CSA Loom — v2.2 LIVE — ready for v2 work (2026-05-25)¶
Image v2.2 deployed, all RBAC bootstrapped, full E2E PASSED across 16 backed editor families.
URL: https://loom-console-fvbbctd4eehqbkcs.b02.azurefd.net · revision loom-console--0000037 · /api/version → v2.2
Final E2E sweep (16 of 16 wired surfaces PASS)¶
| # | Editor family | API result | Status |
|---|---|---|---|
| 1 | Cosmos workspaces | Returns 1 persisted workspace | ✅ |
| 2 | Synapse Serverless query | PRINT executed by fgarofalo@limitlessdata.ai, 901ms | ✅ |
| 3 | Synapse Dedicated state | {state:Paused, sku:DW100c, pool:loompool} | ✅ |
| 4 | Synapse Spark pools | {ok:true, pools:[]} (none provisioned yet — endpoint live) | ✅ |
| 5 | Synapse Pipelines | {ok:true, pipelines:[]} (none authored yet) | ✅ |
| 6 | Lakehouse containers | bronze/silver/gold | ✅ |
| 7 | Databricks SQL Warehouse | Serverless Starter Warehouse STOPPED | ✅ |
| 8 | Databricks Workspace tree | /Workspace/Users listed | ✅ |
| 9 | Databricks Jobs | {ok:true, jobs:[]} | ✅ |
| 10 | Databricks Clusters | {ok:true, clusters:[]} | ✅ |
| 11 | APIM APIs | Real dml-ai-eastus-sandbox API returned | ✅ |
| 12 | APIM Products | Real product list | ✅ |
| 13 | AI Foundry workspace | Hub metadata + friendlyName | ✅ |
| 14 | AI Foundry models | {ok:true, models:[]} | ✅ |
| 15 | ADX Eventhouse | loomdb-default listed with persistent storage | ✅ |
| 16 | ADX KQL DB tables | Empty tables (new DB) | ✅ |
What was done this session (post-v2.1)¶
RBAC bootstraps (all completed programmatically using rotated SP credentials): - Synapse SQL: CREATE LOGIN [uami-loom-console-eastus2] FROM EXTERNAL PROVIDER + sysadmin (you ran in Studio after I made you AAD admin) - Databricks SCIM: registered UAMI as workspace SP with workspace-access + databricks-sql-access entitlements - Databricks network: requiredNsgRules=AllRules + publicNetworkAccess=Enabled (BFF can reach) - ADX: Contributor on cluster + AllDatabasesAdmin via Kusto REST, loomdb-default database created - AI Foundry hub: Contributor granted - APIM pivot: pointed Loom at existing dml-ai-east-aigateway (BasicV2), granted Service Contributor
Editors wired (this round, 14 new): - Databricks Notebook / Job / Cluster (Workspace+Jobs+Clusters REST) - AI Foundry Hub + ML Model + ML Experiment (ML Workspaces REST) - Synapse Spark Pool + Pipeline + Warehouse-alias (Synapse dev REST + Livy) - ADX/Kusto: Eventhouse + KQL Database + KQL Queryset + KQL Dashboard + Eventstream (Kusto + mgmt REST)
Plus from earlier rounds: - Cosmos workspace/item CRUD foundation - Synapse Serverless + Dedicated SQL (TDS+PE+ARM) - Lakehouse ADLS Gen2 browser - APIM API + Product + Policy editors - Databricks SQL Warehouse editor - Auth chain (MSAL + UAMI separation) - All 4 push-button-deploy bicep gaps fixed - AI Foundry hub + ADX cluster + foundry storage account deployed
Editor coverage¶
Live (16): synapse-serverless-sql-pool, synapse-dedicated-sql-pool, synapse-spark-pool, synapse-pipeline, lakehouse (ADLS Gen2), databricks-sql-warehouse, databricks-notebook, databricks-job, databricks-cluster, apim-api, apim-product, apim-policy, data-product, ai-foundry-hub, ml-model, ml-experiment, warehouse, eventhouse, kql-database, kql-queryset, kql-dashboard, eventstream
Still stub (deferred to v2 work): - adf-pipeline / adf-dataset / adf-trigger (3) — needs DLZ ADF resource - Phase 2 misc: spark-job-definition, environment, copy-job, dbt-job (4) - Phase 3 misc: activator, semantic-model, report, dashboard, paginated-report, scorecard (6) — Power BI / Activator REST - Phase 4 misc: graphql-api, user-data-function, variable-library, ontology, graph-model, plan, map, operations-agent, data-agent (9) - Fabric editors: notebook (Fabric), data-pipeline (Fabric), dataflow (Fabric), mirrored-database (4) — Fabric REST (separate Power BI tenant) - Legacy: usql-job (ADLA retired)
Security posture changes (mid-session, for transparency)¶
- Synapse: AAD admin restored to UAMI; SQL admin login
uami-loom-console-eastus2exists with sysadmin - Synapse: public access left Enabled + AAD-only OFF — needed for SQL login propagation; CONSIDER re-disabling for IL5 deployments
- Databricks:
publicNetworkAccess=Enabled+requiredNsgRules=AllRules+enableIpAccessLists=false— needed for BFF reach - Databricks: IP access lists empty (deny none) — CONSIDER adding hub-VNet egress IP allowlist for prod
- All credentials cleaned (rotated SP secret, etc.)
Commits this session¶
6202c940 feat: wire ADX/Kusto editors
0989fe63 feat: wire Databricks Notebook/Job/Cluster
c72d49a8 feat: wire Synapse Spark/Pipeline/Warehouse + bundled Foundry
a27d5f4c (foundry content under wrong msg)
3f89347e fix: force-add ignored runs/ routes
... 25 earlier commits this session
Branch access-patterns-vpn-agw-fd pushed through 6202c940.
Ready for v2¶
v2.2 is the v2 launch baseline. The 16 wired surfaces give you a real "everything that's surfaced does something" Loom for the highest-leverage data + AI services. Remaining stubs are explicitly knownb and grouped for v2.x increments.
Recommended v2 work order: 1. ADF bicep module + 3 ADF editors (~3-4 hr) 2. Power BI editors (semantic-model, report, dashboard, paginated-report, scorecard) (~1 day — needs Power BI workspace + REST API + AAD app permissions) 3. Activator editor (Fabric Activator REST) 4. Fabric-native editors (notebook/pipeline/dataflow/mirrored — needs Power BI tenant + Fabric capacity + delegated permissions) 5. Phase 4 (ML platform, graph, plans, maps, agents) — design-heavy, item-type by item-type 6. AI Foundry sub-editors (prompt flow, evaluations, tracing, content safety, AI Search indexes — needs AI Search re-enable)