jayce21-ms · jayce21-ms · Jan 23, 2026 · Jan 21, 2026 · Jan 21, 2026 · Jan 21, 2026
diff --git a/infra/modules/aks.bicep b/infra/modules/aks.bicep
@@ -0,0 +1,35 @@
+// infra/modules/aks.bicep
+param clusterName string
+param location string
+param subnetId string
+
+resource aks 'Microsoft.ContainerService/managedClusters@2024-02-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: clusterName
+    // Hardening: Disabling local accounts to force Entra ID login
+    disableLocalAccounts: true 
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        count: 2
+        vmSize: 'Standard_DS2_v2'
+        osType: 'Linux'
+        mode: 'System'
+        vnetSubnetID: subnetId // Plugs into your secure VNet
+      }
+    ]
+    networkProfile: {
+      networkPlugin: 'azure'
+      networkDataplane: 'cilium' // SME Choice: Best for security visibility
+      serviceCidr: '10.0.0.0/16'
+      dnsServiceIP: '10.0.0.10'
+    }
+  }
+}
+
+output clusterName string = aks.name
diff --git a/infra/modules/foundry.bicep b/infra/modules/foundry.bicep
@@ -0,0 +1,44 @@
+// infra/modules/foundry.bicep
+param hubName string
+param projectName string
+param location string
+param vnetId string
+param subnetId string
+
+// 1. The AI Foundry Hub (The "Management" layer)
+resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
+  name: hubName
+  location: location
+  kind: 'Hub' // Specifies this is an AI Foundry Hub
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    friendlyName: 'SME Security Research Hub'
+    vnetAllowRPCAndPublicNetworkAccess: false // TD-REC alignment: No public access
+    managedNetwork: {
+      isolationMode: 'AllowOnlyApprovedOutbound' // Prevents data exfiltration by agents
+    }
+  }
+}
+
+// 2. The AI Foundry Project (The "Execution" layer)
+resource aiProject 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
+  name: projectName
+  location: location
+  kind: 'Project'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    hubResourceId: aiHub.id // Links Project to the Hub
+    friendlyName: 'CRISP-MCP Agent Testing'
+  }
+}
+
+output hubId string = aiHub.id
+// Inside the Hub resource properties:
+managedNetwork: {
+  isolationMode: 'AllowOnlyApprovedOutbound' // This is the "Mani-level" security fix
+}
+publicNetworkAccess: 'Disabled' // This is the "Toni-level" TD compliance fix
diff --git a/infra/v2-sandbox-hardened.bicep b/infra/v2-sandbox-hardened.bicep
@@ -0,0 +1,37 @@
+targetScope = 'resourceGroup'
+
+@description('Deployment location')
+param location string = resourceGroup().location
+
+@description('AKS cluster name')
+param clusterName string = 'sme-hardened-aks'
+
+@description('Resource group where the secure VNet lives')
+param vnetResourceGroup string
+
+@description('Secure VNet name')
+param vnetName string
+
+@description('Isolated subnet name in the secure VNet')
+param subnetName string
+
+// Reference the secure VNet and subnet
+resource vnet 'Microsoft.Network/virtualNetworks@2023-11-01' existing = {
+  name: vnetName
+  scope: resourceGroup(vnetResourceGroup)
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2023-11-01' existing = {
+  name: subnetName
+  parent: vnet
+}
+
+// Reference the AKS module and pass the subnet from our secure VNet
+module aksCluster './modules/aks.bicep' = {
+  name: 'aksDeployment'
+  params: {
+    clusterName: clusterName
+    location: location
+    subnetId: subnet.id // Direct link to our isolated subnet
+  }
+}