Prompts for common GraphWarden integration tasks
Copy-paste prompts for AI coding assistants covering the most common GraphWarden integration tasks: migrating a .NET or PowerShell app, adding GraphWarden support to a SaaS product, routing CI/CD pipelines, and building rulesets. Each prompt references https://graphwarden.com/llms.txt so the agent pulls current documentation.
Prerequisites
Migrate a .NET application
Paste this prompt into your assistant when you have an existing .NET application that calls Microsoft Graph directly and you want to route it through GraphWarden without rewriting the Graph SDK calls.
Migrate a .NET application
Migrate my existing .NET application from direct Microsoft Graph API calls to use GraphWarden as a proxy.
My app currently uses ClientSecretCredential with https://graph.microsoft.com.
I need to:
1. Change the base URL to my GraphWarden proxy URL
2. Replace real Graph credentials with GraphWarden proxy credentials
3. Preserve all existing Graph SDK calls unchanged
4. Add error handling for GraphWarden-specific responses (401 invalid proxy credentials, 403 ruleset denial)
Reference documentation: https://graphwarden.com/llms.txt
Ask me for:
- My GraphWarden proxy URL
- My proxy client_id and proxy client_secret
- Which Graph endpoints and scopes my app uses today
Reference: llms.txt
Route a PowerShell script
Use this prompt when you have a PowerShell script that calls Connect-MgGraph with client-credential auth and you want every cmdlet in the script to flow through the GraphWarden proxy.
Route a PowerShell script
Route my PowerShell script using Connect-MgGraph through GraphWarden.
My script currently calls Connect-MgGraph with client-credential auth against https://graph.microsoft.com.
I need:
1. The tested pattern to acquire a token from the GraphWarden proxy's token endpoint
2. A Connect-MgGraph invocation that uses that token against the proxy as the Graph endpoint
3. A sanity check that Get-MgContext confirms the endpoint is the proxy
Reference documentation: https://graphwarden.com/llms.txt
Ask me for my proxy URL and proxy credentials.
Reference: llms.txt
Add GraphWarden support to a SaaS product
Run this prompt when you ship a SaaS product that calls Microsoft Graph on behalf of your customers and you want to let enterprise customers route that traffic through their GraphWarden deployment.
Add GraphWarden support to a SaaS product
Add GraphWarden compatibility to my SaaS product that uses Microsoft Graph.
Compatibility means my product reads the Graph base URL and credentials from customer configuration instead of hardcoding https://graph.microsoft.com.
I need:
1. Identification of every Graph reference in my codebase that needs to be externalized
2. A configuration surface change (env vars, admin UI settings, or similar)
3. A compatibility statement template for my customer-facing documentation
Reference documentation: https://graphwarden.com/llms.txt
Ask me for my product's primary language/framework and paste the Graph initialization code.
Reference: llms.txt
Integrate GraphWarden into an Azure DevOps pipeline
Use this prompt when you want a CI/CD smoke test that verifies your GraphWarden proxy is reachable from an Azure DevOps pipeline before promoting a build.
Integrate GraphWarden into an Azure DevOps pipeline
Add a GraphWarden smoke test to my existing Azure DevOps YAML pipeline.
I want a pipeline stage that:
1. Acquires a token from my GraphWarden proxy's /oauth2/v2.0/token endpoint
2. Fails the build if token acquisition fails
3. Uses variable-group-backed secrets (not inline values)
Reference documentation: https://graphwarden.com/llms.txt
Ask me for my existing azure-pipelines.yml and whether my variable group is already configured.
Reference: llms.txt
Generate a ruleset from a natural-language description
Use this prompt when you know what the rule should do in plain English and you need the equivalent GraphWarden YAML — for example, a ruleset that whitelists specific properties for a specific security group and denies write operations.
Generate a ruleset from a natural-language description
Generate a GraphWarden YAML ruleset that allows reading users (displayName, mail only) from a specific security group and denies all write operations.
Reference documentation: https://graphwarden.com/llms.txt
Ask me for:
- The Azure AD security group UUID that should be allowed to read users
- Which Graph endpoints the ruleset should deny write operations on
- Whether the ruleset should log denied attempts or silently block them
Reference: llms.txt
Troubleshooting
The agent ignores my prompt and answers from training data
Prepend the prompt with a line that forces a fetch: "Before answering, fetch https://graphwarden.com/llms.txt and the specific pages it links to." Agents that do not fetch URLs cannot reach current docs; in that case, paste the relevant page text directly into the prompt instead.
The agent keeps asking the same clarifying question
The prompt lists the values the agent needs to ask for. If the agent loops on a value you already provided, re-state the answer verbatim and confirm the agent has it: "My proxy URL is https://proxy.example.com. Acknowledge this value and proceed with the next step."
The generated code is missing error handling for ruleset denials
The base prompts request handling for 401 (credential issues) and 403 (ruleset denial). If the agent skipped it, append: "Surface 403 responses to the end user with the matched ruleId from the response body. Reference: /docs/isv/compatibility-guide."
Last reviewed: