Basewiser - portal setup package
================================

This deploys the Basewiser portal into YOUR OWN Azure tenant. Everything runs
under your account and subscription; nothing runs on Basewiser's servers, and
your tenant data never leaves your environment.

What this script does
  - Runs entirely under YOUR Azure login, in the subscription you choose. It
    holds no standing access to your tenant afterwards.
  - Checks prerequisites (PowerShell 7+, Azure CLI, Az modules) and signs you
    in if needed.
  - Prompts for your Basewiser license key and the subdomain you want.
  - Creates a resource group, storage, a backend Function App, and the portal
    (an Azure Container App) in your subscription.
  - Pulls the Basewiser app images from the public GitHub Container Registry
    (ghcr.io/basewiser/*). No private credentials required.
  - Gates both apps behind YOUR Entra ID sign-in, so only your organisation's
    users can reach the portal.
  - Calls basewiser-central for ONE thing: to create the DNS records for
    <yourname>.basewiser.com. It sends only your subdomain and the Azure
    hostnames to point at - never your tenant or security data.
  - Validates your license key against Keygen to authorise the subdomain.

What it never does
  - It never sends your tenant data, users, or security findings to Basewiser.
    Those stay inside your Azure environment; we never see them.
  - It installs nothing outside your own Azure subscription.

Contents
  setup.ps1        The setup script - self-contained and human-readable.
  README.txt       This file.

How to run
  1. Open Azure Cloud Shell (https://shell.azure.com) in PowerShell, OR a local
     PowerShell 7+ signed in to your Azure subscription (az login).
  2. Run:  ./setup.ps1
  3. Paste your Basewiser license key when prompted, then choose your subdomain.
  4. Your portal comes up at <yourname>.basewiser.com within a few minutes.

Questions: contact@basewiser.com
