Kirimana for Fabric

Microsoft-stack governance without lock-in. Fabric Lakehouse + Warehouse contracts, Purview pass-through, OneLake-aware lineage, Azure OpenAI routing through the AI gateway. Currently in Private Preview — invite only.

For organisations standardised on Microsoft Fabric — from a small team running a single workspace to an enterprise federating dozens of capacities across business units. Currently in Private Preview with active design partners.

Kirimana sits above Fabric so contracts, lineage, and AI policy travel with the data if a domain later moves to Databricks or Trino. Microsoft tenants keep Purview as their catalog of record; Kirimana feeds it.

Enterprise compounds: federated contract library across Fabric workspaces and tenants, Purview-backed classification at scale, hub-and-spoke domains, OIDC RBAC pinned to Entra ID, multi-env CI/CD across dev/test/staging/prod capacities.

What’s included

Fabric Lakehouse adapter — Delta on OneLake, bronze + silver, notebook + spark-job dispatch
Fabric Warehouse adapter — T-SQL compilation for gold; uses the same dialect-rendered abstract SQL plan engine as our other warehouse adapters
Microsoft Purview pass-through — owner, classification, attribute review-state pushed bidirectionally; Purview stays the catalog of record for Microsoft tenants
Fabric Vault adapter — ${vault:...} resolves via Azure Key Vault references (Fabric inherits the Azure Vault model)
AI gateway routing to Azure OpenAI — first-class for Microsoft tenants; classification-aware. Anthropic-via-Bedrock + direct Anthropic Claude also supported
MCP server — external AI assistants (Claude.ai, Cursor, Continue, Cline) read Kirimana from inside or outside Fabric
Fabric Data Pipelines orchestration — DAGs compile to native Fabric pipelines; no third runtime
Incident dispatch — apply / SLA / drift / health events to Jira / ServiceNow / Zendesk

What Kirimana adds that Fabric + Purview alone don’t

Microsoft Fabric is a strong, integrated stack — but the contract layer is missing. Purview is a catalog: it observes what exists. Kirimana is a contract platform: it decides what should exist before anything is built.

Per-contract AI policy enforcement

Fabric’s AI assistants honor workspace ACLs but not per-contract data classification. Kirimana refuses any LLM call against a restricted contract — Azure OpenAI included, regardless of who the caller is. The gate is in the metadata layer.

Contract state machine + PR-time approval workflow

Purview captures lineage and tags. It does not run a draft → reviewed → approved → deprecated state machine. It does not lint contracts at PR time. Kirimana does both, in CI, before the schema lands in OneLake.

Goal-to-data lineage

Purview tracks asset-level lineage. Kirimana tracks ReportingGoal → Contract → Table. The CFO asks where revenue comes from; you answer in one query, with classifications attached.

Multi-platform contract portability

Fabric is the runtime. Kirimana is the contract. Move a domain to Databricks Lakehouse later — the contract follows; Purview can’t. Avoid the cost of changing your mind.

Compliance generators that ship in the box

Microsoft Compliance Manager covers the platform; Kirimana covers the data product. DORA, EU AI Act, GDPR Art. 17 redaction reports generate from contract metadata + audit log.

Cross-tenant federated contract library

Purview is per-tenant. The Kirimana Library is federated — patterns travel across organisations, including out of the Microsoft estate.

Pass-through to Microsoft Purview

Direction	What flows
Push to Purview	Owner, classification (Sensitive / Restricted / Public mapped to Purview labels), attribute review-state, contract version, lineage edges
Pull from Purview	Schema drift detection, observed lineage, downstream usage signals, glossary-term suggestions
Sync cadence	Every `apply` + nightly reconciliation; manual `dca catalog sync` always available

Purview stays the place your Microsoft analysts browse data. Kirimana stays the place your contracts live, your AI policy gates, and your audit log records.

Integrations available out of the box

AI providers: Azure OpenAI (default for Fabric tenants), Anthropic Claude, AWS Bedrock, Ollama
AI assistants: Claude.ai, Cursor, Continue.dev, Cline (via MCP); Microsoft Copilot for Fabric integration on the roadmap
Catalogs: Microsoft Purview (primary), Unity Catalog push (cross-platform tenants), Snowflake Horizon push
Ingest: Airbyte (default), Kafka, Debezium CDC, dlt, REST, database direct, landing zone (ABFSS)
Vault: Azure Key Vault, HashiCorp Vault
ITSM: Jira (REST v3), ServiceNow (Table API), Zendesk (REST v2)
Comms: Slack governance bot, Microsoft Teams
Auth: OIDC — Entra ID (primary), GitHub, Okta, Auth0
BI: Power BI connection guides (primary), Tableau, Qlik; dbt Semantic Layer / MetricFlow / Cube exports

How to deploy

Pattern	When
Container Apps host + Fabric tenant	Recommended. Kirimana control plane on Azure Container Apps; dispatches to Fabric.
AKS-host + Fabric tenant	If you already run AKS for the Databricks edition and want one control plane.

The integration uses Fabric REST APIs and Service Principal auth.

Pricing posture

OSS (free) — Apache-2.0. The full thing.
Professional Services — Fabric-specific bring-up, Purview classification taxonomy alignment, Power BI handoff design.
Enterprise Support — SLA-backed support, named on-call. From $20k/yr.

Capability	Microsoft Fabric + Purview	+ Kirimana
AI policy enforcement	Workspace ACL on Copilot	Per-contract classification gate, all providers
Contract artefact	Tags + Purview labels	ODCS v3 canonical, fed to Purview bidirectionally
Compliance generators	Compliance Manager (platform-only)	DORA + EU AI Act + GDPR for the data product
Multi-platform portability	Microsoft estate only	Same contract runs on Databricks / Trino
Federated contract library	Per-tenant	Cross-tenant, cross-vendor pattern sharing
Contract state machine	None	Draft → Reviewed → Approved → Deprecated, PR-time