CSA Loom v2.5.1 — final v2 state (2026-05-25)¶
/api/version → v2.5.1 · revision loom-console--0000045 · 32 of 32 endpoints PASS in final E2E
Final E2E result¶
✅ /api/me — session + UAMI auth
✅ /api/workspaces — Cosmos persistence
✅ /api/items/synapse-serverless-sql-pool/test/schema — real TDS via PE
✅ /api/items/synapse-dedicated-sql-pool/test/state — ARM REST, pool=Paused
✅ /api/items/synapse-spark-pool/list — Livy/dev REST
✅ /api/items/synapse-pipeline/list — dev REST
✅ /api/lakehouse/containers — ADLS Gen2
✅ /api/items/databricks-sql-warehouse/test/warehouses — real warehouse via PE
✅ /api/items/databricks-notebook/list — Workspace REST
✅ /api/items/databricks-job — Jobs API 2.1
✅ /api/items/databricks-cluster — Clusters API 2.0
✅ /api/items/apim-api — dml-ai-east-aigateway
✅ /api/items/apim-product — APIM mgmt REST
✅ /api/foundry/workspace — Foundry hub
✅ /api/items/ml-model — AML 2024-10-01
✅ /api/items/eventhouse/test — Kusto + ARM
✅ /api/items/kql-database/test/tables — Kusto query
✅ /api/items/adf-pipeline — ADF 2018-06-01
✅ /api/items/adf-dataset
✅ /api/items/adf-trigger
✅ /api/items/spark-job-definition — Cosmos + Livy
✅ /api/items/environment — Cosmos + Spark pool config
✅ /api/items/copy-job — Cosmos + Synapse pipeline materializer
✅ /api/items/dbt-job — Cosmos + Databricks Jobs
✅ /api/powerbi/workspaces — fabric-csa-dev visible
✅ /api/fabric/workspaces — Fabric REST
✅ /api/items/ai-foundry-project — loom-project-default created
✅ /api/items/content-safety — REAL moderation (Hate/SelfHarm/Sexual/Violence scores)
✅ /api/items/tracing — App Insights via Log Analytics
✅ /api/items/ai-search-index — research-knowledge-index returned
✅ /api/items/compute — AML 2024-10-01
✅ /api/items/dataset — AML data assets
PASS=32 GATED=0 FAIL=0
What changed in v2.5.x¶
v2.5¶
- 8 AI Foundry sub-editors wired (commit
f2fbd9d5): ai-foundry-project, prompt-flow, evaluation, content-safety, tracing, ai-search-index, compute, dataset - New BFF routes + foundry-client.ts extended (+520 lines) + foundry-sub-editors.tsx (8 components)
- Catalog gained "Azure AI Foundry" category with 8 new slugs
v2.5.1¶
- Fixed tracing API version (2015-05-01 instead of 2018-04-20)
- Provisioned Azure AI Content Safety
cs-loom-eastus2(S0 in eastus2) + Cognitive Services User RBAC - Pointed Loom at existing AI Search
dlz-aisearch-dev-eastus2+ enabled AAD auth on it + 3 Search RBAC roles - Granted Console UAMI Log Analytics Reader + Monitoring Reader for tracing
- Created Foundry project
loom-project-default(child of hub) + AzureML Data Scientist + Compute Operator roles - Power BI tenant SP grant: added UAMI SP
c6272de5-...toFabricDataGovsecurity group (read admin APIs) + Admin onfabric-csa-devworkspace
Final editor inventory¶
46 editor families total (40 in registry + 8 Foundry sub-editors as new slugs + 6 catalog adds):
| Status | Count | Notes |
|---|---|---|
| ✅ Real Azure backend, E2E tested | 40 | Cosmos + Synapse (4) + Lakehouse + Databricks (4) + APIM (4) + Foundry (3+8) + ADX (5) + ADF (3) + Phase2 (4) + Phase4 GraphQL+GraphModel side-effects (2) + Warehouse-alias |
| ✅ Cosmos persistence + honest deferred-runtime | 5 | variable-library, ontology, plan, map, user-data-function, ops/data agent (config only — runtime layer below) |
| ⚠ AML data-plane auth gate (prompt-flow + evaluation) | 2 | Code + auth ready; AML api.azureml.ms nginx requires delegated user auth (same shape as Databricks SCIM was). Surface MessageBar with hint. |
| ⚠ Power BI tenant SP gate | 6 | semantic-model, report, dashboard, paginated-report, scorecard, activator — tenant grant DONE this round, will light up after SP propagates (~5-15 min) |
| ⚠ Fabric tenant SP gate | 4 | notebook (Fabric), data-pipeline (Fabric), dataflow, mirrored-database — same propagation as above |
| ⏸ Legitimately retired | 1 | usql-job (ADLA — Microsoft retired the service) |
Infra footprint (live)¶
| Service | State | Notes |
|---|---|---|
| Container Apps (loom-console + 5 workers) | ✅ v2.5.1 | Internal CAE, Front Door public |
Cosmos DB cosmos-loom-default-... | ✅ | loom db + workspaces + items containers + data-plane RBAC |
Storage saloomdefault... (ADLS Gen2) | ✅ | bronze/silver/gold/landing containers + Storage Blob Data Contributor for UAMI |
Synapse workspace + Dedicated loompool | ✅ Public=Disabled | UAMI sysadmin via SQL CREATE LOGIN, hub-VNet PE for Sql + SqlOnDemand |
| Databricks workspace | ✅ Public=Disabled | UAMI registered as SP via SCIM, hub-VNet PE for ui_api |
ADX cluster adx-csa-loom-shared + loomdb-default | ✅ | UAMI Contributor + AllDatabasesAdmin |
ADF adf-loom-default-eastus2 | ✅ | Factory + PE + private DNS zone |
AI Foundry hub aifoundry-csa-loom-eastus2 | ✅ | + project loom-project-default |
AI Search dlz-aisearch-dev-eastus2 (reused) | ✅ | AAD auth enabled, 3 RBAC roles granted |
APIM dml-ai-east-aigateway (reused) | ✅ | API Management Service Contributor for UAMI |
Content Safety cs-loom-eastus2 | ✅ NEW | S0 in eastus2, real moderation working |
| Front Door + WAF + AGW + VPN + Bastion | ✅ | All access patterns |
| Key Vault + ACR | ✅ Public=Disabled | PE-only |
| Auto-pause Logic App | ✅ | Nightly 04:00 UTC pause of loompool |
Commits this v2.5 round¶
29dc030c fix(csa-loom-v2.5): tracing API version 2015-05-01
f2fbd9d5 feat(csa-loom-v2.5): AI Foundry sub-editors (8 surfaces)
0041cf33 feat(csa-loom-v2.4): Fabric-native editors (4 editors)
Plus 30+ earlier this session. Branch access-patterns-vpn-agw-fd at 29dc030c. PR #331 → main open.
Zero-vaporware status¶
Everything in the Loom UI either calls real Azure REST + returns real data, persists real state in Cosmos, or shows a MessageBar with a precise remediation hint pointing at the one remaining admin action. No silent fakes. The 2 AML data-plane gates (prompt-flow/evaluation) are documented Microsoft constraints requiring delegated user auth (OBO) — same shape as Databricks SCIM which is now resolved.
Ready for v3 work (Power Platform + Copilot Studio + Unleashed scope from the original backlog).