Recent releases and planned milestones for upcoming Topaz versions. The roadmap reflects current intentions and may change.
v1.7 is now released. Here is a quick overview of the services and features planned for upcoming releases.
| Feature | Description | |
|---|---|---|
| Preview | Get deployment operation (resource group / subscription scope) | GET .../deployments/{name}/operations/{operationId} — requires per-resource operation tracking in the orchestrator |
| Preview | List / Get deployment operations at management group scope | GET .../managementGroups/{id}/providers/Microsoft.Resources/deployments/{name}/operations[/{operationId}] |
| Preview | List / Get deployment operations at tenant scope | GET /providers/Microsoft.Resources/deployments/{name}/operations[/{operationId}] |
| Feature | Description | |
|---|---|---|
| Preview | Reject unauthenticated requests to private containers | Return 401 + WWW-Authenticate when a Blob data-plane request has no Authorization header and no valid SAS query string, and the target container's public-access level is none |
| Preview | Revoke User Delegation Keys | ARM POST .../revokeUserDelegationKeys — persist a per-account revocation timestamp and reject User Delegation SAS tokens whose skt predates it |
| Feature | Description | |
|---|---|---|
| Preview | HTTP request forwarding | Data-plane endpoint on *.azurewebsites.topaz.local.dev:8895 that proxies all traffic to the user's Docker Compose container; target port read from the WEBSITES_PORT app setting (default 80), container resolved by matching the Compose service name to the App Service site name |
| Feature | Description | |
|---|---|---|
| Stable | Chaos mode toggle and CLI | topaz chaos enable/disable/status CLI commands and corresponding REST control-plane endpoints (POST /topaz/chaos/enable, POST /topaz/chaos/disable, GET /topaz/chaos/status); state is in-memory |
| Preview | Fault rule configuration | Per-service (or global *) fault rules with fields: serviceNamespace, faultType (Timeout | TransientError | Throttle | ServiceUnavailable), faultRate (0–1), and optional httpStatusCode; CRUD via PUT/GET/DELETE /topaz/chaos/rules/{ruleId} |
| Preview | Router-level fault injection middleware | When chaos mode is enabled, the router evaluates active rules before dispatching: injects configurable delays, 429/500/503 responses, or connection drops at the configured probability; every injected fault is logged |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.AppConfiguration project with ConfigurationStoreResource, ConfigurationStoreResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.AppConfiguration/configurationStores |
| Preview | ConfigurationStore CRUD | Create, get, update (tags, SKU, publicNetworkAccess), delete, list by resource group, and list by subscription; endpoint field emitted as https://{name}.azconfig.topaz.local.dev:<port>/ |
| Stable | Access key management | listKeys and regenerateKey ARM actions; two read-write and two read-only key pairs persisted and rotatable |
| Preview | Data plane — key-value API | GET/PUT/DELETE /kv/{key} and GET /kv (list with ?key=, ?label=, $select= filtering); GET /labels; PUT/DELETE /locks/{key}; HMAC-SHA256 credential authentication; ETag / If-Match concurrency |
| Preview | Feature flag support | Key-values with content type application/vnd.microsoft.appconfig.ff+json under the .appconfig.featureflag/ key prefix; compatible with the Azure SDK FeatureFlagConfigurationSetting model |
| Stable | MCP Server tool | CreateAppConfigurationStore tool; GetConnectionStrings extended with App Configuration connection string |
| Feature | Description | |
|---|---|---|
| Preview | LRO polling for beginGetAccess | Upgrade beginGetAccess to return 202 Accepted + Azure-AsyncOperation polling URL; GET on the URL transitions InProgress → Succeeded with the accessSAS stub in properties.output; LRO state held in-memory per disk |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.ApplicationInsights project with models, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for microsoft.insights/components |
| Preview | Component CRUD | Create, get, update (tags, retentionInDays), delete, list microsoft.insights/components; instrumentationKey and connectionString generated on creation and stable across updates |
| Preview | Telemetry ingestion | POST /v2/track accepts JSON arrays of Application Insights telemetry envelopes (RequestData, TraceData, ExceptionData, EventData, MetricData, DependencyData); persists to disk per instrumentation key |
| Preview | Basic query API | POST /v1/apps/{instrumentationKey}/query — minimal KQL subset over persisted telemetry; supports requests, traces, exceptions, customEvents, customMetrics, dependencies tables; where, project, summarize count(), order by, take operators; returns standard {"tables":[...]} schema |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.LogAnalytics project with WorkspaceResource, WorkspaceResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.OperationalInsights/workspaces |
| Preview | Workspace CRUD | Create, get, update (tags, retentionInDays, SKU), delete, list Microsoft.OperationalInsights/workspaces; workspaceId / customerId generated as stable GUIDs on creation |
| Preview | Logs Ingestion API | POST https://{workspaceId}.ods.opinsights.topaz.local.dev/api/logs — accepts JSON log arrays with Log-Type header; persists records per custom table name; returns 200 with empty body |
| Preview | KQL query API | POST /v1/workspaces/{workspaceId}/query — minimal KQL subset over ingested custom tables; where, project, extend, summarize, order by, take, union operators; returns standard {"tables":[...]} schema |
| Feature | Description | |
|---|---|---|
| Preview | Full azcopy-compatible disk streaming | Upgrade the SAS endpoint from empty-body to a fully streamable sparse disk image: GET /disk-sas/{uniqueId} honours Range requests; PUT accepts page-blob byte-range uploads; HEAD reports Content-Length = diskSizeGB * 1073741824; large disks use an on-disk .topaz/disks/{uniqueId}.vhd sparse file |
| Feature | Description | |
|---|---|---|
| Preview | Geo-replication sync scheduler | Background service (GeoReplicationSyncScheduler) that periodically updates LastGeoSyncTime on RA-GRS/RAGZRS accounts; stats endpoints return the persisted timestamp instead of wall-clock time, simulating realistic replication lag |
| Feature | Description | |
|---|---|---|
| Preview | TTL enforcement | Background scheduler that purges expired documents from SQL containers where defaultTtl is set; prerequisite: data-plane document store (v1.7-beta) |
| Preview | Container-level RBAC | Per-container access policy enforcement integrated with the data-plane auth layer; prerequisite: data-plane authentication surface (v1.7-beta) |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.ApiManagement project with ApiManagementServiceResource, ApiManagementServiceResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.ApiManagement/service |
| Preview | Service CRUD | Create, get, update (tags, SKU, publisherEmail), delete, list by resource group, and list by subscription for Microsoft.ApiManagement/service; gatewayUrl, portalUrl, and managementApiUrl derived from service name and persisted on creation |
| Preview | APIs CRUD | Create, get, update, delete, and list API definitions under a service instance; fields: displayName, description, serviceUrl, path, protocols, apiType (http/soap/websocket/graphql); persisted as subresources |
| Preview | Products CRUD | Create, get, update, delete, and list Products; product-to-API association via PUT/DELETE/GET .../products/{id}/apis/{apiId}; fields: displayName, description, state, subscriptionRequired, approvalRequired |
| Preview | Backends CRUD | Create, get, update, delete, and list Backends; fields: url, protocol, description, title, resourceId; backends are referenced by policy expressions and persisted as subresources |
| Preview | Policies CRUD | Service-level and API-level policy documents stored and returned as raw APIM XML; no policy execution in v1.10 — storage and round-trip only |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.ContainerInstances project with ContainerGroupResource, ContainerGroupResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.ContainerInstance/containerGroups |
| Preview | Container Groups CRUD | Create, get, update (tags), delete, list by resource group, and list by subscription for Microsoft.ContainerInstance/containerGroups; provisioningState is always Succeeded; instanceView.state is always Running |
| Preview | Lifecycle operations | Start, stop, and restart container group operations (no-op in emulation; provisioningState and instanceView.state remain unchanged) |
| Preview | Container logs | GET .../containers/{containerName}/logs returns a stub log line; satisfies az container logs without running real containers |
| Feature | Description | |
|---|---|---|
| Stable | Availability Set CRUD | Create, get, update (tags, platformFaultDomainCount), delete, list by resource group, and list by subscription for Microsoft.Compute/availabilitySets; provisioningState is always Succeeded; full Deploy() and RouteDeployment() support |
| Preview | List available VM sizes | GET .../availabilitySets/{name}/vmSizes returns the same stub catalogue as the compute SKUs endpoint |
| Feature | Description | |
|---|---|---|
| Stable | Private Endpoint CRUD | Create, get, delete, list by resource group, and list by subscription for Microsoft.Network/privateEndpoints; assigns an IP from the linked subnet CIDR via IpAllocationRegistry on creation; privateLinkServiceConnectionState is always Approved; full Deploy() and RouteDeployment() support |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.Redis project with RedisResource, RedisResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.Cache/redis |
| Preview | Redis Cache CRUD | Create, get, update (tags, SKU, enableNonSslPort, minimumTlsVersion, redisConfiguration), delete, list by resource group, and list by subscription; access keys generated on creation and exposed via listKeys / regenerateKey |
| Preview | Firewall Rules CRUD | Create, get, update, delete, and list firewall rules per cache; no actual IP filtering enforced in the emulator |
| Preview | MCP provisioning tool | CreateRedisCache MCP tool; GetConnectionStrings extended with Redis connection string |
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.EventGrid project with EventGridTopicResource, EventGridTopicResourceProperties, resource provider, control plane (including Deploy()), host registration, and RouteDeployment() case for Microsoft.EventGrid/topics |
| Preview | Topic CRUD | Create, get, update (tags, inputSchema, publicNetworkAccess), delete, list by resource group, and list by subscription; endpoint emitted as https://{name}.eventgrid.topaz.local.dev:<port>/; access keys generated on creation and exposed via listKeys / regenerateKey |
| Preview | Event Subscriptions CRUD | Create, get, update, delete, and list event subscriptions per topic; fields: destination (WebHook, ServiceBus, EventHub), filter, eventDeliverySchema; persisted as subresources |
| Preview | Event publishing | POST /api/events on the topic data-plane endpoint accepts CloudEvents and EventGrid schema arrays; persists events and delivers synchronously to WebHook destinations via HTTP POST |
| Preview | System Topics | Create, get, delete, and list Microsoft.EventGrid/systemTopics; source and topicType stored and returned verbatim; event subscriptions on system topics follow the same model as custom topics |
| Stable | MCP provisioning tool | CreateEventGridTopic MCP tool; GetConnectionStrings extended with Event Grid endpoint and key |
| Feature | Description | |
|---|---|---|
| Preview | Snapshots | PUT/GET/DELETE /snapshots/{name} — capture a point-in-time copy of key-values matching a filter; archiveSnapshot and recoverSnapshot transitions; snapshot status (provisioning → ready / archived); list snapshots with ?name=, ?status= filtering |
| Preview | Key Vault references | Key-values with content type application/vnd.microsoft.appconfig.keyvaultref+json resolved on GET /kv/{key}?resolve=true via the local Topaz Key Vault instance; compatible with AzureAppConfigurationOptions.ConfigureKeyVault() in the .NET SDK |
| Preview | Change notification (EventGrid integration) | On any key-value write or delete, publish a Microsoft.AppConfiguration.KeyValueModified / Microsoft.AppConfiguration.KeyValueDeleted event to any EventGrid topic subscription wired to the store's system topic |
| Feature | Description | |
|---|---|---|
| Preview | Extended KQL operators | Add join (inner/leftouter), mv-expand, bin(), ago(), and time-range filter (between, datetime()) to both the Application Insights query API and Log Analytics query API introduced in v1.9 |
| Preview | Cross-workspace query | POST /v1/workspaces/{id}/query accepts a workspaces() expression referencing other emulated Log Analytics workspaces within the same Topaz instance |
| Feature | Description | |
|---|---|---|
| Preview | RESP2 protocol listener | In-process TCP listener on port 6379 (configurable) implementing the RESP2 wire protocol; backed by a ConcurrentDictionary per-cache instance; supports SET, GET, DEL, EXISTS, EXPIRE, TTL, KEYS, HSET, HGET, HGETALL, HDEL, LPUSH, RPUSH, LPOP, RPOP, LRANGE, SADD, SMEMBERS, SREM, INCR, DECR, PING, SELECT, FLUSHDB |
| Preview | TLS listener | Optional TLS-wrapped RESP2 listener on port 6380 using the existing Topaz dev certificate; enabled when enableNonSslPort is false on the cache resource |
| Preview | Connection string in GetConnectionStrings | MCP and CLI GetConnectionStrings emit host:port,password=key,ssl=true|false,abortConnect=False format compatible with StackExchange.Redis.ConfigurationOptions.Parse() |
| Feature | Description | |
|---|---|---|
| Preview | Multi-step task file execution (FileTaskRunRequest) | Parse a task YAML provided via FileTaskRunRequest and execute each step sequentially: build (docker build), cmd (docker run), and push (docker push to the local OCI registry); topological ordering via when dependencies; real status transitions (Queued → Running → Succeeded / Failed); combined per-step output streamed to the log endpoint |
| Preview | Multi-step task file execution (EncodedTaskRunRequest) | Extend multi-step execution to the EncodedTaskRunRequest path: base64-decode encodedTaskContent to recover the YAML and apply the same step execution logic; support encodedContext (base64-encoded tar.gz build context) |
| Feature | Description | |
|---|---|---|
| Preview | rate-limit policy | Enforce call-rate and bandwidth quotas per subscription key; 429 response with Retry-After header when the limit is exceeded; in-memory per-process counter |
| Preview | set-header / set-body / rewrite-uri policies | Transform inbound and outbound headers, replace the request body, and rewrite the upstream URL before forwarding to the backend |
| Preview | validate-jwt policy | Validate Authorization: Bearer tokens against a configurable JWKS URI or inline signing key; reject with 401 on invalid or expired tokens |
| Preview | Backend request forwarding | When a matching API + operation is found and a backend is configured, forward the request to backend.url and stream the response back; honours rewrite-uri and set-header transforms |
| Feature | Description | |
|---|---|---|
| Preview | Dead-letter queue (DLQ) | AMQP and HTTP sub-queue path /$DeadLetterQueue per queue and per subscription; DeadLetter() receiver API moves messages with DeadLetterReason and DeadLetterErrorDescription annotations; maxDeliveryCount enforcement auto-dead-letters after threshold |
| Preview | Scheduled message delivery | ScheduledEnqueueTimeUtc broker property respected on send; background scheduler enqueues messages at the specified time; CancelScheduledMessage cancels by sequence number before delivery |
| Preview | Message deferral | Defer() receiver API parks a message by sequence number; ReceiveDeferred(sequenceNumber) retrieves it explicitly; deferred messages invisible to normal Receive() |
| Feature | Description | |
|---|---|---|
| Preview | Consumer group epoch tracking | Each consumer group tracks the AMQP receiver epoch; attaches with a higher epoch steal the link from a lower-epoch receiver; ReceiverDisconnectedException raised on the evicted client |
| Preview | Checkpoint Store simulation | In-process checkpoint store compatible with BlobCheckpointStore; EventProcessorClient can read and write partition ownership and offsets without a real Storage account; backed by the emulated Blob Storage service when a storage account is configured |
| Preview | Partition cursor persistence | Sequence number and offset per partition per consumer group persisted across restarts; EventPosition.FromSequenceNumber, FromOffset, FromEnqueuedTime, and Earliest/Latest all respected |
| Feature | Description | |
|---|---|---|
| Preview | Docker-backed container group execution | When the local Docker daemon is available, Create container group spawns real containers via the Docker API; instanceView.state reflects actual container status (Pending → Running → Terminated); opt-in via TOPAZ_ACI_USE_DOCKER=true environment variable |
| Preview | Container log streaming | GET .../containers/{name}/logs streams stdout/stderr from the running Docker container; ?tail=N and ?timestamps=true query parameters supported |
| Preview | Local Container Registry integration | Container image names resolved against the emulated Container Registry (port 8892) before pulling from the public registry; enables end-to-end az acr build → az container create workflows |
| Feature | Description | |
|---|---|---|
| Preview | Function App resource type | Microsoft.Web/sites with kind: functionapp — distinct provisioning path that emits a function-specific hostNames pattern and validates required app settings (AzureWebJobsStorage, FUNCTIONS_EXTENSION_VERSION) |
| Preview | Admin management API | GET /admin/functions lists deployed functions with trigger type and invoke URL; POST /admin/functions/{name} manually invokes a function (requires the app to be forwarded via the App Service proxy) |
| Preview | host.json parsing | Read FUNCTIONS_EXTENSION_VERSION and AzureWebJobsStorage from app settings; validate that the referenced Storage account exists in the emulator and surface a warning in the Topaz portal if not |
| Feature | Description | |
|---|---|---|
| Preview | AMQP link detach injection | Chaos rules with faultType: AmqpLinkDetach forcibly close AMQP sender/receiver links at the configured faultRate; clients receive an AMQP detach frame with error.condition = amqp:resource-limit-exceeded |
| Preview | Credit starvation | faultType: AmqpCreditStarvation suspends flow-frame credit grants on a link, causing the client's send buffer to fill; tests client-side timeout and retry logic |
| Preview | Session timeout injection | faultType: AmqpSessionTimeout closes the AMQP session (not just the link) after a configurable delay, simulating broker-side session expiry |
| Feature | Description | |
|---|---|---|
| Preview | Verified compatibility & test suite | Dedicated Topaz.Tests.OpenTofu project mirroring the Terraform suite; build script and integration guide |
| Feature | Description | |
|---|---|---|
| Preview | Resource Health CRUD | GET /subscriptions/{sub}/providers/Microsoft.ResourceHealth/availabilityStatuses and per-resource GET .../providers/Microsoft.ResourceHealth/availabilityStatuses/current always return Available; unblocks SDK health-check decorators and ARM health-check extensions in production apps |
| Preview | Service Health events | GET /subscriptions/{sub}/providers/Microsoft.ResourceHealth/events returns an empty list by default; controllable via chaos mode to inject a synthetic ServiceIssue or PlannedMaintenance event |
| Feature | Description | |
|---|---|---|
| Preview | topaz export --format bicep | Introspects the current emulator state and generates a Bicep file describing all provisioned resources across a subscription; respects resource dependencies for module ordering |
| Preview | topaz export --format terraform | Same introspection emitting HCL with azurerm provider resource blocks; includes a terraform.tfvars stub for subscription and tenant IDs |
Ideas not yet tied to a specific milestone.
Open a discussion or upvote an existing issue on GitHub.