Contract-bound data for every AI agent on Microsoft Fabric.
Orqentis is the AI Readiness and Data Security layer for AI agents on Microsoft Fabric. It is a native Fabric ISV workload that enforces ODCS v3.1.0 data contracts at the OneLake Delta layer β the one place every Fabric Copilot, Fabric Data Agent, Copilot Studio skill, and Microsoft 365 Copilot grounding query reads from. Every enforcement run executes under the calling user's OBO-delegated identity, producing the per-inference data trust evidence that EU AI Act Article 10, NIST AI RMF, and ISO/IEC 42001 auditors demand.
π Positioning, demo script, and investor materials: docs/positioning/
Microsoft Copilot in Fabric is answering board-level questions today. The answer is confident.
The data is often 72 hours stale, schema-drifted, unlabelled for sensitivity, or being read by
an agent running with broader permissions than the user who asked the question. These are not
AI model failures β they are data infrastructure failures, and no Fabric-native tool enforces
contractual schema, freshness, quality, and identity guarantees on the Delta tables that AI
agents ground on. See docs/positioning/ai-readiness.md
for the full narrative and the six broken promises every Fabric AI deployment is quietly making.
| Capability | What it does | Primary buyer |
|---|---|---|
| Agent-Ready Contract Co-Author | AI generates an ODCS v3.1.0 draft from the actual Delta log profile β schema, 30-day freshness pattern, PII column detection β edited in Monaco with full IntelliSense inside the Fabric portal. | Head of Data Governance |
| AI Blast-Radius Scorer | At breach time, traverses the Fabric lineage graph and severity-ranks every Copilot session, semantic model, Fabric Data Agent, and Copilot Studio skill grounded on the broken contract. | Fabric Platform Owner |
| Pre-Copilot Contract Gate | Low-latency Contract Status REST endpoint; tags semantic models contract-status: BREACH; suppresses or warns Copilot grounding before stale data reaches agents. |
Chief AI Officer |
| AI Act Evidence Pack | One-click PDF/JSON bundle: run history, OBO identity log, MIP labels, Delta log versions, mapped to EU AI Act Art. 10/13, NIST AI RMF MEASURE, ISO/IEC 42001. | Chief Data Officer |
| AI Governance Assistant | Natural-language queries across the contract estate β "Which contracts feed our M365 Copilot?" β returns a ranked, actionable list. | All five personas |
Full demo (12 minutes, 7 scenes): docs/positioning/mvp-demo-script.md.
Competitive matrix vs Purview, Informatica, Collibra, Atlan, Monte Carlo, Securiti, Immuta,
Lakera/Protect AI: docs/positioning/competitive-matrix.md.
| Community (free) | Enterprise (AUD $299/workspace/mo) | |
|---|---|---|
| Workspaces | 1 | Unlimited |
| Contracts | 20 | Unlimited |
| Manual enforcement | β | β |
| Scheduled enforcement | β | β |
| AI contract suggestion | β | β |
| Activator alerting | β | β |
| Cross-workspace federation | β | β |
| Audit reports (PDF) | β | β |
| Purview integration | β | β |
See docs/spec.md Β§3.2 for the full matrix.
A React 18 / Fluent UI v9 micro-frontend hosted inside the Fabric portal iframe via the Fabric Extensibility SDK, talking to a .NET 8 API in Azure App Service. The Orqentis Enforcement Engine reads OneLake Delta transaction logs using OBO-delegated tokens, diffs live schema against ODCS contracts, evaluates quality + freshness rules, and persists results to PostgreSQL. Target adapters read Warehouse/Fabric SQL metadata through delegated SQL, Eventhouse/KQL metadata through delegated Kusto, and Semantic Model definitions through Fabric REST/TMDL. AI features (contract suggestion, breach scoring, NL query) are brokered via Azure OpenAI with an Anthropic Claude fallback. Breach alerts fire through Fabric Activator.
Fabric Portal (iframe)
βββ React frontend ββββββββββββββββββΊ Orqentis.Api (App Service)
βββ Orqentis.Engine βββΊ OneLake Delta tables (OBO)
βββ Orqentis.AI ββββββΊ Azure OpenAI / Claude
βββ Orqentis.Data ββββΊ PostgreSQL
βββ Activator βββΊ Fabric Activator
Full diagram + ADRs: docs/architecture.md.
fabric-contract-intelligence/
βββ .ai/ AI agent context + per-sprint runbooks
βββ .github/ Copilot instructions, workflows, templates
βββ frontend/ React 18 + Vite + Fluent UI v9
βββ backend/ .NET 8 solution
β βββ Orqentis.Api/ ASP.NET Core Web API
β βββ Orqentis.Engine/ Enforcement Engine class library
β βββ Orqentis.AI/ AI Agent class library
β βββ Orqentis.Data/ EF Core + PostgreSQL
β βββ Orqentis.Tests/ xUnit test projects
βββ infra/ Azure Bicep IaC
βββ contracts/examples/ Sample ODCS v3.1.0 contracts
βββ docs/ Architecture, API, agent guide, full spec
Prerequisites: Node.js 20+, .NET 8 SDK, PowerShell 7, Azure CLI, a Fabric tenant with workspace + capacity, and an Entra app registration.
# 1. Install frontend deps
cd frontend; npm install
# 2. Restore backend
cd ..\backend; dotnet restore Orqentis.sln
# 3. Apply DB migrations (requires local PostgreSQL or container)
dotnet ef database update --project Orqentis.Data --startup-project Orqentis.Api
# 4. Run frontend (in one shell)
cd ..\frontend; npm run dev
# 5. Run backend (in another shell)
cd ..\backend\Orqentis.Api; dotnet runThe Fabric workload manifest (frontend/manifest/WorkloadManifest.json) is published to a
Fabric tenant via the Self-Service Workload Publishing flow β see
docs/agent-guide.md Β§6 for the publish runbook.
READ FIRST: .github/copilot-instructions.md. Then,
before touching any code, open the relevant sprint runbook in .ai/commands/.
The build order, file paths, interfaces, and acceptance criteria are all pre-specified.
Core rules (full list in docs/agent-guide.md Β§16.1):
- Never hardcode connection strings, API keys, or tenant IDs. All secrets via Key Vault / env vars.
- Always write unit tests alongside implementation. β₯85% line coverage on
Orqentis.EngineandOrqentis.AI. - Never bypass
OdcsContractValidator. A YAML that fails validation must not be saved asactive. - AI LLM calls require a 15-second timeout and a graceful fallback (empty template / null score).
- All Delta table access uses the OBO token of the calling user. Never an app-level credential.
- All API responses include an
X-Correlation-Idheader.
MIT β see LICENSE. Bundled OSS dependencies retain their original licences.
Production pilot ready and public ISV launch candidate. Core workload features are implemented,
CI/CD is green, Engine/AI coverage gates are enforced, and live Fabric evidence is tracked in
docs/test-scenarios.md. Public ISV launch readiness is tracked by
docs/isv-publish-checklist.md, the interim Enterprise upgrade
flow is documented in docs/entitlement-process.md, and readiness
artifacts are enforced by scripts\Test-PublicReadiness.ps1.