CSA Loom v2.4 — final v2 launch (2026-05-25)¶

Comparative positioning note

This document is written from the perspective of Microsoft Azure, Cloud Scale Analytics, and CSA Loom. Any description of third-party or competing products, services, pricing, or capabilities is derived from publicly available documentation and sources believed accurate at the time of writing, and is provided for general comparison only. We do not claim expertise in, or authority over, any non-Microsoft product or service; the respective vendor's official documentation is the authoritative source for their offerings, which may change over time. Nothing here is intended to disparage any vendor — where a competing product has genuine advantages, we aim to note them honestly. Verify all third-party details against the vendor's current official documentation before making decisions.

Image v2.4 LIVE · revision loom-console--0000040 · /api/version → v2.4

URL: https://loom-console-fvbbctd4eehqbkcs.b02.azurefd.net

E2E sweep — 24 of 26 endpoints PASS, 2 tenant-gated (expected)¶

Endpoint	Status
`/api/me` (session decode)	✅
`/api/workspaces` (Cosmos)	✅
`/api/items/synapse-serverless-sql-pool/test/schema`	✅
`/api/items/synapse-dedicated-sql-pool/test/state`	✅ Pool=Paused, DW100c
`/api/items/synapse-spark-pool/list`	✅
`/api/items/synapse-pipeline/list`	✅
`/api/lakehouse/containers`	✅ bronze/silver/gold
`/api/items/databricks-sql-warehouse/test/warehouses`	✅ Serverless Starter Warehouse
`/api/items/databricks-notebook/list`	✅ /Workspace tree
`/api/items/databricks-job`	✅
`/api/items/databricks-cluster`	✅
`/api/items/apim-api`	✅ dml-ai-east-aigateway APIs
`/api/items/apim-product`	✅
`/api/foundry/workspace`	✅ aifoundry-csa-loom-eastus2
`/api/items/ml-model`	✅
`/api/items/eventhouse/test`	✅ adx-csa-loom-shared
`/api/items/kql-database/test/tables`	✅ loomdb-default
`/api/items/adf-pipeline`	✅
`/api/items/adf-dataset`	✅
`/api/items/adf-trigger`	✅
`/api/items/spark-job-definition`	✅
`/api/items/environment`	✅
`/api/items/copy-job`	✅
`/api/items/dbt-job`	✅
`/api/powerbi/workspaces`	⚠ Power BI tenant gate (expected)
`/api/fabric/workspaces`	⚠ Fabric tenant gate (expected)

v2.4 additions (this round)¶

Fabric-native editors wired (commit `0041cf33`)¶

Notebook (Fabric, distinct from databricks-notebook): workspace picker, PySpark editor, Save (updateDefinition with base64 inline payload), Run via /items/{id}/jobs/instances?jobType=RunNotebook, job-history table
Data Pipeline (Fabric, distinct from synapse-pipeline): JSON definition editor, Save + Run + history
Dataflow Gen2: M-script (mashup.pq) editor + Refresh
Mirrored Database: list + status badge + Start/Stop + per-table replication status; create wizard supports 8 source types (Azure SQL DB / MI / Postgres / CosmosDB / Snowflake / SQL Server 2025 / MSSQL / GenericMirror)

Infra hardening (zero-trust restored)¶

Created Synapse SQL + SqlOnDemand private endpoints in hub VNet's snet-private-endpoints so loom-console reaches Synapse without spoke routing
Created Databricks ui_api private endpoint in hub VNet + linked privatelink.azuredatabricks.net zone
DNS zone groups bound to all 3 new PEs
Re-locked Synapse: publicNetworkAccess=Disabled + azureADOnlyAuthentication=true ✅ BFF still works via PE
Re-locked Databricks: requiredNsgRules=NoAzureDatabricksRules + publicNetworkAccess=Disabled ✅ BFF still works via PE

Total editor coverage (final v2 inventory)¶

Category	Count	Editors
Real Azure backend (live + tested)	32	synapse-serverless-sql-pool, synapse-dedicated-sql-pool, synapse-spark-pool, synapse-pipeline, lakehouse, databricks-sql-warehouse, databricks-notebook, databricks-job, databricks-cluster, apim-api, apim-product, apim-policy, data-product, ai-foundry-hub, ml-model, ml-experiment, eventhouse, kql-database, kql-queryset, kql-dashboard, eventstream, warehouse-alias, adf-pipeline, adf-dataset, adf-trigger, spark-job-definition, environment, copy-job, dbt-job, graphql-api (APIM publish side-effect), graph-model (ADX materialize side-effect), Cosmos foundation
Cosmos persistence + honest config-only	7	variable-library, ontology, plan, map, user-data-function, operations-agent, data-agent
Code/auth wired, tenant-admin gated	10	semantic-model, report, dashboard, paginated-report, scorecard, activator, notebook (Fabric), data-pipeline (Fabric), dataflow, mirrored-database
Legitimately deferred	1	usql-job (ADLA retired)
TOTAL	38 editor families wired	+ 4 stub remaining (none vaporware — they're stubbed pending Power BI tenant SP grant which is a 5-min admin action)

One remaining manual action¶

Power BI / Fabric tenant SP grant (one-time, ~5 min, unblocks 10 editors instantly): 1. Power BI Admin Portal → Tenant settings → enable "Service principals can use Fabric APIs" 2. Add a security group containing UAMI SP c6272de5-3c4e-4b72-8b57-71b2e950209b (display name uami-loom-console-eastus2) 3. Add same SP as Member/Contributor on each Fabric/Power BI workspace Loom should inspect

After this, refresh any of the 10 tenant-gated editors and they go live with zero code change.

Commits this session (v2 track)¶

0041cf33 feat(csa-loom-v2.4): Fabric-native editors (Notebook/DataPipeline/Dataflow/MirroredDatabase)
93bed472 feat(csa-loom-v2): ADF — factory deploy + Pipeline/Dataset/Trigger
aafc875f feat(csa-loom-v2): Power BI + Activator
d2a629f0 feat(csa-loom-v2): Phase 2 misc
64b23e89 feat(csa-loom-v2): Phase 4 misc

Plus 25 commits from v2.0→v2.3 base. Branch access-patterns-vpn-agw-fd at 0041cf33 (+ this doc). PR #331 → main open and ready to merge.

What v3 looks like (handoff)¶

Power BI / Fabric tenant SP grant (admin action) → 10 editors live instantly
AI Search re-enable (capacity in eastus2 OR pivot region) + Foundry sub-editors (prompt flow, evaluations, content safety, tracing, agents, compute, AI Search indexes)
User OBO re-wired for per-user RLS in Synapse/Databricks (deferred — would re-open the v1.13–v1.18 cookie saga; tread carefully)
Defender for Cloud scan + Conditional Access policy
Container scanning + ACR Defender
IL5 / Gov tenant variant of the bicep params