agentskills.codes
CI

citadel-governance-hub

Layout, conventions, and key files of the Citadel Governance Hub (citadel-v1 branch of ai-hub-gateway-solution-accelerator).

Install

mkdir -p .claude/skills/citadel-governance-hub && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15861" && unzip -o skill.zip -d .claude/skills/citadel-governance-hub && rm skill.zip

Installs to .claude/skills/citadel-governance-hub

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Layout, conventions, and key files of the Citadel Governance Hub (citadel-v1 branch of ai-hub-gateway-solution-accelerator).
124 charsno explicit “when” trigger

About this skill

Citadel Governance Hub

Upstream: Azure-Samples/ai-hub-gateway-solution-accelerator@citadel-v1. Branch is ~251 commits ahead of main and rebranded "Citadel Governance Hub". Always reference citadel-v1, never main.

Bootstrap

azd init --template Azure-Samples/ai-hub-gateway-solution-accelerator \
         -e citadel-budgets-dev \
         --branch citadel-v1

Key paths

PathWhat it is
bicep/infra/IaC root (NOT infra/)
bicep/infra/main.bicepTop-level orchestrator
bicep/infra/modules/apim/apim.bicepAPIM service + fragment registration block
bicep/infra/modules/apim/apis/API definitions (Unified AI Wildcard lives here)
bicep/infra/modules/apim/policies/Reusable XML fragments
bicep/infra/citadel-access-contracts/citadel-tiers/Tier contracts
bicep/infra/citadel-access-contracts/user-overrides/Per-user contract overlays
bicep/infra/citadel-access-contracts/_shared/budget-seed.bicepDeployment-script seeder
src/usage-ingestion-logicapp/Logic App workflow JSON (ingestion target)
validation/citadel-jwt-authentication-tests.ipynbJWT acceptance harness

Reusable APIM fragments (already in upstream)

  • frag-aad-auth.xml — Entra JWT validation pattern.
  • frag-ai-usage.xml — non-streaming usage emission to Event Hub.
  • frag-openai-usage-streaming.xml — SSE streaming usage capture.

Existing Cosmos containers (do not change PKs)

  • ai-usage-container — PK /productName
  • model-pricing
  • pii-usage-container
  • streaming-export-config

What Citadel adds (this fork)

  • Anthropic surface (POST /v1/messages + SSE).
  • Pass-through Entra JWT (D1).
  • Hybrid tier + per-user × per-model budgets (D2).
  • Cosmos containers: ai-usage-monthly, budgets, user-tier.
  • Soft + hard budget enforcement with adminOverride bypass.
  • PBIX schema extension (no Fabric in POC).

Search skills

Search the agent skills registry