fabric-cli-core

This skill defines safe, consistent defaults for an AI agent helping users operate Microsoft Fabric via the Fabric CLI (fab ).

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "fabric-cli-core" with this command: npx skills add microsoft/fabric-cli/microsoft-fabric-cli-fabric-cli-core

Fabric CLI Core

This skill defines safe, consistent defaults for an AI agent helping users operate Microsoft Fabric via the Fabric CLI (fab ).

1 - Fabric CLI mental model (paths and entities)

Automation Scripts

Ready-to-use Python scripts for core CLI tasks. Run any script with --help for full options.

Script Purpose Usage

health_check.py

Verify CLI installation, auth status, and connectivity python scripts/health_check.py [--workspace WS]

Scripts are located in the scripts/ folder of this skill.

Paths and Entities

  • Treat Fabric as a filesystem-like hierarchy with consistent dot (.) entity suffixes in paths (e.g., .Workspace , .Folder , .SemanticModel ).

  • The hierarchy structure is:

  • Tenant: The top-level container for everything.

  • Workspace: Personal or team workspace holding folders, items, and workspace-level elements.

  • Folder: Container for organizing items within a workspace (supports ~10 levels of nesting).

  • Item: Individual resource within a workspace or folder (e.g., Notebook, SemanticModel, Lakehouse).

  • OneLakeItem: OneLake storage item residing within a Lakehouse (tables, files, etc.).

  • Prefer and generate paths like:

  • /Workspace1.Workspace/Notebook1.Notebook

  • /Workspace1.Workspace/FolderA.Folder/SemanticModel1.SemanticModel

  • /Workspace1.Workspace/FolderA.Folder/lh1.Lakehouse/Tables (OneLakeItem)

  • When a user provides an ambiguous identifier, ask for the full path (or infer with stated assumptions).

2 - Modes (interactive vs command line)

  • Be explicit about which mode a user is in:

  • Interactive mode behaves like a REPL and runs commands without the fab prefix.

  • Command line mode runs one command per invocation and is best for scripts/automation.

  • The selected mode is preserved between sessions. If a user exits and logs back in, the CLI resumes in the same mode last used.

  • When you provide instructions, show commands in command line mode unless the user says they're in interactive mode.

3 - Authentication (public-safe guidance)

  • Prefer these auth patterns and do not invent new flows:

  • Interactive user: fab auth login (browser/WAM where supported).

  • Service principal (secret/cert): use environment variables / secure mechanisms; avoid embedding secrets in files.

  • Service principal (federated credential): use the federated token environment variable (FAB_SPN_FEDERATED_TOKEN ) and do not persist the raw token.

  • Managed identity: supported for Azure-hosted workloads; no credentials required.

  • Never ask users to paste secrets into chat or print them back.

4 - Sensitive data handling (strict)

  • Never log or output tokens, passwords, client secrets, or raw federated tokens.

  • Validate all user inputs that could affect security:

  • Paths: Sanitize file paths and API parameters.

  • GUIDs: Validate resource identifiers before use.

  • JSON: Validate JSON inputs for proper format.

  • If a user shares sensitive strings, advise rotating/regenerating them and moving to secure storage.

5 - Hidden entities and discovery

  • Hidden entities are special resources not normally visible, following a dot-prefixed naming convention (similar to UNIX hidden files).

  • Tenant-level hidden entities (accessed from root):

  • .capacities — fab ls .capacities / fab get .capacities/<name>.Capacity

  • .gateways — fab ls .gateways / fab get .gateways/<name>.Gateway

  • .connections — fab ls .connections / fab get .connections/<name>.Connection

  • .domains — fab ls .domains / fab get .domains/<name>.Domain

  • Workspace-level hidden entities (accessed within a workspace):

  • .managedidentities — fab ls ws1.Workspace/.managedidentities

  • .managedprivateendpoints — fab ls ws1.Workspace/.managedprivateendpoints

  • .externaldatashares — fab ls ws1.Workspace/.externaldatashares

  • .sparkpools — fab ls ws1.Workspace/.sparkpools

  • To show hidden resources, recommend ls -a / ls --all .

6 - Errors and troubleshooting guidance

  • When describing failures, include:

  • What the command was trying to do

  • The likely cause

  • The next actionable step

  • If the CLI surfaces an error code/message, keep it intact and do not paraphrase away the key identifiers. (Fabric CLI emphasizes stable error codes/messages.)

  • Include request IDs for API errors to aid debugging when available.

7 - Output conventions for the agent

  • Default to concise, runnable steps.

  • When recommending commands, include:

  • Preconditions (auth, correct workspace/path)

  • Expected result

  • How to verify (e.g., follow-up fab ls / fab get )

8 - Safety defaults

  • Ask before suggesting commands that delete, overwrite, or change access/permissions.

  • If the user explicitly confirms, proceed with a clear rollback note when possible.

9 - Platform and troubleshooting reference

  • Supported platforms: Windows, Linux, macOS.

  • Supported shells: zsh, bash, PowerShell, cmd (Windows command prompt).

  • Python versions: 3.10, 3.11, 3.12, 3.13.

  • CLI file storage (useful for troubleshooting):

  • Config files are stored in ~/.config/fab/ :

  • cache.bin — encrypted auth token cache

  • config.json — non-sensitive CLI settings

  • auth.json — non-sensitive auth info

  • context-<session_id> — path context for command-line mode sessions

  • Debug logs are written to:

  • Windows: %AppData%/fabcli_debug.log

  • macOS: ~/Library/Logs/fabcli_debug.log

  • Linux: ~/.local/state/fabcli_debug.log

10 - Critical operational rules

  • First run: Always run fab auth status to verify authentication before executing commands. If not authenticated, ask the user to run fab auth login .

  • Learn before executing: Always use fab --help and fab <command> --help the first time you use a command to understand its syntax.

  • Start simple: Try the basic fab command alone first before piping or chaining.

  • Non-interactive mode: Use fab in command-line mode when working with coding agents. Interactive mode doesn't work with automation.

  • Force flag: Use -f when executing commands if the flag is available to run non-interactively (skips confirmation prompts).

  • Verify before acting: If workspace or item name is unclear, ask the user first, then verify with fab ls or fab exists before proceeding.

  • Permission errors: If a command is blocked by permissions, stop and ask the user for clarification; never try to circumvent it.

11 - Common item types

Extension Description

.Workspace

Workspace container

.Folder

Folder within workspace

.SemanticModel

Power BI dataset/semantic model

.Report

Power BI report

.Dashboard

Power BI dashboard

.Notebook

Fabric notebook

.Lakehouse

Lakehouse

.Warehouse

Data warehouse

.DataPipeline

Data pipeline

.SparkJobDefinition

Spark job definition

.Eventstream

Real-time event stream

.KQLDatabase

KQL database

.MLModel

ML model

.MLExperiment

ML experiment

.Capacity

Fabric capacity (hidden)

.Gateway

Data gateway (hidden)

.Connection

Connection (hidden)

Use fab desc .<ItemType> to explore any item type.

12 - Command references

For detailed command syntax and working examples, see:

  • Quick Start Guide — Copy-paste examples for common tasks

  • Full Command Reference — All commands with flags and patterns

  • Semantic Models — TMDL, DAX queries, refresh, storage modes

  • Notebooks — Job execution, parameters, scheduling

  • Reports — Export, import, rebind to models

  • Workspaces — Create, manage, permissions

  • Querying Data — DAX and lakehouse table queries

  • API Reference — Direct REST API access patterns

  • Create Workspaces — Workspace creation workflows

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

fabric-cli-powerbi

No summary provided by upstream source.

Repository SourceNeeds Review
26-microsoft
Web3

azure-rbac

Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:

Repository Source
135.6K155microsoft
Coding

azure-ai

Service Use When MCP Tools CLI

Repository SourceNeeds Review
136.2K155microsoft
Coding

azure-deploy

AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE

Repository SourceNeeds Review
135.8K155microsoft