Tuesday, April 22, 2025

SPExAI Report Builder: A Winning Sitecore Hackathon Module

The results of the 2025 Sitecore Hackathon are in...

Look what I got! 😭👇

It's a really decent piece of hardware!

I'm super proud of this accomplishment, given that I was pushing into delirium territory near the end of the event, having been up for 32 hours straight and all...running on mostly caffeine and adrenaline to get it done. 

Here's a snapshot of my real-time X updates throughout the event:



Sitecore Hackathon?

It's a virtual community-driven event where teams worldwide (52 teams across 13 countries this year) compete to build the most impactful Sitecore module given a set of categories (e.g., "Best use of AI" or "Best tool for XM Cloud") within a strict 24-hour timeframe.

Typically, the event is held in late February / early March, with teams registering roughly 4-6 weeks in advance. Submissions are then judged by a panel of long-time Sitecore MVPs and community members who review each completed entry, test the functionality, and collectively pick a winner.  

Submission Requirements are clearly laid out in the GitHub repository to which each team is assigned:

Winner Benefits

  • 🗣 Name recognition across Sitecore's official channels; the winning team is announced officially at SUGCON Europe and highlighted in the MVP community.
  • 🛒 $150 Amazon Gift Card (per team member)
  • 🏆 A customized Hackathon trophy

My Past Hackathons

Wasn't my first rodeo! 🤠
Here's a rundown of my past Sitecore Hackathon participations:

The name "Sitecorepunk 2077" is a not-so-subtle reference to
the 2020 video game Cyberpunk 2077 (which, admittedly,
I've barely played, but I liked the play-on-words when I came up with it).

I kinda love that I'm a 2x Sitecore Hackathon winner now 😅


The Idea

This year, instead of multiple categories (and multiple winners), the organizer's idea prompt was simply:

"Free for all — you can create your own idea for the Hackathon solution. Show us what you got!" 

It was a huge opportunity to build without barriers, with one winning team to take it all. I've been waiting for an opportunity to bring this idea I've been mulling over in my head for months to life, and this was it. 

Problem Statement

The biggest hurdle for analyzing content and creating reports in Sitecore PowerShell Extensions (SPE) has always been the technical skill needed (PowerShell scripting/syntax + SPE-specific commandlets).  

You'd need to train up; learn how to query items using Get-Item and Get-ChildItem commands, declare an array object to store results, utilize for loops and if conditions, etc.  

And if PowerShell scripting isn't your thing, well...


In the age of generative AI though, this technical skills barrier can be dramatically lifted for non-technical Sitecore authors and admin, and/or drastically reduce the turnaround time for developers tasked with writing custom PowerShell reports.



Enter: SPExAI Report Builder

What is it?

SPExAI Report Builder is an installable Sitecore PowerShell Extensions module that allows users to describe their Sitecore report in natural language, which in turn generates a complete and reusable SPE script:

  • 🧠💻 Type your prompt
  • 📜💾 Generate a PowerShell script and save it
  • 🛠️🚀 Run it or modify it

"SPExAI" stands for Sitecore PowerShell Extension x Artificial Intelligence, which combines the power of SPE with modern LLM tech. 

Compatibility

SPExAI Report Builder works with Sitecore 10.x or later.  I tested on Sitecore 10.0, 10.3, and 10.4 during the event, but I'm pretty confident that it would also work with other versions, too.

I didn't get a chance to test this on XM Cloud, but given SPE's flexibility, it is likely compatible.


How about a quick demo?

Say you need to audit template usage across the content tree.

When activating SPExAI from the ribbon, a dialog appears where you set a title, select the root context for the report, and provide a description.

"Report of all templates (ID, Name, Path) and their usage count."



SPExAI generates this clean, complete, and reusable script, which is stored in a dedicated part of the content tree:

Running the generated script without any modifications (which, on its own, included an option to select a root context, making it easily reusable against different parts of the tree) provides an accurate result set!



Another demo!

"Report of all renderings (ID, Name, Path) and their usage count under a selected content root."

SPExAI again generates a clean, complete, and reusable script, stored again using the name provided:

Running the generated script confirms that the script has been correctly generated and provides expected results.  



What's truly amazing is that we can generate 75-100 lines of working PowerShell code in seconds.

The code is appropriately structured, cohesive, error-free, and ready to be run immediately—no developer needed!



How SPExAI Works (Under the Hood)

API Settings

Before anything runs, the module looks for a specific Sitecore item:
/sitecore/system/Modules/PowerShell/Script Library/SPExAI Report Generator/API Settings:

There are four required fields:
  • API Keyyour OpenAI secret key

  • Model – the ID of the OpenAI model to use (e.g. o3-mini-2025-01-31)

  • Knowledgebase – a markdown-formatted reference block full of Sitecore PowerShell examples, documentation, best practices, etc.  

  • System Prompt – the instruction template that tells the model exactly how to behave, respond, etc. 


The module will abort early if any of these are missing.

Model Selection

During development, I tried a few different OpenAI models. The one that gave me the most consistent, one-shot responses was o3-mini-2025-01-31.

If you want to try a different OpenAI model later, simply update the Model field with the name; no code changes are required. (Expanding beyond OpenAI to Anthropic Claude or Google Gemini is also possible as part of a potential future v2.)

The Knowledgebase

This field contains raw reference material to guide the AI's responses. Think of it as an internal code cookbook, mostly pulled from the official SPE documentation and a compiled generic collection of snippets from my private repository of PowerShell scripts.

It includes sample report formats, SPE-specific syntax, and usage patterns that the model should stick to when replicating and generating new reports.

Looks like this:

The System Prompt

This is the master instruction set. Essentially, "You are a Sitecore PowerShell assistant...you do this, this, and that..." with additional specific constraints and formatting rules.

It includes a {0} token that the Knowledgebase content replaces.

Check it out:


A good chunk of the hackathon effort was spent refining the directives that the model should abide by. With every test run, I found myself adding to the list of rules. 

Getting the model to stick to the directives was...challenging to say the least (one-shot prompting definitely has its limitations depending on the model).  

Finding the right combination of rules for the model to consider was tricky, and I'm sure both the base system prompt and the knowledge base content could use even further refinement beyond what I could get done before the deadline.  Either way, I feel like I struck a solid balance for v1.

The good news is that the module was built to easily modify the system prompt in the configuration item without touching the underlying code, hypothetically allowing you to continuously improve the final output. 

UX Flow

SPExAI provides a new button in the Sitecore Ribbon. When clicked, this button surfaces a dialog window for the user's input.  



Users fill out the Report Name, set the Report Scope (tree selector), and the Describe your Report fields.  

It takes only a few seconds for the script to be generated.  

Users are then presented with the following options:



SPExAI Code Breakdown

Here's how the pieces come together behind the scenes:

1. Load the API Settings

The script set the four field values into variables.


2. Present a dialog for user input

The user's inputs from the dialog (report name, scope, description) are stored as global variables.


3. Variable validation

Validate that variables, like the script name, are valid and don't already exist in the saved script location.

4. Invoke the custom `Invoke-OpenAIChat` function

Invoke-OpenAIChat sends a custom one-shot prompt (including merging system instructions, knowledgebase, and user input) to OpenAI’s Chat Completion API and returns the generated response.

5. Save the script to the tree

Upon successful script generation, the module saves all generated scripts under a dedicated folder:  /sitecore/system/Modules/PowerShell/Script Library/SPExAI Report Generator/Content Reports/Reports/SPExAI Generated

6. Open, Run, or Close Dialog
After saving the script item, the module presents a modal dialog with its three choices:

1. Open Script Item – jumps to the new item in the Content Editor
2. Run Report – immediately executes the report using Invoke-Script
3. Close – exits with no action



Video Demo

As part of the entry, a video demo is required. You can check it out here:



Some Final Thoughts

If you haven’t seen it, fellow long-time MVP Rodrigo Peplau compiled a list of this year's submissions - all worth checking out. 

The quality of entries this year made it hard to predict how things would shake out. Winning was unexpected, but also an absolute honor.

Bummed I couldn't be at SUGCON EU to accept the award in person, but luckily the announcement was recorded. 😀  I will cherish this screenshot for all time:


Each year I've participated (whether on a team or solo), I've come away with valuable hackathon experience and a solid module, or at least the beginnings of one, that I could share and expand on further. I've always enjoyed the satisfaction of shipping something interesting and useful to others under competitive pressure. 

If you’re considering participating next year, I highly encourage it.  About 20% of the teams are solo, but it's not for everyone.  I recommend grouping up with others, especially if it's your first Hackathon. 

It’s a great way to push yourself, learn something new, make connections, and contribute to the spirit of the Sitecore community.

Keep on hackin'! 👨‍💻

Thursday, April 17, 2025

Sitecore Container Prerequisites Script Updates



Heads up!  I’ve made some recent updates to the open source Sitecore Container Prerequisites script to keep things aligned with the latest Sitecore versions and development environments.

What’s new:

  • ✅ Added support for Sitecore 10.3.2 and 10.4.0

  • 🖥️ Improved OS compatibility checks for Windows 10 and 11

  • 📄 Refined the README with clearer instructions for installation, usage, and contributing

  • 🔗 Updated package download links and references to current installation guides

Sitecore Container Prerequisites script remains a helpful utility for preparing your Windows machine to run Sitecore containerized environments smoothly. 

Feedback and contributions are always welcome!

📍 View the GitHub repo

Saturday, March 22, 2025

Using Sitecore Indexes in PowerShell-Driven Multilist Datasources


If you didn't know, you can point a Sitecore field's datasource to a PowerShell script. It's a super clean way to make dynamic picklists, filtering based on the current item, tags, templates, relationships, you name it.

But if you're pulling a large set of items, you really want to use the search index.

That's where things get weird.

The Find-Item command gives you fast results… but they aren't real Sitecore items. They're search result objects; great for speed, not so great for populating a multilist. Sitecore expects actual items, and when it doesn't get them, your field ends up looking empty.

Luckly, you don't have to abandon the approach completely. The fix is actually a pretty straightforward.


Some Context

For context, you can set the datasource for a multilist to be driven via a script in SPE like this:

In the script definition itself, you can write PowerShell to obtain some set of items from the tree. The resulting list is what shows as applicable for selection on the field.

In theory, you should be able to also utilize the Find-Item commandlet to obtain a list of items from the index. In my case was necessary due the performance implications of running a Get-ChildItem against a massive subtree.

First attempt looked something like this:

So far, so good. You get back a list of items. Or do you?


The Catch

The objects in the $list variable returned by Find-Item are not Sitecore items. They're dynamic search result objects that look like items, walk like items, but won't work in your multilist unless they quack like items.

If you try to return them as-is from your script, you'll find that, even if items were found in the index, the multilist fails to render the items for selection.

The fix? Pretty simple actuallu: Transform the search results back into legit Sitecore items.

Put it all together and you're golden

Now your multilist knows what to do. The search is lightning fast thanks to the index, and authors can pick from relevant matches without sifting through the entire tree.


Why This Matters

This pattern shines when you're working with large content trees or complex tagging structures where traditional item traversal would be painfully slow. By using the index, you're offloading the heavy lifting to Solr, gaining serious performance without sacrificing editor experience.

But more importantly, it calls out a subtle, easy-to-miss SPE gotcha: not all objects returned from PowerShell helpers are Sitecore items. If you're using Find-Item, you'll almost always need a second pass to resolve those results into actual items before they'll work in a field context.

Fail to do that, and you might spend hours wondering why your multilist is coming up empty, despite the index finding exactly what you wanted.

Happy datasourcing! 🚀

Friday, February 28, 2025

Sitecore Security: Are These 2023 CVEs Still a Risk?


Security in Sitecore is always evolving, and if you're not keeping an eye on the latest CVEs, you might find yourself on the wrong end of a security bulletin scramble.

Recently, a set of CVEs related to Sitecore PageDesigner have resurfaced with an increased severity rating from NIST (National Institute of Standards and Technology, the U.S. agency responsible for maintaining the National Vulnerability Database and setting cybersecurity standards), prompting the question:

Are these vulnerabilities already covered in Sitecore's official security bulletin SC2024-001-619349?

The short answer: not entirely. But let's break it down.

The CVEs in Question

Back in March 2023, security researchers uncovered a set of zero-day vulnerabilities in Sitecore PageDesigner that could allow attackers to exploit weaknesses in how Sitecore handles file paths and serialized data.

These vulnerabilities were later classified under three CVE (Common Vulnerabilities and Exposures) IDs:

  • CVE-2023-27066 - Directory Traversal: Allows authenticated attackers to download arbitrary files via UrlHandle.

  • CVE-2023-27067 - Directory Traversal: Allows remote attackers to download arbitrary files via a crafted request to download.aspx.

  • CVE-2023-27068 - Deserialization of Untrusted Data: Enables remote attackers to execute arbitrary code through ValidationResult.aspx

How These Vulnerabilities Work

The original Sitecore PageDesigner flaws were discovered in how Sitecore handled URL parameters and session values within specific backend pages. Here’s a breakdown of the two primary attack vectors:

First: Directory Traversal (CVE-2023-27066 & CVE-2023-27067)
The download.aspx page in Sitecore allowed attackers to manipulate file paths using ../ sequences, potentially granting access to sensitive files like web.config.

Normally, Sitecore prevents direct user input in these cases.

However, a flaw in Sitecore’s internal UrlHandle mechanism made it possible for an attacker to forge requests that bypassed these protections.

Second: Insecure Deserialization (CVE-2023-27068)

Sitecore PageDesigner’s session handling stored data in an unprotected format, allowing an attacker to inject malicious serialized objects.

This vulnerability could lead to remote code execution (RCE) if exploited correctly, making it the most severe issue among the three.

Why These CVEs Matter Now

At the time of discovery, the recommended fix was to upgrade to Sitecore 10.3.0 rev. 008463 or later. However, as of January 28, 2025, the severity rankings for these three CVEs has been increased.


Sitecore’s Response

After reaching out to Sitecore Support, I got clarification specifically regarding CVE-2023-27067:

CVE-2023-27067 is related to bug #390129, which was fixed in Sitecore 10.3.

Sitecore classifies this issue as low priority because it requires an authenticated user to exploit, meaning there is no risk of an anonymous attack.

This CVE is NOT included in Security Bulletin SC2024-001-619349 (KB1003408).

So, while CVE-2023-27067 is real, Sitecore does not consider it critical enough to be included in an official security bulletin.



Workarounds & Mitigation

If upgrading to Sitecore 10.3 isn't an immediate option, Sitecore provides a simple workaround:

🔧 Delete the following file:

  • /sitecore/shell/Applications/Layouts/PageDesigner/PageDesigner.xaml.xml

This file is tied to a deprecated layout editor (used for editing ASPX markup), and removing it does not impact any core Sitecore functionality.

For those running older Sitecore versions <10.3, this is a quick and effective way to mitigate risk until an upgrade is possible.


Final Thoughts

It’s easy to assume that a security bulletin will cover every vulnerability, but in this case, SC2024-001-619349 (KB1003408) does NOT include CVE-2023-27067. However, the issue was addressed in Sitecore 10.3, and for those who haven’t upgraded yet, removing a single deprecated file provides an immediate workaround.

If you haven't yet, check your environment, apply the necessary mitigation, and as always, stay on top of those Sitecore security bulletin updates!


Happy securing! 🔐


Wednesday, November 20, 2024

Sitecore CDP Certification Practice Exams: A Free Study Companion

Earlier this year, I introduced the Sitecore XM Cloud Developer Certification Practice Exams app, a free resource that seemed to resonate well with the Sitecore developer community. The community's feedback online and offline during the 2024 Sitecore Symposium has been inspiring, and I’m excited to build on that momentum.

Today, I’m proud to unveil the Sitecore CDP Developer Certification Practice Exams app — another cost-free resource to help you confidently prepare for certification and excel as a Sitecore professional.


Expanding Access to Certification Prep

The Sitecore CDP Developer Certification Practice Exams app shares the same goal as its XM Cloud counterpart: providing high-quality, no-cost tools to prepare developers for their certification journeys. By simulating the exam environment and focusing on critical knowledge areas, these tools remove the financial and logistical barriers that often come with traditional study materials.

Features That Mirror the XM Cloud App Success

Authentic Exam Experience: Just like the XM Cloud app, this new tool features randomized 30-question exams and a 60-minute timer to simulate real CDP exam testing conditions.

Competency-Focused Questions: Drawn directly from Sitecore’s documentation, the questions hone your understanding of CDP-specific concepts like architecture, real-time decisioning, data ingestion, and privacy compliance.

Time Management Training: With a timer to mimic the real exam, you’ll develop the pacing skills necessary for success.

Whether you’re familiar with the XM Cloud app or just discovering these resources, you’ll find the CDP version equally intuitive and impactful.

If you're already familiar with the XM Cloud Practice Exams app, you'll find familiarity in the Sitecore CDP Practice Exams app with CDP-specific questions to level up your knowledge in preparation for the exam. 

Built for the Community, Designed for Accessibility

The XM Cloud practice exam app was born from a personal need and a vision to empower developers to pass their exams and earn Sitecore certification badges. With over a decade in the Sitecore ecosystem, I’ve seen how access to high-quality learning tools can unlock opportunities for developers at every level. This app continues that mission, focusing on the expanding world of Sitecore CDP.

Certification should be about your skills and commitment, not your wallet. That’s why this tool, like its predecessor, is 100% free.

Ready to Tackle the Sitecore CDP Exam?

Dive into the Sitecore CDP Developer Certification Practice Exams app and take the next step in your Sitecore journey. With no cost, no risk, and plenty of learning, it’s the perfect added companion for your exam preparation.

👉 Start Practicing Today!

Got feedback? Suggestions? Success stories? 

Drop me a line on LinkedIn or X - or share the app with your network.
I’m always down to hear how these tools are helping developers like you.

Happy learning, and good luck on your certification journey!


Thursday, August 1, 2024

Sitecore MCP 2.0 Roles and Responsibilities Matrix Decoder

TL;DR

I built an app to help me understand the differences in roles and responsibilities between MCP 1.0 and MCP 2.0, and I think it may be helpful for others.  I wanted an easy way to search or browse the different roles and responsibilities and get a clear answer. 

Check it out here:

Sitecore MCP 2.0 Roles and Responsibilities Matrix Decoder App



Navigating the complexities of the Sitecore Managed Cloud PaaS 2.0 roles and responsibilities matrix isn't particularly exciting, especially for those new to the platform or customers moving from MCP 1.0. While I discovered that the roles and responsibilities in MCP 1.0 and MCP 2.0 are fundamentally similar, MCP 2.0 introduces more detailed and specific tasks related to modern cloud infrastructure management and security enhancements.

This week, I built a learning/reference app to help Sitecore customers, developers, architects, operations administrator/support teams, and account/project managers (and myself 😏) easily reference the different roles and responsibilities defined in MCP 2.0. 

The tool sets out to simplify the process of familiarizing oneself with new tasks and responsibilities, making searching and browsing through the matrix far more digestible. Whether transitioning from MCP 1.0 or diving into MCP 2.0 for the first time,

First, let's highlight the key differences between MCP 1.0 and MCP 2.0 roles and responsibilities I noted during my research. 

The RACI Model

The MCP roles and responsibilities matrix is structured using the RACI model, a framework that defines various stakeholders' involvement in completing project tasks or deliverables. Understanding this model is important for effectively navigating the roles and responsibilities within Sitecore Managed Cloud PaaS 2.0.

What is the RACI Model?

RACI stands for Responsible, Accountable, Consulted, and Informed. Each role in the matrix is assigned one or more of these labels to specify their level of involvement in a given activity. 

  • Responsible (R): The person or people who do the work to complete the task. They are responsible for action/implementation. Responsibility can be shared.

  • Accountable (A): The person who is ultimately answerable for the correct and thorough completion of the task. This role is often called "the one who signs off on the work," and only one person can be assigned to this role for each task.

  • Consulted (C): The people who provide information for the project and with whom there is two-way communication. These are typically subject matter experts.

  • Informed (I): The people who are kept up-to-date on progress, often only on completion of the task or deliverable, and with whom there is just one-way communication.

Applying the RACI Model in Sitecore Managed Cloud PaaS

Sitecore applies the RACI model to delineate roles and responsibilities among Sitecore, customers, and partners within the MCP 2.0 environment to ensure all stakeholders understand their part of the bargain.

Here are some examples of how the RACI model is applied:

  • Activation and Termination: For activating the Sitecore Managed Cloud, Sitecore is Accountable (A) and Responsible (R), while the customer/partner is Informed (I).

  • Provisioning of Environments: Sitecore is Responsible (R) and Accountable (A) for creating new environments while the customer/partner is Consulted (C).

  • Application Design and Implementation: The customer/partner is Responsible (R) and Accountable (A) for planning Sitecore software upgrades, while Sitecore is Informed (I).

  • Infrastructure and Server Management: Sitecore handles the initial provisioning checks as Responsible (R) and Accountable (A), with the customer/partner being Informed (I).

Key Differences Between MCP 1.0 and MCP 2.0 Roles and Responsibilities

While both MCP 1.0 and MCP 2.0 maintain a similar structure and overall responsibilities, MCP 2.0 introduces several new and detailed tasks that reflect advancements in cloud infrastructure management and security. Here are the main differences:

Provisioning of Sitecore Environments

MCP 1.0:
  • Create new environment, installation, and initial set up: Sitecore (R, A)
  • Delete existing environment: Sitecore (R, A)
  • Reset existing environment: Sitecore (R, A)
MCP 2.0:
  • Provision Sitecore Managed Cloud production Hub-spoke environment(s): Sitecore (R, A)
  • Provision Sitecore Managed Cloud non-production environment(s): Sitecore (R, A)
  • Provision Sitecore Managed Cloud disaster recovery Hub-spoke environments(s): Sitecore (R, A)
  • Provision Sitecore Managed Cloud “custom customer-owned” Spoke environment: Sitecore (R, A)
  • Delete existing environment: Sitecore (R, A)
  • Reset existing environment: Sitecore (R, A)

Infrastructure and Server Management

MCP 1.0:
  • Perform initial provisioning check: Sitecore (R, A)
  • Scale infrastructure services (Web App, Solr, Azure SQL, Redis cache, and so on): Sitecore (R)
  • Initial Web Application Firewall - deployment and configuration: Sitecore (R)
  • Set up initial security (Azure SQL firewall): Sitecore (R, A)
  • Set up network firewalls and post-deployment security: Customer/Partner (R, A)
  • Set up third-party services (DevOps tools, CDN, databases, and so on): Customer/Partner (R, A)
  • Custom domain setup: Customer/Partner (R, A)
  • Initial setup and configuration of backup services (blobs, database): Sitecore (R, A)
  • Customization of backup schedules and services: Customer/Partner (R)
  • Consolidation of billing: Sitecore (R, A)
  • Infrastructure performance optimization: Customer/Partner (R, A)
MCP 2.0:
  • Initial Azure Front Door with Web Application Firewall - deployment and configuration: Sitecore (R)
  • Network security groups and initial security setup (Azure SQL firewall): Sitecore (R, A)
  • Network firewalls and post-deployment security setup (Azure SQL firewall): Customer/Partner (R, A)
  • Set up third-party services (DevOps tools, CDN, databases, and so on): Customer/Partner (R, A)
  • Custom domain setup: Customer/Partner (R, A)
  • Initial setup and configuration of backup services (blobs, database): Sitecore (R, A)
  • Customization of backup schedules and services: Customer/Partner (R)
  • Consolidation of billing: Sitecore (R, A)
  • Infrastructure performance optimization: Customer/Partner (R, A)

Security: Azure Platform

MCP 1.0:
  • Configure encryption at rest and in motion: Sitecore (R, A)
  • Configure and perform disaster recovery: Sitecore (R, A)
  • Configure host security - hardened OS: Sitecore (R, A)
  • Operating system (PaaS): Sitecore (R, A)
  • Sitecore Cloud operations change management (via ServiceNow): Sitecore (R, A)
  • Azure DDoS standard initial setup: Sitecore (R, A)
  • Azure DDoS standard post-provisioning: Customer/Partner (R)
  • Define basic Web Application Firewall requirements - rule management: Customer/Partner (R, A)
  • Initial deployment security hardening of Sitecore product: Sitecore (R, A)
  • Ongoing security hardening of Sitecore product: Customer/Partner (R, A)
MCP 2.0:
  • Configure encryption at rest and in motion: Sitecore (R, A)
  • Configure infrastructure security logging via Azure Defender for Cloud: Sitecore (R, A)
  • Configure and perform disaster recovery: Sitecore (R, A)
  • Configure CD App service for Azure Zone Redundancy: Sitecore (R, A)
  • Configure host security - hardened OS: Sitecore (R, A)
  • Configure initial network security – Network security groups: Sitecore (R, A)
  • Configure initial network security – VNET and subnets: Sitecore (R, A)
  • Configure initial network security – private link / private endpoint (App service, SQL, Key Vault): Sitecore (R, A)
  • Configure Azure Bastion service: Sitecore (R, A)
  • Implementation of Azure S2S VPN: Sitecore (R, A)
  • Ongoing S2S VPN configuration and client-side management: Customer/Partner (R, A)
  • Operating system (PaaS): Sitecore (R, A)
  • Sitecore Cloud operations change management (via ServiceNow): Sitecore (R, A)
  • Azure DDoS standard initial setup: Sitecore (R, A)
  • Azure DDoS standard post-provisioning: Customer/Partner (R)
  • Define basic Web Application Firewall requirements - rule management: Customer/Partner (R, A)
  • Implement initial Web Application Firewall configuration and rule management (Front Door): Sitecore (R, A)
  • Initial deployment security hardening of Sitecore product: Sitecore (R, A)
  • Ongoing security hardening of Sitecore application: Customer/Partner (R, A)

Why I Built This App

The roles and responsibilities matrix is a critical component of the Sitecore Managed Cloud PaaS 2.0 offering, providing essential information about the tasks and duties of different team members. However, the sheer volume of information can be overwhelming. 

My goal was to create an intuitive and user-friendly tool that would streamline familiarizing oneself with these roles, ultimately enhancing productivity and understanding.

Key Features of the App

The web app is designed to be straightforward and efficient, offering several key features:

  • Search Functionality: Users can quickly search for specific roles or responsibilities using keywords. This feature significantly reduces the time spent sifting through documents.
  • Browse Capability: For those who prefer to explore, the app allows users to browse through the roles and responsibilities in a structured manner, making it easy to find relevant information.

How to Use the App

Using the app is straightforward. Simply visit Sitecore MCP 2 Roles and Responsibilities Matrix Decoder, where you can start searching or browsing through the various roles and responsibilities.

Conclusion

Whether you are a new user trying to understand your role or an experienced professional looking for specific responsibilities, this tool is designed to help you find the information you need quickly and easily.

For a detailed look at the roles and responsibilities, refer to the official Sitecore documentation provided in the app. Feel free to reach out if you have any feedback or suggestions for improvement.

Monday, July 22, 2024

Sitecore TDS could not load all files for the project: Overcoming Long Path Restrictions in Windows

For some time, we struggled with a pesky issue in one of my client's Sitecore MVC Helix-based solutions: certain Sitecore TDS items would fail to load due to excessively long file paths. The problem varied depending on where the developer's cloned solution was located, leading to a cascade of error pop-ups in Visual Studio. Through experimentation, we landed on an effective solution to mitigate the errors.

Here’s a detailed rundown of what we tried and what ultimately worked.

The Persistent Error

The error surfaced as a series of pop-up messages in Visual Studio whenever a developer loaded the solution.

Close.  Close. Close. Close. Close.

Each pop-up corresponded to a TDS item that failed to load due to excessively long paths.   Once each pop-up was manually closed, Visual Studio would finally load the solution. 

Within the TDS console, various errors like this would be present:

The file 'C:\GITCODE\Client\Client.com\src\Foundation\SharedTemplates\tds\Client.Foundation.SharedTemplates.Master\sitecore\templates\Foundation\Client\SharedTemplates\Sales Tool\Components\Text With Image Video\_textWithImageVideo\Data\Video Thumbnail Image.item' could not be loaded.

12:07:35 PM: Sitecore TDS has finished parsing 707 files for Client.Foundation.SharedTemplates.Master.

Warning: Sitecore TDS could not load all files for the project. The files may be missing or corrupted. Please see the Sitecore TDS pane in the output window for more details.

Attempts to Resolve the Issue

1. Updating the Windows Registry

For Windows 10, we tried edited the registry to enable long paths by adding a LongPathsEnabled key:

>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Setting LongPathsEnabled to 1 had no effect.

2. Git Long Paths Configuration

We tried enabling long-path support in Git:

git config --system core.longpaths true
(Configures Git to support long paths for all users and repositories on the entire system, requiring administrative privileges.)

git config --global core.longpaths true
(Configures Git to support long paths for all repositories the current user uses without requiring administrative privileges.)

This approach appeared to work for Windows 11, but not Windows 10.

3. Using Directory Junctions (Symbolic Links)

Our breakthrough came from using directory junctions, which effectively shortened the path length by creating a symbolic link to the project directory. This can be accomplished using the command prompt or with PowerShell:

Creating a Directory Junction using the Command Prompt
  1. Open Command Prompt as Administrator: Press Win + R, type cmd, and press Enter.

  2. Run the mklink Command:

    • Suppose your project directory is located at C:\Users\YourUserName\GitSolutions\SitecoreSolution.

      You can create a shorter path like this:
      > mklink /J C:\ShortPath C:\Users\YourUserName\GitSolutions\SitecoreSolution

      This command creates a junction at C:\ShortPath pointing to your actual project directory.

  3. Access Your Project:

    • Open your project from the new shorter path (C:\ShortPath) in Visual Studio.
Creating a Directory Junction using PowerShell
  1. Open PowerShell (in Windows Terminal) as Administrator: Press Win + X, and select "Windows PowerShell (Admin)".

  2. Run the New-Item Cmdlet:

    • Suppose your project directory is located at C:\Users\YourUserName\GitSolutions\SitecoreSolution.

      You can create a shorter path like this:
      > New-Item -ItemType Junction -Path "C:\ShortPath" -Target "C:\Users\YourUserName\GitSolutions\SitecoreSolution"

      This command creates a junction at C:\ShortPath pointing to your actual project directory.

  3. Access Your Project:

    • You can navigate to C:\ShortPath and see that it points to your original directory. Open your solution file from the new shorter path (C:\ShortPath) in Visual Studio.

TL;DR

For Windows 10 Users: Using directory junctions proved to be the most effective solution for developers on Windows 10. It’s a non-invasive approach that doesn’t require registry edits or changes to Git configurations.

For Windows 11 Users: Enabling long paths via Git configuration has shown similar results in Windows 11 without creating a junction.
This setting seems to leverage Windows 11's improved support for long paths across more applications, including Visual Studio.

Conclusion

If you’re struggling with similar issues, I highly recommend trying directory junctions or adjusting your Git configurations based on your operating system.

Try these methods and see the difference it makes in your development process. Share your experiences or tips in the comments. 

Happy Sitecore TDS-ing!

Monday, May 20, 2024

Sitecore PowerShell Extensions Text-to-Speech Audio Synthesis Module

Another year, another exciting Sitecore Hackathon!  This round, I flew solo under the moniker "Sitecorepunk 2077" (a play on the critically acclaimed 2020 action role-playing video game "Cyberpunk 2077").


If you're curious how the event unfolded, I documented my progress on X (formerly Twitter) every couple of hours:













Needless to say, I was utterly exhausted and slept for 12 hours straight, following the 32 hours I had been awake.  While I didn't snag a win (congrats, team Cloud Surfers and team 451 Unavailable For Legal Reasons ), I enjoyed the experience, am proud of what I was able to output, and look forward to the next one.


Module Concept and Inspiration

The 2024 Sitecore Hackathon category I chose to work against was "Best Module for XM/XP or XM Cloud" - although the result could also fit the bill for "Best use of AI".  Inspired by the ever-increasing need for accessible content, I decided to develop a module that converts text content into spoken audio files, which are then stored remotely and saved as an MP3 links within the item's context - all from within Sitecore. Ultimately, once I landed on the idea, the goal was to provide an easy-to-use tool for generating audio versions of Sitecore content, thereby enhancing accessibility and improving user engagement for individuals with visual impairments or preferences for audio content.

Features

Here’s a breakdown of what makes the SPE Text-to-Speech Audio Synthesis Module stand out:

Lifelike Speech Synthesis from Microsoft Azure Cognitive AI Speech Services

One of the core features of this module is its ability to convert text content into lifelike speech. By transforming text into life-like speech, the module makes content more accessible to a broader audience, including those with visual impairments and individuals who prefer consuming content through audio.

The module utilizes Microsoft Azure Cognitive Services Speech Service to generate audio from selected text fields dynamically. This integration ensures high-quality, natural-sounding speech output. Whether it's a blog post, news article, or product description, every piece of content can be converted into audio, broadening its reach and enhancing user engagement.

Storage via Azure Blob Storage

To store the generated audio files, the module leverages Azure Blob Storage APIs. Once an audio file is generated and store locally in a temporary directory, it is then uploaded to a dedicated Azure Storage container. The API returns a URL to the audio file, which is then populated in the context page item’s Audio URL field. 


Interface and Custom Ribbon Button

A custom Ribbon Button on the Home tab streamlines the audio-generating process. This button triggers an interactive Sitecore PowerShell Extensions dialog where authors can configure various options, such as voice selection, field selection, and speech rate adjustment, and kick off the speech synthesis generation.


The customizable options ensure the audio output matches the intended tone and speech rate, providing a tailored listening experience.

Multi-Language Support

Recognizing the diverse needs of global users, the module supports multiple languages. For demonstration purposes and within the natural time constraints of the Hackathon, the following languages are supported in the initial implementation:

  • English (en)
  • Japanese (ja-JP)
  • German (de-DE)
  • Danish (da)

Each supported language selection has a series of Neural (lifelike, natural-sounding) voice options from Microsoft Azure Cognitive Services Speech Service (~449 neural voices to choose from). These hand-selected voices are configured to provide the best audio experience for each language. Of course, support can be expanded to include additional languages (there are 136 languages supported by Azure AI Speech Services).  


High-level Technical Breakdown

Initialization and Setup

The script sets up the necessary Azure services and local environment configurations.


User Interaction and Dialog Configuration

The script provides a dynamic interface through a custom Ribbon Button in the Sitecore Content Editor. This button, titled 'Generate Audio' or 'Regenerate Audio' based on the context item’s state, opens a dialog for configuring the audio output.  The fields and options available in the dialog are as follows:

- Field to Convert to Speech
  • Lists all Rich Text Editor (RTE) and multi-line text fields available on the item.
  • Special Case: If the 'Speech Content Override' field is populated, it appears as an additional option.

- Include Title?
  • A standalone radio button to include the item's title in the audio file.

- Voice
  • Dynamic option based on the item's language, the dialog offers preselected AI Neural voices.

- Speech Rate
  • Control the how fast the speech is spoken. 
    • Optional double value, defaulting to 1.0 if left empty.
    • Range: Between 0.5 (slow) and 2.0 (fast).

The dialog properties and user input handling are defined as follows:


Fetching and Sanitizing Text Content

The Invoke-AudioStreamFetch function handles the core functionality of fetching the text content from Sitecore, sanitizing it, and preparing it for conversion into speech.

The function checks if the title should be included and concatenates it with the main text content. It then sanitizes the text by removing HTML tags and special characters, ensuring clean input for the TTS service.


Sending Text to Azure AI for Speech Synthesis

As seen above, the sanitized text is then sent to the speech service endpoint for conversion into an audio file. The response, which contains the audio stream, is saved locally.


Uploading the Audio File to Azure Blob Storage

Once the audio file is generated, it is uploaded to Azure Blob Storage by calling the Upload-FileToAzureStorage function. This function handles the Azure Storage REST API authentication and the file upload process.


Updating Sitecore Item with Audio URL

After uploading the audio file to Azure, the script updates the Sitecore item with the URL of the audio file, ensuring that the content authors can easily access and manage the generated audio files.


Utilizing the Audio File on the Front-end

Once an item's Audio URL field has been populated, it can be used on the front-end within an HTML audio tag:




This is the simplest approach for playing the audio file, but further styling customizations are doable.


Video Demo

Part of the Hackathon Entry includes a video demo. You can check it out below:


Final Thoughts

Participating in the Sitecore Hackathon has always been an exhilarating experience for me, given the time crunch and competitiveness of the community. That night, the development of the SPE Text-to-Speech Audio Synthesis Module pushed my organizational and technical boundaries, and I'm proud of what I could accomplish in such a short timeframe. More importantly, I hope the resulting module helps highlight the importance of accessibility in content management and end-user experiences. 

If you're interested in or inspired to build your own Text-to-Speech synthesis module, the full PowerShell script and documentation are available on Github.

Tuesday, April 9, 2024

Sitecore XM Cloud Developer Certification Practice Exams: A Free Study Companion

Certification is a crucial milestone for any developer pursuing excellence and proficiency in Sitecore XM Cloud.  One of my preferred ways to learn and study is via practice exams.  However, with existing spread of Sitecore XM Cloud practice exams available online cost being between $30 and $150, the financial burden of personally preparing can be as daunting as the exam itself. 

That's why I'm excited to introduce the Sitecore XM Cloud Developer Certification Practice Exams app, a completely free resource designed to democratize the preparation process for all Sitecore developers.



Elevating Your Exam Readiness Without the Cost

The XM Cloud Certification demands a deep understanding of numerous Sitecore aspects, from XM Cloud architecture and developer workflow to security and data modeling. This exhaustive list requires serious preparation. The Sitecore XM Cloud Developer Certification Practice Exams app offer a thorough, cost-free study tool that reflects the actual exam's breadth and depth.

Tailored for Comprehensive Preparation

  • Precise Exam Simulation: The practice exams simulate the actual test with 50 questions chosen randomly, testing not just your knowledge but also your ability to perform under exam conditions.

  • Competency-Centric Learning: Dive into crucial competencies on which the exam will test you. Each practice question is sourced from Sitecore's documentation and is an opportunity to fortify your understanding of core Sitecore XM Cloud competencies.

  • Real Exam Experience: Sharpen your time management skills with a 100-minute timer that mirrors the exam's duration.



Commitment to Community and Accessibility

Access to educational resources should be barrier-free in a landscape dotted with expensive prep materials.  The Sitecore XM Cloud Developer Certification Practice Exams app was born from a blend of personal needs and a commitment to the Sitecore community. This practice exam tool is my contribution towards leveling the playing field for all aspiring XM Cloud certified developers.

I'm excited to offer this resource to the community, ensuring that everyone has the chance to study effectively and become certified without the financial strain. Start your free practice runs today and please share this tool with anyone who might benefit.


Happy learning!