All notable changes to this project will be documented in this file.
This format follows Keep a Changelog and adheres to Semantic Versioning.
- Multimodal figure/image extraction for Content Understanding (Azure/GPT-RAG#446): When using Content Understanding as the document analysis backend (
USE_DOCUMENT_INTELLIGENCE=false), the multimodal chunker now extracts figures from documents, uploads them to thedocuments-imagesblob container, generates captions using a vision-capable model, and populatesrelatedImages,imageCaptions, andcaptionVectorfields in the search index — achieving full multimodal parity with the Document Intelligence path. Supports PDF (PyMuPDF page rendering with bounding-box crop), DOCX (word/media/ZIP extraction), and PPTX (ppt/media/ZIP extraction). TheContentUnderstandingClientnow parses and returns figure and page metadata from the API response instead of discarding it. New dependencies:PyMuPDF,python-docx,python-pptx.
- Bumped
gpt-rag-ingestiontov2.3.3.
| Component | Version |
|---|---|
| gpt-rag-ui | v2.3.1 |
| gpt-rag-orchestrator | v2.6.2 |
| gpt-rag-ingestion | v2.3.3 |
| infra (landing zone) | v1.0.7 |
- OpenTelemetry version pinning (orchestrator): Pinned
azure-monitor-opentelemetry==1.8.7,azure-monitor-opentelemetry-exporter==1.0.0b49,opentelemetry-instrumentation-httpx==0.61b0, andopentelemetry-instrumentation-fastapi==0.61b0inrequirements.txt. Unpinned versions caused non-deterministic Docker builds where an older exporter (referencing the removedLogDataclass) could be paired withopentelemetry-sdk>=1.39.0, crashing the container on startup withImportError: cannot import name 'LogData' from 'opentelemetry.sdk._logs'. (#445) - Permission trimming header format (orchestrator): Removed erroneous
Bearerprefix from thex-ms-query-source-authorizationheader value in both the REST API path (search.py) and the SDK path (search_context_provider.py). Azure AI Search expects the raw OBO token without the prefix; including it caused400 Invalid headererrors whenpermissionFilterOptionwas enabled on the search index. (#447)
- Bumped
gpt-rag-orchestratortov2.6.2.
- Restored missing
parent_idfield in the RAG search index template (config/search/search.j2), which was accidentally removed during the v2.6.0 merge. This causedgpt-rag-ingestionblob storage and SharePoint indexers to fail withCould not find a property named 'parent_id'errors.
- Updated
infrasubmodule to bicep-ptn-aiml-landing-zone tagv1.0.7, fixing Log Analytics provisioning failure in Sweden Central caused byforceCmkForQuerydefault.
- Updated
infrasubmodule to bicep-ptn-aiml-landing-zone tagv1.0.6. - Parametrized Container App CPU and memory per app entry with fallback defaults (
0.5CPU /1.0Gi). - Increased
dataingestContainer App resources to1.0CPU and3.0Gimemory. - Increased
text-embedding-3-largedeployment capacity from40to100. - Bumped
gpt-rag-ingestiontov2.3.2.
- Bumped
gpt-rag-orchestratortov2.6.1.
- Fixed Zero Trust provisioning failure caused by jumpbox Custom Script Extension using incorrect release tag. Replaced
install_scriptURL field withailz_taginmanifest.json, allowing the install script URL and release parameter to be derived from the landing zone tag.
- Updated
infrasubmodule to bicep-ptn-aiml-landing-zone tagv1.0.5. - Bumped
gpt-rag-uitov2.3.1. - Bumped
gpt-rag-ingestiontov2.2.5.
- Updated
infrasubmodule to bicep-ptn-aiml-landing-zone tagv1.0.4. - Bumped
gpt-rag-uitov2.3.0. - Bumped
gpt-rag-orchestratortov2.6.0. - Bumped
gpt-rag-ingestiontov2.2.4. - Added explicit
partitionKeyto all Cosmos DB container definitions, including/principal_idforconversationscontainer. - Added
conversation-documentsstorage container. - Added
conversationIdfilterable field to search index. - Removed standalone MCP Container App from default deployment (consolidated into orchestrator).
- Updated default chat model from
gpt-5-minitogpt-5-nano(2025-08-07), increased deployment capacity to100, and set API version to2025-12-01-preview. - Updated
infrasubmodule to bicep-ptn-aiml-landing-zone tagv1.0.3. - Bumped
gpt-rag-uitov2.2.3. - Bumped
gpt-rag-orchestratortov2.5.0.
- Added repository development and release instructions (
.github/copilot-instructions.md).
- Updated pre-deployment behavior to skip cloning a component repository when it already exists locally, improving repeat deployment workflows and avoiding unnecessary clone failures. Closes #428.
- Made virtual environment cleanup in
scripts/postProvision.shnon-fatal so post-provisioning continues even if cleanup cannot complete. Closes #426.
- Updated
infrasubmodule to external bicep-ptn-aiml-landing-zone tagv1.0.1. - Bumped
gpt-rag-orchestratortov2.4.2. - Bumped
gpt-rag-uitov2.2.2. - Improved runtime performance by upgrading the Orchestrator and UI components to
v2.4.2andv2.2.2, respectively. - Bumped
gpt-rag-ingestiontov2.2.3.
- Migrated
infrafolder to external submodule bicep-ptn-aiml-landing-zone pinned to v1.0.0.
- Updated the Docker image to install Microsoft's current public signing key, fixing build failures caused by SHA-1 signature rejection in newer Debian/apt verification policies (orchestrator).
- Fixed Docker builds on ARM-based machines by explicitly setting the target platform to
linux/amd64, preventing Azure Container Apps deployment failures.
- Updated the Docker base image.
- Standardized on the container best practice of using a non-privileged port (
8080) instead of a privileged port (80), reducing the risk of runtime/permission friction and improving stability of long-running ingestion workloads. - Bumped
aiohttpto3.13.3.
- Bumped ingestion component version to include reliability improvements for large spreadsheet ingestion.
- Document-level security enforcement for GPT-RAG using Azure AI Search native ACL/RBAC trimming with end-user identity propagation via
x-ms-query-source-authorization. Includes permission-aware indexing metadata (userIds/groupIds/rbacScope), safe-by-default behavior for requests without a valid user token, and optional elevated-read debugging support.
- Bumped chat model to gpt-5-mini.
- Support for SharePoint Lists in the ingestion component.
- Refactored Single Agent Strategy to simplify citation handling. [#161]
- Simplified MCP Strategy. [#159]
- Improved robustness of Blob Storage indexing in the ingestion pipeline.
- Enhanced data ingestion logging for better observability and troubleshooting.
- Compatibility with Azure direct models for inference in the orchestration layer.
- Fixed Issue #409 by updating the main Bicep template to ensure the
SEARCH_CONNECTION_IDapp setting points to the correct AI Search connection ID. It was previously pointing to the AI Foundry AI Search dependency.
- Fixed Issue #406 by updating networking and private endpoint configuration to prevent the
cosmos_vnet_blockederror in Cosmos DB private-only setups.
- Automated the creation and registration of the Azure AI Search connection, removing the need for the previous manual workaround.
- Fixed a bug in data ingestion component where the Blob storage ingestion process was re-indexing unchanged files when AI Search index had more than 1,000 chunks. Fixed in gpt-rag-ingestion v2.0.6.
- Small update in
scripts/postProvision.shto make the Container Apps API Key check more robust by always converting theUSE_CAPP_API_KEYvariable to lowercase, even when it is unset.
- Intermittent AI Foundry post provisioning setup authentication timeout by increasing
AzureCliCredentialandManagedIdentityCredentialprocess timeout to 30 seconds inconfig/aifoundry/setup.py - Compatibility with older AZD versions by removing string interpolation syntax from capability host connection arrays in AI Foundry project module (infra/modules/ai-foundry/modules/project/main.bicep lines 229-231)
- Suppressed BCP081 warnings for future-dated API versions (2025-01-01, 2025-04-01, 2025-05-01, 2025-06-01) in AI Foundry project module by adding #disable-next-line directives
- Improved PR and Issue templates
- Moved documentation to https://aka.ms/gpt-rag-docs
- Bumped gpt-rag-mcp to v0.2.3
- Updated infra templates to create the data private endpoint for Azure Container Registry when in network isolation mode.
- Updated Bastion configuration to retrieve credentials from Key Vault. Users can now simply reset the
testvmuserpassword to access the VM for the first time.
- Added more troubleshooting logs.
- Citations 387
- Citation links opens up new chat windows instead of rendering files #387
- Fixed a bug in data ingestion component where the SharePoint ingestion process was unnecessarily re-indexing unchanged files.
- Limit
azdenvironment variables to the script process (no longer persisted to the user profile) to reduce secret exposure. Resolves #378. - Streamline AI Search provisioning: now creates only the AI Search index. Previously we also created indexers, skillsets, and data sources that are no longer used and caused confusion about expected runtime behavior. Indexing is performed by the
gpt-rag-ingestionjobs — see the ingestion docs for how to run, schedule, or troubleshoot ingest jobs. Resolves #377.
- User Feedback Loop. #358. Documentation.
- Standardized resource group variable as
AZURE_RESOURCE_GROUP. #365
- Resolved VM deployment errors when using CustomScriptExtension under network isolation.
- Updated orchestrator to version 2.0.3, which includes NL2SQL docs and improved settings checks.
- Resolved issue with using Azure Container Apps under a private endpoint in AI Search as a custom web skill.
- Blob Storage Data Source Ingestion.
- NL2SQL Metadata Ingestion from Blob Storage.
- Updated deployment documentation.
- Updated deployment documentation.
- Resolved deployment issues introduced in v2.0.0.
- Major architecture refactor to support the vNext architecture.