feat(az): add Azure CLI filter support (pipelines, devops, account)

[lucachitayat]

Scope

Add token-optimized output filters for Azure CLI (az) commands. RTK supports aws but had no Azure equivalent — this adds the same pattern for az.

Closes #1208

Implementation

Follows the exact architecture of aws_cmd.rs: CLI enum registration, rewrite rule in rules.rs, and a new az_cmd.rs handler in src/cmds/cloud/.

Specialized filters (5 handlers):

• az pipelines build list — compact one-liner per build with id, buildNumber, pipeline, result, branch, reason, date
• az pipelines build show — multi-line build card with branch, commit SHA, reason, requester, chrono-computed duration
• az devops invoke --resource timeline — all tasks with durations; failed tasks show errorCount, warningCount, and first issue message
• az devops invoke --resource logs — strips timestamps, tails last 50 lines
• az account get-access-token — masks JWT (10-char prefix only), shows subscription/tenant/expiry metadata

Generic fallback — forces --output json and applies json_cmd::filter_json_string() for any unhandled az subcommand.

Hardening Pass (post-review)

5 bugs fixed, 1 security issue resolved, 3 filters enriched, 14 tests added:

Fix	What
--output= detection	Equals syntax (--output=table) was not detected, causing duplicate flag injection
Double stderr	run_az_json and callers both printed stderr on error — now prints once
Exit code propagation	Success path always returned 0 — now propagates real exit code
JWT masking	Full access token was sent to LLM context — now shows Bearer [eyJ0eXAiOi...] prefix only
Text runner tee	run_az_text_filtered wasn't combining stdout+stderr for tee recovery
lazy_static placement	TIMESTAMP_RE moved from function body to module level per convention

Real-world test results (production Azure DevOps)

Command	Raw	Filtered	Savings
az pipelines build list --top 5	35,394 chars	554 chars	98.5%
az pipelines build show --id 295493	6,741 chars	194 chars	97.2%
az devops invoke --resource timeline (57 tasks)	81,861 chars	2,449 chars	97.1%
az account get-access-token	2,534 chars	133 chars	94.8%

Example filtered output — build show:

FAIL build 295493 | myapp-yaml #2026.0410.23-pr-1509-5-4-mini
  branch: 8347/merge | commit: 1efef02
  reason: pullRequest | by: GitHub
  started: 2026-04-11 | finished: 2026-04-11 (18m)

Example filtered output — timeline (truncated):

FAIL timeline: 5 failed of 57 tasks
  ok Build Tools (Stage) 3m42s
  FAIL Run Integration Tests (Task) logId:107 2err 1warn 2m13s
    > Free disk space on / is lower than 5%; Currently used: 98.01%
  FAIL Build (Linux) (Job) logId:117 16m40s

Notable Changes

• src/cmds/cloud/az_cmd.rs — 1,501 lines. Core filter logic + 25 unit tests (5 token savings, 9 edge cases, 11 functional).
• src/main.rs — Az variant added to Commands enum + dispatch.
• src/discover/rules.rs — Rewrite rule for ^az\s+ with per-subcommand savings estimates.

[CLAassistant]

All committers have signed the CLA.

[lucachitayat]

Hey @aeppling — the CI workflow is stuck at action_required (awaiting first-run approval from a maintainer before any jobs execute). Could you approve the CI run when you get a chance?

👉 https://github.com/rtk-ai/rtk/actions/runs/24272093000

Thanks!