Syntasa 9.1 delivers major enhancements across collaboration, security, cloud infrastructure, notebook experiences, AI-powered assistance, governance, analytics, and developer productivity. This release focuses on improving enterprise-grade security, streamlining workflows, enabling flexible cloud deployments, and enhancing collaboration across teams.

Notebook Workspace Improvements

Notebook Workspace Restructure & Real-Time Collaboration

Notebook Workspaces have been restructured to provide a simpler and more collaborative experience across teams. The updated workspace model replaces the legacy shared/private folder hierarchy with a unified flat workspace structure, making notebooks, files, and resources easier to organize, discover, and collaborate on. The release also adds Personal Workspaces, automatically provisioned for every user to support private development and experimentation, alongside shared Group Workspaces for team collaboration.

This release also adds Real-Time Collaboration (RTC) support for notebooks, enabling multiple users to work together simultaneously within the same notebook. Users can collaboratively edit notebooks in real time, view live cursors and collaborator presence, and share notebook outputs instantly within JupyterLab, improving teamwork, live debugging, and collaborative analysis workflows.

JupyterLab Runtime Toolbar Extension

An integrated Runtime Toolbar for JupyterLab allows users to manage Spark compute resources directly within their notebook interface. This extension streamlines the development workflow by enabling users to select templates, provision instances, and monitor connection status without context switching.

With built-in metadata persistence, runtime settings are automatically restored upon reopening a notebook, ensuring a seamless and efficient coding experience.

Unified Notebook Initialization Scripts

A more robust and portable way to manage Notebook Initialization Scripts is now available. By embedding environment configurations directly into the notebook file metadata, custom setup logic now stays with your work, ensuring seamless portability and faster kernel load times.

Key Highlights

• Direct Editing in JupyterLab: A new toolbar button and modal editor allow you to manage initialization scripts directly within the JupyterLab interface.
• Cross-Language Support: Full initialization script support is now available for both Python and Scala kernels, ensuring parity across data science workflows.
• Enhanced Portability: Scripts are now stored within the .ipynb file itself, making them easier to share and move between workspaces without losing configuration settings.
• Automated Migration: Existing scripts are automatically migrated to the new metadata format upon opening your workspace, ensuring a smooth transition to the updated architecture

Unified Notebook Utilities (synutils)

synutils is a unified library for Python and Scala notebooks designed to streamline data engineering and data science workflows. This library provides a standardized, high-performance set of tools for interacting with the Syntasa platform, including simplified data reading/writing, credential management, and automated package installation.

Key Highlights

• Standardized API: Access a consistent set of functions across both Python and Scala for managing datasets, event stores, and cloud filesystems.
• Enhanced Developer Experience: Full support for IntelliSense (auto-fill) and clear docstrings within the notebook environment, making it easier to discover and use platform features.
• Advanced Package Management: Simplified utilities for installing PyPI packages and Java/Scala JARs, including options for driver-only installations to optimize resource usage.
• Integrated Security: Built-in enforcement of Syntasa’s Role-Based Access Control (RBAC), ensuring that data access through code remains compliant with platform permissions.
  
  This library reduces boilerplate code and allows users to focus on building logic rather than managing platform integrations.

Unified Runtime Script Execution

A more robust and reliable mechanism for executing custom runtime scripts across all supported platforms (Spark-on-Kubernetes, AWS EMR, and GCP Dataproc) is now available. This update replaces the legacy file-based upload pipeline with a unified, base64-encoded environment variable approach, ensuring that scripts are delivered and executed without corruption or concurrency issues.

Key Highlights

• Reliable Script Delivery: By using base64 encoding, the platform ensures that multi-line scripts and special characters are preserved perfectly during transmission, eliminating common execution failures caused by character stripping or newline corruption.
• Optimized Python Environments: Scripts now execute within the correctly activated Conda environment on EMR and Dataproc. This ensures that any pip installations or environment configurations apply directly to the job’s Python runtime rather than the system Python.
• Simplified Architecture: The fragile “round-trip” process of writing scripts to local disk and uploading them to S3 or GCS has been removed. Scripts are now passed directly as secure environment variables or Spark properties at job submission time.
• Cross-Platform Consistency: Whether running on Kubernetes, EMR, or Dataproc, the platform now uses a consistent pattern for global and runtime-level initialization scripts, providing a predictable experience for developers.
• Error Resilience: Initialization scripts are now wrapped in error-resilient shell wrappers, ensuring that non-critical script errors do not unexpectedly terminate cluster bootstrap or job execution.

This enhancement provides a more stable foundation for custom environment configurations, allowing teams to productionize complex dependencies and initialization logic with greater confidence.

Security / Platform

Data Plane Access Control — IAM Session Policies

Data Plane Access Control introduces a critical security enhancement that enforces “least-privilege” access to cloud data. By leveraging AWS IAM Session Policies, the platform dynamically restricts Spark and Notebook sessions to only the specific S3 paths and Glue databases a user is authorized to access.

Key Highlights

• Dynamic Scoping: The platform automatically generates scoped IAM policies based on a user’s Event Store assignments, ensuring they can only interact with authorized data.
• Least-Privilege Enforcement: Temporary, short-lived credentials are issued for every Spark and Notebook session, preventing broad access to the cloud environment.
• Automated Governance: Security is enforced at the infrastructure level, meaning even if a user has access to a compute node, their ability to read or write data is strictly governed by Syntasa’s central authorization service.
• Scheduled Job Security: Scheduled jobs now execute using the specific identity of the job owner rather than a broad system account, ensuring consistent security across both interactive and automated workflows.

This feature provides a hardened security boundary, giving organizations greater confidence in their data governance and compliance posture.

Cross-GCP Project Support

The platform can now decouple the Control Plane from the Data Plane, allowing management services and data processing to reside in separate GCP projects. This architectural enhancement provides superior security isolation, billing separation, and compliance for enterprise environments.

Key Highlights

• Compute & Storage Isolation: Execute Dataproc jobs and manage GCS storage in a dedicated data project while keeping platform services centralized.
• Granular Routing: Configure project-level overrides at the Runtime level to route specific workloads to different GCP projects.
• Unified Infrastructure Management: Easily manage cross-project configurations, including regions, zones, and service accounts, directly from the Infrastructure UI.
• Secure Cross-Project Communication: Leverages GCP TCP Load Balancers for stable and secure connectivity between projects.

This feature lays the groundwork for multi-workspace architectures, offering maximum flexibility for complex cloud deployments.

Service Accounts — Per-Group Cloud Identities

Service Accounts introduce a powerful new identity management capability that allows teams to bring their own cloud credentials to the platform. This enhancement moves away from a single, broad system account, enabling more granular security and better isolation between different organizational groups.

Key Highlights

• Bring Your Own Identity (BYOI): Groups can now configure their own cloud identities—including AWS IAM Roles, GCP Service Accounts, and Azure Service Principals—to govern data access for their specific workloads.
• Flexible Attachment: Service Accounts can be attached directly to Notebook Workspaces or Runtime Templates. This ensures that every job or interactive session automatically uses the correct group-level credentials.
• Seamless Inheritance: Workspaces and jobs automatically inherit the Service Account defined in their parent Runtime, simplifying configuration while allowing for per-workspace overrides when needed.
• Enhanced Security & Isolation: By using group-specific identities, organizations can strictly isolate data access between teams, ensuring that one group cannot access another’s cloud storage buckets or resources.
• Automated Credential Management: The platform handles secure, AES-encrypted storage and just-in-time delivery of temporary cloud credentials, eliminating the need for hardcoded secrets in code or notebooks.
• Scheduled Job Integrity: Scheduled jobs now execute using the Service Account’s identity, ensuring that automated pipelines maintain the same security boundaries as interactive work.

This feature provides enterprise-grade identity isolation, giving administrators the tools to manage complex, multi-team environments with confidence and precision.

Management Console Enhancement

Syntasa 9.1 introduces a suite of powerful enhancements to the Management Console, providing administrators with greater control, improved security, and a more responsive operational experience. These updates streamline infrastructure management and simplify complex configuration tasks.

Key Highlights

• Granular Deployment Control: Administrators can now perform selective force deployments, allowing for the targeted restart of specific pod groups (e.g., application pods or backend services) without requiring a full system redeployment.
• Direct Scaling & Pod Management: New operational controls enable manual scaling of deployments and direct pod deletion from the console. This ensures that configuration changes are applied immediately, even in restricted or read-only environments.
• Automated Certificate Management: A new dedicated UI component simplifies SSL/TLS management. Users can now paste certificate (.crt) files directly into the console; the system automatically handles the conversion to Java KeyStore (.jks) format and manages the necessary cluster-wide distribution via ConfigMaps.
• Advanced Credential & Secret Handling: Security management has been bolstered with improved secret naming conventions and robust error handling for user creation. Additionally, a new “Magic Link” mechanism has been introduced to facilitate secure password resets.
• Performance & Navigation Optimizations: The console’s main dashboard has been optimized for significantly faster loading speeds. Furthermore, the deployment update workflow has been refined to ensure seamless navigation across configuration tabs.

These enhancements empower operations teams to manage the Syntasa ecosystem with increased precision and reduced manual overhead.

Security / Application

Centralized Credential Management & Enhanced Sharing

A unified Credential Store is now available for the secure management of secrets, API keys, and cloud credentials. This centralized repository ensures that sensitive information is protected with AES encryption at rest and governed by Syntasa’s robust sharing model.

Complementing this, the Object Sharing Interface has been standardized across the entire platform. This update provides a consistent and intuitive experience for managing permissions, whether sharing a workflow, dataset, or credential. Together, these enhancements provide a more secure and streamlined way for teams to collaborate on sensitive data projects.

Unified RBAC Enforcement Across Application & Modules

A more robust and consistent Role-Based Access Control (RBAC) framework now spans the entire application and its individual modules. This update ensures that user permissions are strictly enforced not only within the Syntasa UI but also at the data plane and module levels.

By unifying access control, organizations can more precisely govern user actions—such as viewing, editing, or executing workflows—ensuring that security policies are applied consistently across every part of the platform.

Enhanced Resource Sharing & Granular Access Control

A major upgrade to the platform’s security and collaboration model introduces Enhanced Sharing Options. This feature moves beyond the traditional “all-or-nothing” approach, allowing users to precisely define how resources are shared across the organization.

Key Highlights

• Granular Permissions: Users can now specify distinct access levels for shared objects, such as View, Utilize, Edit, and Manage. This allows you to grant someone the ability to use a connection or dataset in their workflow without exposing its underlying configuration or allowing them to modify it.
• Unified Sharing Interface: A standardized, reusable sharing component has been integrated across all major modules, including Apps, Notebooks, Connections, Datastores, and Files, providing a consistent experience for managing permissions.
• Inherited Access: To simplify management, resources like Notebooks now automatically inherit sharing settings from their parent Workspace, ensuring that team-wide security policies are consistently applied.
• Action-Level Enforcement: Permissions are enforced at both the UI and API levels. Action buttons (like Edit or Delete) are dynamically hidden based on a user’s grants, and backend validation ensures that unauthorized operations are blocked.
• Secure Collaboration: Teams can now share intellectual property—such as custom User Defined Processes (UDPs)—with “Execute Only” access, allowing others to benefit from the logic while keeping the implementation details private.

This update provides the flexibility needed for complex enterprise environments, enabling secure collaboration while maintaining strict control over sensitive data and configurations.

User-Defined Process (UDP) Sharing

Today, UDP objects do not have sharing options enabled, but sharing options for UDP objects will be added. This will include the enhanced controls mentioned above so that, for example, users can use a UDP in an app, but not be allowed to view/edit the UDP.

User Experience / Help

Syntasa AI Help Assistant

The Syntasa AI Help Assistant is a sophisticated, multi-agent AI system designed to provide real-time, contextual support across the platform. Powered by advanced Large Language Models (LLMs) and a LangGraph-based orchestration layer, the AI Assistant acts as an intelligent companion to help users troubleshoot issues, understand complex logs, and optimize their data workflows.

Key Highlights

• Context-Aware Assistance: The AI Assistant understands where users are in the application. Whether monitoring a pipeline or reviewing job logs, it provides relevant suggestions and troubleshooting steps based on the current task.
• Intelligent Log Analytics: Integrated directly into the execution log viewer, the assistant can automatically analyze failure logs, identify root causes (such as timeouts or missing dependencies), and suggest specific workarounds or resolutions.
• Interactive Chat Interface: A new, persistent chat sidebar allows for natural language interactions. Users can ask questions, request summaries of system health, or seek guidance on platform features without leaving their active workspace.
• Multi-Agent Orchestration: Built on a scalable framework, the assistant utilizes specialized agents for different tasks—such as log analysis or Q&A—ensuring high-quality and accurate responses.
• Continuous Learning & Evaluation: The system includes a built-in evaluation layer to monitor response relevance and accuracy, ensuring the assistant becomes more helpful over time.

This feature transforms platform support from a static documentation search into an active, intelligent partnership, significantly reducing the time required to resolve technical hurdles.

AI-Powered Log Analysis

AI-Powered Log Analysis is a specialized diagnostic tool designed to significantly reduce the time spent troubleshooting job failures. This feature utilizes a dedicated AI agent to scan complex execution logs, providing users with a clear summary of errors and actionable remediation suggestions.

Key Highlights

• Automated Error Summarization: Instead of manually parsing thousands of lines of logs, the AI agent automatically identifies critical errors and warnings, presenting them in a concise, easy-to-read summary.
• Contextual Remediation: For every identified failure, the assistant provides specific suggestions for resolution—such as identifying missing dependencies, suggesting configuration changes, or highlighting database connection issues.
• Integrated Chat Experience: Accessible directly from the execution log screen, the analysis view allows users to ask follow-up questions about specific log entries to gain deeper insights into job behavior.
• Dedicated Diagnostic Agent: Unlike general-purpose help assistants, this feature relies on a specialized Log Analysis Agent optimized for technical diagnostics and operational log data.
• Interactive Feedback Loop: Users can provide feedback on AI suggestions, helping to continuously refine and improve the accuracy of the diagnostic engine.

This enhancement empowers both developers and operations teams to resolve pipeline issues faster, ensuring higher reliability and uptime for critical data workflows.

Process Mode Improvements & “Code Managed” Option

Significant enhancements to Process Modes provide greater clarity and control over how data is handled during job execution. This update simplifies the user interface and introduces a new mode specifically designed for advanced users who manage data lifecycle directly within their scripts.

Key Highlights

• New “Code Managed” Mode: A new process mode, Code Managed, is now available for Code, Notebook, and UDP processes. When selected, the platform bypasses standard table management logic (such as automatic partition checks), allowing the user’s code to have full ownership over data reading, writing, and state management.
• Context-Aware Selections: The Process Mode dropdown is now optimized to show only the options relevant to the specific task and dataset configuration, reducing confusion and preventing invalid selections.
• In-App Guidance: To help users choose the right execution strategy, a new information icon and descriptive tooltips have been added to the Process Mode dropdown. These provide clear, one-line explanations for each mode (e.g., Drop & Replace, Replace Date Range, Add New Only).
• Improved Interface: The job step configuration UI has been refined with increased dropdown widths and better placement of status indicators, ensuring a more intuitive experience when setting up complex workflows.

These improvements ensure that both low-code and pro-code users have the right level of automation and transparency when executing data pipelines.

Contextual Help & Process Guidance

Contextual Help Improvements assist users in navigating the platform’s extensive library of data processes. This update provides immediate, in-app guidance to help users understand the functionality of different components before adding them to their workflows.

Key Highlights

• Process Tooltips : A new information icon has been added to every process in the development palette. Hovering over this icon reveals a concise description of the process’s purpose and functionality (e.g., Adobe Analytics Loader, BigQuery Processor, Logistic Regression).
• UDP Documentation: Authors of User Defined Processes (UDPs) can now provide custom descriptions that appear as tooltips for other users. This ensures that team-specific logic and intellectual property are clearly documented and easily understood by collaborators.
• Streamlined Discovery: These enhancements reduce the need to consult external documentation, allowing users to quickly decipher which process best fits their specific data transformation or machine learning needs.

This feature improves the onboarding experience for new users and increases productivity for experienced developers by providing critical information exactly where and when it is needed.

Superset Upgrade

Superset Analytics Upgrade to 6.0.0

A major upgrade to the integrated Superset Analytics engine moves the platform from version 5.x to 6.0.0. This update brings the latest performance improvements, security patches, and visualization capabilities from the Apache Superset community to the Syntasa platform.

Key Highlights

• Modernized Visualization Engine: The upgrade includes a full rebuild of the frontend using React 18 and the latest charting libraries, providing a smoother and more responsive dashboard experience.
• Enhanced Plugin Support: All Syntasa-specific plugins—including the OSM Map, Org-Chart, and Quadrant Bubble Chart—have been migrated and optimized for compatibility with the 6.0.0 architecture.
• Improved Security & Authentication: The integration features a refined Single Sign-On (SSO) flow and updated security managers to ensure seamless and secure access from the Syntasa control plane.
• Platform Stability: Backend dependencies have been updated to Python 3.11, and database migrations have been applied to support the new Superset metadata schema, ensuring long-term stability and performance.
• Embedded Analytics Optimization: Refined Content Security Policy (CSP) and ProxyFix configurations improve the reliability of embedded dashboards within Syntasa applications.

This upgrade ensures that Syntasa users continue to have access to a world-class, enterprise-grade business intelligence and data exploration environment.