
lost on restart — ok for demo
Access Gate (/chat)
First visit → gate page
POST code → compare env var
Set cookie (session)
Subsequent → CHAT_HTML
Mismatch → gate reshown
light auth — not enterprise SSO
L1–L4 Tier Prompts
L1: Helpdesk (concise, script-ready)
L2: Support (step-by-step, logs)
L3: Engineer (root cause, CLI)
L4: Senior/Architect (design, trade-offs)
UI pill buttons → system prompt swap
same model, different persona
Config & Secrets
ANTHROPIC_API_KEY (secret)
ACCESS_CODE (secret)
MODEL (env var, e.g. sonnet)
PORT (env var, default 8080)
Rate limit values (constants)
set via Azure Portal secrets
Observability
console.log → stdout
Container App log stream
Log Analytics workspace
/health probe → revision health
Azure Monitor alert rule (opt.)
Short Links & URLs
fetch('/api/chat', ...)
ReadableStream → chunks
addBubble() renders tokens
Level pills set currentLevel
resetChat() clears transcript
all JS inline in HTML string
// DEPLOYMENT PIPELINE
Developer Edit
C:\repo\app.js
Local code saved
(no git push required)
DEPLOY-NOW.bat
Double-click from repo
cd /0 %-dp0
calls deploy.ps1
deploy.ps1
PowerShell (bypass)
Az CLI orchestration
5 numbered steps
[1/5] az CLI
Verify 'az' on PATH
Az CLI orchestration
if missing → wget install
prompt restart + rerun
[2/5] Login check
az account show
if not logged in → az login
(browser OAuth)
[3/5] Find ACR
az containerapp show
extract registry image
from local repo/ → latest
ca1e789bcd8car.azurecr.io
[4/5] ACR Build
az acr build (remote)
--image ...latest
new revision created
[5/5] Update App
az containerapp update
--image ...latest
new revision created
Success
Wait ~30-60s
Refresh /chat or /public
New code is live
Azure Container Registry
ca1e789bcd8car.azurecr.io
Image: claude-it-agent:latest
Built remotely (no local Docker)
Storage: Azure-managed
New Revision
Container App revision N+1
Pull image from ACR
Start replicas → warm up
/health must return 200
Traffic Shift
Default 100% → latest revision
Old revision drains connections
Old revision can be kept
for instant rollback
Ingress Serves New
HTTPS FQDN unchanged
User refresh → new HTML/JS
Hard refresh (Ctrl+F5) if
browser cached old assets
Verify
Smoke: / /chat /public /health
Check welcome text + New button
Log stream for errors
Rate limiter behavior
Rollback path
Azure Portal → Revisions
Set 100% traffic → previous
Or: az containerapp update
--image ...<prev-tag>
GitHub repo
losangeleno/claude-it-agent
az acr build uses local . as context
Node base image + copy app.js
NOT used by the deploy pipeline
Dockerfile / build context
az acr build uses local . as context
Node base image + copy app.js
minReplicas / maxReplicas (set cap)
Scales on HTTP concurrency
Resource group / scale
RG: claude-it-agent-rg
minReplicas / maxReplicas (set cap)
Scales on HTTP concurrency
Secrets management
Azure Portal → Container App → Secrets
Env vars reference secrets
Key rotation via Portal update
Monitoring / alerts
Azure Monitor alert rule on 5xx rate
Log stream for real-time debug
Optional: Application Insights SDK
Manual / admin tasks
Set maxReplicas cap (Portal → Scale)
Create Monitor alert rule (Portal → Alerts)
+ Rotate ACCESS_CODE / ANTHROPIC_API_KEY periodically
Legend:   ■ Azure infrastructure   ■ Application logic (app.js / Node)   ■ Deployment step   ■ External service (Claude API, SharePoint, Bitly)   ■ User or neutral node   ■ Rollback / failure path
Diagram v1.0 · Claude IT Support Agent · claude-it-agent.whitestone-6cbe99bc.eastus.azurecontainerapps.io