feat: Deployment Guard recipe, lab, and blog post

[dm-chelupati]

New Recipe: law-dynatrace-httptrigger

SRE Agent with LAW + Dynatrace MCP connectors, GitHub repo, HTTP trigger, and deployment guard — the PR review pattern.

Component	Details
Skills	deployment-guard-analysis (9-step PR analysis), investigate-app-errors
Subagents	deployment-guard, error-investigator
HTTP Trigger	pr-deployment-guard (receives GitHub PR webhooks via Logic App bridge)
Connectors	Log Analytics, Dynatrace MCP
Hooks	deny-prod-deletes, require-approval-for-restarts
Common Prompts	investigation-guidelines, safety-rules

Tested

• new-agent.sh generation ✅
• deploy.sh --dry-run ✅
• deploy.sh live deploy ✅ (swedencentral)
• API verification: all components deployed correctly ✅
• Webhook flow: GitHub Actions → Logic App → agent HTTP trigger → thread created ✅
• Agent analysis: cloned repo, read diff, identified DATABASE_URL rename ✅
• clone-agent.sh export: full round-trip ✅

New Lab: deployment-guard

End-to-end walkthrough using contoso-trading:

• Step 0: Deploy sample app (prod + staging)
• Step 1: Deploy agent with recipe
• Step 2-3: Wire webhook + GitHub secret
• Step 4: Test with risky PR (DATABASE_URL rename)
• Demo script, prereqs check, setup automation

Blog Post

labs/deployment-guard/docs/blog-shift-left-deployment-guard.md
"Shift Left with Azure SRE Agent: An Agent That Guards Every PR"

Bug Fix

new-agent.sh: macOS paste -sd, → paste -s -d, - (fixes all recipes with comma-separated targetRGs on macOS)