Skip to main content

Roadmap

Recent releases and planned milestones for upcoming Topaz versions. The roadmap reflects current intentions and may change.

What's coming

v1.7 is now released. Here is a quick overview of the services and features planned for upcoming releases.

v1.8 preview
  • Azure StorageBlob auth enforcement · revoke user delegation keys
  • App ServiceTransparent HTTP request forwarding to Docker containers
  • Chaos EngineeringFault injection middleware · rule configuration · CLI
  • App ConfigurationInitial control plane · data plane · feature flags
  • Azure DisksSAS access LRO polling
v1.9 preview
  • Application InsightsInitial control plane · telemetry ingestion · KQL query
  • Log AnalyticsInitial control plane · logs ingestion · KQL query
  • Azure DisksFull azcopy-compatible disk streaming via SAS URL
  • Azure StorageGeo-replication sync simulation
  • Cosmos DBTTL enforcement · container-level RBAC
v1.10 preview
  • API ManagementInitial control plane · APIs · Products · Backends · Policies
  • Container InstancesInitial control plane · lifecycle operations · container logs
  • Availability SetsInitial control plane · list available VM sizes
  • Private EndpointsInitial control plane · IP allocation via subnet CIDR
  • Redis CacheInitial control plane · firewall rules · MCP provisioning tool
v1.11
  • Container RegistryACR Tasks multi-step execution (FileTaskRunRequest & EncodedTaskRunRequest)
  • Resource pre-seedingImport existing Azure resources into local Topaz state via topaz seed CLI command
  • Azure Event GridInitial control plane · event subscriptions · event publishing · system topics · MCP tool
  • App ConfigurationSnapshots · Key Vault references · EventGrid change notifications
  • Application Insights / Log AnalyticsExtended KQL: join, mv-expand, bin(), ago(), cross-workspace query
  • Redis CacheRESP2 data plane · TLS listener · connection string in GetConnectionStrings

v1.8-preview

ARM Deployments — deployment operations tracking

FeatureDescription
PreviewGet deployment operation (resource group / subscription scope)GET .../deployments/{name}/operations/{operationId} — requires per-resource operation tracking in the orchestrator
PreviewList / Get deployment operations at management group scopeGET .../managementGroups/{id}/providers/Microsoft.Resources/deployments/{name}/operations[/{operationId}]
PreviewList / Get deployment operations at tenant scopeGET /providers/Microsoft.Resources/deployments/{name}/operations[/{operationId}]

Azure Storage — Blob authentication enforcement

FeatureDescription
PreviewReject unauthenticated requests to private containersReturn 401 + WWW-Authenticate when a Blob data-plane request has no Authorization header and no valid SAS query string, and the target container's public-access level is none
PreviewRevoke User Delegation KeysARM POST .../revokeUserDelegationKeys — persist a per-account revocation timestamp and reject User Delegation SAS tokens whose skt predates it

Azure App Service — transparent request forwarding

FeatureDescription
PreviewHTTP request forwardingData-plane endpoint on *.azurewebsites.topaz.local.dev:8895 that proxies all traffic to the user's Docker Compose container; target port read from the WEBSITES_PORT app setting (default 80), container resolved by matching the Compose service name to the App Service site name

Chaos Engineering — controllable fault injection

FeatureDescription
StableChaos mode toggle and CLItopaz chaos enable/disable/status CLI commands and corresponding REST control-plane endpoints (POST /topaz/chaos/enable, POST /topaz/chaos/disable, GET /topaz/chaos/status); state is in-memory
PreviewFault rule configurationPer-service (or global *) fault rules with fields: serviceNamespace, faultType (Timeout | TransientError | Throttle | ServiceUnavailable), faultRate (0–1), and optional httpStatusCode; CRUD via PUT/GET/DELETE /topaz/chaos/rules/{ruleId}
PreviewRouter-level fault injection middlewareWhen chaos mode is enabled, the router evaluates active rules before dispatching: injects configurable delays, 429/500/503 responses, or connection drops at the configured probability; every injected fault is logged

Azure App Configuration — initial control plane and data plane

FeatureDescription
StableNew service scaffoldTopaz.Service.AppConfiguration project with ConfigurationStoreResource, ConfigurationStoreResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.AppConfiguration/configurationStores
PreviewConfigurationStore CRUDCreate, get, update (tags, SKU, publicNetworkAccess), delete, list by resource group, and list by subscription; endpoint field emitted as https://{name}.azconfig.topaz.local.dev:<port>/
StableAccess key managementlistKeys and regenerateKey ARM actions; two read-write and two read-only key pairs persisted and rotatable
PreviewData plane — key-value APIGET/PUT/DELETE /kv/{key} and GET /kv (list with ?key=, ?label=, $select= filtering); GET /labels; PUT/DELETE /locks/{key}; HMAC-SHA256 credential authentication; ETag / If-Match concurrency
PreviewFeature flag supportKey-values with content type application/vnd.microsoft.appconfig.ff+json under the .appconfig.featureflag/ key prefix; compatible with the Azure SDK FeatureFlagConfigurationSetting model
StableMCP Server toolCreateAppConfigurationStore tool; GetConnectionStrings extended with App Configuration connection string

Azure Disks — SAS access LRO polling

FeatureDescription
PreviewLRO polling for beginGetAccessUpgrade beginGetAccess to return 202 Accepted + Azure-AsyncOperation polling URL; GET on the URL transitions InProgressSucceeded with the accessSAS stub in properties.output; LRO state held in-memory per disk

v1.9-preview

Application Insights — initial control plane and ingestion

FeatureDescription
StableNew service scaffoldTopaz.Service.ApplicationInsights project with models, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for microsoft.insights/components
PreviewComponent CRUDCreate, get, update (tags, retentionInDays), delete, list microsoft.insights/components; instrumentationKey and connectionString generated on creation and stable across updates
PreviewTelemetry ingestionPOST /v2/track accepts JSON arrays of Application Insights telemetry envelopes (RequestData, TraceData, ExceptionData, EventData, MetricData, DependencyData); persists to disk per instrumentation key
PreviewBasic query APIPOST /v1/apps/{instrumentationKey}/query — minimal KQL subset over persisted telemetry; supports requests, traces, exceptions, customEvents, customMetrics, dependencies tables; where, project, summarize count(), order by, take operators; returns standard {"tables":[...]} schema

Log Analytics — initial control plane and ingestion

FeatureDescription
StableNew service scaffoldTopaz.Service.LogAnalytics project with WorkspaceResource, WorkspaceResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.OperationalInsights/workspaces
PreviewWorkspace CRUDCreate, get, update (tags, retentionInDays, SKU), delete, list Microsoft.OperationalInsights/workspaces; workspaceId / customerId generated as stable GUIDs on creation
PreviewLogs Ingestion APIPOST https://{workspaceId}.ods.opinsights.topaz.local.dev/api/logs — accepts JSON log arrays with Log-Type header; persists records per custom table name; returns 200 with empty body
PreviewKQL query APIPOST /v1/workspaces/{workspaceId}/query — minimal KQL subset over ingested custom tables; where, project, extend, summarize, order by, take, union operators; returns standard {"tables":[...]} schema

Azure Disks — full disk data streaming (azcopy)

FeatureDescription
PreviewFull azcopy-compatible disk streamingUpgrade the SAS endpoint from empty-body to a fully streamable sparse disk image: GET /disk-sas/{uniqueId} honours Range requests; PUT accepts page-blob byte-range uploads; HEAD reports Content-Length = diskSizeGB * 1073741824; large disks use an on-disk .topaz/disks/{uniqueId}.vhd sparse file

Azure Storage — geo-replication sync simulation

FeatureDescription
PreviewGeo-replication sync schedulerBackground service (GeoReplicationSyncScheduler) that periodically updates LastGeoSyncTime on RA-GRS/RAGZRS accounts; stats endpoints return the persisted timestamp instead of wall-clock time, simulating realistic replication lag

Azure Cosmos DB — SQL Container advanced features

FeatureDescription
PreviewTTL enforcementBackground scheduler that purges expired documents from SQL containers where defaultTtl is set; prerequisite: data-plane document store (v1.7-beta)
PreviewContainer-level RBACPer-container access policy enforcement integrated with the data-plane auth layer; prerequisite: data-plane authentication surface (v1.7-beta)

v1.10-preview

Azure API Management — initial control plane and data plane

FeatureDescription
StableNew service scaffoldTopaz.Service.ApiManagement project with ApiManagementServiceResource, ApiManagementServiceResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.ApiManagement/service
PreviewService CRUDCreate, get, update (tags, SKU, publisherEmail), delete, list by resource group, and list by subscription for Microsoft.ApiManagement/service; gatewayUrl, portalUrl, and managementApiUrl derived from service name and persisted on creation
PreviewAPIs CRUDCreate, get, update, delete, and list API definitions under a service instance; fields: displayName, description, serviceUrl, path, protocols, apiType (http/soap/websocket/graphql); persisted as subresources
PreviewProducts CRUDCreate, get, update, delete, and list Products; product-to-API association via PUT/DELETE/GET .../products/{id}/apis/{apiId}; fields: displayName, description, state, subscriptionRequired, approvalRequired
PreviewBackends CRUDCreate, get, update, delete, and list Backends; fields: url, protocol, description, title, resourceId; backends are referenced by policy expressions and persisted as subresources
PreviewPolicies CRUDService-level and API-level policy documents stored and returned as raw APIM XML; no policy execution in v1.10 — storage and round-trip only

Azure Container Instances — initial control plane

FeatureDescription
StableNew service scaffoldTopaz.Service.ContainerInstances project with ContainerGroupResource, ContainerGroupResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.ContainerInstance/containerGroups
PreviewContainer Groups CRUDCreate, get, update (tags), delete, list by resource group, and list by subscription for Microsoft.ContainerInstance/containerGroups; provisioningState is always Succeeded; instanceView.state is always Running
PreviewLifecycle operationsStart, stop, and restart container group operations (no-op in emulation; provisioningState and instanceView.state remain unchanged)
PreviewContainer logsGET .../containers/{containerName}/logs returns a stub log line; satisfies az container logs without running real containers

Availability Sets — initial control plane

FeatureDescription
StableAvailability Set CRUDCreate, get, update (tags, platformFaultDomainCount), delete, list by resource group, and list by subscription for Microsoft.Compute/availabilitySets; provisioningState is always Succeeded; full Deploy() and RouteDeployment() support
PreviewList available VM sizesGET .../availabilitySets/{name}/vmSizes returns the same stub catalogue as the compute SKUs endpoint

Private Endpoints — initial control plane

FeatureDescription
StablePrivate Endpoint CRUDCreate, get, delete, list by resource group, and list by subscription for Microsoft.Network/privateEndpoints; assigns an IP from the linked subnet CIDR via IpAllocationRegistry on creation; privateLinkServiceConnectionState is always Approved; full Deploy() and RouteDeployment() support

Azure Redis Cache — initial control plane

FeatureDescription
StableNew service scaffoldTopaz.Service.Redis project with RedisResource, RedisResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.Cache/redis
PreviewRedis Cache CRUDCreate, get, update (tags, SKU, enableNonSslPort, minimumTlsVersion, redisConfiguration), delete, list by resource group, and list by subscription; access keys generated on creation and exposed via listKeys / regenerateKey
PreviewFirewall Rules CRUDCreate, get, update, delete, and list firewall rules per cache; no actual IP filtering enforced in the emulator
PreviewMCP provisioning toolCreateRedisCache MCP tool; GetConnectionStrings extended with Redis connection string

v1.11

Azure Event Grid — initial control plane and delivery

FeatureDescription
StableNew service scaffoldTopaz.Service.EventGrid project with EventGridTopicResource, EventGridTopicResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.EventGrid/topics
PreviewTopic CRUDCreate, get, update (tags, inputSchema, publicNetworkAccess), delete, list by resource group, and list by subscription; endpoint emitted as https://{name}.eventgrid.topaz.local.dev:<port>/; access keys generated on creation and exposed via listKeys / regenerateKey
PreviewEvent Subscriptions CRUDCreate, get, update, delete, and list event subscriptions per topic; fields: destination (WebHook, ServiceBus, EventHub), filter, eventDeliverySchema; persisted as subresources
PreviewEvent publishingPOST /api/events on the topic data-plane endpoint accepts CloudEvents and EventGrid schema arrays; persists events and delivers synchronously to WebHook destinations via HTTP POST
PreviewSystem TopicsCreate, get, delete, and list Microsoft.EventGrid/systemTopics; source and topicType stored and returned verbatim; event subscriptions on system topics follow the same model as custom topics
StableMCP provisioning toolCreateEventGridTopic MCP tool; GetConnectionStrings extended with Event Grid endpoint and key

App Configuration — advanced data plane features

FeatureDescription
PreviewSnapshotsPUT/GET/DELETE /snapshots/{name} — capture a point-in-time copy of key-values matching a filter; archiveSnapshot and recoverSnapshot transitions; snapshot status (provisioningready / archived); list snapshots with ?name=, ?status= filtering
PreviewKey Vault referencesKey-values with content type application/vnd.microsoft.appconfig.keyvaultref+json resolved on GET /kv/{key}?resolve=true via the local Topaz Key Vault instance; compatible with AzureAppConfigurationOptions.ConfigureKeyVault() in the .NET SDK
PreviewChange notification (EventGrid integration)On any key-value write or delete, publish a Microsoft.AppConfiguration.KeyValueModified / Microsoft.AppConfiguration.KeyValueDeleted event to any EventGrid topic subscription wired to the store's system topic

Application Insights & Log Analytics — richer KQL

FeatureDescription
PreviewExtended KQL operatorsAdd join (inner/leftouter), mv-expand, bin(), ago(), and time-range filter (between, datetime()) to both the Application Insights query API and Log Analytics query API introduced in v1.9
PreviewCross-workspace queryPOST /v1/workspaces/{id}/query accepts a workspaces() expression referencing other emulated Log Analytics workspaces within the same Topaz instance

Azure Redis Cache — data plane

FeatureDescription
PreviewRESP2 protocol listenerIn-process TCP listener on port 6379 (configurable) implementing the RESP2 wire protocol; backed by a ConcurrentDictionary per-cache instance; supports SET, GET, DEL, EXISTS, EXPIRE, TTL, KEYS, HSET, HGET, HGETALL, HDEL, LPUSH, RPUSH, LPOP, RPOP, LRANGE, SADD, SMEMBERS, SREM, INCR, DECR, PING, SELECT, FLUSHDB
PreviewTLS listenerOptional TLS-wrapped RESP2 listener on port 6380 using the existing Topaz dev certificate; enabled when enableNonSslPort is false on the cache resource
PreviewConnection string in GetConnectionStringsMCP and CLI GetConnectionStrings emit host:port,password=key,ssl=true|false,abortConnect=False format compatible with StackExchange.Redis.ConfigurationOptions.Parse()

Container Registry — ACR Tasks multi-step execution

FeatureDescription
PreviewMulti-step task file execution (FileTaskRunRequest)Parse a task YAML provided via FileTaskRunRequest and execute each step sequentially: build (docker build), cmd (docker run), and push (docker push to the local OCI registry); topological ordering via when dependencies; real status transitions (QueuedRunningSucceeded / Failed); combined per-step output streamed to the log endpoint
PreviewMulti-step task file execution (EncodedTaskRunRequest)Extend multi-step execution to the EncodedTaskRunRequest path: base64-decode encodedTaskContent to recover the YAML and apply the same step execution logic; support encodedContext (base64-encoded tar.gz build context)

v1.12

API Management — policy execution subset

FeatureDescription
Previewrate-limit policyEnforce call-rate and bandwidth quotas per subscription key; 429 response with Retry-After header when the limit is exceeded; in-memory per-process counter
Previewset-header / set-body / rewrite-uri policiesTransform inbound and outbound headers, replace the request body, and rewrite the upstream URL before forwarding to the backend
Previewvalidate-jwt policyValidate Authorization: Bearer tokens against a configurable JWKS URI or inline signing key; reject with 401 on invalid or expired tokens
PreviewBackend request forwardingWhen a matching API + operation is found and a backend is configured, forward the request to backend.url and stream the response back; honours rewrite-uri and set-header transforms

Service Bus — dead-letter queue and scheduled messages

FeatureDescription
PreviewDead-letter queue (DLQ)AMQP and HTTP sub-queue path /$DeadLetterQueue per queue and per subscription; DeadLetter() receiver API moves messages with DeadLetterReason and DeadLetterErrorDescription annotations; maxDeliveryCount enforcement auto-dead-letters after threshold
PreviewScheduled message deliveryScheduledEnqueueTimeUtc broker property respected on send; background scheduler enqueues messages at the specified time; CancelScheduledMessage cancels by sequence number before delivery
PreviewMessage deferralDefer() receiver API parks a message by sequence number; ReceiveDeferred(sequenceNumber) retrieves it explicitly; deferred messages invisible to normal Receive()

Event Hub — consumer groups and offset checkpointing

FeatureDescription
PreviewConsumer group epoch trackingEach consumer group tracks the AMQP receiver epoch; attaches with a higher epoch steal the link from a lower-epoch receiver; ReceiverDisconnectedException raised on the evicted client
PreviewCheckpoint Store simulationIn-process checkpoint store compatible with BlobCheckpointStore; EventProcessorClient can read and write partition ownership and offsets without a real Storage account; backed by the emulated Blob Storage service when a storage account is configured
PreviewPartition cursor persistenceSequence number and offset per partition per consumer group persisted across restarts; EventPosition.FromSequenceNumber, FromOffset, FromEnqueuedTime, and Earliest/Latest all respected

v1.13

Azure Container Instances — real Docker execution

FeatureDescription
PreviewDocker-backed container group executionWhen the local Docker daemon is available, Create container group spawns real containers via the Docker API; instanceView.state reflects actual container status (PendingRunningTerminated); opt-in via TOPAZ_ACI_USE_DOCKER=true environment variable
PreviewContainer log streamingGET .../containers/{name}/logs streams stdout/stderr from the running Docker container; ?tail=N and ?timestamps=true query parameters supported
PreviewLocal Container Registry integrationContainer image names resolved against the emulated Container Registry (port 8892) before pulling from the public registry; enables end-to-end az acr buildaz container create workflows

Azure Functions — deeper App Service integration

FeatureDescription
PreviewFunction App resource typeMicrosoft.Web/sites with kind: functionapp — distinct provisioning path that emits a function-specific hostNames pattern and validates required app settings (AzureWebJobsStorage, FUNCTIONS_EXTENSION_VERSION)
PreviewAdmin management APIGET /admin/functions lists deployed functions with trigger type and invoke URL; POST /admin/functions/{name} manually invokes a function (requires the app to be forwarded via the App Service proxy)
Previewhost.json parsingRead FUNCTIONS_EXTENSION_VERSION and AzureWebJobsStorage from app settings; validate that the referenced Storage account exists in the emulator and surface a warning in the Topaz portal if not

Chaos Engineering — AMQP-level fault injection

FeatureDescription
PreviewAMQP link detach injectionChaos rules with faultType: AmqpLinkDetach forcibly close AMQP sender/receiver links at the configured faultRate; clients receive an AMQP detach frame with error.condition = amqp:resource-limit-exceeded
PreviewCredit starvationfaultType: AmqpCreditStarvation suspends flow-frame credit grants on a link, causing the client's send buffer to fill; tests client-side timeout and retry logic
PreviewSession timeout injectionfaultType: AmqpSessionTimeout closes the AMQP session (not just the link) after a configurable delay, simulating broker-side session expiry

v1.14

OpenTofu — verified compatibility

FeatureDescription
PreviewVerified compatibility & test suiteDedicated Topaz.Tests.OpenTofu project mirroring the Terraform suite; build script and integration guide

Azure Service Health / Resource Health stubs

FeatureDescription
PreviewResource Health CRUDGET /subscriptions/{sub}/providers/Microsoft.ResourceHealth/availabilityStatuses and per-resource GET .../providers/Microsoft.ResourceHealth/availabilityStatuses/current always return Available; unblocks SDK health-check decorators and ARM health-check extensions in production apps
PreviewService Health eventsGET /subscriptions/{sub}/providers/Microsoft.ResourceHealth/events returns an empty list by default; controllable via chaos mode to inject a synthetic ServiceIssue or PlannedMaintenance event

IaC state export

FeatureDescription
Previewtopaz export --format bicepIntrospects the current emulator state and generates a Bicep file describing all provisioned resources across a subscription; respects resource dependencies for module ordering
Previewtopaz export --format terraformSame introspection emitting HCL with azurerm provider resource blocks; includes a terraform.tfvars stub for subscription and tenant IDs

Future / Unplanned

Ideas not yet tied to a specific milestone.

Have a suggestion?

Open a discussion or upvote an existing issue on GitHub.

Star on GitHub